Guard Privacy & Online Security News & Information

About Guard Privacy & Online : Guard Privacy Blog Home : June 2006

June 1, 2006 18:45 - Announces Second Round Of Malicious Programs has named and shamed another four software programs that consumers should avoid to guard privacy and security.

StopBadware is an antispyware organization dedicated to warning consumers about software containing embedded malware.

As I reported in March, Harvard Law School's Berkman Center for Internet & Society and Oxford University's Oxford Internet Institute are leading this initiative, with the support of several prominent tech companies, including Google, Lenovo, and Sun Microsystems. Consumer Reports WebWatch is serving as an unpaid special advisor.

StopBadware's first report in March announced Kazaa, MediaPipe, SpyAxe and Waterfalls 3 as "badware".

In this second round, StopBadware has condemned FunCade, a gaming application; Team Taylor Made's "Jessica Simpson Screensaver"; a scanner called "UnSpyPC; and WinFixer 2005 and 2006...
  1. FunCade is a gaming software application that comes bundled with adware programs BullsEye and NaviSearch. Its components are labelled malware, spyware, or a Trojan by most popular anti-malware applications.
  2. Team Taylor Made's Jessica Simpson Screensaver. The program bundles more than a dozen pieces of software, including undisclosed adware, a dialler which automatically dials pay porn sites with a dialler, and toolbars that modify the installer's browser.
  3. UnSpyPC, is an application that incorporates a non-standard hard drive scan on installation and identifies legitimate software, such as VMware, WinPatrol and Windows Defender, as spyware.
  4. Finally, WinFixer 2005 and 2006 are accused of deceptively attempting to get users to purchase the full version of the software by making exaggerated claims about "severe system threats", while also making it difficult to opt out of purchasing the software altogether.

    WinFixer 2005 also installs a rootkit which can make the program difficult to detect and remove.

Find out how to protect yourself from this type of malware by looking at Commercial & Free Spyware Remover Programs Tested.
To reference this entry please copy the url in this link: (Permalink)

June 2, 2006 17:27 - 840,000 Personal Records Jeopardised At Colleges

University computer systems across the US are becoming more and more the targets of crackers -- malicious hackers.

The growing number of these security breaches have exposed the personal information of thousands of students, alumni, employees and college applicants.

In fact, it is estimated by identity theft experts that at least 845,000 people have had sensitive information jeopardized in 29 security failures at colleges nationwide, since January.

Crackers have gained access to Social Security numbers and, in some cases, medical records.

Michael C. Zweiback, an assistant U.S. attorney in Los Angeles said, "There are so many examples within the last year demonstrating that these universities are just real, true, vulnerable targets. All of a sudden, it seemed like we were adding on another university every week to look into."

Cyber security officials say crackers are realizing that colleges hold many of the same records as banks, but colleges are easier to get into.

According to ChoicePoint, a consumer data-collecting firm in Georgia, colleges accounted for about 30 percent of computer security breaches reported in the media last year.

For the first time in seven years, colleges identified security as the most critical issue facing their computer systems, according to a survey by Educause, putting pressure on already tight budgets.
Read the article

How Crackers Target Our Computers

To reference this entry please copy the url in this link: (Permalink)

June 3, 2006 19:51 - Windows Live OneCare Released

Microsoft has released the final version of Windows Live OneCare into the commercial security software market.

OneCare, which has been available in beta format since last July, offers anti-virus, as well as tune-ups designed to maximize PC performance. Antispyware protection is available by separately downloading Windows Defender.

The service will also back up important data, such as the storage of digital photos and music files.

Its release has prompted commentators to predict a fall in the price of anti-virus suites and the release of rival solutions. This is because OneCare, instead of charging $70 per year for the security suite, like Symantec and McAfee, Microsoft charges only $50 for its package with support via phone for free.

In addition, OneCare can be used on up to three computers... most competitor's products are limited to just one system.

On the other hand, what is Microsoft really offering here? It's beefed up it's one way firewall that SP2 XP users are given free, chucked in an antivirus that it's recently acquired and a free spyware remover that certainly isn't top notch!

There are security suites with much more powerful offerings, such as ZoneAlarm Security Suite - the most comprehensive Internet security solution available.

However, the proof is in the pudding, as they say. So, I shall be testing OneCare and will let you know my findings.
To reference this entry please copy the url in this link: (Permalink)

June 4, 2006 17:45 - Kaspersky Goes War Driving In The UK

Kaspersky Lab has been researching the various security issues of wireless networks and wireless protocols to capture the changing wireless environment, and also to focus users' attention on wireless security.

This report on the UK, specifically London, adds to those carried out on wireless networks in Peking, Tianjin, CeBIT 2006 in Germany, and reports on malware for mobile devices and the problems of Bluetooth protocol.

