MySecureCyberspace

Risks with virtual currency in online games are real.

2010-05-19T11:49:00.002-04:00

By M. E. Kabay, Network World, a good summary on the use and misuse of virtual currency in online games. From issues related to financial services laws, to illegal lotteries, to privacy and security issues, there is more than enough to be concerned.
http://www.networkworld.com/newsletters/sec/2010/051710sec1.html?page=2

Virtual Items Gaining Real World Value:
http://www.mysecurecyberspace.com/articles/statistics-trends/virtual-items-gaining-real-world-value.html

Facebook and Privacy are not friends

2010-05-11T11:47:00.002-04:00

A lot of discussion recently about the always changing privacy settings on Facebook.

The graph by Matt McKeon at http://mattmckeon.com/facebook-privacy/ gives a sense of its evolution... a quite alarming trend toward a non-private world of 'friends'. And Kurt Opsahl's Blog presents a brief timeline of Facebook's Terms of Service changes through April of 2010: http://www.eff.org/deeplinks/2010/04/facebook-timeline

The Independent has also a good article on "All the information you didn’t realize you were sharing" http://www.independent.co.uk/news/media/online-privacy-the-information-you-didnrsquot-realize-you-were-sharing-and-how-to-remove-it-1957987.html completed with useful links to help you stay on top of your online privacy.

Read more about Facebook at: http://www.mysecurecyberspace.com/articles/features/facebook-handle-with-care.html

and on social media at: http://www.mysecurecyberspace.com/secure/blogging-homepages-and-social-networking-sites.html

The most challenging home chore: setting up the home network!

2010-05-03T11:53:00.003-04:00

A secure personal network is the first step towards secure computing. But setting, not speaking about securing, a home network is not an easy task.

"The challenge here is that these home networks are maintained by home owners who don't necessarily know a great deal about computer security, nor do they want to." said Jason Hong, an assistant professor in the Human Computer Interaction Institute at Carnegie Mellon University and an expert in the areas of ubiquitous computing and usable privacy and security.

Learn easy steps for how to set up a secure home network, both in a wired setup and in a wireless one: http://www.mysecurecyberspace.com/articles/family-room/setting-up-a-secure-network-at-home.html

Read an interview to prof. Hong about home networks: http://www.cylab.cmu.edu/research/chronicles/2010/hong-2010.html

Non easy finding criminal data on cell phones and game consoles

2010-04-27T11:33:00.005-04:00

By Tim Greene, from Network World

"Non-traditional communications devices such as smartphones and game consoles pose a particular problem to law enforcement agencies trying to milk them for forensic data that reveals criminal activity, attendees were told at the 2010 Computer Forensics Show in New York City. [...] Retrieving SMS messages can depend on the model of phone, the carrier, the time of day, even the country in which the phone is used. SIM cards removed from phones carry potentially useful forensic information, but unless it is associated with a particular phone's PIN, it's inaccessible."

"Game consoles pose a separate problem. They can be used to send e-mail and connect to the Internet but have very little internal memory so whatever is on the drive can be quickly over written and therefore gone forever, he says. "You can take a Wii onto the Internet and it doesn't save sites or browser history," he says. "If you type in a Web address and surf, 10 minutes later there's no record of it."

Read the full article: http://www.networkworld.com/news/2010/042310-fbi-cell-phones-game-consoles.html?source=NWWNLE_nlt_security_strategies_2010-04-27

Read about mobile devices at: http://www.mysecurecyberspace.com/encyclopedia/index/mobile-device.html#msc.encyclopedia.mobiledevice

Read about online gaming and its threats at: http://www.mysecurecyberspace.com/secure/games.html#msc.smc-topic.games

Virus, anti-virus, and apologies

2010-04-23T14:16:00.002-04:00

We users have already so many problems with viruses, trojan horses, adware, spyware, and all this malware around... we don't really need extra headaches because of anti-virus products.

According to CNET: "[Last Thursday]at 6 a.m. PDT Wednesday, the company [McAfee] released a faulty update to its antivirus software that hosed computers running Windows XP with Service Pack 3. The update, a DAT file, misidentified a key Windows file called svchost.exe as a virus, causing PCs to crash or keep rebooting. The problem affected customers worldwide, including chipmaker Intel, Rhode Island hospitals, Kentucky police, University of Michigan's medical school, and an Australian supermarket chain.

In response, McAfee staffers have been working around the clock to help customers get their systems back online, McPherson said. The company believes most impacted PCs are back up."

The story ended well, with patches and everything in the right place. Still, it is just another case of how challenging is for users to stay on top of their computer security.

For more info on malware and anti-virus software, read: https://www.mysecurecyberspace.com/encyclopedia/index/malware.html#msc.encyclopedia.malware

To read the whole story of McAfee's faulty update: http://news.cnet.com/8301-1009_3-20003247-83.html?tag=rtcol;latest

Earth Day: think about green computing!

2010-04-22T15:58:00.001-04:00

These days, the term "green" describe a wide range of earth-conscious efforts aimed at reducing human impact on the environment. You have probably heard of green buildings and green cars, but have you heard of green computing?

Green computing is the use of practices that reduce the environmental impact of computers for both you and the computer manufacturer. The manufacturing of computers, as well as their everyday use, can be hazardous to the environment. They are made of chemicals and materials that cannot be disposed of safely in the environment. Plus, as electronic devices, they require a good amount of energy. One action you can take to help reduce the environmental impact of your old computer is to donate it to a recycling center instead of throwing it out with the trash.

The recycling of old computers raises an important privacy issue....

Read more at: http://www.mysecurecyberspace.com/articles/features/green-computing-and-privacy-issues.html

The Energizer Bunny keeps going and going and… infects PCs with a Trojan Horse!

2010-03-09T09:59:00.002-05:00

According to researchers at US-CERT (United States Computer Emergency Readiness Team), software that accompanies the Energizer DUO USB battery charger contains a Trojan horse that gives hackers total access to a Windows PC. Attackers are able to remotely control a system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user. It seems that only the Windows version had been infected.

At http://www.kb.cert.org/vuls/id/154421 you can read more details about how the software included with the Energizer DUO USB battery charger works, as well as solutions for how to remove it.

To read more about malicious code, visit: http://www.mysecurecyberspace.com/encyclopedia/index/malware.html

Chatroulette

2010-03-02T12:02:00.003-05:00

Chatroulette is the brand new toy to play. As the name suggests, it is a webcam-based chat room where you are randomly coupled with another user, basically a stranger. When you are tired of the person you are talking to (this may happen as soon as you see his face) you stop the conversation and move on -- in chatroulette’s terms, you “next him”. That is it, very simple. Yet, very disturbing.

Legal age for using the site is 16 yrs old, according to the site’s disclaimer. It is superfluous to say that, while chatroulette is reported be funny and quite addictive, is not recommended for children.

If you are a parent or an educator, and you are concerned about the risks of your children using a webcam, read ‘The Dangers of Webcams” at: http://www.mysecurecyberspace.com/articles/family-room/the-dangers-of-webcams.html#msc.article.parents.webcam.

Serious threat to the web in Italy

2010-02-24T15:22:00.004-05:00

First decision in the Italian criminal case against Google executives
(from EDRi-gram newsletter, contribution by Andrea Monti - EDRi-member ALCEI Italy)
==================

Today, 24 February 2010, the Court of Milan made public the decision in the criminal trial against four Google executives, charged of defamation and illegal personal data handling in relationship to the publication on the video sharing platform of a video containing act of bullyism against a person affected by the Down Syndrome.

The legal basis for the charges, following the prosecutor's theory of the case, was that those executives failed to exercise a pre-emptive control over the contents published by Google final users', thus allowing the infringement of the reputation of the concerned person and of an NGO representing Down-Syndrome-affected persons.

The Court acquitted all the defendant from the charges of defamation, while found them liable of the illegal personal data handling charge. The whole sentence (including the legal technicalities that support the decision) will be public within the next 30 days.

The legal oddity of the prosecutor strategy is this:
1 - there is a rule of law that says: to not stop a fact means to cause it,
2 - data protection law requires a prior authorization to be obtained before handling personal data,
3 - a video to be posted online is personal data,
4 - therefore Google executives had to check whether the user who posted the video got the preemptive authorisation from the people of the video, and
5 - by failing to do so, they infringed the data protection law
6 - furthermore, by not controlling in advance they let the video to libel the victim of the violence (this charge has been dismissed.)

The consequence is that under this (odd) interpretation of data protection law, every Internet Service Provider is requested to infringe its user privacy, to do a prior check on the legitimacy of the action performed by the users themselves.

