Industry News
| August 15, 2005 |
The trouble with spyware (and how to get rid of it) |
| August 15, 2005 |
Tide of vicious porn that knows no borders |
| August 13, 2005 |
Business has its eye on employee e-mails |
| August 13, 2005 |
Internet must be controlled |
| August 11, 2005 |
Three-quarters of companies now monitor employee Internet use |
| August 10, 2005 |
CPS Energy fires three more employees |
| August 10, 2005 |
Former Fond du Lac city worker charged with possessing child porn |
| August 10, 2005 |
Dangers online: Keeping kids safe means parents must keep watch |
| August 9, 2005 |
Tyler ISD principal resigns |
| August 8, 2005 |
Wasting away on the web. More employers are taking workers' Web use seriously. |
| August 8, 2005 |
Conrad works to make Web safer for kids |
| August 8, 2005 |
Virus with SOCKS appeal targets corporate PCs |
| August 7, 2005 |
Port knocking: Good guys and bad guys are using this method to open ports |
| August 7, 2005 |
Terrorists' use of Internet spreads |
| August 5, 2005 |
Fast stats: Spyware costs. Big companies spend big money to fight spyware. |
| August 4, 2005 |
Corporate instant messaging usage: opportunities and threats |
| August 4, 2005 |
Security researchers have warned that an infectious JPEG virus could be just around the corner |
| August 3, 2005 |
Firms dig deep to fight spyware |
| August 2, 2005 |
Virus top 10: Mytob storms malware chart |
| August 2, 2005 |
10th annual CSI/FBI survey, part 2 |
| August 2, 2005 |
Together against the darkness |
| July 29, 2005 |
FirstAssist offers advice on tackling email and Internet misuse |
| July 29, 2005 |
Phishing attacks soar as viral onslaught wanes |
| July 29, 2005 |
Spammers face criminal charges |
| July 28, 2005 |
419s, scams and spams: How secure is your system? |
| August 15, 2005 |
The trouble with spyware (and how to get rid of it) |
By: Vinod Kumar
Source: Express Computer
URL: www.expresscomputeronline.com
Users need to protect themselves, and that means having an adequate (and up-to-date) anti-virus, anti-spam, and firewall installed, says Vinod Kumar.
Basically, spyware is a piece of non-replicating software that installs itself on a computer. Viruses and worms, by definition, do replicate, and this is why spyware is not considered viral. Spyware is mostly used to track and collate information about the user’s computer behaviour. The collected information is often sent to a third-party. What makes spyware dodgy is that info is tracked without the computer user’s consent or knowledge. The information collated and recorded might be about what pages a computer user visited; it could be about other behavioural patterns as well. Why do they want this info? One reason is that it will assist the third party in honing their sales pitch to potential consumers.
Adware is a subset of what we call ‘unwanted applications.’ Other such applications include diallers, joke programmes and some legitimate freeware utilities (if installed by a malware dropper). Viruses and trojans also occasionally drop a piece of spyware that will inform them when the infected file is being used.
Phone diallers are not spyware. They are programmes that dial a premium rate phone number, usually to connect to a pornographic website, and then charge you an absolute fortune for the privilege. You will find out about this only when you get a massive phone bill. (However, some diallers may contain or drop adware/spyware.)
Unfortunately, we do not have figures on the costs of these. Most people who might have spyware on their systems probably don’t even know it is there. Since spyware is used to track information about the user, spammers might be interested in some of their findings as it may help them find more open relay machines which they can use to send out huge amounts of (junk) mail.
We are seeing a developing relationship between virus writers and spammers. Our honeypots show us that about 40 percent of all spam comes from what we call a zombie machine, or a computer whose security has been compromised and can be controlled remotely by a third party. Without the user’s knowledge, a spammer can access the computer via a backdoor left open by virus or other security vulnerabilities, and then use it to send out spam. Particularly attractive are computers that are constantly connected to the web—via broadband, for instance. We also suspect that virus writers sell to spammers the lists of machines they know they have compromised.
There are spyware-specific programmes that protect computer users from spyware. Computers are powerful machines, and there is a lot of money to be made in the cyberworld. In the same way that you might be careful about giving away your personal information in contests or when sending in scratch cards, or how you might think twice about letting strangers into your house, it is wise to have a similar attitude when surfing the Web. Users need to protect themselves, and that means having an adequate (and up-to-date) anti-virus, anti-spam, and firewall installed. Spam and viruses can send you links or download a spyware programme from a dodgy site. Firewalls can help block some of the communication between miscreants outside and your PC.
Being safe also means that you need to be smart about computer usage. If someone is offering you something for free, ask yourself: What is in it for him? Do you know the company? Are they clear about what they want? Are you comfortable sharing info with them? It is also wise to turn off everything that you don’t need or use. For instance, do you really need to have everything enabled in your browser? Why not stop cookies from nesting in your machine without letting you know? Check your Internet browser settings and set them to the highest safety levels you can without compromising usage. There are a few free and purchasable spyware packages around. They can help keep you informed about what unknown entities are trying to install on your computer. Although I haven’t tried either of these personally, I do know that Lavasoft Ad-Aware and Spybot Search & Destroy are both free for personal usage. You might also look at www.spywareinfo.com for more information. |
[Return to Top]
|
| August 15, 2005 |
Tide of vicious porn that knows no borders |
By: David Derbyshire
Source: news.telegraph
URL: www.telegraph.co.uk
The very nature of the internet - a sprawling, informal connection of computers that transcends national boundaries and laws - means it is virtually impossible to police.
Those wishing to ban violent websites that depict the rape, torture and murder of women face a long and difficult struggle.
There are practical difficulties in banning, or blocking access to websites that may be hosted by companies on the other side of the world. There are complex legal issues about which images of violence are unlawful or obscene.
And the campaign also raises questions about internet censorship, and whether websites that are deeply offensive to the majority of people should necessarily be banned.
Adult pornography in Britain is governed by the Obscene Publications Act of 1959 and 1964. It covers the publication, distribution, showing and possession of obscene material for gain.
Under the Act, an image is defined as obscene if it tends to "deprave and corrupt" those likely to encounter it.
There is no clear definition of what sort of images will "deprave and corrupt" and interpretations of the Act have changed over time.
Ultimately it is up to the judge dealing with the case to decide whether an image is obscene, although the definition usually includes sexual acts such as bestiality, rape and torture. It doesn't matter whether the violence is real or - as in many of the extreme violence websites - posed by actors.
However, police can take action only against websites hosted by a UK-based internet service provider (ISP). The majority of sites showing scenes of rape, torture and necrophilia are hosted by overseas ISPs. In Britain, potentially illegal websites are monitored by the Internet Watch Foundation.
If the IWF learns of criminally obscene material hosted by a British company, it passes details to the police. It also informs the host ISP, which is obliged to remove the material at once. The police may then seek to bring criminal charges against the person responsible.
The IWF has used this system successfully to reduce the amount of child pornography on the internet. But controlling child abuse on the internet is much easier than controlling violent pornography.
While child abuse images are illegal across the world, the attitude to adult content varies enormously. Some governments may be reluctant to ban extreme websites if their pictures depict consenting adults rather than real images of violence.
Fay MacDonald, of the IWF, said adult content was far more difficult to govern because of the global nature of the internet, the range of international legislation, different social attitudes and problems regulating content and access.
"This may go some way to explaining the difference in legislation and government and industry attention and resources covering extreme 'adult' content, compared to child abuse images," she said.
ISPs can block access to websites based on their content. BT's system, Cleanfeed, blocks access to a list of web addresses known to contain illegal images of children that would be illegal to view in Britain.
"It is very clear-cut and if this mechanism was misused to block content which is legal, this could open up a controversial censorship debate," she said.
Internet search engines can also filter out offensive material. Yahoo, for instance, screens out sites dealing with asphyxia and necrophilia. |
[Return to Top]
|
| August 13, 2005 |
Business has its eye on employee e-mails |
By: Portsia Smith
Source: The Free Lance-Star
URL: fredericksburg.com
Employee e-mail, Internet searches and instant messages typed at the office create written records that are very similar to DNA evidence.
If they can be traced back to the crime--inappropriate use of company equipment or time--they can get you fired.
That may be more likely now that businesses are taking added steps to monitor their workers' computer and telephone behavior, according to a surveillance study.
The 2005 Electronic Monitoring and Surveillance Survey, conducted by the American Management Association and the ePolicy Institute, says employers monitor computer use in various ways.
Out of more than 500 companies surveyed, 36 percent of employers track content, keystrokes and time spent at the keyboard. About 76 percent supervise Web-site connections, 50 percent review employee computer files and 55 percent retain e-mail messages.
Far fewer record employees' voice messages, with 15 percent reporting that they tape or review voicemail.
Chip German, vice president for information technologies and chief information officer at the University of Mary Washington, said UMW employees and most Virginia state workers are under the same rules.
