New Security Camera Uses T-Rays to See Under Clothes
Reuters reports that a new camera can see under people's clothes from up to 25 meters away. A company called ThruVision has created the device that uses "passive imaging technology" to identify objects by the Terahertz or T-rays they emit. T-rays are natural electromagnetic rays emitted by all objects. Wikipedia has an informative entry on terahertz radiation. ThruVision's T-500 camera uses T-rays to identify objects such as a hidden knife a person may be carrying.
The high-powered camera can detect hidden objects from up to 80 feet away and is effective even when people are moving. It does not reveal physical body details and the screening is harmless, the company says.
The technology, which has military and civilian applications and could be used in crowded airports, shopping malls or sporting events, will be unveiled at a scientific development exhibition sponsored by Britain's Home Office on March 12-13.
"Acts of terrorism have shaken the world in recent years and security precautions have been tightened globally," said Clive Beattie, the chief executive of ThruVision.
"The ability to see both metallic and non-metallic items on people out to 25 meters is certainly a key capability that will enhance any comprehensive security system."
This is certainly going to increase privacy concerns as these cameras start being used places. On the plus side at least it doesn't blast people with dangerous x-rays like the all too revealing full-body x-ray scanner that was being considered for U.S. airport at one point in time.
Chinese Hackers Claim Pentagon Hack
With a message that no website is 100% safe Chinese hackers living in an apartment claim to have hacked a number of websites including the Pentagon. CNN reports these hackers claim to be sometimes secretly funded by the Chinese government.
In fact, they say they are sometimes paid secretly by the Chinese government -- a claim the Beijing government denies.
"No Web site is one hundred percent safe. There are Web sites with high-level security, but there is always a weakness," says Xiao Chen, the leader of this group.
"Xiao Chen" is his online name. Along with his two colleagues, he does not want to reveal his true identity. The three belong to what some Western experts say is a civilian cyber militia in China, launching attacks on government and private Web sites around the world.
If there is a profile of a cyber hacker, these three are straight from central casting -- young and thin, with skin pale from spending too many long nights in front of a computer.
The hackers that CNN talked to also claims to run a hacker website that has 10,000 members. The site offers hacking tools and tricks. If these hackers are for real and they are trying to steal secrets from the Pentagon's website then hopefully the U.S. Military's elite hacker crew will be ready to fire back.
Freezing Gives Hackers Temporary Access to DRAM Data
An article on MSNBC says that encrypted hard drives may become accessible to hackers with the use of a burst of cold air. The article cites a new Princeton University report. Princeton's research found that freezing a DRAM chip will give a hacker temporary access to computer memory.
Freezing a dynamic random access memory, or DRAM, chip, the most common type of memory chip in personal computers, causes it to retain data for minutes or even hours after the machine loses power, the report found. That data includes the keys to unlock encryption. Without freezing, the chip loses its contents within seconds.
Hackers can steal information stored in memory by rebooting the compromised machine with a simple program designed to copy the memory contents - before the computer has a chance to purge sensitive data, according to the study.
Laptops left in hibernation or sleep mode, or simply not turned off at all, are the most vulnerable to the new type of attack.
"These risks imply that disk encryption on laptops may do less good than widely believed," according to the report, which was published this week by researchers from Princeton, the Electronic Frontier Foundation digital rights group, and Wind River Systems software company. "Ultimately, it might become necessary to treat DRAM as untrusted, and to avoid storing sensitive confidential data there, but this will not be feasible until architectures are changed to give software a safe place to keep its keys."
The researchers were able to freeze the memory chips with by spraying an "upside-down canister of multipurpose duster spray" directly onto them and then using memory-imaging tools to read the data on the chips.
You can read more about the research project here and you can see a YouTube video below.
Photocopiers and Data Security
The Associated Press reports that copier makers are starting to add security features out of fear that the data on photocopier disks could be stolen. These data could contain corporate information as well as information about individuals that could be used for identity theft.
If the data on the copier's disk aren't protected with encryption or an overwrite mechanism, and if someone with malicious motives gets access to the machine, industry experts say sensitive information from original documents could get into the wrong hands.
Some copier makers are now adding security features, but many of the digital machines already found in public venues or business offices are likely still open targets, said Ed McLaughlin, president of Sharp Document Solutions Company of America.
"You actually have a better chance at winning 10 straight rolls of roulette than getting those hard drives on copiers rewritten," he said.
Sharp plans to issue a warning about photocopier vulnerabilities Wednesday — just ahead of tax time.
The company, one of the leading makers of photocopiers, commissioned a consumer survey that indicated more than half of Americans did not know copiers carried this data security risk. The telephone survey of 1,005 adults, conducted in January, also showed that 55 percent of Americans plan to make photocopies and printouts of their tax returns and related documents.
With many people printing up their tax returns this time of year it may be wise to make any photocopies of your tax return on a photocopier that has security features.