===========
Official Google Blog: http://googleblog.blogspot.com/2010/02/serious-threat-to-web-in-italy.html
===========
Read about free speech on the Internet at: http://www.mysecurecyberspace.com/articles/features/free-speech-and-the-internet.html#msc.article.feature.freespeech

Prisoners harass their victims using Facebook

2010-02-18T12:47:00.002-05:00

From the Time: http://www.time.com/time/business/article/0,8599,1964916,00.html

In UK it has been discovered that when prisoners have access to the Internet, they use for the worst: keep harassing their victims through social media like Facebook. Even when they cannot use a computer, they instruct their friends and relatives to do that for them. Bad stuff.

Cyberbullying her teacher?

2010-02-16T16:45:00.001-05:00

From the New York Times, February 15, 2010: A South Florida teenager who sued her former principal after she was suspended for creating a Facebook page criticizing a teacher can proceed with her lawsuit, a federal judge has ruled.

The student, Katherine Evans, is seeking to have her suspension expunged from her disciplinary record. School officials suspended her for three days, saying she had been “cyberbullying” the teacher, Sarah Phelps. Ms. Evans is also seeking a “nominal fee” for what she argues was a violation of her First Amendment rights, her lawyers said, and payment of her legal fees.

Read more at: http://www.nytimes.com/2010/02/16/education/16student.html?hpw

What Cybersecurity Experts Say

2010-02-15T11:15:00.003-05:00

MySecureCyberspace now offers videos: cybersecurity experts discuss major threats and security trends. Take a look at www.mysecurecyberspace.com

WiFi cyber criminals easily hijack your browser

2010-02-04T11:11:00.005-05:00

Network World reports on the BlackHat talk by security researcher Mike Kershaw in the article "How Wi-Fi Attackers Are Poisoning Web Browsers." Scary stuff!

Next time you use your laptop to connect at the Internet cafe, be sure to use private browsing mode and manually clear the cache when you're done.

Kershaw asks, "Who knows how to clear the browser cache in an iPhone?" [sound of crickets chirping]

Underage! Why children aren't supposed to be on Facebook and other SNS

2010-02-03T10:42:00.009-05:00

Why do social networking sites ask if you are age 13 or older when you create an account? If you are a member of social networking sites, such as Facebook or MySpace, you notice that the magical age of 13 is required in order for you to make a username. You might also notice children who disregard this requirement and create an account anyway, so what is the point?

The simple answer is that the website is complying with a federal law, the Children’s Online Privacy Protection Act (COPPA). COPPA was adopted in the U.S. in 2000 with the purpose of protecting the privacy and safety of children under 13 and to limit how websites market to them. (See the COPPA encyclopedia entry for details, and check out DOPA while you're there.)

Traditionally, children in the U.S. have been taught at a young age about stranger danger that stresses the importance of keeping your name, address and other personal information away from the eyes of people you don’t know. "Don’t talk to strangers" has been the parent’s mantra for decades, but it seems that the social networking scene is complicating this matter. If your child can’t talk to strangers, she can’t interact with other players on Club Penguin, so households have been making some exceptions to the stranger danger rules lately to accommodate fun Internet activities. Yet the fact remains that children are vulnerable. COPPA is one way the U.S. law has put safety measures in place.

Any website, such as Club Penguin, that markets to children online and collects their name and other details, must recognize it’s taking on an important responsibility, gain parental consent and, by law, put careful processes in place to ensure information about children is protected. Sites such as Facebook and MySpace, which are designed for an older audience, comply with COPPA by setting up an age requirement and trying to keep children out.

Children are kept safer when their name, phone number, and other details are kept private. Essentially, if an underage user disregards the age requirement of a social networking site, she is sneaking by boundaries that have been set up to protect her. Quite often, the sneaking isn’t really sneaking at all! Parents, family members and older friends alike, all consent to add the underage user to their friends list, without a thought to reporting the fraudulent account to the website administrator.

It could be said that COPPA is needless regulation. What is the worst that could happen when a child lies about her age or parental consent and signs up for an account anyway? Afterall, advertising and marketing can be seen by children in so many other places, and scary Internet predators could not possibly harm the majority of underage users. Sometimes, nothing life-altering happens to the underage user on Facebook. But it might be more accurate to say, no one notices what happens. It could be the child’s experiences on a social networking site for grown-ups will affect her in ways too difficult to measure or report.

Browser Fingerprinting

2010-01-27T17:02:00.003-05:00

Panopticlick Project

Is it possible to defend against browser fingerprinting?
Browser fingerprinting is quite a powerful method of tracking users around the Internet. There are some defensive measures that can be taken with existing browsers, but none of them are ideal.

<...>

The goal of the project is to measure and study how uniquely identifiable web browsers are. All of the data for the project is collected in an anonymized form which ensures that it is not Personally Identifiable Information, nor otherwise likely to lead to the identification or tracking of any web users.

https://panopticlick.eff.org/self-defense.php

The 3 Facebook Settings Every User Should Check Now

2010-01-26T16:35:00.002-05:00

The 3 Facebook Settings Every User Should Check Now
By SARAH PEREZ of ReadWriteWeb

1. Who Can See The Things You Share (Status Updates, Photo, Videos, etc.)
2. Who Can See Your Personal Info
3. What Google Can See - Keep Your Data Off the Search Engines

http://www.nytimes.com/external/readwriteweb/2010/01/20/20readwriteweb-the-3-facebook-settings-every-user-should-c-29287.html?em

Silence that ringing cellphone with a whack

2010-01-14T09:58:00.001-05:00

From New Scientist Tech:

Help could be on the way for those of us who have fumbled, red-faced to silence a ringing phone in a packed cinema. With the right software installed, it may one day be possible to cut a call by "whacking" the phone in a particular pattern while it's still in your pocket.

The system was developed by Scott Hudson and Chris Harrison at Carnegie Mellon University in Pittsburgh, Pennsylvania, and colleagues at Intel Labs in Seattle, Washington. It should work with any cellphone containing an accelerometer – an increasingly common component that can detect and decode every bump and shake inflicted on the phone.

The team developed a simple vocabulary of "whack gestures" designed to rapidly communicate simple commands such as silencing the phone. To help the device distinguish the gestures from background bumps, each begins and ends with a firm "whack".

Read more: http://www.newscientist.com/article/dn18380-silence-that-ringing-cellphone-with-a-whack.html?DCMP=OTC-rss&nsref=tech

Facebook and Privacy (again)

2010-01-12T11:41:00.002-05:00

Nothing really new, but here an interesting summary of the most recent actions taken by Facebook regarding their privacy settings, as well as some declarations of the Facebook's CEO, Mark Zuckerberg (thanks to NetWorkWorld, by Ian Paul, PC World)

http://www.networkworld.com/news/2010/011110-facebook-ceo-challenges-the-social.html?source=NWWNLE_nlt_security_strategies_2010-01-12

In short: FB thinks that the old "concept" of privacy is over, and it is better if users get used to it! :-)

Teen Cyber Slang

2010-01-12T10:42:00.001-05:00

Test your knowledge on teen slang (British, but likely global)

http://news.bbc.co.uk/2/hi/uk_news/magazine/6179573.stm

What happened to Second Life?

2010-01-07T12:20:00.003-05:00

Well, here is an interesting perspective: http://ialja.blogspot.com/2010/01/second-life-isnt-dead-but-its-niche.html

For those who tried SL and never found really fun there, it may be worth reading.

Web2.0 suicide!

2010-01-05T14:54:00.001-05:00

Facebook blocks 'Web 2.0 Suicide Machine'
'Anti-social media' site says its attempts at virtual euthanasia are being thwarted

(from NetOWrkWorld, BuzzBlog by Paul McNamara)

"Operators of Web site dedicated to those who seek social-media death with dignity say that Facebook is taking a more Hippocratic approach to the idea of killing one's online identities with a few keystrokes. They say the social-networking giant has killed off their access to Facebook.

Called Web 2.0 Suicide Machine, the site's pitch goes like this: "Tired of your Social Network? Liberate your newbie friends with a Web2.0 suicide! This machine lets you delete all your energy-sucking social-networking profiles, kill your fake virtual friends, and completely do away with your Web2.0 alter ego. The machine is just a metaphor for the Website which moddr_ is hosting; the belly of the beast where the web2.0 suicide scripts are maintained. Our service currently runs with Facebook, Myspace, Twitter and LinkedIn! Commit NOW!" "

Read more at: http://www.networkworld.com/community/node/49470?t51hb

New Media in the Classroom

2010-01-04T14:31:00.002-05:00

Whether you are a full-time teacher or part-time instructor, you may be considering how you can bring new technologies into the classroom. From wikis to wii, many interactive tools are available and in use at schools. Edutopia, a website for the George Lucas Educational Foundation, has collected and posted a series of video interviews with some teachers who are willing to share their tips. Watch them here in the piece called How To Use New Media in the Classroom.