"Everything you do on our network is the property of the commonwealth of Virginia," he said. "We have a policy that allows us to conduct monitoring, but as an institution we choose not to do that except in certain circumstances."
German also added that just because e-mails are deleted doesn't mean they can't be retrieved.
"When you delete something, soon it will be gone, but it may not be deleted as soon as you delete it because of normal system backups," he said.
Jeni Tarmon, human resources manager of Intuit's call center in Stafford County, said the tax-software builder monitors computer screens and all telephone calls for coaching purposes.
"It's one of the metrics we use to measure performance," she said. "Our employees know it right up, so there is a mutual agreement and understanding."
According to the study, most employers have a policy and let workers know they are being watched. Policies can be communicated several ways, including in an employee handbook, via memos or in union contracts.
In all, 86 percent of those surveyed said they inform employees that they are reviewing e-mails, and 89 percent alert them that their Web usage is being tracked.
Still, written policies have not prevented abuse.
The study also shows that 57 percent of these employers have fired workers for misusing e-mail, the Internet and office phones.
One in five employers has had e-mail subpoenaed by courts, and 13 percent have faced lawsuits involving employee e-mail, the organizations reported.
Bob Jensen, director of human resources at MediCorp, said employees at Mary Washington Hospital have been terminated because of equipment misuse.
"We are currently in the process of reviewing and putting in a stronger policy so we have a little more control on what the disciplinary action would be for abuse," Jensen said. |
[Return to Top]
|
| August 13, 2005 |
Internet must be controlled |
By: David Canton
Source: The London Free Press
URL: www.canoe.ca
Internet control. It should be no surprise that the Internet requires some sort of co-ordination to make it function.
We take it for granted, but someone has to control how it works. That someone is a U.S.- based non-profit organization called the Internet Corporation for Assigned Names and Numbers (ICANN). In simple terms, if the Internet was a postal system, ICANN ensures that the addresses on the letters work.
Some are concerned about a U.S.-based organization managing the Internet. Developing countries are concerned with the monopoly of U.S. power regarding Internet governance. They maintain that the Western countries that had earlier Internet access took all of the available addresses required for connection and have left a limited number for developing countries to share.
There have also been concerns about multilingualism of the Internet and the delay in approval of domain names in non-English characters. At one time China, frustrated with the delays, threatened to divide the Internet by creating its own system for naming domains in Chinese.
Others are concerned that some areas such as spam and cybercrime are not handled appropriately.
To address these concerns the United Nations created a panel to recommend how the Internet should be run and controlled in the future. The panel, the Working Group of Internet Governance, recently released its report. It was released two weeks after the U.S. declared they had no intention of giving up control of the main computers that dominate Internet management.
The panel felt no single government should have a pre-eminent role in international Internet governance. It suggested four options.
- Option one would keep ICANN, but change the governmental control by creating the Governmental Internet Council. The Governmental Internet Council would replace the current role of the US government.
- Option two would have no organization overseeing the Internet. There would only be an international forum for the discussion of internet issues.
- Option three would create an International Internet Council that would govern the internet and address all national concerns.
- Option four would start from new, scrapping all of the work done by ICANN and create a World Internet Corporation for Assigned Names and Numbers as well as a Global Internet Policy Council.
The issues under discussion are complex, international in scope, and have potential to impact our use of the Internet.
Control over the Internet is a high-level political issue involving hundreds of countries, many with their own unique needs which will likely be resolved between governments -- not commercial registrars or country-code operators.
So will all this affect Canadian use of the Internet? Clyde Beattie, chairperson of the Canadian Internet Registration Authority (CIRA) thinks not. CIRA has and will continue its involvement in this matter.
Beattie comments that there is significant resentment against the U.S. and ICANN by the global country code (addresses that end in country code letters such as .ca) community due to historic distrust. ICANN's real independence from the U.S. government continues to be a subject of discussion and many are not satisfied with ICANN's management of the network.
CIRA feels the U.S. is not likely to entrust the United Nations or other multinational organization to effectively manage the security of the network and/or protect the economic and security interests of the U.S.
Beattie foresees that the U.S. will retain technical control over the root (the basic addressing system) and network for an indefinite period of time while carrying on with governance negotiations with the rest of the world for years to come. |
[Return to Top]
|
| August 11, 2005 |
Three-quarters of companies now monitor employee Internet use |
Source: HR Focus cited in RedNova
URL: www.rednova.com
Sixty-two percent of companies monitor all Web usage by their workers, and another 14% monitor workers in selected job categories, according to a report by the American Management Association and the ePolicy Institute.
Among the 526 respondents to the 2005 Electronic Monitoring & Surveillance Survey (www.amanet.org press/amanews/ems05.htm), 36% monitor the time some or all employees spend on their computers, the content of what they are doing, or the keystrokes entered; 50% store and review employees' computer files; 55% store and review e-mail messages; and 65% utilize software to block access to unauthorized or inappropriate Web sites.
Almost half (42%) of respondents now have policies governing the use of instant messaging technology; 34% have policies about operating personal Web sites on company time; 23% have policies about making personal postings on corporate blogs; and 20% have policies on operating personal blogs on company time.
Most respondents let workers know that they are being monitored, yet 26% said they have fired someone for misusing the Internet, 25% reported at least one termination for e-mail misuse, and 6% said they have fired someone for improper telephone use.
In telephone use, 57% reported blocking access to 900 numbers or other unauthorized phone numbers; 19% tape phone conversations for selected job categories; 3% record all employees' phone conversations; and 15% tape and review voice mails.
As for cell phone use, 27% have a written policy governing personal matters, and 19% said they have a policy outlining the capture and transmission of camera-phone images.
More than half of the respondents use video monitoring to counter theft, violence, or sabotage. Among those, 49% said such surveillance is ongoing, 33% said it is routine, and 8% use it occasionally.
Eight percent use GPS technology to monitor company vehicles; 8% to track employee identification cards; and 5% to track company cell phones.
Copyright Institute of Management & Administration Aug 2005 |
[Return to Top]
|
| August 10, 2005 |
CPS Energy fires three more employees |
By: Greg Jefferson
Source: MySA.com
URL: www.mysanantonio.com
CPS Energy fired three more employees Tuesday as it wrapped up an investigation into the use of company e-mail accounts to store and swap sexually explicit photographs.
The actions came nearly a month after the city-owned utility dismissed eight workers and suspended eight others for viewing, saving and distributing the material by e-mail.
“It was the same kind of material,” CPS Energy spokesman Rolando Romero said of this week's firings. “They say that's the end of the investigation.”
The employees ran afoul of rules established in late 2002 that outlawed inappropriate uses of the gas and electric utility's online and Internet services, including “sending or soliciting sexually oriented messages or images.”
The policy states that violations could result in termination.
“CPS Energy regrets having had to take these various personnel actions, but the company – through its policies and reminders to employees – has clearly indicated it cannot tolerate inappropriate use of company time and resources,” officials said in a written statement today.
Last month, CPS Energy released to the media six photographs discovered by investigators, each showing naked women in sexually suggestive positions. At the time, a spokeswoman said the eight suspensions ranged from one to 20 days, depending the amount and explicitness of the material.
Romero said today that no other employees were suspended in the crackdown, which was touched off when a worker glimpsed an explicit photo and complained to managers. |
[Return to Top]
|
| August 10, 2005 |
Former Fond du Lac city worker charged with possessing child porn |
By: Juliet Williams
Source: DuluthNewsTribune.com
URL: www.duluthsuperior.com
MILWAUKEE - A former City of Fond du Lac employee was charged Wednesday with 20 counts of possessing child pornography after allegedly viewing the material on the Internet for hours a day at work.
Benjamin W. Mercer, 55, of Fond du Lac, is alleged to have looked at thousands of pornographic images between March 2003 and June 2004 on Web sites that advertised "underage preteen lolitas" and "Drunk Teen Girls," according to a criminal complaint.
"The defendant had an apparent pattern or habit of extensive Internet use during work hours, including apparently routine visits to sexually suggestive or explicit Internet locations," the complaint said.
Mercer, a former human resources manager, had worked at the department for 15 years.
In June 2004, a city computer technician went to police after finding inappropriate computer use traced to Mercer's user name.
The district attorney asked state officials to investigate, and a Department of Justice forensic computer analyst spent months studying the computer files, Justice spokesman Kelly Kennedy said.
The images included pictures showing prepubescent girls in pigtails posing naked and preteen girls in sex acts with men, according to the complaint.
Mercer resigned last March, just days after his office computer was seized. Citing health reasons, former city manager Tom Ahrens resigned less than a month later.
When police confronted Mercer, he allegedly gave various reasons for the files on his hard drive.
"The defendant stated that his computer password and user name were located on notes on or near his desk and that someone may have accessed his computer," the complaint said.
