Guard Privacy & Online Security News & Information

About Guard Privacy & Online : Guard Privacy Blog Home : October 2006

October 2, 2006 20:48 - US Government Steps Back From Internet Control

The Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the managing of name servers for the Internet has signed a new agreement with the United States Department of Commerce (DOC).

The Commerce Department had repeatedly said it planned to hand control of the addressing system to the private sector, but only when it was sure that certain principles in the system were protected, such as technical stability, security and competition.

The three-year contract has been heralded by both ICANN and the DOC as a sign that the US government has listened to worldwide criticism of its continued oversight role and has responded by providing ICANN with a new degree of autonomy.

However, experts disagree, with one saying it's "old wine in a new bottle". Another said the US promised eight years ago it would end its role but now has decided "we will have to wait another three years, at a minimum".
Read the article
To reference this entry please copy the url in this link: (Permalink)

October 4, 2006 20:40 - Stealth Techniques Hide Malware Detections

According to a study by net security company VeriSign iDefense, stealth techniques such as rootkits are resulting in less reporting of new viruses and other malware.

Since 2003, VeriSign iDefense has been collecting and recording information on every uniquely identifiable malicious code, using public and private resources. According to their data, new types of malicious code was steadily growing between 2003 and 2005. However, from January to June 2006 VeriSign iDefense noticed a significant downward trend each month.

Their findings differ from antivirus vendors who report a decrease in mass-mailing worms but an increase in targeted attacks.

VeriSign iDefense believes the reason for the reduction in malware attacks reported is the increased use of rootkits. Rootkits are designed to push malware "under the radar", and are increasingly foiling anti-virus programs and other security techniques, its report says.
Read the article
To reference this entry please copy the url in this link: (Permalink)

October 6, 2006 20:37 - Social Networkers Gamble With Identity Theft

It always surprises me that, despite the publicity about the threats on the Internet -- particularly the rise if identity theft -- Net users still wander around the Web with virtually no protection to guard privacy and security.

Take, for example, the latest research from enterprise IT management company CA and the National Cyber Security Alliance -- part of National Cyber Security Awareness Month -- raises some questions about how careful users of social networking sites are.

74 percent of users divulge personal information, including email addresses and birthdays. Some users even download unknown files, respond to unsolicited emails or instant messages, all of which may lead to identity theft or virus attacks.

Although 57 percent of people who use social networking sites expressed concern about becoming victims of cyber-crime, they are still divulging information that may put them at risk. The majority (83 per cent) of adults who use social networking sites confessed that they have downloaded unknown files from other people's profiles, potentially exposing themselves to malware as a result.

Nearly a third (31 per cent) of adults who use social networking sites have responded to unsolicited email or instant messages.

Contrary to the popular view that social networking sites are exclusively used by teenagers, the survey found a large number of adults (48 per cent) of 18 years or over use sites such as MySpace, with 53 per cent of adults who use social networking sites over the age of 35.

Visitors can minimize their risks of becoming a victim by changing online behaviors. The report suggests to guard privacy, such as social security numbers and bank account numbers, take caution when downloading files, and installing certain protective software.

You'll find all you need to know at Guard Privacy & Online Security
To reference this entry please copy the url in this link: (Permalink)

October 9, 2006 20:42 - Google Code Search Can be Misused by Hackers

Google has inadvertently given online attackers a new tool. The company's new source-code search engine, released last week as a tool to help simplify life for developers, can also be misused to search for software bugs and password information, and proprietary information, according to security experts.

According to a report in The Enquirer, unlike Google's main Web search engine, Google Code Search views the actual lines of code whenever it finds source-code files on the Internet. This will make it easier for developers to search source code directly and dig up open-source tools they may not have known about. but it has a drawback.

Crackers can use the search code to look for vulnerabilities in password mechanisms, or to search for phrases within software such as "this file contains proprietary", possibly unearthing source code that should never have been posted to the Internet.

For its part, Google did not have much to say about possible misuse of its new product. "Google recommends developers use generally accepted good coding practices including understanding the implications of the code they implement and testing appropriately," the company said in a statement.
To reference this entry please copy the url in this link: (Permalink)

October 11, 2006 19:29 - Massive US Cracker Attacks On The UK

The personal records of thousands of UK consumers have turned up on a computer recovered from criminals in the US.

Scotland Yard today issued an urgent warning that Britain was under a mass attack by hackers. Thousands of homes have been targeted by an organized crime gang using computers based in the US.

Detectives from the Met's Computer Crime Unit are working with the FBI. Police say the virus code -- a spyware program known as a keylogger -- is being used to target computer passwords, credit card numbers, financial data and email addresses.

The files are believed to have been stolen from around 2,300 computers and UK police are now busy contacting the people involved, as well as their banks and ISPs where appropriate. However, "there are thousands of computer users worldwide who have had their computers compromised and data stolen," said a spokesman for Scotland Yard.

The data collected can be used to empty bank accounts or run up thousands of pounds of purchases using credit cards or internet shopping accounts.