And don't miss our Classroom section on MySecureCyberspace for other school activities that educate youth about Internet safety and computer security.

A Cell Phone Guide For Families With Children

2009-12-26T14:54:00.004-05:00

You just bought a new cell phone for your kids... still you feel nervous that there might be risks you did not consider? Do you feel that you need to know more about the cell phone technology? Do you want to know more about how teens use their cell phones? Do you want an impartial guide over the different options and possibilities?

CMU has created a guide for you and all the concerned parents like you: a cell phone guide for families with children.

http://www.mysecurecyberspace.com/articles/family-room/the-cell-phone-guide-for-families-with-children

Italy: The Anopticon project- putting surveillance back in its place

2009-12-16T13:56:00.001-05:00

Nowadays, CCTVs are the practical implementation of the "Panopticon", theorised in 1791 by Jeremy Bentham as the "ideal prison", one that keeps people in place by using their natural fear of being surveilled.

The Anopticon project is a reaction to the huge rise in CCTVs installations in Italian cities. Information on CCTVs - where they are, what they point at, which area is being surveilled - is collected by members of the project and put online, publicly accessible via the "Big Brother Viewer". The project has already concluded that a large part of CCTVs does not provide the "information notice" required by Legislative Decree 196/2003 (which implements the Data Protection Directive in Italy).

The project started in Venice, but it soon spread to other cities including Padova, Foggia, Urbino and Solero (Alessandria). More and more "anopticon groups" are born, to contribute to the Big Brother map. Anyone from anywhere can join in.

The Anopticon project has also launched the "Denounce illegal CCTVs"
campaign: every surveillance device that does not respect Italian data protection law (including the need for an "information notice") will be signalled to the Italian Data Protection Authority, without excluding formal complaints for the more powerful and invasive surveillance systems such as the "Argos" and "Hydra" systems being implemented in Venice which are able to automatically track the movement of boats and people.

The Anopticon project - Big Brother Viewer http://www.tramaci.org/anopticon

Twitter used to be a crappy idea...

2009-12-15T11:18:00.001-05:00

1. There are two ways to get market-fit – both require lean companies.

a) you can either keep on innovating your product until you nail a set of features that users like today, or

b) you can keep your product alive for long enough for the market to change û making your product relevant.

Lesson learned: Keep it lean.

2. “Invest (your time/money) in products that you enjoy , and with people you like to hang with”. (quote Martin Varsavsky at SeedSummit)

Lesson learned: Build cool stuff with awesome people (both staff and investors) because you are likely to be stuck with them for a while.

3. Your timing is as important as your product - and people really dont know what will work a few years in the future.

Lesson learned: Don’t worry that much about what the blogs say about your newly launched product - they are probably wrong and things online can change very rapidly.

http://blog.hellohenrik.com/?p=471

Facebook privacy setting and 10 privacy settings every FB users should know

2009-12-11T10:53:00.003-05:00

With over than 350 million users, it was about time for Facebook to reconsider its privacy settings... The new privacy feature seems to give users have more control over specific pieces of datain their profiles.
https://register.facebook.com/editaccount.php?settings

10 Privacy Settings Every Facebook User Should Know:
http://www.allfacebook.com/2009/02/facebook-privacy/

The hidden cost of identity theft

2009-12-07T12:21:00.001-05:00

"The identities of an estimated 9.1 million Americans have been stolen by thieves lifting personal information off the Internet or through other means, according to a 2008 survey conducted by Javelin Strategy & Research, a financial services research firm."

Read more at: http://www.cnn.com/2009/TECH/12/07/identity.theft.costs/index.html

Block bullying online: an international approach

2009-12-02T12:22:00.003-05:00

Cyberbullying is really a global problem, not just here in the US. Watch this video created by the Europe's Information Society: http://www.keepcontrol.eu/

Cyber Monday and holiday shopping guidelines

2009-11-24T14:22:00.002-05:00

Cyber shoppers: do not under estimate the risks when shopping online. Take a look at MySecureCyberspace Online Shopper's Holiday Guide to Security Practices before you start your shopping. A few guidelines to keep in mind is enough to shop in safety and enjoy the season!

Guidelines: http://www.mysecurecyberspace.com/articles/features/an-online-shoppers-holiday-guide-to-security-practices.html

Cyber Monday: http://www.mysecurecyberspace.com/articles/features/cyber-monday.html

the history of the Internet

2009-11-19T16:42:00.003-05:00

The history of Internet is available on many sites and presentations, but this one is one of the best, concise and complete at the same time.

http://sixrevisions.com/resources/the-history-of-the-internet-in-a-nutshell/

Follow Us on Twitter for a Word a Day

2009-11-16T13:50:00.004-05:00

The Cyber Word of the Day today is AAA Protocol, which you'd know already if you saw us on Twitter. AAA Protocol involves the three elements necessary to insure privacy and security of online information (learn more).

You can brush up on your Internet vocabulary easily by following MySecureCyberspace on Twitter. Search for MySecureCyber on Twitter and click Follow.

Spammed by Facebook games?

2009-11-10T11:46:00.002-05:00

Interested in growing vegetables in farmville? Or playing mafioso in Mafia Wars? Well, those FB games come for free, but read about what can happens... suspected Internet scams: http://www.time.com/time/business/article/0,8599,1935698,00.html

Google Dashboard

2009-11-05T13:14:00.002-05:00

If you use Google, you imagine that they know a lot about you. Your preferences, your interests, which services and products you use...

Now it is Google itself that lets us know what they know about us. Google Dashboard, available at http://googlesystem.blogspot.com/2009/11/google-dashboard.html. Very interesting. Something to try.

Cloud Computing: you have done it too.

2009-11-04T14:49:00.003-05:00

A trip on the clouds: a simple-to-understand article by John Sutter on cloud computing. Read how this new concept applies already to most of our everyday's life of cyber users... whenever you post pictures online, or send email, or save documents on online servers. The point is: can we really trust those "clouds"?

http://www.cnn.com/2009/TECH/11/04/cloud.computing.hunt/index.html

Who is most at risk online?

2009-10-20T12:24:00.002-04:00

A good study from GetSafeOnline.org about the demographics of the users most at risk. You may think it is the seniors, tipically saying that they are not the digital generation, instead it is the young users. Even tough young users are certainly competenent and expert in pretty much all the online actvities, they still underestimate the risks...

http://www.getsafeonlineblog.org/whos-most-at-risk-online

Windows 7: 10 things you need to know

2009-10-20T12:11:00.002-04:00

10 things you need to know about Windows7.

Good advices from NetWorkWorld.

http://www.networkworld.com/news/2009/101909-windows7.html?t51hb

Young Guns

2009-09-24T15:22:00.005-04:00

Kids these days think they know everything... well, in some cases that's not too far from the truth.

The British secret intelligence agency MI5 recruited some cyber-savvy teenagers into its ranks in the latest actions by a government to shore up defense of information networks.

According to a report, British Security Minister Evans has revealed that over 1,000 hits were made on computers in Whitehall (the Parliament district of London) during the summer.

The new teen crime fighters signed an agreement to keep their on-the-job activities confidential... even from their parents. So, Mom & Dad, if your teenager is spending late nights online, protecting national security *could* be a valid excuse, but it's still ok--and recommended--that you keep tabs on your teen's online activities.

See MySecureCyberspace recommendations on parental monitoring tools.

A little bit of drama... how the Internet will die?

2009-09-15T12:38:00.001-04:00

Five End Game Scenarios - How the INTERNET Will Die
Theories on how the Internet will end and one where it lives forever!

(from NetworkWorld, by Jamey Heary http://www.networkworld.com/community/node/45157?t51hb )

MySecureCyberspace: The state of cybercrime:today's real cybercriminals

2009-09-11T11:45:00.000-04:00

MySecureCyberspace: The state of cybercrime:today's real cybercriminals

The state of cybercrime:today's real cybercriminals

2009-09-11T11:41:00.002-04:00

From SearchSecurity.com, sponsored by TippingPoint, a useful videocast on the new threats and trends on emerging online frauds, as well as effective "neighbor watch" ideas:

http://searchsecurity.bitpipe.com/detail/RES/1251485105_218.html&li=232743?asrc=EM_PWC_9178644&uid=3838777

An Idea to End Spam! ... But It'll Cost You

2009-08-13T16:05:00.002-04:00

Researchers at Yahoo are testing out the idea of applying one-cent "postage" to email. Before you think they're out for a profit, consider this: all collected fees would go to charity. The thought is that even a small charge for sending an email would make spamming cost-prohibitive, and thus put a stop to the widespread problem.