He later "admitted that he had visited 'adult Web sites' from his work computer," it said.
Mercer allegedly told police it was a challenge for him to see what he could find on the Internet.
His home computer also was seized, but Mercer said he replaced the hard drive on it in March after he became worried a city employee may have installed tracking software on it. He said he smashed the old hard drive with a hammer.
Lindee Kimball, president of the city council, said she was pleased that charges had been filed. She said the city has since installed firewalls on all city computers that prevent anyone from accessing inappropriate Web sites.
"I hope that we can get this over with and move on to better days," she said Wednesday. "Steps have been taken so they can't ever do that again."
Mercer, who filed a civil lawsuit against the city in May seeking $1.6 million, faces up to 3 1/2 years in prison and $10,000 in fines on each of the 20 charges. He is scheduled to appear in court Aug. 23. |
[Return to Top]
|
| August 10, 2005 |
Dangers online: Keeping kids safe means parents must keep watch |
By: Nancy Arcayna
Source: Starbulletin.com
URL: starbulletin.com
An old man's youth can instantly be restored, a bored housewife can be transformed into a supermodel and kids can mature overnight. Anonymity is one of the Internet's main attractions. But according to experts, it is anonymity that parents need to be concerned about.
Hidden behind screen names, pedophiles and other sexual predators can use the Internet to gain access to children. The most common means are chat rooms, instant messages and e-mail.
"Today, when kids get online, their neighborhood is the entire world," said James Kerr, president of SuperGeeks, a computer repair company.
"Bad guys gravitate to the Internet because they can reach a ton of people, reach them inexpensively and remain anonymous. Predators in chat rooms can conceal their identity and prey on kids."
Kerr offers free monthly talks on protecting children from the dangers of the Internet. "It's a situation that parents are ill equipped to handle," he said.
A 2004 survey of Internet use among children found that 44 percent of children have felt sexually harassed on the Internet; 28 percent had visited pornographic sites and 50 percent use the Internet alone.
Hate sites, crime solicitation and spam are other issues of concern, Kerr said. "Children are real trusting and don't have a sense of suspicion."
Many parents are walking a fine line when it comes to safe online access. They want to be responsible but don't want to risk alienating their child by blocking them from activities their friends enjoy. Especially when the activities seem harmless.
Angela Pe'a monitors her 13-year-old daughter's online activities, although that can be difficult, considering her daughter has her own log-in for the family computer. That makes it harder to track the Web sites she visits, Pe'a said.
"We've talked about what she should and shouldn't be doing on the Internet, and I think she is making the right decisions. I trust her."
Nonetheless, Pe'a acknowledged that her daughter spends a lot of time on the Internet between 3 and 5 p.m., when she is home alone. She also created her own Web page at myspace.com, a site supposedly limited to people over 18.
"My sister and I checked out the site, and there were some pretty inappropriate pages there ... girls in thongs and topless," Pe'a said. Many entries include blogs and personal information.
Fortunately, her daughter's page was OK. Still, Pe'a is concerned about how underage kids are setting up sites.
"The biggest fear of any parent is face-to-face encounters. You always hear about people meeting on the Internet and hooking up," she said.
Jody Lovett, a teacher at Hawaii Baptist Academy, also asks a lot of questions about her 14-year-old daughter Brianna's activities on the computer. "She is not allowed in chat rooms. She uses the computer mainly to keep in talk to her old friends in Michigan," Lovett said.
"Our computer has always been located in a communal area of the home," she explained. Her children never use the computer unsupervised.
"Even if your kids are good, they can be exposed to material you want them to avoid," she said. "There is always a temptation to explore things further. It's human nature."
Even inadvertently, a child could stumble on inappropriate material. Lovett herself has stumbled onto pornographic sites while doing research.
But children can also bring trouble on themselves. "Sometimes the children who claim to be victims are not totally innocent," Lt. Jeff Richards of the Honolulu Police Department said.
Kids might be creating different personas for themselves for use anonymously on the Internet, Richards said. "They get very bold and mouthy." This could lead them to a pervert or someone equally dangerous.
"A 15-year-old surfer from Kailua could be an old geezer from anywhere," he cautioned.
Richards encourages parents to bring their children to the police station for an interview when they run into trouble such as cyberbullying online. "We try to get the whole story."
Detective Chris Duque agrees. "When kids are online, they face various types of risks. They lack life experiences to make choices that benefit them."
The key is education and supervision, now that many kids pick up keyboard skills as early as first grade, Duque said. Kids can connect to the Internet on cell phones. Soon, the new PlayStation Portable will afford the same easy access.
Duque suggested turning off the computer when it is not in use and disconnecting the Internet cable so that outsiders cannot gain remote access. "It is better to be safe than sorry."
Condition kids to be cautious and not give out personal information. Online identity theft occurs more often with children than adults, he said. "Kids are not savvy about the trickery that scam artists use."
The answer is not to remove the computer, Duque cautions. It is much more productive to allow children to use the computer, but communicate with them about potential dangers.
"Attack the behavior, not the technology."
Awareness is the key that Kerr preaches in his free classes.
Define what is considered appropriate online behavior, he said. "Parents need to establish a set of rules that are fair. It is best to write it down, like a family contract. If the rules are broken, there are consequences."
As a safeguard, Kerr said, consider software that filters out inappropriate material. Kid-safe browsers are also available online, among them Yahooligans, Crayon Crawler or Kidsafe Explorer. A child's time online can also be budgeted, he said.
"Most kids know more about the computer and Internet than their parents do. It's hard for parents to keep up."
He also suggests placing the computer in a public space. "Parents can casually walk by and see what is happening on the screen. It's not being nosy ... it is being concerned. It is just like watching a child on the playground."
The ideal is to ensure that a child is well protected without compromising the privilege to hop online, Kerr said. "Computers are a part of everyday life. We need to learn to use them wisely." |
[Return to Top]
|
| August 9, 2005 |
Tyler ISD principal resigns |
By: Betty Waters
Source: tylerpaper.com
URL: www.zwire.com
New James S. Hogg Middle School Principal Robert Rich resigned after evidence surfaced that he used a Tyler Independent School District computer to access sites inappropriate for school use - a violation of school board policy.
Shauna Hittle will serve as Hogg's interim principal until a successor to Rich is named, Tyler ISD Superintendent Dr. David Simmons said.
Rich, formerly principal of Owens Elementary School, had been on the Hogg campus several weeks preparing for start of the new school year after his appointment June 28 to succeed recently retired Hogg Principal Judy Wilson.
An Internet filtering device initially detected someone using a TISD computer had attempted to go to a number of inappropriate sites, Simmons said.
Further research by the district's technology services department staff showed that Rich had successfully accessed inappropriate sites, Simmons said.
Rich was called to a meeting Friday with Human Resources Director Sharon Roy, Director of Secondary Education Dr. Karen Raney and Deputy Superintendent Dr. Roland Hernandez.
When presented with findings of the investigation, Simmons said, "it's my understanding Mr. Rich accepted the information and opted to offer to submit a letter of resignation, effective immediately."
The letter came later in the day to the superintendent, who is authorized to receive resignations. Acceptance of Rich's resignation will be formalized by the school board during its next, regular meeting Aug. 18, Simmons said.
His resignation ended any further action on behalf of the district, Simmons said. Administrators have no reason to believe anything that occurred in Rich's case would require notification of law enforcement authorities.
Rich could not be reached for comment.
Accessing inappropriate Internet sites using the district's electronic communication system is a violation of the board's electronic communication and data management policy, Simmons said. The policy stipulates access to the Internet shall be primarily for instructional and administrative purposes.
A news release the district sent to Tyler news media announced Rich had resigned for "personal reasons." A letter mailed by the superintendent and director of secondary education to inform Hogg School students and parents about Rich's departure states he "suddenly and unexpected resigned his position for personal reasons."
When asked during a telephone interview , the superintendent disclosed circumstances of Rich's resignation.
"It's important for everyone to realize that the use of electronic communication is monitored closely in our school district," Simmons said. "There are certainly some actions that will not and cannot be tolerated for obvious reasons."
The district has software to deter and detect inappropriate use, Simmons stressed. "We are going to be vigilant to educate our students and staff on the appropriate use of this technology, but they need to understand there are repercussions for the inappropriate use of technology," he added.
Rich started his education career in 1995 as a teacher in New Summerfield. He joined TISD in August 1999 as an instructional consultant (assistant principal) at Austin Elementary and was promoted in August 2002 to principal of Owens Elementary. His recent appointment as Hogg principal represented a move into secondary education. Rich has bachelor and master degrees from The University of Texas at Tyler and is studying for a doctor of education degree at Texas A&M University at Commerce.
This is not the best time to advertise and fill a principal position because most principals and administrators are busy at their current job preparing for the new school year, Simmons said. "We most likely will evaluate this position over the next couple of months; one possible time might be to fill the position at the end of the semester," he said.