So what is war driving? Well, potential crackers can cruise local districts with specialized equipment that can detect a Wi-Fi network and whether it is protected by encryption security. If unprotected, it's easy for the cracker to access the network.

At the very least it will be used to allow the cracker free use of the network bandwidth, but usually it leads to a break-in of the system and the stealing of data.

Kaspersky's research in London, was partially conducted at InfoSecurity 2006. In a notorious case last year, scammers installed several false access points, with an interface which appeared to provide access to the public network. Unsuspecting users who connected via such access points entered their passwords and other confidential data which were then sent directly to the scammers.

Apart from WiFi networks at InfoSecurity, Kaspersky also investigated the security of WiFi networks in business districts of London.

Data collected by war-drivers around the world indicates that the number of access points with no encryption is approximately 70%. In Peking, the figure was less than 60%, and 55% of networks at CeBIT were unencrypted.

At InfoSec, 62% of networks were operating without encryption -- an unacceptably high percentage. The majority of these access points provide access to the equipment of IT exhibitors, a major target for crackers. This figure for InfoSec is even higher than the number of such networks at CeBIT, and InfoSec is a dedicated security event with exhibitors who specialize in information security!

At the Canary Wharf business district, however, only 40% of networks used no encryption. This is the lowest figure ever recorded by Kaspersky. Some of the networks making up this 40% are public access points in shopping centers, making the overall level of protection in this region of London ground breaking.

In this area at least, it's clear that companies are concerned about security issues and that they recognize the potential problems caused by using WiFi within their network infrastructure.

How To Maximize Your Wireless Security
To reference this entry please copy the url in this link: (Permalink)

June 5, 2006 21:22 - Got A Wireless Gadget? If So, You Could Be Being Tracked.

Because of the logarithmic growth of wireless technology, it's easier than most people realize for parents, employers, detectives and government agents to track our movements.

Many people don't realize that cell phones, car navigation systems, global-positioning systems and other wireless devices are constantly broadcasting their location whenever its power is on.

2 out of 3 Americans are wireless subscribers, according to the Cellular Telecommunications and Internet Association, the wireless trade organization. Add to that, more than a million cars and trucks are equipped with on-board location devices.

There are three ways of determining the location of a wireless phone or Wi-Fi laptop to within about 20 yards...

  1. GPS compares the timing of radio signals from three or four satellites in space.
  2. Triangulation collects directional signals from two or three cell phone towers.
  3. Wi-Fi local area networks track high-frequency radio signals from millions of transmitters in urban areas.
In April, a company called WaveMarket launched a "Family Locator" service. This allows a parent to pinpoint the whereabouts of a child who is using Sprint or Nextel cell phones.

Sprint sells a "Mobile Locator" service that it says can "monitor employee location in real-time, either singly or within a group, on a zoomable online map."

Trucking companies use GPS technology to track the movements of their drivers recording when a driver takes a break, violates the speed limit or departs from his authorized route.

In its recent report, The Center for Democracy and Technology stated, "With newer technologies, tracking can be done automatically by a remote computer, making it possible for law enforcement to monitor the movements of many more people for longer periods of time." But it cautioned that tracking "reveals sensitive information about a person that may have no relation to criminal activity."
Read the article
To reference this entry please copy the url in this link: (Permalink)

June 6, 2006 21:55 - Pornographic Spyware Lure That Has A Sting

Panda Software has reported on a new spyware program which offers free access to free pornographic Web content... but you could end up being 'blackmailed' into buying a program to clean up the spyware infection.

DigiKeyGen is found on a Web page that allows visitors to download a password generator in order to access adult resources that users would normally have to pay for. When users run DigiKeyGen, they receive passwords that supposedly allow them access to pornographic Web sites.

At the same time, a spyware program and an alleged anti-spyware application are installed on the computer without the users' knowledge, Panda said.

It then warns users that their computer is infected and offers an anti-spyware program to clean the system for $50.

Panda has discovered that DigiKeyGen can be downloaded from other Web sites offering adult content in addition to the program's official page."You must always be suspicious of offers for something in exchange for almost nothing," said Luis Corrons, director of Panda Software Labs, noting that the technique is not new.

"Even users with sound IT knowledge could drop their guard with offers like this," Corrons added. "It is essential to be cautious of irresistible offers in the Internet. Users should leave the task of deciding whether or not a program is malicious to an anti-malware solution."

For the best spyware removers, take a look at Commercial & Free Spyware Remover Programs Tested

To reference this entry please copy the url in this link: (Permalink)

June 7, 2006 15:58 - World Cup Brings Trojans And Viruses

The World Cup will be providing a plethora of online information for fans wanting up-to-the minute reports of the latest action.