Read the article and think about where you stand. After having email readily available for free for so long, penny-pinchers might bulk at the idea of paying even a small fee, especially while spam filters are doing an adequate job of fighting spam already.

Social Media Hacker May Have Used DoS Attack

2009-08-07T10:24:00.003-04:00

Millions of users became suddenly aware that the popular social media sites, Twitter and Facebook, were down on Thursday. The companies believe a hacker launched a denial-of-service attack against the sites.

Denial of service (DoS) attacks interfere with a computer system by sending more Internet traffic to it than it can handle. This causes an interruption of the services provided by the system (as defined in the MSC Encyclopedia of Risks and Threats).

The attacks are a reminder that no web site or Internet service is impenetrable from cyber threats. On a lighter note, some users may have reawakened to the notion of enjoying a day without a constant stream of tweets and status updates.

Interview: Information Security Education and Cyberawareness

2009-07-30T11:43:00.002-04:00

Q&A with Dena Haritos Tsamitis is an interview from CyLab Chronicles that touches on a variety of education and outreach topics in information security and Internet safety.

"Information security is just as important, if not more, than it has been. Companies and organizations may need to make cutbacks, but they are avoiding those cutbacks in information security and may even be reinforcing their efforts in that area. Nothing illustrates the importance of information security better than the current activities of our federal government to establish a cyber command within the military and the appointment of a cyber coordinator with access to the Oval Office," said Tsamitis, director of the Information Networking Institute and director of education, training and outreach at Carnegie Mellon CyLab.

Tsamitis comments on graduate programs in information security, the federally-funded Information Assurance Capacity Building Program for minority-serving faculty, and trends in information security education and cyberawareness. Read the interview.

Two-Thirds of Global Internet Users Access Social Networking Sites

2009-07-09T17:12:00.002-04:00

According to a study conducted by comScore, Inc., a leader in measuring the digital world, Russia has the world’s most engaged social networking audience, with visitors spending 6.6 hours and viewing 1,307 pages per visitor per month. Wow!

"Of the 1.1 billion people age 15 and older worldwide who accessed the Internet from a home or work location in May 2009, 734.2 million visited at least one social networking site during the month, representing a penetration of 65% of the worldwide Internet audience," comScore's press release says . The rest of the Top 10 countries in May were Brazil (6.3 hrs), Canada (5.6), Puerto Rico (5.3), Spain (5.3), Finland (4.7), UK (4.6), Germany (4.5), US (4.2), and Colombia (4.1).

Russia's Top 3 social network sites were Vkontakte.ru (18.9 million people or 45% of Russia's Net users), Odnoklassniki.ru (24%), and Mail.Ru-My World (20%). Facebook (2%) and MySpace Sites (1%) were 7th and 9th place, respectively.

http://www.comscore.com/Press_Events/Press_Releases/2009/7/Russia_has_World_s_Most_Engaged_Social_Networking_Audience

Xbox 360 Meets Facebook, Twitter

2009-07-02T08:37:00.002-04:00

This coming fall gamers will enjoy a new program from Microsoft Corporation: an integration of Xbox 360® with Facebook and Twitter! Xbox 360® users will be able to post their statuses, view pictures, check friend updates, and post snapshots from the games directly to their profiles.

And the creator is... a graduate from Carnegie Mellon!

Sexting is increasing

2009-06-26T10:51:00.001-04:00

Sexting (meaning sending naked pictures through mobile phones) is a wide and increasing phenomenon among teens: one out of 5 admit to do it!

http://www.cnn.com/video/#/video/living/2009/06/25/pn.sexting.survey.hln

Iranian Internet Traffic Engineering

2009-06-19T09:33:00.002-04:00

Very interesting graphs on Iranian Internet traffic through Iran’s six upstream providers (ARBOR Networks, by Craig Labovitz) are available at: http://asert.arbornetworks.com/2009/06/iranian-traffic-engineering/

Looking for health information

2009-06-18T13:43:00.002-04:00

According to a recent Pew Study, 61% of American adults look online for medical help.

From their summary of findings: " Half of all online health inquiries (52%) are on behalf of someone other than the person typing in the search terms. And two-thirds of e-patients talk with someone else about what they find online, most often a friend or spouse. The survey question did not specify whether these conversations take place face to face, over the phone or online, but it is clear that the pursuit of health information does not happen in a social vacuum."

and also:

"Despite the increasing popularity of social-network websites and status-update services, few people are using them to gather and share health information.

■ 39% of e-patients use a social-networking site like MySpace and Facebook and, of those, only a small portion have followed their friends' personal health experiences or updates, posted their own health-related comments, gotten any health information or joined a health-related group.
■ 12% of e-patients use Twitter or another service to share updates about themselves or to see updates about others, and of those, few have posted comments, queries or information about health or medical matters."

http://pewresearch.org/pubs/1248/americans-look-online-for-health-info

Is anybody still on MySpace?

2009-06-16T15:35:00.002-04:00

Facebook is catching up MySpace in terms of number of profiles... Interesting informal survey of the NYT about those accounts, to see if and how MySpace users are still happy there.

http://bits.blogs.nytimes.com/2009/05/04/do-you-know-anyone-still-on-myspace/

How CAPTCHA works

2009-06-16T14:40:00.004-04:00

Ever wonder why you are asked sometimes to enter those strange, fuzzy words in a web form? Luis von Ahn, from Carnegie Mellon University, explains how CAPTCHA works. An educational, yet entertaining presentation! (from the Computing Research that Changed the World Symposium, http://www.cra.org/ccc/locsymposium)
http://youtube.com/watch?v=Aszl5avDtek&feature=channel_page

The Web’s Most Dangerous Search Terms

2009-06-11T14:02:00.003-04:00

A study performed by McCafee research explains how (and which) key words, entered on web search engines, are then used by cyber criminals to find their victims. According to this report, screensaver is the most dangerous keyword, followed by many that include the word 'free'. A worthy reading.

Wordnik: more than a dictionary

2009-06-10T10:24:00.002-04:00

"An ongoing project devoted to discovering all the words and everything about them."
More than a dictionary online, an aggregator, interesting!

http://www.wordnik.com

TWitter gets targeted again by worm-like phishing attack

2009-05-28T11:00:00.002-04:00

TwitterCut Web site harvested account details but now claims it had no intention of phishing people
By Jeremy Kirk , IDG News Service , 05/27/2009

Twitter users have been tricked into divulging their login and password details to a Web site that then spammed their contacts.

The culprit is a Web site called TwitterCut. Some Twitter users began getting a message that appeared to be from one of their friends and included a link to the TwitterCut Web site. The message implied they could gain more Twitter contacts by following the link.

Read more: http://www.networkworld.com/news/2009/052709-twitter-gets-targeted-again-by.html?page=1

Is Facebook for old people?

2009-05-26T15:48:00.002-04:00

An interesting case study to read about teens and old folks together on Facebook, as well as some questions about what are the implications on their economics and ratial differences:
http://www.zephoria.org/thoughts/archives/2009/05/18/is_facebook_for.html

(by zephoria)

Virtual memorials and web account funeral homes....

2009-05-20T14:06:00.001-04:00

New services promise online life after death
By Mallory Simon, CNN http://www.cnn.com/2009/TECH/05/18/death.online/index.html

New services are helping people organize their digital assets after their death
Customers can designate loved ones to access their posthumous online accounts
Legacy Locker allows users to set up a kind of online will, with beneficiaries
Eternal Space lets loved ones create customized online grave sites

Six ways to protect your privacy on Google

2009-05-12T11:31:00.001-04:00

Concerned that Google knows too much about you? The company provides many ways to protect your privacy online -- you just need to find them. Here are six good ones.
By Robert L. Mitchell , Computerworld , 05/11/2009

http://www.networkworld.com/news/2009/051109-6-ways-to-protect-your.html?nlhtsecstrat=rn_051209&nladname=051209securitystrategiesal

Hoax on Wikipedia

2009-05-08T16:29:00.001-04:00

A sociology student placed a fake quote on Wikipedia, only to see it show up in prominent newspapers, revealing that a lot of the press doesn't go much further than most 'Net users when it comes to researching a story. By John Timmer

http://arstechnica.com/media/news/2009/05/wikipedia-hoax-reveals-limits-of-journalists-research.ars

Location-sharing Applications

2009-05-01T15:10:00.003-04:00

A new trend in mobile applications broadcasts the location of users.

Developed by researchers at Carnegie Mellon, the project Locaccino will reveal people’s privacy preferences in the context of a location-sharing application and what it takes to adequately capture them.

Read the article : http://www.mysecurecyberspace.com/articles/features/location-sharing-applications.html

Malware Art Forms

2009-04-30T15:46:00.003-04:00

Alex Dragulescu created a series of visualization of worms, viruses, trojans and spyware code, which end up to be great art pieces!