"We want to employ the very best principal for (Hogg), so we do not want to be in a hurry to interview and hire someone," states the letter the district is sending Hogg students and parents.
Simmons said, "While this is obviously an unfortunate situation, the good news is that the district has a veteran principal available to assist us in this transition."
The school board recently hired Ms. Hittle as principal of the new Rice/Owens relief campus under construction. She agreed to serve indefinitely as Hogg interim principal in addition to preparing for opening of the new elementary school in about a year.
"Mrs. Hittle is a proven, effective leader," Simmons said. "She will add a great deal of stability to the campus and is committed to doing everything she can with the administration and staff (at Hogg) to insure that this school year will begin in a positive way."
Steve Helgoth will join Zeb Cantley as an additional assistant principal at Hogg. |
[Return to Top]
|
| August 8, 2005 |
Wasting away on the web. More employers are taking workers' Web use seriously. |
By: Chris Gonsalves
Source: eWeek.com
URL: www.eweek.com
My IT guy won't tell me exactly what he's doing. Chances are, you aren't telling your folks the entire story, either.
In fact, when it comes to spying on employees' Internet surfing behavior, perhaps the less said, the better. The very thought of someone watching me update my eBay auctions or price vacation rentals is enough to keep me mostly honest. The corporate tech guys probably don't care enough about my productivity to log my keystrokes and monitor my Trillian logs, right?
But what if they do?
The issue of IT surveillance was driven home last month when Salary.com and America Online released a survey of 10,000 American workers, many of whom admitted that goofing off on the Internet was their primary method of frittering away the workday. In a sign of the times, it beat out socializing with co-workers, 45 percent to 23 percent. It turns out personal Internet time makes up the bulk of the 2 hours the average employee admits wasting each day.
While bosses can easily detect and interrupt water-cooler chatter, the employee who is shopping at Lands' End or IMing with fellow fantasy baseball managers may actually appear to be working. Thwarting the activity is a technology challenge, and it's one that more and more enterprises are taking seriously, despite resistance from privacy advocates and some employees themselves.
According to the American Management Association, 78 percent of large U.S. employers are regularly checking workers' e-mail messages, Internet use, computer files and phone calls. Nearly half of such employers store employee e-mail messages for review. The AMA also found that 65 percent of enterprises had disciplined employees for misuse of e-mail or the Internet at work, and 27 percent had actually fired someone over such offenses.
Surprisingly, less than a third had a written policy spelling out their surveillance efforts or defining appropriate Internet use.
So how do employees feel about being watched by IT while they are on the clock? For most, it's a matter of consent.
According to a recent poll of workers in technology-related fields published by the executive recruiting company FPC, 61 percent said they felt their bosses had the right to cyber-spy on them, but only with consent. Just 28 percent felt IT had the right to monitor their activity without consent, and only 1 percent said an employer never has the right to monitor Internet use.
"It's not surprising that companies want to assure that their employees' time is predominantly spent on work-related computer usage," said FPC President Ron Herzog. "The majority of employees ... would like to be informed, so it is always in the company's best interest to have an Internet usage policy clearly outlining the company's expectations, which all employees sign upon hiring."
Such a policy maintains some of the pre-emptive mystery that I still believe keeps most people honest. You're not saying you will monitor me—just that you can. The less said, the better. As the stakes grow beyond a few wasted man-hours and some misappropriated bandwidth, it grows increasingly important for IT to let everyone in the company know they might be watched.
Nowhere was that more evident than at the storied New York printing company Bowne & Co. In June, Robert Johnson, the high-profile CEO of Bowne and the former publisher of Newsday, was arrested and charged with downloading child pornography to company PCs and laptops, according to published reports. The case, which reportedly involved IT tipping off Johnson to the investigation and ultimately resulted in the dismissal of Bowne's CIO, illustrates the need for diligence in keeping tabs on company computer use right up to the highest levels.
So I go carefully on my way here, my IT guy being coy about just what he can and will look at. If you aren't giving your people the whole story, either, that's fine. The less said, the better. Just as long as all sides understand that the days of Internet freedom at work are justifiably finished. |
[Return to Top]
|
| August 8, 2005 |
Conrad works to make Web safer for kids |
Source: GrandForksHerald.com
URL: www.grandforks.com
Conrad works to make Web safer for kids: Senator Kent Conrad, D-N.D., was joined by community leaders, law enforcement officials and concerned parents today to announce legislation he recently introduced that would clamp down on Web pornographers and fund efforts to battle pedophiles using the Internet to lure victims.
"We need to do everything we can to protect our children," Senator Conrad said. "There are already laws in place to prevent young kids from purchasing alcohol, tobacco, or tickets to R-rated movies. Now we need to better shield our children from Internet pornography."
Last week, Senator Conrad introduced the Internet Safety and Child Protection Act, which would require adult-oriented Web sites to conduct the on-line equivalent of an ID check, using age-verification software that already exists and is in use on other Web sites that sell products, such as tobacco, that are inappropriate for minors. Although technology exists to prevent minors from accessing pornographic Web sites, only 3 percent of these sites use the technology. |
[Return to Top]
|
| August 8, 2005 |
Virus with SOCKS appeal targets corporate PCs |
By: Munir Kotadia
Source: ZD Net UK
URL: news.zdnet.co.uk
A new variant of the Bagle virus incorporates a SOCKS proxy and Web services technology aimed at bypassing corporate firewalls, security experts have warned.
The latest Bagle variant — alias Bagle.b.w (F-Secure) and W32/Bagle.CB@MM (McAfee) — was discovered late last week and although security companies say it's not spreading very quickly, computers that have been compromised by the worm will not be easy to detect.
Adam Biviano, senior systems engineer at Trend Micro Australia and New Zealand, said the latest variants show that the Bagle authors are starting to seriously target corporate users.
"This is starting to prove that these variants are targeting corporate machines as opposed to just home users. Most corporate networks are set up to block your typical Trojan access vectors such as IRC and chatrooms. [This variant] uses Web services and SOCKS, which are typical corporate gateway services that would be allowed to go through firewalls," said Biviano.
On the F-Secure blog, Jarkko Turkulainen, the Finnish antivirus company's binary virus researcher, said the latest Bagle no longer tries to "download Mitglieder trojans for opening up spam proxies on infected computers", instead the malware "can also act as SOCKS v4/5 proxy, HTTP CONNECT proxy and SMTP relay."
"It is probably easier to take advantage of home users but probably a logical step in the evolution … would be to try and take advantage of corporate computing resources. IT managers are going to have to look at some kind of monitoring on their Web gateways to make sure information isn't being leaked out of the organisation by these applications," said Trend Micro's Biviano.
Allan Bell, marketing director for McAfee, described the various weapons that the latest Bagle variant has at its disposal and said the worm won't send copies of itself to email addresses from security organisations "to try and hide itself a little bit longer".
"Bagle traditionally has been used for spamming — it has a spam engine — but it can be remotely controlled and used to download and run other applications. It can disable your antivirus and firewall… it also tries to propagate using P2P [peer-to-peer] by jumping into shared folders," said Bell.
Bell said the latest Bagle is "low risk" and most enterprises are unlikely to see it. However, its relative rarity is also one of the tricks used by malware authors to keep their creations low key, according to Eugene Kaspersky, founder of Kaspersky Labs.
At the AusCERT conference in Australia's Gold Coast earlier this year, Kaspersky said that virus authors are no longer trying to infect as many computers as possible with the same virus.
"Do I need a million computers to send spam? No. To do a DDoS attack, 5,000 or 10,000 PCs is more than enough. That is why virus writers and hackers have changed their tactics of infection — they don't need a global epidemic," said Kaspersky. |
[Return to Top]
|
| August 7, 2005 |
Port knocking: Good guys and bad guys are using this method to open ports |
By: Tony Bradley
Source: Net Security: About Computing and Technology
URL: netsecurity.about.com
Ideally you want to restrict and control the traffic that is allowed into your network or computer. This can be done in a variety of ways. Two of the primary methods are to make sure that unneccesary ports on your computer are not open or listening for connections and to use a firewall- either on the computer itself or at the network perimeter- to block unauthorized traffic.
By monitoring traffic and manipulating firewall rules based on events it is possible to create a sort of "secret knock" that will open the gate and let you through the firewall. Even though no ports may be open at the time, a specific series of connection attempts to closed ports may provide the trigger to open a port for communication.
In a nutshell, you would have a service running on the target device which would watch network activity- typically by monitoring firewall logs.
The service would need to know the "secret knock"- for example failed connection attempts to port 103, 102, 108, 102, 105. If the service encountered the "secret knock" in the correct order it would then automatically alter the firewall rules to open a designated port to allow remote access.