However, security experts are warning us to think before we click on free downloads and web sites commentating on the games.

Spam is already spreading across the Internet with viruses and trojans attached. These con recipients into thinking they are linking up to one of the many Web sites cashing in on World Cup fever by offering relays, scores and results online.

Sophos has reported that it has detected two trojans seeking to exploit interest in the World Cup.

The first to appear was Trojan Haxdoor-IN, which posed as a World Cup wall chart for fans wanting to follow their favorite teams. Once downloaded, the Trojan would give hackers back-door access to their computer.

Although the spam email was written in German, Sophos said it could easily be adapted for use in other languages.

The most recent threat to be circulated is the Dropper-KG, a software installer that includes a copied version of a freeware World Cup results-tracking spreadsheet, which provides an appearance of legitimacy.

According to Joel Camissar, managing director of Websense, Internet users should treat all World Cup related email attachments with suspicion.

"A link may direct you to a less than reputable site which is looking to exploit vulnerabilities such as that recently found in Internet Explorer. If the user hasn't got the latest patch, their PC could become infected just by looking at a picture," he warned.

Read the article

See Which Are The Best Antivirus And AntiTrojan Programs?

To reference this entry please copy the url in this link: (Permalink)

June 8, 2006 22:14 - Google Pharmacy A Fake

Some of you may have seen the latest Google offering -- the search giant's very own accredited pharmacy, selling pills at rock bottom prices.

You may receive an email celebrating Google's launch... a stylized logo with the double 'O' replaced with two blue Viagra pills.

The mail promoting the new site says, "We've just launched a pharmaceutical interfaces for Google, as well as several new features for the people buying pills and using pharmaceutical interfaces".

However, if you follow the link, surprise, surprise, it wasn't Google, but rogue pharmaceutical site ED Choice.

ED Choice pretends to sell generic Viagra, generic Levitra, generic Cialis and other generic products that can't possibly exist, as the patents on these products have yet to expire.

ED Choice is hiring spammers to sell its products, and it constantly changes its server address or URL to avoid angry hosting providers.

Rogue sites selling fake medicines are ever-present in spam and on the Net, as NBC's Inside Dateline showed. The news show posed as an online pharmaceutical company and received countless offers from companies all over the world from fake Viagra to Tamiflu.

Most offers were from China, which isn't surprising, as most drugs with the Viagra label sold in China are counterfeit.

A ruling in a Beijing court this week could put halt to the growing industry. The court overturned a 2004 decision by China's patent review board, which would have allowed local drug makers to sell legal generic versions of Viagra in China. The decision could dent the widespread availability of potentially lethal or harmful fake medicines on the Net, experts say.
Read the article

Use A Spam Blocker And These Tips For Spam Dangers

To reference this entry please copy the url in this link: (Permalink)

June 9, 2006 20:41 - Former Spam King Touts For Consultancy Work

Within days of settling a suit with Microsoft and with another pending with the Texas attorney general, former spam king Ryan Pitylak is now offering his services to the anti-spam community.

He announced that as president of his newly-formed consultancy, Pitylak Security, he is now devoted to anti-spam efforts.

"My decision to move into the anti-spam community and start a consulting company to help fight spam was a decision that I came across when I found out there was some interest in my skill set," Pitylak said. "I was looking for an outlet to help out the anti-spam community and based on that interest I decided to move forward with setting up this anti-spam consulting company."

Pitylak was once rated as the fourth most prolific spammer in the world by SpamHaus, making his money by generating leads through unsolicited mail and selling them to mortgage companies across the U.S.

At the peak of his 'success', he made enough money to buy a large house in one of Austin’s top neighborhoods, and sporting a brand-new Jaguar... and all this as he studied economics and philosophy at the nearby university.

His spam activities went into reverse last year when the Texas Attorney General, Greg Abbott, filed a suit against him for violating the CAN-SPAM Act. One day later, Pitylak received another law suit from Microsoft for sending spam over Microsoft networks.

In reaction, Pitylak said, "After I got sued, I really started to look at the impact that spam had on the public. I learned that spam really does create a big burden on the public. It really made me sit back and think about what business I was in and I really thought to myself that this wasn’t something that I wanted to be a part of anymore and that I actually would like to figure out some way to make things right and become a part of the anti-spam community."

However, a number of those in the anti-spam community hear these statements with some cynicism.

"It sounds like he has some bills to pay and he’s trying to capitalize on his past criminal activities for that," said Dmitri Alperovitch, a research engineer with the anti-spam and email security firm CipherTrust.

A clue to just how big those bills for Pitylak may be came from Aaron Kornblum, Microsoft’s internet safety enforcement...