McDonalds MP3 Promotion in Japan Ends in Disaster
McDonalds had a great idea for a promotion in Japan -- a free MP3 player. Unfortunately, the MP3 players contained a trojan horse virus that could steal passwords and email them off to the virus writer. Not good. Engadget explains.
See, McDonald's and Coca-Cola recently teamed up in Japan to give away 10,000 self-branded MP3 players pre-loaded with 10 spankin' new tunes and... some delicious malware. It seems that a "portion" of the players sport a variant of the QQPass family of trojan horses which capture passwords and other personal information when the MP3 player is plugged into the users' PC. The code then proceeds to email the details to the author. McDonald's has setup a 24 hour hotline while they are investigating the matter and will swap out all the offending players
This is a good warning for any company considering a promotion like this. More coverage can be found at Gizmodo, The Register and BNN.
Organized Crime Winning Web Security War
An AFP article warns about how organized crime rings are winning the Internet security war and that they are the true threat not hackers. This was a theme at the recent DefCon 14 conference.
Ironically, potential champions in the battle for Internet privacy were sought among the thousands of hackers that made pilgrimages to the US gambling center nicknamed "Sin City" for the three-day DefCon 14 conference.
Online evil doers were crime rings working out of countries such as Russia, Romania and Brazil, and their nefarious technical skills were keeping ahead of computer security experts, veterans of the cyber-crime battle said.
"We are getting our butts kicked, there is no doubt about it," said Dan Hubbard, vice president of security research at Websense. "There is a lot more of a bond and a sharing of tools in their society than in ours."
DefCon, in its 14th year, was a neutral ground where hackers, computer security professionals and US government agents exchanged expertise, according to organizers.
Organized crime is behind many forms of web fraud include credit card theft, identity theft, zombie machines, viruses and phising scams.
Malware Search Engine Created eWeek reports that H.D. Moore, creator of the Metasploit hacking tool, has created a Malware search engine that will find live malware samples using Google search queries.
My Web interface will identify specific malware without the Google API. It directly searches Google using fingerprints from executables that we already have," he said.
Moore's project uses code strings, or fingerprints in malware samples, then runs a search on Google for those characteristics.
The search engine has been programmed with about 300 malware signatures and Moore said he plans to add another 6,000 signatures in a future bug fix update.
The Malware search engine comes with the following warning:
WARNING! The following links lead to executable programs that can harm your computer. Please be careful when accessing these files and make sure that you only run them in a restricted environment. The signature technique used by this search engine may result in non-malicious files being detected as malware, so be sure to use an updated virus scanner prior to filing a complaint with any web site.
eWeek's article says the Malware search engine found about 20 results for the Bagle worm virus with most of them residing on screensaver files.
Hank's Hardware Nightmare
MSNBC's Red Tape Chronicles blog has an alaring post about a man named Hank Gerbus who recently received a disturbing phone call from someone who had just purchased his hard drive.
One year ago, Hank Gerbus had his hard drive replaced at a Best Buy store in Cincinnati. Six months ago, he received one of the most disturbing phone calls of his life.
"Mr. Gerbus," Gerbus recalls a stranger named Ed telling him. "I just bought your hard drive in Chicago."
Gerbus, a 77-year-old retiree, was alarmed. He knew the old hard drive was loaded with his personal information -- his Social Security number, account numbers and details of his retirement investments. But that's not all. The computer also included data on his wife, Roma, and their children and grandchildren, including some of their Social Security numbers.
In June 2005, when Gerbus took his computer to Best Buy for repairs after a hard drive crash, he knew the drive was a potential hot potato. So when a clerk there told him it had to be replaced, he asked for the damaged hardware back.
The article said the clerk was unable to get him the damaged drive, which had been shipped off to a repair center, but promised him it would be destroyed by drilling holes through it. Obviously, it never was. This is a nightmare scenario that is repeating itself these days. The Red Tape Chronicles uncovered several incidents when hardware was not destroyed properly. Then there are the people much less knowledgeable than Hank Gerbus who simply throw out their old computers and laptops making the information on their old hard drives easily accessible to criminals.
New Powerful Web Attacks Expected
MSNBC.com reports that security experts have noticed an alarming "denial of service" attack on an Internet name server in South Africa. This particular attack was much more powerful and sent more data at the target sites than has previously been seen.
Ken Silva, the chief security officer for VeriSign Inc., compared the scale of attacks to the damage caused in October 2002 when nine of the 13 computer "root" servers that manage global Internet traffic were crippled by a powerful electronic attack.
VeriSign operates two of the 13 root server computers, but its machines were unaffected. "This is significantly larger than what we saw in 2002, by an order of magnitude," Silva said.
Silva said the attacks earlier this year used only about 6 percent of the more than 1 million name servers across the Internet to flood victim networks. Still, the attacks in some cases exceeded 8 gigabits per second, indicating a remarkably powerful electronic assault.
"This would be the Katrina of Internet storms," Silva said.
There is a new name for this kind of attack according to the article: "distributed reflector denial of service." It sounds bad. Hopefully the major U.S. name servers will enhance security to compensate for the possibility of this new type of attack.