The malware writers of the world have unfortunately (or fortunately- you'll see why in a minute) begun to adopt this technique for opening backdoors on victimized systems. Basically, rather than opening ports for remote connection that are readily visible and detectable, a Trojan is planted which monitors the network traffic. Once the "secret knock" is intercepted the malware will awaken and open the pre-determined backdoor port, allowing the attacker access to the system.
I said above that this may actually be a good thing. Well, getting infected with malware of any sort is never a good thing. But, as it stands right now once a virus or worm starts opening ports and those port numbers become public knowledge the infected systems become open to attack by anyone- not just the writer of the malware that opened the backdoor. This greatly increases the odds of becoming further compromised or of a subsequent virus or worm capitalizing on the open ports created by the first malware.
By creating a dormant backdoor that requires the "secret knock" to open it the malware author keeps the backdoor secret. Again, that is good and bad. Good because every Tom, Dick and Harry hacker wannabe won't be out port scanning to find vulnerable systems based on the port opened by the malware. Bad because if it's dormant you won't know it's there either and there may not be any easy way to identify that you have a dormant backdoor on your system waiting to be awakened by port knocking.
This trick can also be used by the good guys as pointed out in a recent Crypto-Gram newsletter from Bruce Schneier. Basically an administrator can completely lock down a system- allowing no external traffic in- but implement a port-knocking scheme. Using the "secret knock" the administrator would then be able to open a port when neccessary to establish a remote connection.
It would obviously be important to maintain the confidentiality of the "secret knock" code. Basically, the "secret knock" would be a "password" of sorts which could allow unrestricted access to anyone who knew it.
There are a number of ways to set up port knocking and to ensure the integrity of the port knocking scheme- but there are still pros and cons to using port knocking a security tool on your network. For more details see How To: Port Knocking on LinuxJournal.com or some of the other links to the right of this article. |
[Return to Top]
|
| August 7, 2005 |
Terrorists' use of Internet spreads |
By: Jon Swartz
Source: Peace Journalism
URL: peacejournalism.com
It's "the new cash cow" for terrorists to finance operations, says John Pironti, a security consultant at tech consultant Unisys. Online scams are harder to trace because they are relayed through a sophisticated network of individuals and Web sites worldwide, he says. And many schemes originate from abroad, where cyberlaws don't exist or law enforcement is lax.
In dozens of incidents the past few months, groups linked to terrorism have stolen credit card numbers over the Internet, laundered money and hijacked Web sites, security experts say.
The recent surge in activity has given counterterrorism specialists, already concerned with threats to physical structures, another worry. Like their colleagues in the FBI, Secret Service, the Treasury Department and elsewhere, they must bone up on Internet technology to match wits with the criminals.
For several years, groups including al-Qaeda have used cyberspace for communications, recruiting and propaganda. Now they've branched into other areas. Credit card numbers are often swiped through hacking attacks and phishing, fraudulent e-mails that trick consumers into surrendering personal information.
There are indications terrorists may next steal trade secrets from U.S. companies as their computer skills improve and they begin to work with organized crime in Eastern Europe. The stolen documents could then be sold to rogue foreign businesses or held for ransom, security experts say.
Terrorism.org
A few months ago, Imam Samudra, convicted of masterminding the bombing that killed 202 in Bali, Indonesia, in 2002, wrote a jailhouse manifesto on the funding of terrorism through cyberfraud.
A chapter in his obscure autobiography — titled "Hacking, Why Not?" — directs fellow Muslim radicals to Indonesian-language Web sites and chat rooms for instructions on online credit card fraud and money laundering. "Any man-made product contains weakness because man himself is a weak creature," Samudra writes. "So it is with the Americans, who boast they are a strong nation."
Evidence collected from Samudra's laptop showed he tried to finance the bombing through cyberfraud, law-enforcement officials say.
In October, a suspected Palestinian supporter of Middle Eastern terrorist groups posted several credit card numbers online and instructions for stealing databases of other active credit card numbers from the Web sites of U.S. businesses.
Internet use by terrorists mirrors that of criminals. While some security experts fear a cyberstrike could disrupt power supplies to millions of homes, disrupt air traffic control systems and shut down water supplies, most agree terror groups are more likely to exploit the Internet for financial gain and to spread propaganda. The number of terrorist-related Web sites has rocketed to 4,350 from a dozen in 1997.
Terrorist organizations have graduated to the Internet to steal because it reaches more potential victims and is harder to trace, says Evan Kohlmann, an international terrorism consultant who runs the Web site Globalterroralert.com.
Previously, militants used more conventional ways for funding, Kohlmann says. The Roubaix gang in France robbed armored cars to help fund terrorist activities in the mid-1990s. And the group behind the abortive millennium attack on the Los Angeles airport robbed supermarkets in Canada and engaged in traditional credit card fraud, he says.
"It is a paradox: Those movements who criticize Western technology and modernity are using the West's most advanced communication technology, the Internet, to spread their message," Gabriel Weimann, a professor in Israel who follows cyberterrorism, said in an e-mail.
But the U.S. government should not dismiss the possibility of a large-scale electronic attack by terrorists against the nation's computer systems, says Richard Clarke, the former White House head of counterterrorism. He made the comments at the RSA security conference in San Francisco last week.
Digital cat and mouse
Federal investigators are locked in an escalating game of digital cat-and-mouse with cyberterrorists. "The FBI understands that some terrorist organizations, like criminals, could exploit the Internet to further their goals," FBI spokeswoman Megan Baroska says. FBI policy prohibits it from discussing ongoing investigations, she says.
The departments of Justice, State, Treasury and Homeland Security and intelligence agencies have identified a broad range of potential Internet vulnerabilities and are constantly developing policies. They compare the fight against terrorist financing to the war against money-laundering drug traffickers.
"As Internet technologies become more advanced, so do those who use them for illicit and illegal activities," says Dexter Ingram, director of information-security policy for the Business Software Alliance and a former analyst for the House Committee on Homeland Security's cybersecurity subcommittee. "Security must remain a continuous process. It's a never-ending cycle."
Still, the feds' ranks are in flux. Robert Liscouski, assistant director of the Department of Homeland Security, resigned in January after the Bush administration nominated a federal judge to head the department.
In October, Amit Yoran, director of the department's cybersecurity division, resigned amid criticism from the tech community that he lacked clout.
Clarke has called for the appointment of a cybersecurity czar in the White House to coordinate actions between the FBI, CIA and other government agencies.
"After 9/11, the emphasis has clearly been on physical infrastructure rather than cybersecurity," says Paul Kurtz, executive director of the Cyber Security Industry Alliance, a non-profit trade group of software and hardware companies. "That's understandable. But cyberspace is where the bad guys are going." |
[Return to Top]
|
| August 5, 2005 |
Fast stats: Spyware costs. Big companies spend big money to fight spyware. |
Source: Red Herring
URL: www.redherring.com
Spyware Nightmare
Dealing with malicious spyware software is proving to not only be a waste of time, but also a waste of money. Companies with more than 1,000 employees spend an average of $130,000 a month paying IT workers to deal with problems related to spyware, according to FaceTime Communications. These companies report an average of 227 monthly spyware installments. “Greynets,” like instant messaging software, P2P programs, webmail, and SKYPE, were counted as spyware for FaceTime’s study as these applications prove to be problematic for IT departments as well. For example, 78 percent of employees use greynet applications on their work computers, a figure that is expected to rise to 93 percent by the end of the year. Of those using greynet software, 63 percent say they have five or more applications running at a time. The top three effects of greynet and spyware on computers are slowdowns in network responses, uncontrollable pop-ups, and corrupt files. |
[Return to Top]
|
| August 4, 2005 |
Corporate instant messaging usage: opportunities and threats |
Source: Continuity Central
URL: continuitycentral.com
Ovum and the EEMA (The Independent European Association for e-Business) have conducted a joint survey to examine the state of corporate instant messaging (IM). The organisations surveyed member enterprises to discover where they are in their IM deployment, where they expect to be at the end of 2005, and what are their major concerns.
The survey found that the average respondent had 6,018 IM users at the end of 2004, and expected to have 11,351 at the end of 2005.
The following benefits were identified:
* IM has reduced e-mail traffic
* IM has lowered voicemail use
* IM helps make decisions faster
* IM improves better communication
* IM can play a major role in managing crises.
* IM can be disruptive if best practice not followed
* IM is widely used by home tele-workers
* Ability to make presence available to applications
* All large organisations are planning for future use
* Aids video and tele conferencing
* Chat enabled help desks
The following issues and requirements were identified:
* Many organisations don’t even realise they use IM
* Security - virus and worm Attacks, SPIM and Identity Theft
* No focus on logging and archiving
* No controls or auditing
* Appears to be considered outside legislation
* Open standards are required for interoperability
* Enable internal users to communicate with external consumer IM users
* Large organisations saw a requirement for mobile phone interoperability
* Presence enable corporate directory applications
* Business case justification & ROI
Compliance and Governance issues
The survey identified the following areas that need consideration when assessing corporate IM usage:
* As with any compliance or governance exercise organisations need to establish the risk, activate an avoidance policy; consider archiving, harassment, presence, micro monitoring and what needs to be discoverable in terms of litigation.