As his web site says, "For each piece of disassembled code, API calls, memory addresses and subroutines are tracked and analyzed. Their frequency, density and grouping are mapped to the inputs of an algorithm that grows a virtual 3D entity. Therefore the patterns and rhythms found in the data drive the configuration of the artificial organism."

It is worth a look: http://www.sq.ro/malwarez.php

New interesting articles on mysecurecyberspace.com

2009-04-24T15:59:00.002-04:00

A few new articles on our portal!

- Distributed Social Networks -- Imagine the simplicity of a single login to access all your online profiles and accounts.
http://www.mysecurecyberspace.com/articles/features/distributed-social-networks.html#msc.article.feature.distributed_sns

- An insight of Facebook new privacy policy-- What Facebook could know about you, and why you should care.
http://www.mysecurecyberspace.com/articles/features/what-facebook-collects-and-shares.html

- Group Cyberbullying -- if cyberbullying alone was not a concern enough... read about what the combined efforts of several cyberbullies against a victim can become a frightening situation.
http://www.mysecurecyberspace.com/articles/classroom/group-cyberbullying.html

Twitter again: 12 useful (?) tools

2009-04-23T11:19:00.003-04:00

This Twitter phenomenon runs so fast that is tought to stay behind it!
If you are interested in twelve apparently useful tools to get the best of Twitter, here is a nice educational slide show:
http://www.networkworld.com/slideshows/2008/060208-top-twitter-tools.html#slide1

Twitter: 6 things that could ruin it (and 5 that won't)

2009-04-23T11:13:00.002-04:00

Twitter is getting more and more attention these days. Read a prediction of six things that can change it for the worst, and others that won't probably have an impact (By Mike Elgan, networkworld:
http://www.networkworld.com/news/2009/042009-6-things-that-could-ruin.html?page=1)

Top social media for marketers

2009-04-21T10:59:00.002-04:00

According to a social media marketing industry report by Michael Stelzner, marketers are using social media to grow their businesses... http://www.whitepapersource.com/socialmediamarketing/report/

Not really a surprising result, still something to think about when you are asked all those apparently silly questions in Facebook quizzes...

10 Worst Moments in Network Security

2009-04-02T16:14:00.002-04:00

Events that shock sensibilities and shaped the future. A slide show on NetworkWorld, by Ellen Messner.

http://www.networkworld.com/slideshows/2008/031108-worst-moments-in-net-security.html#slide1

Conficker.C: a real worm, not a joke, on April Fool Day

2009-03-31T21:08:00.002-04:00

Conficker.C : expected to be a Mysterious and Potentially Damaging Variant of the Conficker Worm.

The week of April 1st marks the time that Conficker.C starts its malicious actions but the damage that it will cause remains to be a mistery to security researchers.

Read description and potential damages at: www.spyware-techie.com

Password Security Tools

2009-03-26T15:26:00.005-04:00

So many places on the Web prompt you for a password these days, not to mention the password-protected resources in your local network that you might have to deal with daily at your job. Best practices dictate that you need a unique password for each one of these, which just about makes it impossible to keep them all straight, unless you have an exceptional memory. Luckily, for every application-based problem, there seems to be an application-based solution. Hooray password management software.

Four programs that will help you manage your passwords are featured in "Pin Down Your Password," by Lindsay Holloway for Entrepreneur Magazine. Programs serve the needs of a variety of users, from those travelers who use different computers to those business owners who want to enforce the password policy across their company.

For an overview of password security tools, see the listing in MSC's Encyclopedia of Risks and Threats. You can also review the basics of creating a strong password there.

The aging Internet: users older, more social

2009-03-18T15:50:00.000-04:00

The misconception that the Internet is mainly used by youngsters has been floating around for quite some time now. In fact, the vast majority of Americans who use a computer also use the Internet, and only two percent of computer users do not go online in the United States. In 2009, the average age of the Internet user is almost 37 years.
The amount of time Internet users are spending online has risen to 14 hours per week. These users are not just accessing information, online tools and games, but also contributing to online content and joining in social networking. Almost 44 percent of users share their thoughts and files in the online world. Almost 22 percent have uploaded some photographs online, and seven percent have webcams that allow others to view live pictures of their life. More than 11 percent of Internet users maintain blogs, and almost 40 percent of the people read others blogs. In a March 2009 report by Nielsen, social networking and blogging surpassed email among popular Internet activities.
Many Web analysts are finding that the growing demographic of Internet users over 35 are gravitating to social networking and e-purchasing services. Although youth-oriented sites such as Xanga and Friendster remain popular among the younger generations, comScore.com has shown a major increase in the number of adults to popular social networking sites, such as MySpace, which supports more than 300 million accounts with 110 million monthly active users. Almost 40 percent of the users of social networking sites belong to the 35 and over age group.
Image source:Compete
Quick Facts on Social Networking
Facebook: Over 150 million people around the world are now actively using Facebook and almost half of them are using it every day. This includes people in every continent, even Antarctica. If Facebook were a country, it would be the eighth most populated in the world, just ahead of Japan, Russia and Nigeria. Facebook is used in more than 35 different languages and 170 countries and territories (Mark Zuckerberg, Jan 7, 2009). Facebook reports 45 percent of its U.S. audience is now 26 or older, the fastest growing demographic (Inside Facebook, Feb 15, 2009).
Hi5: Hi5 has introduced a gaming component and reports 60 million users. (VentureBeat, Feb 5, 2009)
MySpace: MySpace has 76 million members in the U.S., with a U.S. growth rate of 0.8 percent per month (Comscore via Techncrunch, Jan 13, 2009). A MySpace user averages almost four and a half hours on the site every month, a five percent increase over last month and a 31 percent increase year over year. Users spend nearly 100 minutes more per visitor than the closest competitor, according to MySpace (Social Media Bible, Feb, 2009).
Twitter: According to Compete, the growth rate for Twitter was 752 percent, for a total of 4.43 million unique visitors in December 2008. In the start of 2008, Twitter had only around 500,000 unique monthly visitors (Mashable, Jan 9, 2009).
Xing: Xing has 6.5 million users, many of whom have paid accounts.
Links
Secure My Cyberspace: Blogging, Homepages, and Social Networking Sites
Table Showing Social Networking Growth by Worldwide Region (Comscore)
World Map: Social Networks Popularity

References
Compete
ComScore
Content Creation Online (Pew Internet and American Life Project)
Mashable
More Adults Logging on the Social Networking Sites (Red Orbit)
Nielsen Social Networking Statistics (Technology Blog)
Social Media Bible
VentureBeat

Are Facebook applications safe?

2009-03-18T15:48:00.001-04:00

Before taking a quiz or sending a virtual gift, are there security issues you should be concerned about?

