|
|
| SecurityProNews offers news, commentary and virus alerts in real time. |
RSS Feed URL : http://www.SecurityProNews.com/index.xml
Category : Security
Total Views : 9 |
| Latest entries from this feed url |
Storm Botnet Subsides
Something new may be on tap to replace Storm as the big botnet pest, as its size decreased substantially in April.
Efforts to clean up the Storm botnet drove it down to 5 percent of its original size in April. This puts current estimates of Storm-botnetted machines at around 100,000 machines.
Security vendor MessageLabs said ongoing efforts associated with new Storm cleanup tools purged the malware from infected computers. Some estimates put Storm's botnet at 2 million machines before the big purge took place.
"April was a month of unpredictability, Mark Sunner, Chief Security Analyst at MessageLabs, said in a statement. Storm's decline happened while incidents of attacks escalated.
MessageLabs claimed to observe 70 targeted spam attacks with Trojans per day in April. The upcoming Beijing Olympics persists as a major factor in such spam, with Olympics-related subject lines common for those attacks.
An old spam standby received a bit of a makeover, MessageLabs noted. Criminals are creating fake profiles on business networking sites like LinkedIn to lend credence to the typical 419 scam. They direct recipients to check out their "credentials" on the site to assure them they are dealing with a real person and not some common criminal.
eBay Has Its Romanian Hacker
An arrest in Budapest turned up one Vlad Constantin Duiculescu, aka Vladuz, a thorn in the side of the online marketplace.
A business deal turned out to be a sting, and Vladuz took a deep wound from it. His time roaming around eBay's forums using pilfered credentials and generally making a nuisance of himself to the company has been at least interrupted for now.
The Register cited Romanian news reports that Vladuz ended up wearing handcuffs after his attempt to sell a software application to interested buyers instead brought police to his door. EBay has been chasing Vladuz for over a year.
His exploits reached eBay's forums, where he managed to pose as an official eBay representative. He and eBay disputed how far he was able to get in to their systems; Vladuz claimed extensive access, while eBay denied that.
If eBay's account is accurate, they believe Vladuz caused about a million dollars in damages from his exploits. For now, Vladuz will enjoy jail cuisine for a 29-day period. Further details about the 20-year-old's fate have not been revealed.
Google Builds Tools To Fight Child Porn
An ongoing effort with the National Center for Missing and Exploited Children (NCMEC) by Google produced video tools for use in finding exploitative images and videos.
Google research scientist Shumeet Baluja described the search giant's work on the company blog in developing these tools. Through 2007, Baluja and co-workers crafted tools to help NCMEC find child predators.
"The tools we provided will aid in organizing and indexing NCMEC's information so that analysts can both deal with new images and videos more efficiently and also reference historical material more effectively," said Baluja.
NCMEC said in a statement the group and law enforcement agent partners have reviewed over 13 million images and videos to help rescue victims and identify criminals.
"Criminals are using cutting edge technology to commit their crimes of child sexual exploitation, and in fighting to solve those crimes and keep children safe, we must do the same," said Ernie Allen, president and CEO of NCMEC.
The tools come from Google's ongoing work in video and image search. This research-stage technology helped NCMEC handle the multitude of such content arriving at their CyberTipline and from police agencies.
"We hope the tools we've built for NCMEC will help its analysts make the important and often time-sensitive work of investigating child predators faster and more efficient," Baluja said.
PayPal Calls For Partnerships Against Phishing
One of the most popular phishing targets on the Internet wants to thwart criminals, but needs a lot of help to do so.
Stamping out phishing won't happen with one company pushing for a fix. Payment processor and eBay component PayPal needs cooperation to accomplish this.
"We know we're always going to be an attractive target for criminals. But what I don't want is PayPal to be protected and the rest of the industry not. Phishing could be solved, there's no need for it to happen," PayPal chief info security officer said at a security conference recently.
Phishing for PayPal details happens on an immense scale. A report at Silicon.com said Yahoo's efforts to block PayPal-related messages alone kept 50 million phishes out of Yahoo Mail since last fall.
That happened thanks to digital signatures appended to PayPal's legitimate messages. When a phish lacking that signature hits Yahoo, the message gets tossed.