* Technology is being adopted very quickly and accelerated change can often cause problems with the law and regulators. For example misrepresentation is more likely as IM becomes more widespread. It is important to make it clear what users can and can’t do – business best practice needs to be more granular to clear up the grey areas. However, this does not mean repackaging the e-mail and Internet use policy.
* Multiple, simultaneous IM conversations mean mistakes can easily happen. For example, inappropriate content or infringement of 3rd party IPR can occur. Also increased informality increases the risk of harassment – this is now a big issue as there is a blurring from joking to harassment.
* Organisations are finding that users are often deploying IM in a deliberate manner to circumvent corporate content control this is particularly relevant in highly regulated environments.
* Archiving issues arise such as when using non-corporate systems, one user can archive without the other knowing.
* How do you prove aliases and what disclaimers do you need? IM could also be used by HR to micro monitor work patterns which could constitute disproportionate monitoring.
* In the future, watch out for content rich SPIM, however, in assessing risks, don’t overlook the undoubted benefits of the medium. |
[Return to Top]
|
| August 4, 2005 |
Security researchers have warned that an infectious JPEG virus could be just around the corner |
By: Ingrid Marson
Source: ZD Net UK
URL: news.zdnet.co.uk
A virus writer has got close to exploiting a critical flaw in the way Microsoft Windows handles JPEGs.
Costin Raiu, the head of research and development for Kaspersky Labs Romania, said on Tuesday that over the weekend a virus writer tried to spread a Trojan by exploiting a known image-handling flaw. This flaw was patched by Microsoft last year, but it is likely that some users are still vulnerable, particularly as the flaw affected a number of Microsoft's products.
As with all previous attempts at exploiting this particular flaw, the malicious code was not successful, but Raiu was concerned that next time a virus writer may succeed. "This time at least, the JPEG file wasn't infectious. However, fixing the mistake would be relatively easy and we wouldn't be surprised to see a second wave, this time with a working exploit," said Raiu in a blog posting.
David Emm, a senior technology consultant at Kaspersky Lab, told ZDNet UK on Thursday that this incident "takes us as close as we've been to a successful exploit".
He was uncertain how soon a working exploit will appear, but it is likely to depend on whether virus writers see such a flaw as a good way of opening a back door to PCs to obtain data.
The writer of the failed exploit is unlikely to have tested the exploit before sending it out, according to Emm. "Malware writers are probably writing the virus on their one and only machine and the last thing they want to do is screw it up," he said.
In the past, many in the industry assumed that image files, such as JPEGs, were harmless and that only executable files could carry viruses. This misconception was disproved by the discovery of this particular JPEG vulnerability.
As many people still assume that images are safe, JPEG viruses could have a considerable impact, according to Emm. |
[Return to Top]
|
| August 3, 2005 |
Firms dig deep to fight spyware |
Source: News24.com
URL: www.news24.com
Palo Alto, California - Corporations spend more than $130 000 a month in resources fighting spyware, and taking security measures is no guarantee of being protected, according to a recent survey.
Over 75% of information technology managers participating in the study said that despite installing anti-virus software, filters and intrusion detection products, they experienced a virus or spyware attack at least once in the past six months.
In addition, 87% of computer users said attacks had affected their systems, leading to slower network performance, slower personal computers, uncontrollable bursts of pop-up ads, or other problems, according to the survey from privately-held FaceTime Communciations and NewDiligence, a San Francisco market researcher.
The survey, conducted in June and July, contacted more than 600 information technology managers and more than 500 business computer users.
The companies varied in size from less than 500 employees to more than 5 000 and were located in North America and Europe.
The survey found that spyware infections are growing at slightly more than twice the rate of computer virus infections.
The survey broadly defines spyware as programmes that unknowningly install themselves on computers to track a user's online behaviour or deliver a malicious payload.
To combat the epidemic, companies chalk up extra costs on computer help desks and to get machines clean of the unwanted programs.
The study also found that 78% of users have installed programs such as instant messaging or peer-to-peer music download software on their machines. Often these programs serve as avenues for spyware.
The spread of these programs should increase to 93% of users in the next six months, the survey found. |
[Return to Top]
|
| August 2, 2005 |
Virus top 10: Mytob storms malware chart |
BY: Jo Best
Source: Silicon.com
URL: software.silicon.com
The Mytob family of worms has continued its march onto PCs across the country and now dominates the chart of the most virulent viruses reported in July.
According to antivirus firm Sophos' top 10 chart of the most reported malware last month, variants of the Mytob worm now make up seven in 10 of the most spotted viruses.
The worm, which now has more than 160 variants in the wild, spreads as an email attachment and over file-sharing networks, turns infected machines into zombies and spams copies of itself to everyone in the PC's address book.
However, despite Mytob's ever-evolving attempts to give the UK's computers a dose of worms, golden oldie Netsky.P made the top of the chart with 13.9 per cent of all reported viruses in July. Netsky.P first made its appearance back in March 2004, one of the many variants spawned by teen virus writer Sven Jaschan.
Graham Cluley, senior technology consultant at Sophos, said the rise of Mytob was a result of the gangs behind the virus creating more and more variants in an attempt to reach the widest number of PCs possible.
"It should be remembered that there are no 'really big' viruses spreading at the moment, and that's why worms like Netsky and Zafi lurked at the top of the chart for so long. Indeed, we believe that more and more of the criminals behind malware attacks are moving away from mass-mailing worms and switching to Trojan horse attacks against specific targets instead," he added.
July's virus chart in full:
1. Netsky.P 13.9 per cent
2. Mytob.AS 11.6 per cent
3. Mytob.BE 9.3 per cent
4. Mytob.EP 5.5 per cent
5. Zafi.D 3.5 per cent
6. Mytob.CX 3.2 per cent
7. Netsky.D 3.1 per cent
8. Mytob.CJ 2.6 per cent
9. Mytob.CN 2.6 per cent
10. Mytob.AT 2.3 per cent
Others: 42.4 per cent |
[Return to Top]
|
| August 2, 2005 |
10th annual CSI/FBI survey, part 2 |
By: Lyne Bourque
Source: Enterprise ITplanet.com
URL: www.enterpriseitplanet.com
For many years, we've used insurance as our safety net for the things that go bump in the physical environment. Lately, however, we've seen increase in the advocacy of cyber-insurance. It hasn't seen a huge increase but it is starting to make its presence known. This year, 25 percent of all companies are insuring their data against so-called cyber-risks. This would be particularly good for certain banks and their transportation of backup tapes to remote locations.
All of this sets up the foundation for the heart of the survey. That is, where has security gone and what have the bad guys done to us?
The numbers for "unauthorized use" seemed to have stayed relatively similar to last year (it went up 3 percent this year from 53 percent to 56 percent), even a larger survey pool to work with. The percentage of those that didn't know whether they were intruded upon has dropped from 13 percent to 11 percent.
My first thought is to wonder what the respondents believe constitutes "unauthorized use" and how many are aware that they have been broken into. Spyware could be considered unauthorized use since often it collects information without the user's knowledge or consent. What might be worthwhile to add to future studies is to ask about the nature of the violations to systems and/or security policies that may have taken place.
As was pointed out by the authors, and validly so, some events — such as music downloading — may be illegal while others — transmittal of chain letters — may be security policy violations. Perhaps drawing the distinction of how often security policy violations occur compared to actual cyber-violations, and the types of each, might be a worthwhile project for this or other studies.
To help demonstrate that attacks are dropping, we need only to examine the types of individual attacks affecting those that knew they were compromised. It is interesting to note, however, that 453 out of 700 respondents could identify where the attacks were originating. Does this mean that over 200 couldn't determine the source of the attacks?
The types of attacks across the board went down or were equal to last year's results. There was one notable exception: wireless. And this isn't surprising.
Although many companies still don't employ wireless networks, the ease of employees being able to setup their own (most likely to bypass security policies) makes them a prime target. I was a bit surprised that there exists category for VoIP attacks. As companies are increasingly deploying the technology for cost-savings and ease of administration, we will probably witness more attacks and variations off the old phracker/phreaker attacks that victimized traditional phone systems.
Defaced
The survey did have an interesting note on Web site defacements. In general, this type of attack has slightly decreased, however, its repeated success has seemingly increased. 95 percent of companies that reported Web site defacements had it occur 10 times or more.