On Facebook, one of the world's top social networking sites, third-party applications are the simple widgets that are adding flare to friends' profiles. Once a user allows them to be installed, these mini programs show up on the profile as small icons or boxes that look playful, add personality, or perform a small task. With promotions such as send your pal a gift… take a quiz to find out which movie star is most like you... wave a flag for your favorite sports team… promote your favorite charity… post your favorite bands and songs, these applications can be hard to resist as they spread from friend to friend.
Facebook adopted open innovation in 2007 by releasing Facebook Platform for application developers. Since then, thousands of third-party applications on Facebook have become available. But, are these applications all just fun and games, or are you putting your privacy and computer security at risk?
A warning displays to users before they install any third-party application, saying "The third party may be able to access your information" (example below). So, the user can make a decision if he/she wants to install it or not. However, the appearance of this warning is a standard procedure and does not indicate one way or another whether the particular application you are installing is reputable.
Generally intended to be harmless, Facebook third-party applications do give rise to several security risks. The list below describes some cyber threats related to third-party applications, some which have occurred already and others which have the potential to occur:
Leaking private information: The privacy policy of Facebook discloses that these applications give third parties and business operations access to the profile information of users. Many users post personal information that could be used to identify them, including the day and year of their birthday, gender, location, and their full name. Offering some assurance, Facebook does investigate these applications before making them available, but a possibility always exists that the identifying information of the users could slip by this defense.
For example, in 2008, it was discovered that an application called "Top Friends " could be exploited by someone with some technical knowledge to access identifying information, such as birthdays and gender, of other users, as well as to leak the information to friends using this application. In response, Facebook removed the application and asked the developer to correct the problem. (Read more about keeping personal information off social networking sites.)
Joining (unknowingly) denial-of-service attacks: A team of researchers, affiliated with the Greece-based Institute of Computer Science, have built a malicious Facebook program as an experiment to demonstrate the possible dangers of social networking applications. In this experiment, a seemingly harmless application actually enlists users unknowingly in a denial-of-service attack against a targeted Web site. This application, called "Photo of the Day," offers to display a new National Geographic photo daily on the users profile. Occurring undetected in the background, every time the photo is clicked, the application sends a request to a victim's Web site for three large images. Any application that enlists enough users will disable the victim's Web site in a denial-of-service attack, in which the Web site becomes flooded with more requests for data than it can handle. (Read more on how cyber criminals could enlist you.)
Installing adware and/or spyware: In 2008, Facebook banned the application "Secret Crush " when it was discovered that it installed malware that posts advertisements on users' screens, known as adware, developed by an unscrupulous company called Zango. The application also used the social networking aspect of Facebook to spread itself to a maximum number of users. (Read more about protecting your computer from spyware.)
Other possibilities: Third-party applications lend themselves to the possibility of other potential attacks, such as the following examples:
An application that sends JavaScript and HTTP requests in order to identify a host's open ports through which someone could install malicious programs on the user machine
An application that delivers a malicious link in order to infect a Web site with malware
An application could access user profile information and post it to a remote server to be later used for nefarious attacks
Aside from resisting the urge to install third-party applications or simply avoiding the popular social networking site altogether, a user can actively take some precautions:
1.) Do not post personal information, such as your age, address, or telephone number, and certainly not any sensitive information, such as a bank account number or social security number, anywhere on your profile. It is safer to use the "send message" option in Facebook rather than to post information in your profile, on your wall, or on your friend's wall.
2.) Make full use of the privacy settings offered by Facebook. From the top navigation bar, go to Settings, and then Privacy Settings, and go through all of the options to ensure you reveal the least amount of information as possible. Select "Friends Only" access so that you restrict strangers completely from being able to view your information.
3.) Verify a friend's identity before accepting a friend request from a person you think you know. You can do this by either asking the person verbally or visiting the profile to check the details of the person. Otherwise, you risk giving somebody using a fake or malicious account access to your profile.
Finally, you can take steps to protect others by joining the Facebook user forums under "Help" to discuss your insights or seek answers to your own questions. If you suspect your information has been leaked or misused, contact Facebook and report your findings. If a third-party application is discovered to be malicious, you will not be the only victim. It is within your power to report suspicious activity, and by doing so, you will likely be helping others.

References
Facebook Aims to Socialize All Online Services (Business Week)
Facebook Removes Top Friends Application (The Standard)
Facebook:Threats to Privacy , Harvey Jones and Jose Hiram Soltren (PDF)
Researchers Create Zombie Army (Wired)
Widespread Facebook Application Installs Adware (Sophos)

Facebook Lets Members Make Profile Elements Wide Open

2009-03-17T11:44:00.001-04:00

http://www.pcworld.com/businesscenter/article/161340/facebook_lets_members_make_profile_elements_wide_open.html

Juan Carlos Perez, IDG News Service

Monday, March 16, 2009 3:30 PM PDT
Facebook on Monday made it possible for members to lift privacy access controls from certain elements of their profiles, so that anyone on the social-networking site can see them.
With the announcement, Facebook is following through on an announcement made earlier this month in which it said that a number of members had requested this new capability.
Now, members will find the option of opening up to "everyone" their profile page and specific content types like status updates, links, Wall posts, photos and videos.
This will let anyone on Facebook view the elements that have an "everyone" privacy setting without having to be friends or share a common network with the person who is broadly exposing that content.
"This is an additional setting for those of you who wish to share with a broader audience," wrote Facebook engineer Mark Slee in a blog posting.
This new access option is part of a larger effort by Facebook to blur and eventually dissolve the lines between personal profiles and its Pages marketing service.
Pages, which companies and public figures set up to promote themselves publicly on Facebook, will become more dynamic by focusing on interactions from their "fans," in a similar way in which interactions between members and their friends take center stage in personal profiles.
Meanwhile, the personal profiles are now changing so that they can be made more broadly available, more public like Pages, allowing members to share potentially with all 175 million Facebook members, not just with their friends or others in their geographic or school networks.
This is an interesting evolution for Facebook, which for years stressed its very granular privacy options as a source of differentiation from other social-networking sites with less strict access controls. It is, however, a move by Facebook to catch up with the latest Twitter craze, which has made it clear that there is a sizable market for people who want to broadcast inane updates on their lives to anyone who cares to read them.

Ponzi scheme and other fraudolent schemes...

2009-03-11T09:57:00.004-04:00

A simple explanation of how Ponzi scheme works for spam, and other online frauds:
http://www.mysecurecyberspace.com/articles/statistics-trends/pyramid-schemes-and-other-frauds.html

Are You a Private Person? Better Double Check on That

2009-03-09T14:34:00.002-04:00

If law enforcement suddenly became interested in the data on your home computer, would you know your rights? Did you know the government can swiftly locate you, if necessary, via your cell phone? If you ever needed to keep a low profile, would it even be possible?

The notion of what type of data is considered private could possibly vary for every individual, but the laws and technology that control who and who can't access your personal data are pretty well laid out. Now... whether you have the gumption to learn the laws and technology is another matter; however, you should know that the people at Electronic Frontier Foundation have just made it a little easier for you to educate yourself. EFF recently launched the website Surveillance Self-Defense at https://ssd.eff.org/ with the purpose of giving simple answers to two basic questions: What can the government legally do to spy on your computer data and communications? And what can you legally do to protect yourself against such spying?

While your computing activities may never be of interest to national security, you still might find some helpful how-tos on this site. At the very least, the site's easy-to-digest content will fill you in on current technologies that put your privacy at risk.

Also, see Privacy Tools on MSC.

BEWARE: Conficker Worm !!

2009-03-07T01:15:00.002-05:00

The IT giant Microsoft is offering quarter million dollars to the arrest and conviction of the unleashers of Conflicker worm.
Conficker is a worm whose origin is not yet known. But this worm targets Microsoft operating systems and exploits vulnerability in them. When executed on a computer, Conficker disables a number of system services such as Windows Automatic Update, Windows Security Center, Windows Defender and Windows Error Reporting.

Scientists predict that spreading of this worm is an invitation to some major attack over entire internet in the future. Washington Post

Additional information can be found at following sources:
1] Symantec Website
Read about the precautions, detection and removal: HERE

Computer Security Handbook --fifth edition

2009-03-05T11:39:00.002-05:00

Edited by Seymour Bosworth, M.E. Kabay, Eric Whyne, a comprehensive view of the information assurance field. Here are the book sections to get a sense of the content:

Part I: Foundations of Computer Security
Part II: Threats and Vulnerabilities
Part III: Prevention: Technical Defenses
Part IV: Prevention: Human Factors
Part V: Detecting Security Breaches
Part VI: Response and Remediation
Part VII: Management’s Role in Security
Part VIII: Public Policy and Other Considerations

http://www.mekabay.com/overviews/csh5_fm.pdf

Smurfing anyone?

2009-03-04T16:05:00.002-05:00

If you are wondering what 'smurfing' means, read its definition and description at:
http://www.mysecurecyberspace.com/encyclopedia/index/smurfing.html#msc.encyclopedia.smurfing

Social Networking's False Sense of Security

2009-03-03T10:07:00.004-05:00

You're surrounded by friends on Facebook, so what's to fear--right? Not so fast! According to an article by Jr Raphael for PC World (02/27/2009), phishing, fraud and other scams are commonly taking place on such social networking sites and are even on the rise. With access to your personal details and your friends list, criminals have plenty of information at their fingertips to help them make these scams pretty easy for you to fall for.

So, if you think you're pretty good at spotting an Internet scam, check out the real-life stories in this article--and think again: 5 Facebook Scams: Protect Your Profile.

Stimulus bill for HIPAA and need for such bills in Information Technology

2009-03-02T12:12:00.007-05:00

The stimulus bill for HIPAA recently passed US government aims to modify the rules for HIPAA dramatically. The bill emphasizes following task for securing patient data:

* Citizens will have the right to monitor and control use of their own health data.

* They can audit the use of their data and payment history which means that they will have access to the databases in which their data is stored.

COMMENT: This, however, increases the responsibility on the Hospitals and other Health Organizations to secure the data from unauthorized access. The access control policies will have to be extremely stringent in order to prevent any un-authorized acess to the data or misrepresentation of the data.

* Health organizations suffering loss of more than 500 patient records must publicly disclose the breach, starting with postings on the government's Health and Human Services website. This allows related organizations to trace the impact of the breach throughout the healthcare network, but care must be taken not to disclose vulnerabilities in the system to intruders.

SCOPE of such laws:

Data Integrity and Security issues have been around for many years. Data Theft has been occuring in different verticals of the industry like Banking, Finance, Government and so on. Citizen's data is at threat in these various industries. It is necessary to have such bills passed for these other industry verticals so that citizens can have full control over their information irrespective of the industry vertical.

