United We Stand...Hacked We Fall...

December 2009

Goverments must unite to head off cyber-terrorism threat, says Kaspersky. Governments have begun working to combat cyber threats, but many are working on national initiatives to tackle a global problem, says Russian security firm Kaspersky Lab. “To fix this problem, governments need to think internationally,” said the chief executive and co-founder of Kaspersky Lab. In an increasingly digital world, where all systems, including those for critical national infrastructures, are connected to the internet, every person, business and economy is at risk of cyber attack, he said. Although cybercrime is a big and growing problem, cyber terrorism is an even greater concern, said the chief executive. “We have not seen any real instances of cyber terrorism yet, but it is technically possible and just about everyone depends on the internet,” he said. The Conficker worm has shown that criminals are able to build botnets of millions of hijacked computers. “This means it is possible to build a botnet that has the power to halt the internet, but this threat is still not fully understood,” said the chief executive. “The capability exits to do very serious damage. Not only for money, but to scare people, which is the definition of terrorism,” he told Computer Weekly. 

End of the year apps...

December 2009

Two great apps for watching TV

on a computer or streaming media

box.

Plex: http://www.plexapp.com/

Clicker: http://www.clicker.com/

Removing Duplicate Calendars on iPhone & Touch

December 2009

Go to Settings > Mail, Contacts, Calendars.

Select your MobileMe account.

If you want to sync with MobileMe for all your calendars, turn Calendars on.

When turning Calendars on, you will be provided with this prompt.

Existing calendars will be removed from your iPhone.

Sync
Cancel

If you select Sync, all existing calendars and events will be removed and replaced with your MobileMe calendars.

Thanks A. Sampson

Cyber-Attacks Rising Faster...

December 2009

Cyberattacks against critical U.S. networks rising at a faster rate. The number of cybersecurity attacks against computer networks that operate the nation’s critical infrastructure such as transportation systems and water treatment and power plants, has increased dramatically, mostly because these industries rely on legacy technologies that do not protect systems from sophisticated attacks. In the third quarter, 11 cyber incidents were added to the Repository for Industrial Security Incidents, a database of cybersecurity attacks that have or could have affected systems that operate major industrial operations in the United States. These key networks are known as Supervisory Control and Data Acquisition systems. The owners and operators of industrial plants maintain the database. For all of 2009, industries have added 35 incidents to RISI, representing more than 20 percent of the 164 incidents recorded since 1982. The total number of incidents in the database could increase 37 percent this year if trends continue at the current rate, according to RISI’s third-quarter report, which was released on November 30. Malicious software such as viruses, worms and Trojans were the cause of most cyberattacks, according to the report. Incidents involving unauthorized access or sabotage by people working for the company such as disgruntled former employees or contractors also increased. Old technology presents a particularly difficult problem to solve. While most computer systems are upgraded every three to five years, control systems typically remain operational for up to 20 years, said the director of control systems security at the Homeland Security Department. These old systems were not developed to function in a networked environment or combat the onslaught of cyberattacks.

Captcha is old news...

December 2009

Criminals outwit Captcha Web site security systems. According to research by Symantec and MessageLabs, criminals have developed software capable of decoding the hidden text in Captcha pictures, which are meant to distinguish genuine customers from automated software. The groups are using the technology to create thousands of accounts on legitimate webmail sites and social networking sites, which they can use to launch spam and phishing attacks against web users, says a senior analyst at Symantec. “If you have a large number of legitimate accounts on a site, you can benefit from the legitimate domains. It becomes very difficult for anti-spam technology to identify messages from those domains as spam. It is hard to block, because you risk blocking legitimate users,” he says. The practice is putting businesses at risk, which can be on the receiving end of credible looking e-mails containing links to malware. “Social networking and micro-blogging sites are coming under a lot of pressure from the bad guys. They are creating legitimate profiles and even phishing for accounts of real people,” he says. “There are inherent risks for organizations that do not have controls in place.” In some cases, cybercriminals are using image recognition software to decode the disguised words in Captcha pictures. Others groups have developed software that is capable of decoding the audio version of Captcha intended for people who have difficulty reading Web sites, by analyzing the waveforms to recognize the letters of each code word. Specialist companies have also sprung up, which hire people to create accounts on Web applications, paying them $2 or $3 per thousand. They sell the accounts on to criminal groups for between $30 and $40 a thousand, said the analyst.

Botnets Smarter in 2010...

December 2009

If findings of a recent research study are to be believed then instead of putting an effective check on spamming activities, people are increasingly falling victim to fraudulent activities on the online space. An annual security research report from Symantec’s MessageLabs division has presented a grotesque picture of the cyber security landscape, with the report claiming that the spamming traffic accounted for a massive 87.7 percent of the total email traffic in 2009. The spamming activity was highest in the month of February with 90.4 percent of overall email traffic, while it reached its lowest in May when it was 73.3 percent. A significant rise has been noted in the volume of junk mails from the past year when the spam rate is around 81.2 percent. The most striking part of the report is that the majority of this spamming activity (around 83.4 percent) was attributed to zombie machines, indicating the extent to which the rogue applications are controlling the PCs across the globe. The closure of a couple of botnet hosting ISPs, including McColo in 2008 and Real Host in August, has prompted cybercrooks to re-engineer their botnets to take the reins of the control and command system within hours, rather than weeks of relative calmness followed by the shutdown of McColo. Citing the same, a key analyst with the firm said in a statement: “The McColo outage had a huge impact on spam volumes as it took a few weeks for spammers to recover, but we’ve seen this year botnet technology has evolved so that there is no longer a single point of failure.”

Hackers in Amazon's Cloud...

December 2009

Security researchers have spotted the Zeus botnet running an unauthorized command and control center on Amazon’s EC2 cloud computing infrastructure. This marks the first time Amazon Web Services’ cloud infrastructure has been used for this type of illegal activity, according to the director of threat research with HCL Technologies, a contractor that does security research for CA. The hackers didn’t do this with Amazon’s permission, however. They got onto Amazon’s infrastructure by first hacking into a Web site that was hosted on Amazon’s servers and then secretly installing their command and control infrastructure. The director declined to say whose Web site was hacked to get onto Amazon’s cloud, but the Zeus software has now been removed, he said. Zeus is a password-stealing botnet. Variants of this malware have been linked to more than US$100 million in bank fraud in the past year. He thinks the hackers may have just stumbled on a Web site with a security vulnerability — they may have hacked the site’s software or simply stolen an administrative password from a desktop computer to get on the site. “I think it’s more a target of opportunity than a target of choice,” he said.

Dig This, Digsby!!!

December 2009

If you are like most techs, you have several email accounts and instant messengers.

With this program you are able to sync up all of your accounts into one place.

This program also allows you to access your social networking accounts also.

Neat program dotSyntax, LLC. But When is the MAC version and Linux version coming out? Don't miss out on that cut of the pie because there is always Pidgin, Meebo & Adium!

http://adium.im/

http://techbays.com/2008/04/12/digsby-adium-pidgin-ym-meebo-vote-for-your-favorite-instant-messenger-service/