Microsoft received some credit from Barrett, as the company's Internet Explorer 7 browser may be helping stop people from going to phishing sites thanks to its anti-phishing technologies. (Firefox and Opera also carry phishing protection in their browsers.)
Phishing persists as a standby for criminals. Through the use of botnets, phishers send out millions of messages. It doesn't take many to make the crime profitable, as the distributed nature of spamming this way costs the phishers little.
Couple that with how the phishing types tend to be hiding out in countries where effective prosecution against computer crime is a pipe dream for security pros at best, and one can see where Barrett is coming from with his call for more partnerships against phishing activities.
Online Criminals Outsource Their Work
A study by security vendor Finjan suggested a trend in criminal behavior has them farming work out to established rings with a technology infrastructure in place.
Among the trends cited by Finjan in its Web Security Trends Report, the company found criminals with sufficient capital opting to engage in a business practice normally associated with legitimate businesses: outsourcing.
Botnet creators have been known to let spammers pay for access to compromised servers, which are then used to crank out millions of messages to inboxes all over the world.
Finjan dubbed the next iteration of this practice, "crimeware." It isn't only about botnet rental, or even using pre-made kits to create exploits, as Finjan observed:
After maturing into a full-fledged market driven by economical forces, we are now seeing a trend for cybercriminals to deploy the B2B model (business to business, or more accurately Criminal to Criminal, C2C). Owners of malicious sites share their victims with other site owners in order to leverage the strength of one site and provide business to the other.
It gets worse for security pros:
Currently, we see the rise of the Crimeware-as-a-Service (CaaS) model in the Crimeware-toolkit market.
It enables such a toolkit to gather the data from the victims and sort it according to some rough criteria for the users, since all the data and networking is already built-in and available for the criminals and attackers.
This development will further distant the criminals from the techies - a trend that we have seen evolving over the past couple of years. This trend will get a further boost with the catching on of the CaaS model.
The bad guys are becoming more organized and sophisticated year after year. This isn't an Internet crisis anymore, it's a global crisis, and one that probably can't be solved. The profit potential is so high that we doubt anything short of turning the planet into a cold, lifeless cinder will put a stop to it.
Google Street View Becomes Driveway View
While one Pittsburgh couple sues Google over its Street View pictures of their residence, another neighboring home found itself the focus of a Google camera car that drove up its driveway.
No word yet on whether Janet and George McKee plan to ask Google for $25,000 for taking pictures of their Pittsburgh home, as Aaron and Christine Boring did in their lawsuit over Google's Street View photography.
The Smoking Gun reported on the series of pictures of the McKee's home, where the driver of the camera car entered the private property. That's a no-no by Google's standards; drivers are supposed to stay on public property.
The Google car traveled up the long driveway, ending up in front of the two-story home's three-car garage. Pictures on The Smoking Gun showed the progress of the car as it left the obvious street for the unpaved gravel of the McKee's homestead.
When The Smoking Gun tipped off Janet McKee as to Google's impromptu visit, she said it was "a little bit creepy to think of someone filming our home without me knowing about it."
It isn't known why the driver of the Street View car chose to stop by the McKee's driveway. Perhaps he or she thought the driveway was some kind of connector road, and upon entering it had no way to turn around until reaching the McKee's house.
Identity Info Breaches Hitting Everywhere In 2008
Commercial businesses, colleges and universities, government offices, and medical facilities of varying sizes share the common label of being hit by identity thieves.
167 breaches revealing over 8.3 million records happened or became public in the first three months of 2008, according to the nonprofit Identity Theft Resource Center. Targets of attacks ranged from a Vermont ski resort to the University of Georgia, and plenty of points in between.
Some of the breaches happened due to internal misuse of customer data. At Bank of the West in Washington state, a loan officer used applications from customers to steal identities. Cassidy Janosky and her mother rang up $16,000 grand in purchases like plasma TVs and electronics from a local Sears store.
Other breaches happened due to laptop theft, like that of the Florida Department of Children and Families. Five laptops stoled from their Orlando office forced them to alert 1,200 staffers that their Social Security numbers, birth dates, and other information was at risk.