Unlike consumers in many US states, UK victims have no automatic right to know when their data has been compromised. That this event came to light at all is entirely down to the decision by UK police to contact victims.

Graham Cluley of anti-virus company Sophos said the attacks had been increasing since July. They work by using a computer virus spread via email to create an electronic back door on to a person's computer.
Read the article
To reference this entry please copy the url in this link: (Permalink)

October 13, 2006 22:39 - The Fight Against Spyware

Gartner analyst Richard Stiennon told NewsFactor that while antivirus products from companies like McAfee and Symantec can be used to detect spyware, the user is also an important ingredient in stopping spyware... by recognizing spyware programs and knowing enough to remove them, when they are detected.

Stiennon recommended that users get a desktop firewall program that blocks unwanted outgoing connections. So, even if spyware is running, it will be unable to connect to a server to transmit information.

One personal firewall, , can make sure spyware cannot communicate with the outside world. According to Fred Felman, vice president of marketing at Zone Labs, ZoneAlarm "shuts down Internet connectivity instead of losing control of the system" when an unauthorized application tries to send information from a user's PC.

Felman told NewsFactor that ZoneAlarm allows users to specify which programs are allowed to send and receive data over the network. Users even can restrict programs to certain ports or domains.

In addition to antivirus vendors and personal firewalls, a number of companies make spyware detection and removal software, such as CounterSpy.

Spyware can range from a stealthy program that runs in the background, transmitting your surfing habits to a company for marketing purposes, to keylogging software installed by a spouse to monitor communications.

Most spyware is installed by users voluntarily, even if they do not know it. For instance, free products, like Grokster and Kazaa, piggyback spyware onto users computers, although it is all disclosed in the fine print. If you go out and download a free program. It's almost certainly going to have spyware.... very rarely does spyware get on your computer without your consent.

So, what is the solution? Stop using free products... don't download it if it's free. The latest trend for software companies is to give their software away for free. By doing this they bundle ad software within it. They usually tell the customer in the EULA (end user license agreement) that some additional ad-tracking software will be installed, but they bury it so deep that the average person doesn't see it.

For more information on spyware and protection, take a look at Spyware Remover Evaluation
To reference this entry please copy the url in this link: (Permalink)

October 16, 2006 21:37 - East European Hackers Loot Online Brokerage Accounts

East European hackers are increasingly attacking and looting online US brokerage accounts. US regulators say this is a sign that a new type of cyber fraud is hitting the financial services industry.

The Australian reported that the SEC (Securities and Exchange Commission) said it had received a surge in the number of complaints about account break-ins by hackers in the past few months.

Asked why the problem had grown, John Stark, chief of the SEC's regulator's office of internal enforcement, said, "It's easier with all the spyware, and keystroke logging programs have become easier to use and more ubiquitous. More and more people are doing things online as well."

In one typical scheme, hackers will use internet spyware to get hold of an account holder's user name and password, logging on to an online brokerage account and selling all the securities in it. The money is then wired out through intermediaries recruited by the fraudsters, who then open ordinary bank accounts, through which the money is laundered.

There's also a scheme called a "pump", where the hacker breaks into an online account after buying up a basket of small, listed companies. After liquidating all the securities in the account, the proceeds are used to buy the same companies online in the hope of driving the stocks' prices higher.

For more information on spyware and protection, take a look at Spyware Remover Evaluation
To reference this entry please copy the url in this link: (Permalink)

October 18, 2006 20:39 - Italy Adopts Microsoft Anti-Child-Porn Technology

Italy has become the first European country to adopt Microsoft's system for combating Internet child pornography... and it is believed the whole continent is set to take up.

According to Reuters, the Italian police's special communications unit said the Child Exploitation Tracking System (CETS), which is already in use in Canada and Indonesia, will speed up its investigations into Web pornography by 80 percent.

"In substance, we want to oppose pedophile rings with an international network of cyber-police," said the head of the police postal and communications squad, Domenico Vulpiani.

Microsoft developed the system after a Canadian police officer working in the field wrote to the company for help in what investigators say is a constantly increasing field of crime that preys on young users of the Internet.

A spokesman for Microsoft said Britain and Spain were likely to adopt the system -- a database to help investigators sift through suspect Web site and electronic communications -- in the coming months and that five other European countries were not far behind.

Microsoft has spent $7 million developing the system and is giving it free-of-charge to governments.
To reference this entry please copy the url in this link: (Permalink)

October 20, 2006 19:46 - Microsoft And Mozilla Launch New Web Browsers

The two top browser makers -- Microsoft and Mozilla -- are releasing new versions of their products. Microsoft, which dominates with almost 86 percent of the market, has released Internet Explorer 7 for download.

It's the first new version of the Web browser since Internet Explorer 6 was launched in 2001 with the Windows XP operating system.

Since then, Mozilla's Firefox browser has emerged and gained 11.5 percent of the market. Its Firefox 2 is due towards the end of the month.