The losses for this are relatively low ($115,000 was reportedly lost in this survey group) but I wonder if companies are missing out on the public relations issue that may result from it. Immanuel Kant had it right when he said, "Perception is reality." If companies are viewed as being insecure because of a "mere" website defacement, then it becomes a reality for clients, regardless of whether or not the site hosts important information. The actual cost of fixing a site defacement may be minor for some (revert to backup) but this doesn't address the cause of the compromise.
Web defacements were, by far, the "cheapest" of all the attacks. Leading the pack this year was viruses (this always surprises me when 96 percent of respondents indicate that they implement and use anti-virus products) at $42.78 million. One thing that isn't evident is whether spyware is being lumped into the virus figures. Additionally, this may be an indication that our existing methods of dealing with viruses -- traditional signature-based tech primarily -- may be no longer adequate.
The authors of the survey do point out that the spread of viruses has slowed but anecdotal comments on sites like AntiOnline indicate that responses to infections are sporadic at best. Indeed, disinfecting systems has become a complicated matter in many instances, and rebooting to remove the bugs from memory (like the good old days) is no longer sufficient. Following in a distant second and third, respectively, is unauthorized access at $31.23 million and theft of proprietary information at $30.93 million. Denial of service dropped substantially.
Wireless abuse, while on the upswing, only represented a mere $554,700 in costs to those institutions. As the only attack that has increased over the previous year (when it was first being registered as an attack vector), it is at least in a financial sense, a relatively benign attack. It is likely that those being attacked are being used as conduits to gain Internet access rather than specifically targeting the company for nefarious means.
That said, the authors suggested that the reported costs in dealing with these incidents are likely to be more accurate than in previous years since companies are getting better at putting dollar figures on repairs like system rebuilds, restoring from backups and other quantitative measures. What isn't evident, and in all likelihood is missing from the equation, is the intangible effects like damage to PR, the lowering of morale, loss of faith in the IT department, and so forth.
Countermeasures didn't change much compared to previous years. Firewalls and anti-virus software remain the most used safeguards in industry practice today at 97 percent and 96 percent, respectively. At a distant third are intrusion detection systems (IDS) at 72 percent. Intrusion prevention systems (IPS) dropped from 45 percent to 35 percent, perhaps an indication of a lack of understanding of their role or a simple lack of faith in the technology. |
[Return to Top]
|
| August 2, 2005 |
Together against the darkness |
By: Edwin Yapp
Source: the star online
URL: star-techcentral.com
While researching the cover stories you see appearing in today's In.Tech, one paradox occurred to me.
The Internet is the most wonderful invention of modern times, but at the same time it can be used to commit heinous crimes, such as child sexual abuse.
It is ironic that the Web's extensive reach and convenience, which have benefitted millions in positive ways, could also be of use to paedophiles and sexual predators. Child welfare charities in the West have many real-life stories of how the Internet has been used by such perverts to lure children to them.
No comprehensive studies — at least not to my knowledge — have been conducted in Malaysia to investigate if there are such cases happening in our country. However, countries such as Thailand and the Philippines have conducted such studies and found cases.
Since Malaysia has a similar profile to these neighbouring nations, it is possible that such heinous crimes are happening here too, IMHO. Some people claim that technology is neutral and is not to be blamed for such things.
In the 1990s, Internet service providers (ISPs) in Britain claimed to have no responsibility for the way young people used their networks and that they were only providing the “highway on which traffic moved.” However, according to a British children’s charity, Childnet International, the public began to see things very differently when children started getting hurt by inappropriate content flowing on this “highway.”
The British public may not have blamed technology per se, but they also realised that they could no longer turn a deaf ear and a blind eye to how the Internet could be used for such abuse against their children. So it’s indeed refreshing to note that in our neck of the woods, both TM Net Sdn Bhd and TIME dotCom Bhd (which operates the TIMENet service) have been very responsive when faced with the same tough questions on the same issues.
Both ISPs said it was their firm conviction that, as responsible corporate citizens, they would support any effort to prevent cases of the Internet being used to do evil things to our children.
In fact, TM Net went as far as to urge all its stakeholders — the Government, child welfare organisations, schools, the IT industry, other ISPs and the media — to fight this menace together.
It raised the possibility of setting up a “forum” so that all can come together to discuss and take proactive action that will prevent child sexual abuse through the Internet from happening.
In tandem with this, the Science, Technology and Innovation Ministry has announced its “Positive use of the Internet Programme,” in which its Minister, Datuk Seri Dr Jamaludin Jarjis, urged “all stakeholders to play a distinct part cultivating a positive Internet environment in Malaysia.”
Jamaludin called for an open exchange of ideas and collaborative initiatives, “so as to harness and channel resources towards the betterment of society.” The mooting of these ideas must be commended, but it is with some trepidation that I note this — often, it is not our ideas that fail us but rather the poor implementation of those ideas.
All could come to nought if the powers-that-be lack the political and moral resolve to carry these plans to fruition. Fighting this menace to our children would require good ideas from all parties concerned, but more importantly, it requires serious will by all concerned to ensure the plans and programmes are carried out no matter the cost. That is the challenge.
We must remember that we are doing this for the sake of our children — what better reason do we need to pool and pull together. |
[Return to Top]
|
| July 29, 2005 |
FirstAssist offers advice on tackling email and Internet misuse |
Source: OnRec.com
URL: www.onrec.com
Research carried out last year by the Chartered Institute of Personnel and Development (CIPD) revealed that 64% of organisations had experienced problems in the previous two years with staff misuse of the Internet or email. Although many have introduced policies to govern their use, the issue continues to be a thorny one. Employment law specialist, FirstAssist, is offering businesses key advice on creating and applying a policy to meet the challenge.
Pauline Pembry, Employment Law Services, FirstAssist, comments, “Businesses are understandably sensitive about computer security, email and Internet abuse. Some of the problems arise when trying to judge the appropriate level of response to a breach of the company’s Internet or email policy. However it can be all too easy to see every breach as potentially gross misconduct. Deciding what is and what isn’t gross misconduct is the real challenge for employers. In this respect, there are some basic elements that can form the basis of an effective Internet and email policy.”
Password privacy
Unauthorised use of passwords and reading emails that are clearly marked ‘personal’ are generally regarded as disciplinary offences at the minimum. In a recent case, the Employment Appeal Tribunal (stressing the importance of preserving the integrity of a computer system) held that it is ‘normally reasonable to regard as gross misconduct an employee’s deliberate use of an unauthorised password in order to gain access to information which they are not entitled to see.’
The trouble with “blogging”
Inappropriate use of “blogging” is also considered serious enough to warrant disciplinary action. A “blog” (short for web log) is a personal online diary that can be accessed by anyone. There have been a few publicised cases of employees being dismissed because of material contained in their blog. For instance, making derogatory comments about employers or bringing the company into disrepute.
Many employers may not even be aware of blogging, let alone make reference to it in their policy. However, concerns about the potential content of a blog can still be addressed. It may help to liken the situation to the publication of the same material in the press, highlighting that the company could be brought into disrepute if they are in any way linked to the material.
When is it misuse?
Personal use of email and the Internet is a major focus for employers because they don’t want these activities to interfere with individual work responsibilities. However, what is acceptable can vary a lot from one company to another. Whatever the policy, it’s important for it to be clearly communicated to all employees. This is particularly important for new and also temporary staff who are often overlooked and should be required to sign that they have read and understood the policy.
The actual time spent on personal email traffic can also present a problem if it becomes excessive. Limiting personal email time to breaks or at either end of the working day may be a solution; with the loss of that privilege being a possible disciplinary sanction for those who don’t comply. Dismissal is only likely to be appropriate following warnings or if the level of personal use is extreme and amounts to a fundamental breach of the rules and contract.
Just a joke
Inappropriate use of the Internet may also be an issue. Again the seriousness of the offence will depend on a number of factors – it does not necessarily have to be gross misconduct. Factors to consider may include the nature of sites being accessed, whether material has been downloaded and how much work time (if any) was involved.
Companies nowadays use a variety of means to prevent undesirable emails getting into their systems. However that doesn’t mean that there is total control over the mail that arrives in an individual’s inbox. Employees are generally required to delete immediately anything inappropriate, eg. sexually explicit or offensive material. The mailing of jokes is a widespread practice; employees may forward them without much thought, but if the content is inappropriate they risk disciplinary action which could include dismissal if the offence is regarded as gross misconduct.
Pembry concludes, “It is essential that companies have a policy on email and Internet use, as well as ensuring staff compliance. Employers are liable for issues such as their employees’ defamatory remarks, breach of copyright or software license. Remember too that email messages can give rise to legal claims against the company, and are disclosable in any legal action, including defamation, breach of confidentiality or contract and employment tribunal claims. Once a policy has been created ensure all staff are aware of the issues and understand the rules – the first step to protecting the company and its employees.”