Then there was the old standby, the lost backup tape. In one particularly embarrassing case, secure storage business Iron Mountain lost one with credit card information on 650,000 customers. Names, addresses, and Social Security numbers were on it as well.
Oh, there were network breaches as well. One can essentially envision an attack vector, and something probably happened along those lines, since reported incidents for Q1 2008 more than doubled what ITRC picked up on for the same period last year.
Nick Cavalancia of ScriptLogic said in commenting on the report that security pros need near-real time notification of sensitive file system events, especially in environments where regulatory compliance like Sarbanes-Oxley is a reality.
"Businesses must be able to provide reports indicating permission changes, highlighting what changes were made, who made them and when they were made," he said. Cavalancia also recommended administrators be able to lock down the myriad devices like iPods people bring into workplaces, to mitigate data theft.
RealPlayer, QuickTime Get Urgent Updates
Fixes for both products emerged to counter threats against vulnerabilities in these popular multimedia applications.
Popular multimedia applications needed attention from engineers to correct flaws that could have led to exploitation.
Apple released QuickTime 7.4.5 for Windows and for its Mac OS X. Numerous critical problems that could have been exploited by opening a malicious movie presented the potential for arbitrary code execution on an affected system.
Windows XP and Vista users should see this update appear in the Apple Software Update. The criticality of the flaws merits immediate attention to updating QuickTime.
Security vendor Symantec said Real provided an updated Active X control after a zero-day exploit of the flaw began hitting the Internet on April Fools' Day.
"It appears that this vulnerability has been patched within RealPlayer version 11.0.2 (build 6.0.14.802), which is now available for download," Symantec noted. Left uncorrected, the flaw presented the typical code execution threat if exploited, or an application crash if the exploit attempt did not work.
McAfee Feeding Volunteers Spam For A Month
Fifty global volunteers armed with clean laptops and new email addresses will spend 30 days exploring the Internet while unprotected from its threats.
A little promo whipped up by security vendor McAfee pushes 50 volunteers into the wilds of the Web without protection. As part of the experiment, the volunteers are supposed to blog each day about their Internet experiences.
The S.P.A.M. (Spammed Persistently All Month) Experiment compares to the Morgan Spurlock documentary about fast food, 'Super Size Me'. Except these participants will digest spam rather than Big Macs.
McAfee said five volunteers each from ten countries will take part in the Experiment. They will be encouraged to surf, purchase, and email from their virgin devices, which will be running Windows XP (no Vista? awww).
If they are opening attachments and visiting links from spam, those machines should be infected and compromised in short order. We've asked McAfee to clarify if the default XP firewall will be enabled or not on these laptops, as that could make a difference in these machines getting compromised by a worm before seeing a single spam arrive.
IM, P2P Attacks Persist, Pose Low Risk
The immediacy of someone potentially clicking on a malicious link delivered by instant messenger or a peer to peer network conversely makes these attacks a low risk.
Trust is on the side of an attacker who manages to compromise IM accounts and send links to people on the buddy list. Someone who isn't paying attention might go ahead and click a link in the IM window, to the delight of the slimeball who sent it instead of the legitimate account holder.
Security vendor Akonix said their IM Security Center researchers tracked two dozen attacks over instant messenger and P2P through the month of March. Several new worms emerged, indicating a greater interest in the vector from criminals.
The attacks also demonstrate how the shift in attacks continues to take malicious people away from the operating system and to applications. Common security features, notably the introduction of a firewall into the default install of Windows XP years ago, forced criminals to shift vectors.
Millions of people use IM and P2P in a variety of settings. With so many targets, the focus from criminals proved inevitable, as it has with emailing malicious links and setting up drive-by attacks on websites through code injection.
Currently, the worms being dispatched across IM pose a low risk to recipients. If someone chooses not to download something arriving over the network, the attack does not happen. Proactive security measures on a system should help mitigate that risk even further.
Apple's Odd Attitude About Safari
The hallmark of Apple's products makes them work as invisibly as possible for their users. In the case of the Safari web browser, it downloads items without letting people know it's happening.
 | | Apple's Odd Attitude About Safari |  |
Most browser users probably have a passing familiarity with the dialogue box that pops up to ask whether or not they want to open or save something to their machines. With security concerns always a pertinent issue when surfing the Internet, it makes sense to have this little failsafe in place to catch something that might quietly load in the background.