Reference:
[1] Security News:

[2] MySecureCyberSpace: HIPAA

Facebook now opens up its Privacy Policy for Debate and Vote

2009-02-27T14:54:00.004-05:00

Facebook's privacy policy has recently been under scrutiny of its users. Reciprocating to the users demands, Facebook has planned to adopt an "Open" and "Transparent" strategy for its privacy policy settings, according to the Facebook chief Mark Zuckerberg. It is a community-driven process for governing Facebook.

The idea is to put the Facebook Privacy Policy agreement with users, open for debate and comments. A forum discussing the changes in privacy policy will be open to all of its users. Facebook will respond to the sustaining the changes or removing them based on the feedback from the users. If there are more controversies then, Facebook will discard a change made in the agreement else honor the users opinion and sustain the change.

Zuckerberg also made it clear that the new governance applied only to fundamental issues of privacy and data ownership, and not the Facebook product itself: "There will be hundreds and thousands of product changes going forward, and that's not what we're talking about. This is about the rules and framework."

More can be found on this at following URL:
Cnet News

Cell phone and PDA security guidelines

2009-02-24T11:27:00.004-05:00

From the Computer Security Division of the Information Technology Laboratory at the National Institute of Standards and Technology (NIST), a useful guide with recommendations for protecting sensitive information carried on cell phones and PDAs.

It is important to protect sensitive information on mobile devices because they are prone to many vulnerabilities, for example:
- devices are small and easily lost or stolen, and few of them have effective access controls or encryption;
- devices can get infected by malware;
- devices can receive spam;
- their wireless communications can be intercepted, and spyware can channel confidential information out of the organization;
- their location-tracking systems allow for inference;
- the email kept on servers as a convenience for cell-phone/PDA users may be vulnerable to server vulnerabilities.

The whole document is available at: http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf

Interesting comments by Mich Kabay at: http://www.networkworld.com/newsletters/sec/2009/022309sec1.html?page=1

Facebookers: think before you post!

2009-02-18T14:57:00.003-05:00

From ComputerWorld: Are Facebook's outraged users getting a wake-up call?
Facebook backs off TOS changes but analysts hope lesson is: Think before you post

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9128169

Undercover in a Kid's Online World

2009-02-13T09:42:00.002-05:00

"What one mom learned in her journey through kiddie cyberspace — and what every concerned parent needs to know": http://www.goodhousekeeping.com/family/activities/undercover-club-penguin-3

Very interesting report, I suggest every parent with kids between 6-12 to read it. When I tried the Club Penguin myself a while ago, I actually had a very similar experience. I saw a few positive/curious factors (but really, just a few) and had many "let-me-think-about" moments. I particularly agree with Sharon's point of "Kids Can Become Virtual Materialists". That aspect was really what bothered me the most.

Top 25 software screw-ups

2009-02-12T12:25:00.002-05:00

Top 25 software screw-ups
SQL injection, cross-site scripting among worst software-programming errors
By Ellen Messmer , Network World , 01/12/2009

Most IT security woes, from software patching to cyberespionage and cybercrime, can be traced to the devastating effects wrought by the Top 25 programming errors made in software, according to a broad consensus of government and security firms.
These programming errors include improper input validation, improper encoding or escaping of output, failure to preserve SQL query structure (SQL injection), and failure to preserve Web page structure (cross-site scripting). These are among the worst of the worst in the list of the Top 25, published Monday by MITRE Corp. and The SANS Institute, participants in what's called the Common Weakness Enumeration (CWE) project organized by the U.S. Department of Homeland Security's National Cybersecurity Division.

Software security: The Top 25 programming errors
1. Improper input validation
2. Improper encoding or escaping of output
3. Failure to preserve SQL query structure (SQL injection)
4. Failure to preserve Web page structure (cross-site scripting)
5. Failure to preserve operating system command structure (OS command injection)
6. Cleartext transmission of sensitive information
7. Cross-site request forgery
8. Race condition
9. Error message information leak
10. Failure to constrain operations within the bounds of a memory buffer
11. External control of critical state data
12. External control of file name or path
13. Untrusted search path
14. Failure to control generation of code (code injection)
15. Download of code without integrity check
16. Improper resource shutdown or release
17. Improper initialization
18. Incorrect calculation
19. Porous defenses
20. Use of a broken or risky cryptographic algorithm
21. Hard-coded password
22. Insecure permission assignment for critical resource
23. Use of insufficiently random values
24. Execution with unnecessary privileges
25. Client-side enforcement of server-side security

For in-depth definitions about these Top 25 software-programming errors, visit the Web sites of The SANS Institute and MITRE Corp. at file:///Macintosh%20HD/Users/ssauer/Desktop/www.sans.org and file:///Macintosh%20HD/Users/ssauer/Desktop/www.mitre.org

No ticket, no suitcase, no problem! The Internet is bringing worldly experiences within reach.

2009-02-04T16:25:00.000-05:00

With processing power and bandwidth capacities becoming ever cheaper, faster and better, high-quality multimedia and rich content have entered virtually every facet of life. Tourism has been no exception.
Virtual tourism, the activity of "visiting" sites of interest over the Internet without having to physically travel to them, can take on many forms. An early form of virtual tourism presents the user with a slideshow or video which explores a limited area, for example, a museum. Some museums offer a 3D graphical interface that allows one to explore the attraction site using simple directional camera controls. Most of these early efforts met with limited success and didn't really take off for various reasons, among them the limited ability to immerse the user in a believable environment.
Recently, there has been a revival of photo-based virtual tourism interest, with a notable example being the GigaPan Project jointly sponsored by NASA, Carnegie Mellon University, Google and National Geographic Society. Gigapan hosts extremely high resolution panoramic photos (a gigapixel-resolution) online. The resolution allows for incredibly detailed images that people may zoom in on and pan across at will.
Another Internet-based location is Linden Lab's Second Life . In the online world of Second Life, people may buy virtual property, make virtual goods that can be sold for real money, and interact with a diverse group of other users in an alternate reality. In what turned out to be one of the first of many such activities, the Dresden Museum decided to place its Old Masters collection online; every item in the collection was reproduced digitally, and placed in the Second Life universe for anyone to see. There has been an increasing trend of tourism organizations sponsoring virtual sites inside worlds like Second Life, which faithfully reproduce a real-life location. Thus it allows users to embark on a virtual tour of, say, the fabled Chichen Itza from the comfort of their homes. While the primary goal of endeavors like these is to promote tourism, they offer a quick getaway to those too busy to visit these exotic locations themselves.
Helping virtual tourism are technologies like Google's Street View and related Web 2.0 technologies. Google's Street View lets a user tour a city from a pedestrian standpoint, and virtually take a walk around the city. Expanding on the concept, some sites now offer free video tours of a city; the user is invited to tour a city on Street View, and at specific points, watch a short user-created video of the place. With Google taking over YouTube, users can easily embed videos hosted on YouTube on the Google Maps service, offering an engrossing interactive environment for the new breed of virtual tourists. A good starting point for these activities is a blog devoted to the topic, Virtual Tourism .
In fact, this trend has grown to the point of companies offering professional services to "virtualize" your brand. For example, K Zero claims to be the "resident expert in virtual worlds," and offers many informative articles on its site for the interested traveler.

References
GigaPan
Google Maps
Google Street View
KZero
Old Masters Picture Gallery (Second Life Travel Guide)
Second Life
Virtual Tourism (BlogSpot)
Vterrain.org