The release version of IE 7 requires Windows XP with SP2, Windows XP Pro 64-bit edition, or any version of Windows Server 2003. The changes in IE7 are much more dramatic than those in Firefox...

Here's a summary of where you'll notice the difference...
  • The user interface has not changed much from the first public beta release. IE7's appearance is cleaner than previous versions, but Microsoft has been focusing on fixing bugs, improving performance, and dealing with nagging compatibility issues
  • IE7 now gets tabbed browsing, which can be organized into groups and viewed in thumbnail form using the Quick Tabs feature
  • An anti-phishing filter warns users who are about to visit spoofed web sites
  • Multiple search engines can be accessed quickly from the search bar
  • RSS support is built-in for handling syndicated news feeds
Earlier versions of Firefox -- a free, open-source product that runs on any operating system -- helped drive the popularity of many of the features now in IE7. The changes here are less dramatic, but then this browser has always been leading the way. One small change you'll notice with the new release is the improved tabbed browsing which allows users to re-open tabs they've closed accidentally.

My advice... why not try both of them and see what you feel happy with?

You can download IE7 at Microsoft and take a preview of Firefox2 at Mozilla

To reference this entry please copy the url in this link: (Permalink)

October 23, 2006 21:10 - First Internet Explorer 7 Flaw

An alert has been published about a bug affecting IE7, hours after the release of Microsoft's long-awaited browser.

The flaw is said to stem from errors in the handling of redirections for URLs.

Secunia reports that the same bug was discovered six months ago in IE6... but remains unresolved.

This flaw could be used to access documents served from another website... useful for various scam and phishing attacks.

Microsoft, however, branded reports of the first IE7 bug as "technically inaccurate". It said the security bug involves Outlook Express and not Internet Explorer.

Secunia maintains IE7 is vulnerable to the security flaw it highlighted and says Microsoft is being disingenuous in claiming otherwise.

The analysis of the SANS Institute's Internet Storm Center confirms that the vulnerability exists in the MSXML ActiveX component, which is actually part of Outlook Express. But it agrees with Secunia's assessment that the bug is exploitable via both IE6 and IE7.
Read the article
To reference this entry please copy the url in this link: (Permalink)

October 27, 2006 22:00 - Microsoft Releases Free AntiSpyware

Microsoft released the final version of its Windows Defender antispyware. The anti-spyware is now available in English to Windows XP users, with other languages set for delivery in the coming weeks.

Windows Defender will also be bundled with Windows Vista, when it is released in January.

Windows Defender is expected to raise the competitive stakes within the security industry, where most well-known brands are priced.

However, in my view, it's about how effective antispyware, not price. I've been using the Defender beta version since early 2005 and I'm not impressed by its spyware detection/removal ability. When I run Defender with CounterSpy and Spy Sweeper, the latter two regularly detect spyware that Defender doesn't.

Meanwhile, security rivals squabbled about whether the company has given them sufficient access to Windows Vista to build competing products. Unlike rivals Symantec and McAfee, Sophos hasn't criticized Microsoft for locking down the kernel of the 64-bit version of Windows Vista.

The company's chief technology officer, Richard Jacobs, said, "Symantec and McAfee may be struggling with HIPS (host intrusion prevention system) because they haven't coded their solutions with 64-bit Vista in mind." "We've taken a different approach to HIPS, by focusing more on catching bad behavior by analyzing code before it executes," he added.

The arguments revolve around the Microsoft's decision to wall off the kernel in 64-bit Vista. Dubbed "PatchGuard," the technology is designed to stop malicious code such as stealthy rootkits from making changes at the kernel level.

Both Symantec and McAfee say Microsoft was making it impossible for them to implement advanced security techniques, notably HIPS.
Read the article
To reference this entry please copy the url in this link: (Permalink)

October 30, 2006 20:04 - Australian Spammer Fined $6.5m

An Australian company and its director have been fined a total of A$5.5m ($6.5m) after it was held responsible for sending out millions of unsolicited emails.

Wayne Mansfield, and his business Clarity1, was the first Australian company to be fined under the federal Government's spam laws, introduced in April 2004.

The court judgement stems from an April 2006 raid of Clarity1's offices during which investigators seized computer equipment. It was estimated that Clarity1 sent out as many as 75 million spam emails between April 2004 and April 2006.

Clarity1 also trades as Business Seminars Australia and Maverick Partnership, had contravened the Spam Act 2003.

The court rejected the defendant's claim that recipients had consented to receive junk mail messages.

The Australian Communications and Media Authority, which brought the prosecution, welcomed the outcome of the case, which it said would act as a deterrent to would-be Australian spammers.
Read the article
To reference this entry please copy the url in this link: (Permalink)

September 2006 « 


RSS Feed For This News

Guard Privacy Blog Home | Archives| Internet Privacy & Security Risks... News! | Guard Privacy... Hot New Topics | Spyware & Spyware Blockers... News! |