Rogue Anti-spyware is a Growing Concern
Anyone who has used the Internet in 2005 has probably encountered a rogue anti-spyware, which is software that does not actually remove spyware as promised or worse it is spyware itself. A recent excellent ZDNet post on the subject listed the top ten rogue anti-spyware applications. The ZDNet also links to a long list of rogue anti-spyware products provided by Spyware Warrior. Spyware Warrior offers this definition of rogue anti-spyware:
"Rogue/Suspect" means that these products are of unknown, questionable, or dubious value as anti-spyware protection.
Some of the products listed on this page simply do not provide proven, reliable anti-spyware protection or may be prone to ridiculous false positives. Others may use unfair, deceptive, high pressure sales tactics to scare up sales from gullible, confused users. A very few of these products are either associated with known distributors of spyware/adware or have been known to install spyware/adware themselves.
For those who are having trouble telling the difference between trustworthy anti-spyware and rogue anti-spyware the Spyware Warrior also provides a list of trustworthy anti-spyware products here. It is best to check with a list like this if you unsure about a product you are about to install.
U.S. Air Force Protects Cyberspace
Protecting cyberspace is now the responsibility of the U.S. Air Force according to an article on PCWorld.com.
A cyberspace security responsibility was newly included in the mission statement, released Wednesday. The new mission statement, intended to set the current and future direction of the Air Force, reads: "The mission of the United States Air Force is to deliver sovereign options for the defense of the United States of America and its global interests--to fly and fight in Air, Space, and Cyberspace."
A story on the Air Force Web site quotes a letter to airmen from Michael Wynne, secretary of the Air Force, and Gen. T. Michael Moseley, the Air Force chief of staff, saying U.S. enemies will use any means to strike at the country and it is the Air Force's calling to "dominate" air, space and cyberspace.
That's good news. The Internet is a vital part of our economy and a massive information resource that needs protection and security.
Rampant Keyloggers on the Web
eWeek reports that 6,000 new keylogger programs will be released before the end of this year.
Reports of new keylogging programs soared higher this year, as part of a wave of multifunction malware with integrated keylogging features, according to VeriSign Inc.'s security information company iDefense Inc. The programs often evade detection by anti-virus tools and can be difficult to detect once installed, experts warn. However, at least one anti-spyware company believes that reports about the danger posed by keyloggers are overstated.
More than 6,000 keylogging programs will be released by the end of this year, according to projections by iDefense. That's an increase of 2,000 percent over the last five years, company officials said.
Keyloggers have been around for years and are also sold as legitimate applications -- often as monitoring tools for concerned parents or suspicious spouses -- according to Ken Dunham, director of malicious code at iDefense, in Reston, Va.
Keyloggers are very scary to home Internet users that do a lot of online banking. All it takes is one to steal your banking password and steal your personal information.
Paris Hilton and Sober-Y
The latest variation of the Sober email virus, Sober-Y, could become the most widespread virus of 2005. The tricky email virus pretends to be a email from the FBI or an email offering photos of Paris Hilton. Yes, people are still falling for these kinds of emails. A recent MSNBC.com article said anti-virus firms are raising threat levels on Sober-Y.
Sober-Y, the latest variation of a computer virus that was first released almost two years ago, surprised analysts Tuesday by gaining traction and rocketing millions of e-mails around the world.
MessageLabs, a software company that filters e-mails, said it had stopped three million copies of Sober-infected e-mails in the first 24-hours after the virus began circulating. Paul Wood, a senior analyst at MessageLabs, said that as of 5 p.m. ET, the firm was trapping 200,000 copies of the worm each hour.
"It's surprisingly bad," said Mikko Hypponen, a virus researcher at F-Secure.com. "In sheer amount of e-mails, it's larger than any outbreak of the year." On Tuesday afternoon, F-Secure raised its threat level for the virus to its most severe rating. Other anti-virus firms also raised their threat levels during the afternoon.
F-Secure now says that Sober-Y is the largest email worm outbreak of 2005. F-Secure is also tracking another Bagle virus in their blog.
Are You Backing Up Your Files?
Are you backing up those important computer files on a regular basis? If you are not then right now is a good time to start. At least implement a plan. The BackupAwareness.com website offers some tips to help you keep on a backup schedule.
Develop a backup schedule.
Back up your data daily or at minimum weekly.
Back up everything.
Today you can easily back up all of your hard drive data. No need to spend time sorting through every file or folder. Invest in a storage solution that's twice the size of your internal hard drive, to give your system room to grow.
Do it automatically.
Set it and forget it. Use a solution that's easy to set up and provides automatic backups.
Rotate backups.
Give yourself added protection incase of an earthquake, fire, flood, or theft. Use two drives and rotate one offsite.
Don't procrastinate.
Unfortunately, the need to back up data is often a lesson learned from a bitter experience.
Don't let it happen to you. Protect yourself!