"I can’t get into too many of the details, [but] the dollar amount was generated by statutory damages available under the CAN-SPAM law and Washington state anti-spam law," Kornblum said. "For example, the Washington state law permits $1,000 per illegal e-mail and we had evidence of tens of millions of e-mails coming across our systems."

In addition to the trust issues associated with working with a former spam peddler, such a partnership also raises the issue of whether it is prudent to reward notoriety from illicit activities once the perpetrator has decided to move to the "good" side of the battle.

It'll be interesting to hear whether any of the security companies do engage Pitylak. After all, there are plenty of previous employment examples, particularly with crackers.
Read the article

Use A Spam Blocker And These Tips For Spam Dangers

To reference this entry please copy the url in this link: (Permalink)

June 12, 2006 18:33 - ZoneAlarm Internet Security Suite 6.5 Adds Powerful New Features

Check Point Software Technologies Ltd has launched the new ZoneAlarm 6.5 line of Internet security solutions.

The award-winning, all-in-one ZoneAlarm Internet Security Suite 6.5 claims to be the first suite to address the most common routes of identity theft facing consumers...
  1. PC attacks from viruses, keyloggers and other forms of spyware
  2. sophisticated internet hacking of major corporations storing customer data
  3. traditional real-world identity theft such as 'dumpster diving'
ZoneAlarm's Identity Theft Protection claims to defend consumers through an "innovative combination" of new technologies, easy access to online tools and consumer education.

Users receive an alert if their credit card number appears on the Internet's black market or other black lists, and they can opt-out of the pre-approved credit offers that are a major source of real-world identity theft. Users also have access to a credit counseling service.

Customers also have access to the new ZoneAlarm Identity Protection Centre, a website full of educational tips and links to government and industry resources directly from the ZoneAlarm user interface.

Other additional features include...
  • Spy Site Blocking, which warns a surfer if they are landing at a malicious Web site, such as one that downloads drive-by spyware. Spy Site Blocking also prevents malware from phoning home back to a Web server

  • Game Mode, the result of games customers requesting a way to quiet firewall alerts and postpone antivirus/anti-spyware scans in order to prevent disruption in the middle of a game.

    Many gamers switch off their security to avoid these interruptions, but ZoneAlarm have shown it only takes 8 seconds for a hacker to find an unprotected PC on the Internet. Now gamers can keep playing and stay safe by using the new suite.

  • In addition to providing antivirus protection, ZoneAlarm 6.5 provides behavior based, three layers of firewall protection and antispyware, guarding at the Internet gateway so that intruders don't get in, at the program level so that bogus programs don't connect to the Internet, and inside the operating system kernel where rootkits and other malware can hide. In addition there is an intelligent spyware removal system.
For me, ZoneAlarm is the best security suite currently on the market.

My one adverse comment is about the spyware removal module... as with all spyware modules in security suites, don't rely on it as your sole source of protection. It is now accepted that at least two spyware engines are needed to have any hope of keeping spyware under control.

Get $20 off ZoneAlarm Internet Security Suite
To reference this entry please copy the url in this link: (Permalink)

June 13, 2006 18:47 - Net Phone Networks Review How To Guard Privacy After $1M Hack

A Miami businessman, Edwin Andres Pena, was arrested on charges of illegally penetrating the networks of Internet phone providers to connect hundreds of thousands of free calls.

Pena paid $20,000 to hacker Robert Moore of Spokane, Wash., to hack into the computer networks of legitimate VoIP providers, and then routing his customers calls over those systems.

That was accomplished after Moore located vulnerable computer ports at unsuspecting non-phone companies around the world. Pena then programmed those networks to accept Internet phone traffic, prosecutors said.

The next step was ensuring that the Internet phone providers would accept the calls being secretly routed through the unwitting intermediary companies.

This was done using "brute force" attacks of test calls to identify the codes used by the providers to determine whether a call was authorized for their networks.

After obtaining free access to the networks, Pena, charged customers more than $1 million to route calls for them, according to FBI complaints made public with Pena's arrest in Florida.

At least 15 Internet phone companies were victimized, with one suffering as much as $300,000 in lost fees, prosecutors said.

Pensa was charged with creating two companies to offer wholesale phone connections to small Internet phone companies at discounted rates. Pena allegedly was able to secretly route 500,000 calls through a Newark-based provider identified in the complaint as "N.T.P.," which appears to be Net2Phone.

Pena was charged with wire fraud, which carries up to 20 years in prison and a $250,000 fine, and computer hacking, which carries up to five years and a $250,000 fine.

Moore faces a conspiracy charge, which could bring five years in prison and a $250,000 fine.
Read article
To reference this entry please copy the url in this link: (Permalink)

June 14, 2006 17:53 - Worm Attacks Yahoo Email, But It's All OK Now?