COPA: Justices Reject Pornography Law

2009-01-21T14:38:00.001-05:00

January 22, 2009
Justices Reject Pornography Law

By DAVID STOUT
WASHINGTON — The Supreme Court on Wednesday refused to consider attempts to revive a 1998 law intended to protect children from Internet pornography, ending a legal conflict dating to the administration of President Bill Clinton.
Without comment, the court handed down an order declining to take the case of Mukasey v. A.C.L.U., No. 08-565. The administration of former President George W. Bush, through Attorney General Michael Mukasey, had asked the justices to review the law. The American Civil Liberties Union has been a leading foe of the statute.
The Child Online Protection Act has been the subject of court battles since Congress enacted it in 1998, and it has never taken effect. Some judges have called the controversy an agonizing conflict between the cherished right of free speech and society’s duty to watch over children, many of whom grow up as familiar with computers as earlier generations of children were with coloring books.
The high court’s refusal to take another look at the law was not surprising, given that the United States Court of Appeals for the Third Circuit, in Philadelphia, ruled last July that the law violated the First Amendment because filtering technologies and other tools offered less restrictive ways to shield children.
Signed by President Clinton in the fall of 1998, the law would have made it illegal for the operator of a commercial Web site to make sexually explicit material deemed harmful to minors available to those under 17. Violators would have faced fines of up to $50,000 per offense and six months in jail. A site that carried such material but gated it off from children through credit cards or other age-verifying measures would have had a defense under the statute.
Backers of the law contended that it was aimed primarily at "teaser"
ads, or free samples offered by Web pornography sites. But opponents of the law complained that it was too broad and could have covered non- pornographic sexual material, like those dealing with gynecological issues.
The Child Online Protection Act was an attempt to fill a void created when the Supreme Court struck down a broader measure, the Communications Decency Act of 1996, the year after it had been enacted. The court ruled then that the decency act was defective because, among other things, it had not defined its key terms clearly enough.
The journey of the Child Online Protection Act through the court system began early in 1999, when Federal Judge Lowell A. Reed Jr. in Philadelphia issued an injunction against the statute, concluding that the fears of the law’s critics were reasonable. But Judge Reed’s remarks were memorable for their ambivalence.
The judge wrote that he felt "personal regret" that his injunction would "delay once again the careful protection of our children." But he went on to write that "perhaps we do the minors of this country harm if the First Amendment protections, which they will with age inherit fully, are chipped away in the name of their protection."
Judge Reed’s injunction was upheld by a three-judge panel of the Third Circuit in June 2000. Then the Supreme Court, in a 5-to-4 ruling in June 2004, affirmed that the injunction against enforcement of the law should remain in effect pending a trial on the law’s constitutionality in Federal District Court.
Early in 2007, Judge Reed declared the law unconstitutional, while again voicing his regret. After the Third Circuit upheld Judge Reed last July, the Bush administration made one last attempt to revive it, which the Supreme Court rejected on Wednesday.

Copyright 2009 The New York Times Company

Griefers...

2009-01-12T11:41:00.001-05:00

Griefers... a.k.a. cyberbully on online games
http://www.mysecurecyberspace.com/encyclopedia/index/griefer.html

Sexting

2009-01-12T11:11:00.002-05:00

A new entry in our encyclopedia: Sexting.
A slang term for the sending of sexually explicit or suggestive content between mobile devices...
http://www.mysecurecyberspace.com/encyclopedia/index/sexting.html#msc.encyclopedia.sexting

To Govern or Not to Govern

2009-01-08T16:17:00.000-05:00

Cylab study highlights gaps in Board oversight of security and privacy
By Richard Power http://www.csoonline.com/article/467338/To_Govern_or_Not_to_Govern

Most trusted brands in privacy

2008-12-16T10:35:00.004-05:00

An interesting study on the most trusted brands in privacy (by the Larry Ponemon Institute)
http://www.marketwire.com/press-release/Truste-930017.html

Ponemon Institute and TRUSTe Announce Results of Annual Most Trusted Companies for Privacy Survey American Express, eBay, IBM Are Top Three; Facebook Breaks Into Top 20

safe holiday season shopping (also, during recession)

2008-12-05T15:25:00.002-05:00

New guidelines for safe shopping online during this holiday season at: http://www.mysecurecyberspace.com/articles/features/internet-shopping-an-economical-option.html#msc.article.feature.holiday_during_recession

Cyber criminal profiles

2008-12-05T14:45:00.002-05:00

An interesting categorization of cyber criminals by Marcus Rogers (Purdue University) has identified eight types of cyber-criminals, distinguished by their skill levels and motivations.
Novice
• Limited computer and programming skills.
•Rely on toolkits to conduct their attacks.
•Can cause extensive damage to systems since they don'tunderstand how the attack works.
•Looking for media attention.

Cyber-punks
•Capable of writing their own software.
•Have an understanding of the systems they are attacking.
•Many are engaged in credit card number theft andtelecommunications fraud.
•Have a tendency to brag about their exploits.

Internals
a) Disgruntled employees or ex-employees
•May be involved in technology-related jobs.
•Aided by privileges they have or had been assigned as part of theirjob function.
•Pose largest security problem.
b) Petty thieves
•Include employees, contractors, consultants .
•Computer literate.
•Opportunistic: take advantage of poor internal security.
•Motivated by greed or necessity to pay off other habits, such asdrugs or gambling.

Coders
•Act as mentors to the newbies. Write the scripts and automatedtools that others use.
•Motivated by a sense of power and prestige.
•Dangerous — have hidden agendas, use Trojan horses.

Old guard hackers
•Appear to have no criminal intent.
•Alarming disrespect for personal property.
•Appear to be interested in the intellectual endeavor.

Professional criminals
•Specialize in corporate espionage.
•Guns for hire.
•Highly motivated, highly trained, have access to state-of-the-artequipment.

Information warriors/cyber-terrorists
•Increase in activity since the fall of many Eastern Bloc intelligenceagencies.
•Well funded.
•Mix political rhetoric with criminal activity.Political activist
•Possible emerging category.
•Engage in hacktivism.

Other links on cyber criminals:
- The cyber criminals (including misconceptions about them):
http://library.thinkquest.org/04oct/00460/criminal.html
http://library.thinkquest.org/04oct/00460/mythsCriminals.html

- Profiling cybercriminals: not quite ready yet:
http://www.networkworld.com/supp/2004/cybercrime/112904profile.html

- A framework to profile cyber criminals (by Wingyan Chung and G. Alan Wang)
http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=04258736

digital dirt

2008-12-04T17:05:00.000-05:00

Speaking about digital dirt...
http://voices.washingtonpost.com/securityfix/2008/12/court_rules_against_teacher_in.html

European Digital Library

2008-12-01T12:22:00.004-05:00

The new european digital library http://www.europeana.eu/portal/ was so popular that crashed because of its own traffic. Martin Selmayr, a spokesman for Viviane Reding, the commissioner in charge of the project, said that Europeana was a “victim of its success.”

Cyberbullying

2008-11-25T15:36:00.001-05:00

We have new articles on cyberbullying. Check them at: http://www.mysecurecyberspace.com/articles/family-room.html
and http://www.mysecurecyberspace.com/articles/classroom.html#msc.article-section.classroom

Behavioral Targeting

2008-05-30T14:18:00.003-04:00

As social engineering techniques and spyware were not enough, now we have this behavioral targeting thing... Another reason to be worry about people spying (and manipulating maybe?) what we do and what we read on the Web.

Good news is that the Federal Trade Commission is looking into it, as the Washington Post reports <http://www.washingtonpost.com/wp-dyn/content/article/2008/05/21/AR2008052102989.html>.

Facebook decides to help young customers

2008-05-09T10:22:00.003-04:00

Facebook will pay more attention to its young users: http://bits.blogs.nytimes.com/2008/05/08/facebook-agrees-to-protect-young-customers/index.html?ref=technology

This is good news, but let's see how these new rules really help...

VoIP security

2008-05-06T14:34:00.003-04:00

A short video about all aspects of VoIP security - from which are the most serious threats to how you can safeguard your network from attack (sponsored by ISS): http://www.silicon.com/research/specialreports/voipsecurity/video.htm?stream=ISS_voipwebcast_2#vidPlayer

How to Avoid Cons That Can Lead To Identity Theft

2008-05-01T09:42:00.001-04:00

From the Wall Street Journal, some tips to help you avoid being the victim of social engineering: http://online.wsj.com/article_email/SB120959450717957583-lMyQjAxMDI4MDA5MTUwOTE0Wj.html

Lowest bid auction sites

2008-04-18T15:25:00.003-04:00

I recently heard about an interesting web thing. There are auction sites like www.limbo.com or http://www.shakebid.com/ or www.BidPlaza.it where people can get (win) items if their bid is the unique lowest one, yes the lowest one. Then you discover that you have to pay a min amount for each bid, so here is where the company makes the profit. Still, it sounds more like a gambling thing....

Anti-Social Internet

2008-04-18T06:16:00.002-04:00

The Internet has been one of the most powerful phenomena of our times. It has helped shrink boundaries between countries, it has helped people comes closer, interact and socialize.

But there is another side to it. According to studies, in the process of making more online friends, today's generation is cutting itself out from the traditional means of socializing.

Whats the problem here? Every minute spent online is a minute taken out of an alternate activity like playing outdoor sports, socializing in the traditional sense or just spending time with family.

There are tons of instances where an ultra popular MMORPG has been causing families to fall apart! One member of the couple starts getting addicted to the game and eventually forgets everything else. People have started living a more virtual life than ever before with secondLife, youtube and MySpace. Not good.

So my take on all this... Online activities are OK when in limits. DO take time off to meet real friends, take a walk in the Sun, say hello to family and most importantly, spend time with your mate. Happy surfin'!

Mr. Penguin: another anti-phishing animation

2008-04-16T16:55:00.001-04:00

Mr. Penguin teaches you about cookies and privacy: http://corp.aol.com/o/mr-penguin/