If you aren't backing up at all or not backing up your files on a regular basis you are not alone. A recent study by
by Maxtor Corporation found that many Americans are flirting with digital disaster when it comes to a failure to back up their files. The poll of 2,299 adults, conducted by Harris Interactive in late July, found that 35% of U.S. adults never back up their files, and a 76% of those who do back up their files don't do it frequently. 44% of U.S. adult computer users overall said that they have lost important data or digital files stored on their computer or laptop, as a result of a computer virus, a hardware or software malfunction, or for some other reason.
Hackers Could Shut Down Cell Phones in Cities
A frightening New York Times article says it is possible for text hackers to jam cellphones and possibly even congest all of Manhattan.
Malicious hackers could take down cellular networks in large cities by inundating their popular text-messaging services with the equivalent of spam, said computer security researchers, who will announce the findings of their research today.
Such an attack is possible, the researchers say, because cellphone companies provide the text-messaging service to their networks in a way that could allow an attacker who jams the message system to disable the voice network as well.
And because the message services are accessible through the Internet, cellular networks are open to the denial-of-service attacks that occur regularly online, in which computers send so many messages or commands to a target that the rogue data blocks other machines from connecting.
By pushing 165 messages a second into the network, said Patrick D. McDaniel, a professor of computer science and engineering at Pennsylvania State University and the lead researcher on the paper, "you can congest all of Manhattan."
The research paper will eventually be posted online on smsanalysis.org according to the New York Times. Some information already available on smsanalysis.org talks about threats to cellular services.
Are larger attacks possible? Certainly. While the paper gives all of the necessary specifics, it would be theoretically possible to knock out cellular service for the continent with a data rate of approximately 370 Mbps. Such bandwidth could be harnessed from a moderately sized "zombie" network. Much larger Distributed Denial of Service (DDoS) attacks have already been seen, making this attack plausible.
So why have we not seen widescale attacks on the cellular network? The answer is that simply sending SMS messages to every possible number is not effective. A successful adversary would have to collect data on the phones available in a given area. While the full details of such "hit-list" creation is given in extensive detail in the paper, suffice it to say that all of the necessary data can be collected through a variety of means via the Internet.
AOL Enhances Spyware Killer
InternetNews.com reports that AOL has introduced a new spyware killer. The software will be available for no extra charge to AOL subscribers.
AOL Spyware Protection 2.0 (ASP 2.0) is powered by Computer Associates eTrust PestPatrol Anti-Spyware technology and finds and blocks up to 28,000 different types of adware, spyware, Trojans and keyloggers.
Every minute, the software scans for thousands of types of spyware and adware that may be running silently, as well as every 15 minutes, daily and weekly in various memory and system sweeps aimed at keeping systems spyware- free.
"Spyware and adware threats are growing more significant as users spend more time online and visit more malicious or infected Web sites, so we want to offer our members the most comprehensive possible protection against those new and emerging threats," Andrew Weinstein, AOL spokesperson, told internetnews.com.
AOL faces competition from free web services offerings from major Internet players like Yahoo and Google so offering free spyware software may be a good method for keeping its subscriber base. The spyware software will need to be effective however because there are also many players in the PC security market such as Symantec and McAfee.
Teen Pleads Guilty to Hacking Paris Hilton's Phone
The EcommerceTimes reports that a 17-year-old Massachusetts has been sentenced to 11 months juvenile detention for hacking Paris Hilton's cell phone earlier this year. The teens name is not being released at this time.
The youth pleaded guilty to breaking into the phone, stealing photos and phone numbers from the hotel heiress and posting them on the Internet.
The boy also pleaded guilty to making bomb threats at two high schools and hacking a phone company's computer system to set up free cellular accounts for friends. He also attacked the data-collection firm LexisNexis Group that exposed personal records of more than 300,000 consumers, the Post said.
Prosecutors said the teen's victims suffered about US$1 million in damages.
The Justice Department said it is continuing its investigation of the teen's associates but "it could be some time" before the case is wrapped up.
AOL Buys Xdrive Online Storage Service
AOL has acquired Xdrive, an online service that provides secure online storage for digital files. Xdrive members can also use the service to share files. News.com has more about the acquistion.
AOL said Xdrive would continue to serve existing customers. Xdrive manages an online storage platform that lets subscribers access and protect their digital assets, such as music and video, from any location. It offers users storage safety and security and automatic backup, AOL said.
Rival Internet companies are touting online storage offerings designed to let subscribers store anything they want in secure servers. AOL has also been showing interest in expanded storage for its members.
Infected With Spyware? Just Throw Away the Computer.
TheInquirer.net reports on one individual's expensive and unique solution to spyware -- just throw away the computer and buy a new one. Yes, computer prices have plunged over the past several years but they certainly haven't reached the disposable price range.
Mr. Lew Tucker (pun opportunity: loot chucker), the proud owner of a PhD in computer science, has had enough with viruses and adware: "I was spending time every week trying to keep the machine free of viruses and worms." According to Mr. Tucker, it was far cheaper and faster to just throw his old PC out and go buy a new one. Faster? Certainly. Cheaper? Probably not.