A new worm targets Yahoo's Web-based e-mail service to collect addresses for a spam database, Symantec has warned.

The "Yamanner" worm exploits a JavaScript vulnerability in Yahoo's Web mail and targets addresses with the "" and "" domains.

It is spread by spam as an HTML message containing JavaScript. The infected message has a "From" address of and a Subject: of "New Graphic Site." Without protection to guard privacy and online security, as soon as the recipient views the message, the script automatically runs to spread the worm to other users in the Yahoo address book.

"Harvested addresses from the address book are then submitted to a remote URL, which is likely to be used for a spam database," noted Symantec in its alert.

In a statement yesterday, Yahoo! said only "a very small fraction" of its more than 200 million e-mail accounts were infected. Yahoo! also confirmed the worm didn't affect its upcoming e-mail service, still in its beta phase.

Yahoo! spokeswoman Kelley Podboy was quoted by The Associated Press as saying, "We have taken steps to resolve the issue and protect our users from further attacks of this worm." She went on to say that, "The solution has been automatically distributed to all Yahoo! Mail customers, and requires no additional action on the part of the user."

Protect Against Worms With The Best Antivirus Program
To reference this entry please copy the url in this link: (Permalink)

June 15, 2006 19:32 - Microsoft Declares Zombie PCs Growing Problem

According to a Microsoft security report released this week, more than 60 percent of compromised Windows PCs were found to be running malicious bot software. The PCs were scanned by Microsoft's Windows Malicious Software Removal Tool between January 2005 and March 2006.

A zombie PC is a computer infected with a backdoor Trojan horse, which allows the computer to be taken control of by a third party. When networked together, these groups of zombie PCs are known as 'bots' or 'botnets'.

The perpetrators use their botnets to relay spam and launch Denial of Service attacks. Often, they will steal the victim's data and install spyware and adware on PCs, to earn a revenue from the spyware or adware makers.

Microsoft introduced the Windows Malicious Software Removal Tool in January last year. The tool aims to identify and remove malicious software from PCs. Over the 15-month period covered by the report, the tool found that 5.7 million Windows systems were infected and it removed 16 million instances of malicious software.

Backdoor Trojans are the most prevalent threat against which to guard privacy and online security, followed by e-mail worms, which were found on and removed from just over 1 million PCs, Microsoft said.

Rootkits, which make system changes to hide another piece of possibly malicious software, are less widespread, with removals from 780,000 PCs.

Find Out If Your Computer Is A Zombie PC
To reference this entry please copy the url in this link: (Permalink)

June 16, 2006 17:08 - The Right To Guard Privacy Is Further Eroded With Wire Tap Appeal

The right to guard privacy took another step backwards when a federal appeals court backed a Bush administration appeal to make it easier to wiretap Internet-based phone calls.

The Washington appeals court ruled that the Federal Communications Commission had the right to expand the reach of a 12-year-old telephone wiretap law into cyberspace.

The department sees this as an important source of information to follow the activities of potential terrorist groups whereas critics see it as a further erosion of privacy rights.

Presumably the Justice Department would obtain proper warrants from the courts before recording the Internet calls of ordinary American citizens. Unfortunately, that can't be automatically assumed, given the administration's warrantless wiretaps on international phone calls that were revealed by the New York Times earlier this year.

Added to that is the report by USA Today that the government has asked phone companies to turn over records of domestic phone calls made by millions of Americans.

This new ruling appears to require private networks to install technological "back doors" at the portals where private systems connect with the public Internet. However, the court ruled that computers handling strictly internal communications in private networks -- such as those run by corporations, colleges and universities -- would not have to install the equipment within their systems.
Read the article
To reference this entry please copy the url in this link: (Permalink)

June 19, 2006 22:22 - First Hacking Course In UK

Times Online reports that the University of Abertay, Dundee, Scotland is launching Britain's first degree course in computer hacking. Similar courses are already being run in the United States and Hong Kong.

Students will be taught how to break into some of the world's most sophisticated security systems, with the aim of advising organizations how to protect their networks. It is estimated that computer hacking costs £10 billion of damage to British business each year.

It will be the country’s first government-accredited “ethical hacker” course, with applicants undergoing a strict vetting process overseen by the Home Office before they are accepted.

Professor Lachlan MacKinnon, head of the university's school of computing and creative technologies, said that the course was necessary because the techniques featured in movies such as War Games were now in common use.

MacKinnon said that systems run by the military, banks and other high-profile organizations were highly vulnerable to hackers, who could steal passwords and personal information.

Earlier this month a court ruled that a Scot, Gary McKinnon, accused of the biggest military hacking operation should be extradited to America to stand trial.