Apple isn't all that worried about what its Safari users pick up in the World Wide Jungle. According to security researcher Nitesh Dhanjani, Safari's behavior enables a potential "carpet bombing" of one's machine with annoying files, or worse, malware.
"It is possible for a rogue website to litter the user's Desktop (Windows) or Downloads directory (~/Downloads/ in OSX). This can happen because the Safari browser cannot be configured to obtain the user's permission before it downloads a resource," he said.
"Safari downloads the resource without the user's consent and places it in a default location (unless changed)."
He has been in touch with Apple over this and a couple of other security issues. Dhanjani repeatedly praised Apple's security team for its responsiveness.
We don't think many security pros will be as generous or forgiving. Silent behavior on the part of a widely used application, behavior that can have a deleterious effect, makes the task of keeping a machine secure incrementally more difficult.
Dhanjani cited part of Apple's response to the issue: ...the ability to have a preference to "Ask me before downloading anything" is a good suggestion. We can file that as an enhancement request for the Safari team. Please note that we are not treating this as a security issue, but a further measure to raise the bar against unwanted downloads. This will require a review with the Human Interface team. We want to set your expectations that this could take quite a while, if it ever gets incorporated.
Security remains a trade off of safety and convenience. The absolute safest environment would be the least convenient to people; indeed, I've heard it suggested from a major security vendor that this is part of the reason why more banks aren't offering two-factor authentication for their online services.
Those same people who can't handle typing in a number off a key fob into a login screen would be ideal victims for Dhanjani's carpet bombing scenario. Let's hope Apple decides a malware breakout merits a little urgency from their Human Interface engineers.
Rumor: Cisco Rootkit Coming To EuSecWest
A researcher at Core Security allegedly created a rootkit for the widely-used Cisco brand of routers, and will reveal his research next week in London.
 | | Rumor: Cisco Rootkit Coming To EuSecWest | |
We're reminded immediately of Michael Lynn's saga at the Black Hat conference when he wanted to present a discussion of threats to the Cisco IOS. A brief firestorm erupted over his presentation, with notes for it being forcibly ripped from the conference documents.
Sebastian Muniz's work poses another headache for Cisco, assuming his research isn't 'all hat and no cattle', as the saying goes. That happens a lot in security; someone hypes up a threat, then it turns out their real-life version of Neuromancer's black ice ends up being the technology equivalent of two cans and a length of string.
Network World posted a discussion with Muniz about the Cisco rootkit. Muniz's concept would work differently than Lynn's and other's Cisco IOS attacks.
Previous threats were tailored to go after specific versions of the IOS. Muniz's rootkit needs someone to actively place it on a Cisco device, but once it's in there, well, it's a rootkit and can be used to do all the typically nefarious things a rootkit enables.
We aren't dismissing the nature of the threat. Cisco devices run a lot of the Internet. For years they really had the playing field to themselves, especially at the corporate level. Their hardware works well and shows excellent design execution.
But if there are any security pros out there who are going to push strange code into the flash memory of their routers, the only way this supposed rootkit will be able to access them, those folks may wish to consider a career change.
Network World also raised the possibility Cisco could smack Muniz and the EuSecWest conference with the usual cease and desist lawsuit to stop his presentation. Also, as Cisco and Muniz chat about the rootkit ahead of the conference, there's always the possibility the presentation could be canceled willingly.
A fear exists about someone in the supply chain dropping a rootkit onto Cisco hardware, or a counterfeit piece sold as the legitimate article, and having access to a router when it is brought into service. We expect Cisco will address that with some type of diagnostic solution it will distribute to legitimate customers.
Microsoft Fixes Long-Standing MDB Flaw
Remote code execution vulnerabilities received attention from Microsoft in its most recent edition of Patch Tuesday updates; one has been publicly known for seven months.
 | | Microsoft Fixes Long-Standing MDB Flaw | |
No real surprises emerged when Microsoft disclosed what it had hinted at previously. Flaws in the programs Word and Publisher, and in the Jet Database Engine, posed remotely exploitable threats.