Lee Rainie of the Pew Internet and American Life Project - a group that researches and studies the social impact of the internet - told the New York Times that throwing out a computer is a "rational response" to pop-ups.
It's good news for the industry, though, as people like Peter Randol seem to think a horde of pop-ups and spyware leaves them "no choice but to buy a new one," thinking a new PC will be much less likely to be infected. Are you hearing this, PC manufacturers? Better get started on some spyware.
Can Computer Files Ever Be Completely Erased?
Slate has a good article that discusses how difficult it is to actually erase a file on your computer. Sure you can delete the file and empty the recycle bin but the data from the file is still there in your computer's hard drive.
When you delete a file from a standard desktop computer, the file first gets moved to the "recycle bin" or the "trash," which means only that you've placed the intact data in a new directory. You erase the file when you empty your recycle bin. But even then, much of the information remains on the hard disk. Exactly how much depends on the type of computer you're using and which operating system you have.
But what about programs like Eraser and Evidence Eliminator that write over the data on your hard drive and delete the path to the file on your computer? Slate writes that computer forensic experts say data can still be found on PCs even after these programs have been run to write over the data on your hard drive.
They first "delete" a file in the conventional sense, and then they overwrite it with zeroes, ones, or random data. Finally, they erase the record of where the original file was stored on the disk. More advanced programs might overwrite the original with something less conspicuous than a string of zeroes, like an ordinary text file.
But even if you do wipe your disk successfully -- and overwrite each of your deleted files -- traces of the original data remain. Writing to a magnetic disk is not as precise as one might think; when you overwrite a file, the new version doesn't completely cover up the old. The leftover data can be read out with certain imaging techniques, like magnetic-force microscopy and magnetic-force scanning tunneling microscopy. Computer forensics experts say it's possible to recover data beneath dozens of layers of overwriting, and privacy fanatics talk about wiping their disks up to 35 times over to be absolutely safe.
Newsweek Covers Growing Identity Theft Problem
The July 4 issue of Newsweekcover story looks at growing problem of identity theft.
Senior Editor Steven Levy and Silicon Valley Correspondent Brad Stone
examine how the problem of identity theft has become a nationwide
epidemic and look at the steps companies can take to protect their
customers' personal information. Instead of losing our identities one
by one, criminals are grabbing them in massive chunks -- literally
millions at a time, as in last week's heist of a possible 40 million
Discover, Visa, MasterCard and American Express numbers (along with
the secret code numbers printed on the actual cards, which makes it
easier to counterfeit new versions) from a company called CardSystems
that was lax in protecting the credit cards from transactions it processed.
"Over the last nine years, criminals have gotten a better understanding
of the power of information," says Rob Douglas of PrivacyToday, a security
consulting firm. "Instead of selling drugs, so much can be made so quickly
with identity theft, and the likelihood of getting caught is almost nil." The
Department of Justice has reprioritized to fight the plague, but it's a big
challenge; Avivah Litan of research firm Gartner Group speculates that fewer
than 1 in 700 identity crimes leads to a conviction, which goes a long way
toward explaining why it's the fastest-growing crime of this century.
Federal Trade Commission Chairman Deborah Platt Majoras herself discovered
last week that hers was among more than a million credit-card numbers that
DSW Shoe Warehouse stored in an ill-protected database. When hackers busted
in, they got the information to buy stuff in her name -- and 1.4 million other
people's names. "It's scary," Majoras says. "Part of it is the uncertainty that comes with it, not knowing whether sometime in the next year my credit-card number will be abused."
As Newsweek reports, savvy computer users know the requisite defense against
identity theft is never to respond to a request for personal information in an
email. But there are problems when it comes to companies charged with
safeguarding millions of records: they leave it unencrypted on computers,
where malicious hackers get hold of it; they inadvertently sell the data to
crooks; they leave it on laptops that get stolen and they don't monitor what
insiders may do with it.
And now, an elaborate infrastructure of crime has emerged to collect and
distribute stolen records. "It's not the lone gunman of the past," Chris Painter of the Department of Justice tells Newsweek. "There are highly structured criminal organizations operating."
Bin Laden Virus Going Around
An email that claims that Bin Laden has been captured is false and contains a virus. Anyone opening the email will have the Psyme trojan installed on their computer. The BBC has a news story which explains some of the emails going around that contain the virus:
Several versions of the message have been caught by anti-virus and mail-filtering firms but all bear the same fake information about Bin Laden's arrest.
All versions claim that TV news channels such as CNN and the BBC will soon be reporting the arrest and showing more pictures.
One version of the malicious message claims to contain pictures grabbed from a military TV channel. Another directs people to a website holding videos of the capture.
