Guard Privacy & Online Security News & Information

Guard Privacy & Online Security Home : Guard Privacy Blog Home : March 2007

March 2, 2007 19:30 - Tor, The Anonymizer, Cracked?

Tor, the freeware development for anonymizing Internet viewing of websites, has been compromised by researchers in the U.S. Tor software enables the creation of networks of servers that can send traffic over many different routes, masking its original source.

The researchers, from the University of Colorado in Boulder, wrote on their Web site... "For example, law enforcement officers might use our techniques to cheaply and realistically track online predators," according to the paper. "The RIAA (Recording Industry Association of America) and other organizations might use our techniques to link Web or torrent requests to their corresponding requesters."

For the experiment, the researchers constructed their own isolated Tor network using 66 servers. They placed malicious servers within the network that were designed to draw a substantial portion of routing requests by misrepresenting their bandwidth capability.

Then the researchers used an algorithm to link the "path" of a Web site request. More than 46 percent of the time, the paths could be calculated, revealing the source of the traffic, the paper said.

But several attacks against Tor have been developed, wrote Shava Nerad, Tor's executive director, on the project's blog.

"We have never seen such an attack 'in the wild,' and we think it no more likely that this paper would make such an attack easier or more likely than it was a few years ago when another version of it was documented," Nerad wrote.

Tor admits that its software is still under development and is not guaranteed to be secure. If you want secure anonomyzing techniques, then I suggest you read my article, How To Choose Between Commercial And Free Proxy Anonymizers

To reference this entry please copy the url in this link: (Permalink)

March 5, 2007 21:11 - Live OneCare Fails Again

Microsoft's Live OneCare security software has failed again in tests to check how well it detects and stops malicious programs designed to attack Windows.

Last week, I reported how Windows Defender - the anti-spyware component of Live OneCare - performed dismally in PC Tools research by detecting under 50 per cent of spyware.

In AV Comparatives testing of the top antivirus products against a list of nearly half a million individual pieces of malware, OneCare was the only failure among 17 anti-virus programs.

Live OneCare is Microsoft's flagship security program which, like many other anti-virus products, is designed to help PC users keep their machine clear of malicious software.

Austria-based AV Comparatives carries out quarterly tests of top anti-virus programs to find out if they have maintained protection against the growing mass of viruses circulating online.

In this test, OneCare took care of just 82.4 per cent of the malware compared to over 99% for the best programs.

OneCare fared particularly badly against so-called polymorphic viruses which regularly change their configuration to try to fool security software.

"Microsoft OneCare performed very low in the test, and did not reach the minimum requirements for participation," wrote Andreas Clementi, senior tester at AV Comparatives.

Microsoft has yet to comment on OneCare's performance, but after all, if OneCare has come last, how can Microsoft expect anyone to use it, yet alone recommend it to others?

To reference this entry please copy the url in this link: (Permalink)

March 9, 2007 17:04 - Alarming Increase In Use Of Rootkit Technology

Security experts have detected a significant increase in the amount of malicious code using rootkit techniques.

PandaLabs, Panda Software's malware detection laboratory, reported in a News Release that there was a 62 percent annual increase in 2006. They describe the forecast for 2007 as pessimistic -- in the first two months of 2007, the firm has already detected almost 25 per cent of last year's total. It predicts an overall increase this year of around 40 per cent.

Panda says rootkit techniques are becoming increasingly popular among malware creators, particularly for spyware and banker Trojans. They add that PC users need security systems that can counter this type of hidden threat... otherwise their confidential data can be exposed with the consequent risk of theft and fraud.

Rootkits are not destructive software programs in their own right... but they are designed to conceal the presence of malicious programs on a computer while other programs are running.

They are similar to viruses because they modify the core code of the software installed on the computer. Both root kits and viruses insert additional code in order to hide the infection and keep users from spotting they have a major security problem.

Root-kits are there for one reason only... to ensure that an intruder can access the system and take control whenever they wish -- much like a backdoor Trojan horse.

For more information on rootkits and how to protect against them, take a look at How To Defeat A Rootkit

To reference this entry please copy the url in this link: (Permalink)

March 12, 2007 20:22 - Live OneCare Deletes User's Emails

Microsoft has admitted that its Live OneCare security suite is accidentally deleting some users' Outlook and Outlook Express emails.

According to a posting on Microsoft's OneCare forum, this happens when the program detects a virus in an email attachment. Instead of quarantining the single infected email, the program deletes or quarantines the entire .pst or .dbx files -- the personal folder where non-Exchange Server users' messages and other details are kept -- have been quarantined or, in some cases, even deleted.

Forum postings indicate, however, that recovery is possible in some cases, where the .pst or .dbx file is still available in OneCare's quarantine facility.

Stephen Boots, a forum administrator, commented that he was "very unhappy about this problem as it was reported over a year ago and fixed in the 1.0 release", adding: "It never appeared throughout the beta, but suddenly appeared when 1.5 was released".

A Microsoft spokesperson said the company has started working to address this issue and the fix for this problem will be available in the next OneCare update.

As I've earlier reported, Live OneCare has already attracted heavy criticism for the poor performance of its antispyware and antivirus components.

To reference this entry please copy the url in this link: (Permalink)

March 22, 2007 21:14 - Web Shoppers Get More Security Savvy

Internet shoppers are becoming increasingly more security knowledgeable, according to a new poll by web consultancy Webcredible.

The poll, questioned internet users on what makes them trust a website. They found that 40 per cent of respondents look for the S after http in the URL before committing to an online purchase -- the S indicates that the internet connection is secure and information such as credit card details will be encrypted.

However, the poll also reveals that 28 per cent of respondents stated that dealing with the website of a reputable brand provided the most reassurance when buying online16 per cent confirmed that they judge a website’s security primarily on its professional look and feel.

Trenton Moss, director, Webcredible said: “It’s surprising, but very encouraging, to see that so many online shoppers understand the importance of essential security measures like https. However, it is frightening to see that some internet users will naively put their trust in a website based solely on the way that it looks. Online security is of paramount importance and shoppers need to be clued up on what to look for when visiting ecommerce websites to be sure that their card details and personal information will be safe when they make their purchase.”
See press release

To reference this entry please copy the url in this link: (Permalink)

March 28, 2007 21:22 - We Can All Learn A Lesson From This Security Study

Over half of the UK's Internet users say they are not responsible for their own online security, according to a new Get Safe Online report.

When it comes to online banking, around 17 percent of 2,441 respondents said that the banks should be wholly responsible for Internet security protection and 13 percent say it is up to their Internet service provider.

The government backed initiative also found that more than 12 per cent of people have experienced Internet fraud over the past year with an average loss of £875 each.

In the same period, six per cent of all internet users suffered fraud while shopping online and four per cent were subject to bank account or credit card fraud as a result of online activity.

So, who should be responsible for our Internet security and privacy? Of course you guys who have an interest will agree that, first and foremost, it's up to us individually to ensure our computers have the correct levels of securityinstalled.

However, it's an equal responsibility for web sites to iron-clad the data they hold about us and to ensure their sites are free of malware that could infect our computers... or perhaps you have another point of view?

To reference this entry please copy the url in this link: (Permalink)

February 2007 « 


RSS Feed For This News

Guard Privacy Blog Home | Archives | Guard Privacy... Hot New Topics | Internet Privacy & Security Risks... News! | Spyware & Spyware Blockers... News! | | Guard Privacy From Spyware | Guard privacy With Anonymizers