According to a recent survey in the UK, the computer systems of one in three large businesses were attacked last year. One in 10 reported that e-mails had been intercepted.

What Are The Effects Of Computer Hacking?
To reference this entry please copy the url in this link: (Permalink)

June 20, 2006 19:35 - UK Households Under Spam Invasion reports from its research that the UK's online population is receiving over 68 million spam emails every day, or 7,883 every second -- despite Bill Gates’ prediction that spam would be a thing of the past by 2006.

It warns that millions of household computers should guard privacy and security with simple precautions, such as filters and fire walls. by spam emails unless, to protect from spam security risks.

Of the 15.57 million homes now connected to the Internet, 13.21 million homes are exposed to unsolicited, potentially harmful, spam. found from their research that...
  • 85% of UK homes with an internet connection receive spam. 1 in 4 receive at least ten unwanted emails every day
  • Only 4% of households claim to use spam filters, although 1 in 10 actually open spam mail open spam before deleting it, exposing themselves to viruses, ID theft and phishing.
  • Almost a third of spammed home computers were found by to experience problems resulting from spam.
Chris Williams, broadband product manager at, said, "Home computers are now the real target of spam attacks - 85% of personal email accounts receive spam compared to just 28% of work place email accounts."

"How To Protect Your PC & Data From The Dangers Of Spam"
To reference this entry please copy the url in this link: (Permalink)

June 21, 2006 21:04 - New Opera Browser Released

Following beta testing, the official version of Opera browser 9 has been released with new functionality.

Opera 9 includes widgets, which are small stand-alone applications. With these applications, a user can play games, retrieve data about favorite sports teams, store photos retrieve news and much more... and they're featured in windows that can be positioned on the screen independently of the browser. The Opera 9 widgets can be developed and distributed by members of the Opera community, using open Web standards like JavaScript, CSS, HTML, and Ajax.

Opera 9 also includes support for BitTorrent, a popular file-sharing technology for distributing movies and audio, and a security bar to warn users about phishing scams and other malicious sites.

Users can also specify whether to allow JavaScript or ads on a site-by-site basis, rather than just turning on and off.

In a move to embrace new platforms, Opera 9 supports what is called the Extensible Rendering Architecture (ERA), a set of standards to ensure that browsers can work with any Web-connected device -- such as cell phones or video game machines.
Read the article

Get Opera 9

To reference this entry please copy the url in this link: (Permalink)

June 22, 2006 20:22 - PayPal Hit As Survey Shows Online Fraud Is Up

An article in the Advertiser reported on the global security survey by Deloitte which showed a large rise in online security breaches.

With perfect timing, on the same day e-Bay company PayPal suffered a major security breach. A flaw on PayPal's site allowed hackers to steal credit card information from PayPal users.

The vulnerability, first publicly announced last Friday, involved what is called a cross-scripting attack. Those targeted by the attack received an e-mail, purporting to be from PayPal, that directed them to a special URL on the PayPal servers.

At that page, they encountered an 'official' notice: "Your account is currently disabled, because we think it has been accessed by a third party. You will now be redirected to the Resolution Center."

Users were then taken to a non-PayPal server in South Korea, with a fake log-in page designed to capture private information, including credit card and Social Security numbers. Users were then requested at that site to remove any limits on funds being removed from their accounts.

PayPal said that it has fixed the flaw and the Korean server has been shut down. PayPal also said that it was not clear how many people -- if any at all -- had been duped.

Given that PayPal is seen as one of the more security conscious companies using e-commerce, the breach does not boost confidence in buying goods on credit over the internet.

Deloitte's survey showed a huge rise in the number of security attacks on the 150 biggest international financial institutions in the past year.

Security partner Julie Priest said 78 per cent of the firms confirmed a breach from outside the organisation, up from just 26 per cent the previous year.

"Execution and exploitation of these attacks require significant resources and co-ordination, which implies professional hackers and organized crime have entered the domain once ruled by script kiddies and one-off hackers," Ms Priest said.

About 51 per cent of scams involved phishing and pharming (the redirection of traffic from a legitimate website to a fake website). Following those were spyware and malware at 48 per cent.

Learn how to guard privacy and online security -- be aware of the risks and what really works to protect you!
To reference this entry please copy the url in this link: (Permalink)

June 23, 2006 21:23 - Microsoft Adopts Security Under-Pricing To Kill The Competition

An interesting report from Alex Eckelberry of Sunbelt Blog , comments on Microsoft's strategic decisions to get in to the computer security market and to adopt 'predatory pricing' to put other vendors out of business.

Wikipedia's definition of predatory pricing is...