Backscatter Technology Reveals More Than Just Weapons
The New York Times (via News.com) reports that Homeland
Security has plans to test backscatter technology at dozens
of airports nationwide -- Homeland Security won't say which
airports will do the testing. The technology has a major side
effect -- it reveals much more than just the weapons a terrorist
might be carrying:
Get ready for electronic portals known as backscatters, expected to be tested at a handful of airports this year, that use X-ray imaging technology to allow a screener to scan a body. And yes, the body image is detailed. Let's not be coy here, ladies and gentlemen:
"Well, you'll see basically everything," said Bill Scannell, a privacy advocate and technology consultant. "It shows nipples. It shows the clear outline of genitals."
Steve Elson, a former former Federal Aviation Administration investigator, told the Times that the new technology has significant privacy
costs:
"Backscatting has been around for years," he said. "They started talking
about this stuff back during the protests when they were grabbing women.
Under the right circumstances, the technology has some efficacy and can
work. That is, provided we're willing to pay the price in a further loss
of personal privacy."
He isn't. "I have a beautiful 29-year-old daughter and a beautiful wife,
and I don't want some screeners to be looking at them through their
clothes, plain and simple," he said.
Write Down Your Passwords
News.com reports that Microsoft security expert Jesper Johansson thinks people should write down passwords. He says he himself has 68 passwords and would forget them all if he didn't write them all.
"How many have (a) password policy that says under penalty of death you shall not write down your password?" asked Johansson, to which the majority of attendees raised their hands in agreement. "I claim that is absolutely wrong. I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them."
NY Attorney General Sues Intermix Over Spyware
Wired reports that New York Attorney General Eliot Spitzer has launched a battle against spyware with his lawsuit against Intermix Medica of Los Angeles.
Spitzer said the suit filed in New York City against Intermix Media of Los Angeles combats the redirecting of home computer users to unwanted websites and its own website that includes ads, the adding of unnecessary toolbar items and the delivery of unwanted ads that pop up on computer screens. After a six-month investigation, Spitzer concluded the company installed a wide range of advertising software on countless personal computers nationwide.
This is a good move. Spyware makes people feel vulnerable when they are surfing the Internet and slows down PCs once it installs itself on a user's PC. Media Cynic has a blog entry about this story as well.
IM Virus Threats Increasing
News.com reports that IM virus threats are continuing to rise. All major instant message services including AOL Instant Messenger, MSN Messenger, Windows Messenger, and Yahoo Messenger are under threat of IM worms. News.com cites a report from the IMlogic Threat Center that found that the quantity of instant messaging threats increased 250 percent in the first quarter of 2005, compared with the same period last year. The attacks are primarily from worms and viruses and as the quantity of the threats rise it is causing companies to take a closer look at the security of the IM software. The attacks can be expected to get much worse as IM virus writers improve their code-written diseases. News.com said, "According to at least one industry analyst, the rapid increase in IM threats will likely continue and mirror the development of earlier forms of IT security hazards, such as e-mail-based virus attacks."
More Content Stealing Tools
In an article called, "Parasite.com", Forbes.com writes about a new web technology called Browster that "works with Internet Explorer and allows you to 'prefetch' Web sites by running your
mouse over page links. The linked sites pop up in a new window,
wrapped in ads that Browster sells." So, basically they
are taking the content created by other publishers and placing
ads on top of it. It sounds very familiar to Gator, which
placed ads on top of the content of web publishers without their
approval. Gator was later sued by The Washington Post, The
New York Times, Dow Jones and seven other publishers.
Gator.com's Companion Pop-up Banner, obscured advertising and/or
editorial content on websites through the use of specially
designed pop-up windows and without the consent of websites or
third party advertisers. The lawsuit was settled out of court, but this
company is still around today and is known as Claria -- News.com has
a recent article on Claria here.
Forbes.com compares Browster to some technology Google
has been tinkering around with. Google's AutoLink technology
inserts links into other publisher's websites. Microsoft was
slammed by web publishers in 2001 when it tried a similar concept
called SmartTags and had to drop the idea. About AutoLink, Forbes.com writes:
Even Google, the Web's self-proclaimed "Do no evil" company, is
experimenting with a technology called AutoLink that inserts
button-shape links on other people's Web sites that lead back to
Google or to Google partners like Amazon.com. Google says it is
still only experimenting with AutoLink but, ominously, adds that
it is exploring ways to increase the technology's scope. If that
happens, predicts New York intellectual property lawyer Jeffrey
Neuburger, "There will be some litigation."
Net Savvy Teens Filtered by Parents
While teens are generally much more net savvy then their parents.
However, they are increasingly filtered by their parents who want
to restrict their kids from adult-oriented websites. 54% of parents
now use internet filters or monitoring software on their teenage children
according to a Pew Internet & American Life Project study. That a
jump of 65% since 2000. The filters tend to be used by parents who
themselves are frequent users of the internet and who have middle-school-age children. Parents who have older children and who are less tech-savvy are less likely to use filters. Big majorities of both teens and parents believe that
teens do things on the internet that their parents would not approve of.
81% of parents of online teens say that teens aren’t careful enough when giving out information about themselves online and 79% of online teens agree with this. 65% of all parents and 64% of all teens say that teens do things online that they wouldn’t want their parents to know about.