The offences that are commonly regarded as gross misconduct are:
sending of inappropriate messages, for instance any that might cause offence or harassment on grounds of sex, race, disability, age or religion, deliberate accessing of offensive, obscene or indecent material from the Internet, such as pornography, racist or sexist material, violent images, incitement to criminal behaviour etc
downloading material from the Internet in breach of licensing or copyright restrictions
The seriousness of other typical computer, Internet or email offences can vary from employer to employer.
CASE STUDY
The employee, a computer sales technician, had six months service with his employers at the date of the initial investigation. At a client’s site whilst he was working with his manager demonstrating software programmes, his manager commented on some music emanating from his laptop. The employer stated that he was downloading music from an Internet website and said that he had a software programme which enabled him to bypass security measures on the website and download copyrighted material for free.
Upon returning to headquarters the manager reported the matter to the company’s HR department. He was concerned that:-
1. The employee was downloading copyright material from a Client’s site.
2. If the website owners were able to trace the breach of security, it would lead back to the Client’s premises.
3. The downloading of material was contrary to the company’s Internet use Policy.
4. His laptop might contain further unauthorised downloaded material or items of a pornographic or offensive nature.
The employer called FirstAssist because it was concerned about how it should respond to the evidence supplied by the manager. The employee was to attend a performance review in three days’ time and the company was concerned whether it should wait until then to seize the laptop.
FirstAssist advised prompt action was required to preserve evidence and to react quickly to show how serious the company considered the breach of the company’s Internet policy.
The head of the HR department visited the employee at home to retrieve the laptop and inform him that he was suspended on full pay pending an investigation.
FirstAssist advised the employer to interview potential witnesses, regarding the unlawful downloading of copyright material. The employee work colleagues confirmed that he spoke openly of being able to copy encrypted DVDs. Luckily the employer had its own team of software experts who were able to examine the laptop. The investigation showed that he had unlawfully downloaded numerous polyphonic ring tones. Additionally there were hundreds of mobile phone games and other mobile phone applications downloaded. The laptop also contained software to enable him to copy and unencrypt DVDs. The investigation also indicated that he had visited a number of sexually explicit websites contrary to the employer’s Internet policy.
The final report provided by FirstAssist to the employer concluded the following breaches of the employer’s Internet policy and disciplinary process which stated that such matters would be construed as gross misconduct. These included:-
1. The unauthorised downloading, printing or other use of copyright information.
2. Non-work related audio and video files such as mp3s, etc being stored on the laptop because it breaches copyright.
3. Any material which would be considered as non-business like, sexually explicit or offensive should be deleted at once.
4. Deliberately accessing internet sites containing pornographic, offensive or obscene material and the mailing of jokes containing sexually explicit or offensive material internally or externally.
5. Deliberately accessing any website whatsoever, which is not business related during office hours.
In the light of the above the employer convened a disciplinary hearing following the procedure set down in Employment Act 2002 and Dispute Resolution Regulations 2004. At the hearing the employee admitted he had breached the employer’s Internet policy and was dismissed for gross misconduct. |
[Return to Top]
|
| July 29, 2005 |
Phishing attacks soar as viral onslaught wanes |
By: John Leyden
Source: The Register
URL: www.theregister.co.uk
The volume of phishing attacks on UK businesses in July increased 45 per cent, according to email security company BlackSpider Technologies. BlackSpider detected more than 360,000 emails carrying a phishing threat in July, compared to just under 250,000 in June 2005.
Spam levels reached a yearly high in July, accounting for 77 per cent of all emails processed by BlackSpider. Meanwhile virus-laden emails dropped slightly from 2.9 per cent in June to 2.6 per cent in July. The NetSky-P virus toped BlackSpider's malware chart for the fifth successive month. Phishing fraud emails appeared at second and sixth places in Blackspider's top ten while variants of older viruses (namely NetSky, MyDoom and MyTob) made up the other places.
BlackSpider's monthly stats also reveal that six variants of the "small Trojan downloader" posed the greatest challenge for conventional anti-virus vendors of new viruses seen last month. Signature patches for the Trojan downloader Small-ARF variant, for example, only arrived 21 hours after the virus was released into the wild, Blackspider reports. During this time BlackSpider estimates that more than 250,000 instances of the malware were sent to businesses in the UK. Blackspider makes this point to illustrate how its own heuristic technology - like that of other email filtering services - can quarantine viruses before patches are issued by conventional anti-virus vendors. |
[Return to Top]
|
| July 29, 2005 |
Spammers face criminal charges |
By: Kim Rahn
Source: The Korea Times
URL: times.hankooki.com
Senders of spam e-mail containing adult content or phishing scams will be subject to criminal charges as early as at the end of this year.
Currently, the nation only imposes fines on spammers.
Rep. Hong Chang-sun of the ruling Uri Party will submit a revision bill of the law protecting information about spam during the National Assembly’s plenary session in September, according to the Ministry of Information and Communication.
"We need to take measures against the growing number of spam e-mail. We need to use criminal punishment," Hong said.
The amount of spam e-mail has increased since the government introduced in late March an opt-in formula for those who send commercial bulk text messages to cell phones or place promotional calls.
Because mobile marketers have to obtain explicit permission from potential e-mail recipients under the opt-in system, many mass callers are believed to have moved from cell phones to e-mail.
The new law will have clauses that ban sending commercial e-mails for illegal purposes, such as phishing and distributing adult content, and sentencing of up to one year in prison or a maximum of 10 million won in fines on violators.
The current law imposes up to 30 million won in fines on spammers who do not reveal the commercial intent of the e-mail or who do not inform recipients of how to take themselves off of mailing lists.
Hong has come up the draft of the regulations after holding conferences with ministry officials, lawyers and civic group members last month, and plans to initiate the bill in late September. |
[Return to Top]
|
| July 28, 2005 |
419s, scams and spams: How secure is your system? |
Source: IT Web The Technology News Site
URL: www.itweb.co.za
"ATTENTION:DEAR SIR/MADAM,
STRICTLY CONFIDENTIAL
I know that you will be surprised to receive this message. please consider this message as a request from a family in dire need of help. I am MR SAKAR MOHAMED from LIBERIA, the son of Brigadier OSAOMO MOHAMED.I got your contact through the Senegal Information exchange {S.I.E} regarding your trustworthiness. My purpose of contacting you is to help me out of my difficult condition in view of my Father death.I need your assistance to help me to transfer some money out of SENEGAL into your personal or company's account.The amount involved is {US$7.000,000} SEVEN MILLION UNITED STATES DOLLARS."
Known internationally as 419s (after the relevant section of the Criminal Code of Nigeria), or "Advance Fee Fraud", these scam letters are not only still arriving in personal email inboxes but are still catching unsuspecting victims with the lure of easy money. Even the Nigerians themselves refer to them as plain old 419s.
As of 1996, and thus much more now, the scammed sums were estimated at five billion US$. Started as a faxed scam in the 1980s, the scamsters are using every technology available to them. There's not a lot one can do about these scams, except to hope your email anti-spam software eliminates as many of them as possible, your firewalls have been set up properly and you know about the current scams. When it comes to identity theft (phishing), the costs are even higher with an estimated 9.3 million American adults as victims of identity fraud during the past 12 months and the total U.S. annual identity fraud cost at $56.2 billion.
Brett Salovy, manager of Security Solutions at Internet Solutions, leading converged communications service provider, says one can't be too careful when asked for any personal details by email.
"The more we hear about these attempts at fraud and the accompanying scams, the more we wonder why people are so gullible."
However, as more and more new users of the Internet and email come aboard, the more the warnings have to be repeated. There are many websites dedicated to exposing and giving warning about scams. From the relatively harmless (send a card to a dying child) to the ones harmful to business (Bill Gates will send you an X-Box or a case of champagne), to the ones designed specifically to steal identities and credit card information (phishing), if you suspect the slightest hint of a scam, or even if you don't, check it out. Urban legends are easily verified at www.snopes.com.
"It's a fine line between free exchange of everything and anything, and firewall software that is so rigid you can't receive attachments or your boss' memos bounce back at him," says Salovy. "In the security arena, individual company requirements (as opposed to the IT department's wishes) have to be set up so that while operations are not disrupted, business critical data is secure. Many individual users simply do not understand that anything on a company PC, laptop, server and PDA belongs to the company - whether sent to you privately or not. When employees use the company hardware, networks and infrastructure to send emails, they are subject to the company's scrutiny at any time. The Internet is still perceived as being "free-to-air" and thus available to anyone - and that's true if it's your own private computer being used from a home Internet connection."
In addition, he says, no one today would even think of receiving email or using the Internet without having some type of anti-virus software to protect their machine. Spam, spyware, adware, email scams, phishing and viruses - if you are a corporate user then thankfully you are well protected through your service provider or central IT facility. Salovy cautions users to keep their software updated and to regularly check for all of the above intrusive agents. |
[Return to Top]
|
|