"Predatory pricing is the practice of a dominant firm selling a product at a loss in order to drive some or all competitors out of the market, or create a barrier to entry into the market for potential new competitors. The other firms must lower their prices in order to compete with the predatory pricer, which causes them to lose money, eventually driving them from the market. The predatory pricer then has fewer competitors or even a monopoly, allowing it to raise prices above what the market would otherwise bear."

The point is made that Microsoft loses money on most of its business, apart from the Windows operating system, where it primarily makes money. Sunbelt Blog goes on to dissect the numbers to make its case...

For instance, OneCare is a security suite combining firewall, anti-virus, anti-spyware and some utilities. OneCare costs $49.95 for three PCs, an average of $16.65 per machine. Looking at its price compared to the market leaders, Symantec and McAfee, their single AV products retail for $39.99.

Then there's Antigen -- acquired from Sybari last year -- an enterprise application for email, SMTP, and Exchange server protection from spam and viruses. A per-user pricing for Antigen for Exchange is $.90 per month, per user. Against three leading antivirus products for Exchange, Microsoft is 60% cheaper.

Alex Eckelberry writes, "It’s one thing that Microsoft has destroyed competition in browsers, languages, word processors, spreadsheets, presentation packages, and all the rest...But it’s another thing to kill competition in the security space...So Vista will get hacked, there will be zero-day attacks, there will be evolving forms of viruses and malware. And Microsoft security products will be targeted."

His conclusion is that the security industry needs to stop Microsoft's march to world domination. Let's see whether there is any evidence of the industry getting its act together... past history is not encouraging.
To reference this entry please copy the url in this link: (Permalink)

June 26, 2006 18:46 - MySpace Introduces Security Measures Following Law Suit

The Los Angeles, California-based MySpace has announced heightened security settings aimed at better protecting teens on the popular social networking site, and affording better privacy to members in general.

MySpace has received plenty of bad press for its seemingly laid-back attitude about age restrictions and user security. The massive social networking site has also come under fire for facilitating contact between teenagers and unsavory characters, encouraging inappropriate behavior from young people, and allowing users to fabricate some aspects of their identity.

But this latest announcement seems to be in response to the $30-million lawsuit by a 14-year-old Texan, who said she was sexually assaulted by a 19-year-old man she met on MySpace. The suit claims the site does not do enough to protect young members.

Now, MySpace will require adult members to provide the email address or the first and last name of under-16 members with whom they want to connect. The security policy also requires members over the age of 18 to know at least the e-mail address or first and last name of the teen they're trying to contact.

It will also target advertising based on the ages of members, and include public service ads about safety. Members of any age now have the option to keep their profiles private, restricting access to things like personal interests to a private group of friends.

These new measures are unlikely to keep online predators at bay. There is no way MySpace can verify the identities or ages of users, so it's easy for under-age users to sign up and claim to be older than they are. Likewise, there's still nothing to keep older users from claiming to be much younger.

A MySpace representative admitted that the industry doesn't have an effective way of verifying identities and ages, but said it's not for lack of effort. "MySpace has a lot of visibility, and we're going to continue to explore and figure out solutions that will actually work. We're spending a lot of time and energy to get parents involved, and that's fundamental. If there isn't fool-proof identity-verification technology, people need to use common sense."
Read the article
To reference this entry please copy the url in this link: (Permalink)

June 27, 2006 19:14 - AT&T Claims Immunity In Eavesdropping Lawsuit

The Electronic Frontier Foundation (EFF)have put their case to a U.S. judge for proceeding with their lawsuit against AT&T to guard privacy of the individual. The charge? That the telecommunications company is breaking the law by helping a U.S. government eavesdropping program.

AT&T's lawyers have responded that the EFF's charges are based on hearsay -- AT&T have never confirmed nor denied their involvement.

Assistant Attorney General Peter Keisler said that the U.S. government cannot openly discuss whether AT&T is lending its network to the effort, and it wants the lawsuit dismissed. The reason? Evidence in a trial could compromise the eavesdropping program. The secret program allows the National Security Agency access to private telephone networks and provision of call records of millions of customers without permission.

The AT&T lawyer told the judge that AT&T follows the law... and that gives the company immunity from possible rights violations resulting from the National Security Administration's program.

AT&T said in a statement issued after the hearing, "Ultimately, the Electronic Frontier Foundation is suing the wrong party. Their issue is with the government."

Watch this space for an update to the hearing. Read the article.
To reference this entry please copy the url in this link: (Permalink)

June 28, 2006 19:43 - Claria Soon To Shut Down Its Adware Program... But What's Next?

Arguments rage over whether it's spyware or not, but the important point is that those pop-up ads from Claria's often vilified ad-targeting technology will cease on 1st July.

The contentious part of Claria's ad program is that it generates adware programs that track personal browsing habits to target individuals with tailored ads, can appear on PCs without the user's knowledge and slow down the system.