Cookies Removed From Spy Act
InternetNews.com reports that third-party cookies have been removed from the Spy Act by the House. The Spy Act easily passed in the U.S. House of Representatives last October by 399 votes for to 1 against. InternetNews.com says the Spy Act will prohibit spyware like phishing, keystroke logging, homepage hijacking and ads that cannot be turned off without turning off your PC. Phising is a turning into one of the biggest problems facing online banking and online merchants. Click here to read a recent TradersTrade.com blog about the growing phising problem.
Paris Hilton's Phone Hacked
Paris Hilton's T-Mobile cell phone has been hacked and her personal
contacts, digital photos and notes have been splashed around
the Internet. Websites like Defamer and the Drudge Report have been covering the story about the contents of her phone and the many celebrities who will now have to change their numbers because of the hack. The hack follows a recent IBM report that warned
that virus and security threats could spread to other electronic
devices including cell phones and even cars. People using these new wired devices might want to consider looking into extra security option or keeping less personal information on them. Apparently, Paris' phone was full of celebrity contacts when it was hacked.
Google Irritates Webmasters With SmartTags Clone
Like a bad movie Google has developed a content changing technology similar to Microsoft's SmartTags that
caused so much irritation in the web community in 2001. Microsoft's SmartTag's could turn the text on any webpage -- including news stories, articles, book
excerpts, online fiction, book reviews, resumes, databases,
etc. -- into a Smart Tag link without the permission or knowledge of the creator of the content. Now, Google is trying a similar concept with its AutoLinks addition to its popular toolbar. As with SmartTags,
AutoLinks are receiving an unwelcomed response from developers
and publishers who want to retain control over their content.
AutoLinks can change content on webpages like addresses into
Google Map links and ISBN numbers into Amazon.com links.
Steve Outing of E-Media Tidbits, writes that some webmasters are "frothing at the mouth" over AutoLinks. Webmasters prefer
to set up their own Amazon.com links and would not want Google
getting their Amazon.com commissions instead by using AutoLinks
technology. Some webmasters are even asking if the AutoLinks
technology is spyware. SearchEngineWatch has more information about Google's latest toolbar upgrade.
Jail Sentence for Teenage Blaster Author
MSNBC.com reports that Jeffrey Lee Parson, the 19-year-old charged with creating a Blaster Internet worm variant, has been sentenced to 1.5 years in a low-security prison as well as 10 months of community service. Person will also have to pay fines. The Blaster worm wrecked havoc on computers and networks in 2003.
Spware Rampant on Corporate PCs
A News.com article is citing a survey conducted by Equation Research for Webroot found that companies are not doing a very good job protecting computers from spyware. Less the 10 percent of the companies have installed anti-spyware software according to the study. And 82% of the companies surveyed had spyware on PCs in their workplace. Hopefully some of the IT managers at these companies will wake up before they have a major disaster.
Publishers Fear Password Sharing
Password sharing has become a common problem for publishers as websurfers seek to avoid constant registration forms by using shared passwords found on forums, blogs and websites. EcommerceTimes.com reports that password aggregator BugMeNot.com possesses keys to more than 30,000 sites. Publishers worry that if they cannot get people to register properly then they will have trouble convincing advertisers of their demographics.
Anti-Spyware Bill Passes Congress
Anti-spyware bill H.R. 2929, called the Spy Act, has easily passed in the U.S. House of Representatives by 399 votes for to 1 against. InternetNews.com said the bill prohibits "phishing, keystroke logging, home page hijacking and ads that can't be closed except by shutting down a computer." InternetNews.com also reports that another bill will follow the Spy Act that will assign criminal penalties to companies and people delivering spyware. This is without-a-doubt very important legislation because there is a gluttony of spyware on the Internet and honest companies and web surfers need a way to diminish or stop it.
Beware the JPEG of Death EcommerceTimes.com reports that a serious new piece of spyware comes to computers simply by surfing the web. The JpegOfDeath trojan was first reported on Usenet and it can allow your computer to be taken over by hackers. Experts are worried a mass mailing worm will be created in the future using the new type of JPEG trojan. Graham Cluley, a consultant for Sophos, told the EcommerceTimes.com that "security firms are especially concerned about the vulnerability and the ensuing exploits because JPEGs are such a commonly used format for viewing images online."
Solved Math Problem Threatens Ecommerce
Mathematicians could be on the verge of a breakthough that could threaten ecommerce itself. According to the Guardian if the Riemann hypothesis is solved then "financial disaster might follow. Suddenly all cryptic codes could be breakable. No internet transaction would be safe." A Reimann hypothesis could explain the link between prime numbers like 13 and 37 that are divisible only by the prime number itself 1. Internet cryptography is based on prime numbers.
Another Internet Jihad Threat
Is it possible that a web attack by terrorists could cripple the Internet? The issue is often debated among security experts today with no clear answer as to yes or no. However, for this doomsday situation to actually happen the attack itself would have to be implemented. So far, it seems, all we have is threats found on various websites. Like this Internet Jihad threat reported by News.com. News.com reported that this latest threat was downplayed by security firms and security experts, including experts at the Internet Storm Center.
Easiest to Guess Passwords Most Popular
Despite being easy for hackers to guess many people use
personal names and dates for their Internet and email
passwords. A Silicon.com article (citing a Visa Europe study)
reports that passwords about pets, birthdays, family members and
historical events are the most popular. The study even found
that 2% of people have used "password" as their password! The large amount of
passwords needed to surf the web today could be part of the
reason people choose familiar names and dates for their logins.
However, a combination of letters and numbers is a much better
choice from a security standpoint.
People Weak Link in Virus Proliferation
People are the weak link when it comes to virus proliferation. Despite warnings and widespread media coverage people continue to open emails with attachments, download trojans, disable security settings, delay security updates and use web connections without firewall and anti-virus protection. The BBCreports that small business senior managers blame staff for 50% of their computer virus problems.
Related Links: Anti-Spyware Resoures and Tools
Yet Another IE Patch
As reported by the Washington Post and obvious to anyone who gets automatic notification of Windows security updates, there are new critical patches for Internet Explorer. The new IE software patches are supposed to fix the recent flaw that allowed computers to be attacked with spyware through IE. The Washington Post says this is the twelfth critical patch from Microsoft so far this year.
Mozilla Gains From IE Security Problems
Microsoft has maintained a dominant marketshare with its Internet Explorer browser for the past couple years, but the increasing number of security threats may be starting to weaken its position. According to a recent Wired Newsarticle, IE is starting to lose marketshare to the Mozilla browser. Part of the reason is a report from US-CERT that suggested surfers switch to different browser than IE because of growing security problems. One of the main reasons the other browsers might be safer is simply because they are not used by as many people, so virus writers might not find it as worthwhile to target them.
Nasty Banking Password Stealing Program Discovered News.com is reporting that there is a sneaky program that is downloading itself to PCs through a pop-up. This spyware program can then read your PCs keystrokes, steal your online banking passwords and send them to thieves who created the invasive little program. This is just another sign of the increasing threat to web surfers from spyware and trojans.
Yahoo's Anti-Spy Does Not Include Adware in Default
eWeek has reported that Yahoo is playing favorites with adware companies by not including adware as a default in Anti-Spy, a new beta feature on Yahoo's toolbar. According to eWeek, users who want to remove adware as well as spyware with the new toolbar, "must check a box each time they conduct a scan." While some people defend adware and claim it is different from spyware, many anti-spyware experts and privacy activists dot not see much of a difference.
Related Links: Anti-Spyware Resoures and Tools
People Surrender Passwords for Chocolate
Over 70% of people are willing to give up passwords for chocolate according to a survey conducted at the Infosecurity Europe trade show and reported by the BBC. The BBC also reported that in a survey conducted by RSA Security that many people readily admitted their passwords during the survey or revealed their mother's maiden name or a pet's name. People also admitted using the same password for multiple logins.
28 Pieces of Spyware Per PC
Consumers are rapidly being infected with sypware. EarthLink's Spy Audit has found that the average PC has 28 items of spyware. Anti-spyware software is needed to remove the annoying and damaging adware and spyware software. Adware, like Claria's GAIN system and software from
WhenU, can display annoying and unwanted pop-ups and other
types of ads on a personal computer. Spyware can secretly invade a personal computer and run stealth spam software or spy on the owner's keystrokes to steal online banking passwords and credit card numbers.
Virus Writers Insult Each Other
Security experts have discovered that some of the viruses going around are simply virus writers trying to insult each-other or one-up rival virus authors. There are some 20 different types of Mydoom, Netsky and Bagle viruses traveling through the web and many contain insults directed at other viruses. For example, the code inside the Netsky virus said, "Bagle - you are a looser!!!!". It certainly makes it appear that many of the virus writers are very young.
Feb 2004 Worst Virus Month Ever
February was the worst month ever for viruses.
Worms and viruses cost businesses $83 billion
worldwide in February, 2004. Most of the damage
was caused by the MyDoom worm, which began in January
and continued into February.
Anti-Spyware Bill Launched
Congress has launched an anti-spyware bill to target the annoying adware and invasive spyware programs that are secretly installed on people's computers. The bill is called the Spy Block Act (Software Principles Yielding Better Levels of Consumer Knowledge), S. 2131. Spy Block is sponsored by Senators Conrad Burns (R-MT), Ron Wyden (D-OR) and Barbara Boxer (D-CA).
Spyware Turns AOL Members Into Spammers
America Online is considering legal action against BuddyLinks, a provider of flash games that can also turn AOL instant message users into spammers. AOL said the program can change a member's profile into a list of links and spam people on a member's buddy lists.
The HowToWeb® Update is a
free email newsletter covering tech and gadget news. Writers Write, Inc.
does not sell or distribute subscribers' email addresses to third parties.
eWeek 
The July 4 issue of Newsweek 