Newsfactor reports that instead, Claria will launch PersonalWeb, which users install.

The software provides a personal page which can provide links to frequently visited web sites. Headlines from other sites are also shown, which change with the user's interests and the program can sense which mail server is preferred and provide a link to that service. Targeted banner ads or sponsored links will be shown but not pop-ups.

The company is currently testing PersonalWeb with about 100,000 people, and although only one deal has been set up, it is negotiating with dozens of other Web site operators.. It is expected that the service will be launched early next year.

Although the current adware will stop July 1, the company said it will continue to collect data on Web usage until September for research and other purposes, unless users remove its ad software, called GAIN.

The company also warned that the free programs to which GAIN piggybacks, such as file-sharing software like Kazaa and Claria's own eWallet password-storage program, could stop working from October.

Chris Sherman, executive editor of the online newsletter Search Engine Watch, said Claria and search companies, who are also developing this personalized software will have to tread carefully.

"Everybody's dabbling with it, but because the privacy issues are so big, companies don't want to risk losing trust," he said. "They are going about it cautiously."

For more about spyware and protection, visit How To Avoid The Main Routes For Computer Spyware Infection
To reference this entry please copy the url in this link: (Permalink)

June 29, 2006 22:03 - Kaspersky Cracks Cyber Blackmailer Code

An avalanche of emails from users in Russia, and a significantly smaller number from users in the rest of the world, shows that blackmail and racketeering are becoming widespread on the Internet.

The reason? Virus.Win32.Gpcode has marked the beginning of a new era in cyber crime. Victims discover that the files on their PCs can't be used... they either can't be opened or they are unreadable. Over 80 different types of file can be affected.

However, a few text files do open but it's a messge to the victim that the only way for them to recover their data is to buy a decoder program that will unlock their files.

These attacks have been occurring for around 1 year, but the method of attack hasn't been known... that is until Kaspersky Labs stepped in.

They found that the first step in the process begins with a spam email of a job offer. Attached is an application form containing a malicious program called Trojan-Dropper.MSWord.Tored. When opened, a malicious macro installs another Trojan called Trojan-Downloader.Win32.Small.crb. This Trojan then downloads Gpcode to the victim's machine.

The code then scans all accessible directories and encrypts files and mail client databases. Gpcode and the Trojans used to install it then self-destruct, leaving a file called readme.txt in every folder which contain encrypted files. This text file provides information on how to contact the virus writer and pay the ransom for the decryption code.

Kaspersky remarks that Gpcode highlights several points...

Firstly, you never know where the next threat is coming from or what it will do to your computer.

Secondly, under no circumstances should money be paid to the author of the program. Users should contact an antivirus company, which will be able to help.

Finally, although it might slow your computer down a fraction, antivirus protection, regularly updated, is a must if you care about your data.
Read the report

What's Key To The Best Antivirus Program?

To reference this entry please copy the url in this link: (Permalink)

June 30, 2006 16:34 - Tests Show Home Software Firewalls "Leaky"

German computer magazine PC Professionell tested six commercial and freeware home software firewalls. Not one could prevent all the attempts by test programs to gain access to the Internet.

Most seriously, damaging software was able to by-pass the firewall to send sensitive data to a hacker, such as personal surfing histories, passwords and credit card numbers.

The report is carried by and comes on the back of my earlier report that PCFlank had shown that all major firewall programs can be bypassed and that none of them -- except one -- can prevent a leak of personal information from Internet-connected computers.

Is there anything we can do to prevent these breaches?

The German Federal Agency for Security in Information Technology (BSI) view is that if we adhere to the basic rules of safe surfing, then a firewall becomes of secondary importance. In other words...
  1. Most dangers emerge through surfing and downloads from questionable websites

  2. The primary gateway into the browser is JavaScript. We should deactivate the program language in our browser, or use browser extensions to define which web sites are to be trusted with JavaScript.

  3. E-mail handling is another preventative measure beyond the reach of firewalls. Attached files should be scanned by a virus program prior to opening, and never click on unfamiliar links.

  4. Don't use the default administrator account for daily PC use. This can allow a virus to gain full control of the computer, magnifying the potential for major damage by a successful attack. Only use administrator rights when installing software.

  5. Keep your operating system, browser and other programs, such as antivirus, constantly up to date to ensure security vulnerabilities are patched.
For more information on hardware and software firewalls and optimizing their capability, take a look at Is Your Firewall Protecting Your PC?
To reference this entry please copy the url in this link: (Permalink)

May 2006 « 


RSS Feed For This News

Guard Privacy Blog Home | Archives| Internet Privacy & Security Risks... News! | Guard Privacy... Hot New Topics | Spyware & Spyware Blockers... News! |