The update to the word processing component of Microsoft Office corrected several problems. Word contained several issues reported privately to the company by third-party security researchers.
With the Word and Publisher flaws, someone would have to open a specially crafted file to trigger an exploit. That posed an ongoing risk for people who could have received such an exploit through a botnet-driven spam campaign, should someone have chosen to attack that way.
The Jet Engine issue posed a similar security concern, but on a different scale. Details of its problem, an MDB file parsing stack overflow vulnerability, first became known in security circles around November 2007.
That Jet flaw received notice in a posting to the Full Disclosure mailing list on November 16th last year.
"Microsoft replied me that they would not fix this vulnerability; it looks like they will not acknowledge vulnerabilities which are from (an) .mdb file," the poster said, citing this reply from Microsoft:
"You appear to be reporting an issue with a file type Microsoft considers to be unsafe. Many programs, such as Internet Explorer and Outlook, automatically block these files. For more information, please visit http://support.microsoft.com/kb/925330"
Fortunately, Microsoft finally deemed the issue worthy of further attention, resulting in the patch issued on May 13th.
America's Botnet Needed, Says AF Colonel
An Air Force colonel's suggestion that American needs a botnet provokes a strange idea: that the military and intelligence communities don't have one now.
 | | America's Botnet Needed, Says AF Colonel | |
Maybe the Department of Homeland Security can get a government discount to use the Russian Business Network's botnet army if needed. We find it strange that a military intelligence officer would publicly call for an army of bots. No one at NSA, CIA, or any of the other alphabet soup spook shops have one of these yet? Really?
It could be they haven't shared that revelation with Col. Charles Williamson III, the staff judge advocate, Air Force Intelligence, Surveillance and Reconnaissance Agency, at Lackland AFB. His piece in the Armed Forces Journal makes the lengthy argument for an AF.mil network of computers, ready to go to cyberwar at a moment's notice.
On the technology side, Williamson envisions taking the thousands of computers the Air Force junks each year (bye bye tax dollars) and doing a "technology refresh" on them. This would involve "removing the power-hungry and heat-inducing hard drives, replacing them with low-power flash drives, then installing them in any available space every Air Force base can find," he wrote.
Williamson cited government research that tapped China as possessing the world's largest denial of service capability. Essentially, we're in an arms race already, and may be losing badly to potentially our greatest enemy in history.
Gas Savings Spam Fills Inboxes
The inevitable attention of spammers turned to soaring gas prices, with one set of junk messages promising a way to save at the pump.
 | | Gas Savings Spam Fills Inboxes | |
What would you give to shave 70 cents off the price of gas per gallon? Whatever that might be, you'll overpay no matter what the cost.
Still there are some out there who may try what's advertised at the link if they should receive this spam. Only a few suckers will make it profitable for whoever's behind the junk mail.
Security vendor McAfee said not many of these spams have made the rounds so far. By their count, about 0.2 percent of all spam concerns the price of gas.
"Given the high price of oil it is not surprising that a spammer has seen an opportunity to make money by tricking people into offering them a product which claims to reduce gas bills," McAfee's Dave Marcus said in an email.
As always, if it sounds too good to be true, it is. If your spam filter hasn't caught junk like this before it hits your inbox, send it away with the delete key. Gas prices aren't going anywhere until the dollar gets stronger against other world currencies.
Google Expands Enterprise Web Security
Security vendors had a stealth competitor enter the marketplace when Google announced it would offer a product that provides web security; Google recently extended security coverage to roaming enterprise users.
 | | Google Expands Enterprise Web Security | |
Google's Web Security for Enterprise arose from the company's purchase of Postini last year. The service offers a hosted security solution to combat web-based threats like malware against company computer assets.
Enterprise users no longer need to be incarcerated in their cubicles to enjoy the benefit of Google's protection. Security pros on the Web Security for Enterprise platform have the option to configure it for their roaming employees, courtesy of an update announced on the Google Enterprise blog.
"With this new feature, all off-network users' web traffic is automatically directed to scanning infrastructure to enforce your policies and protect their computers, requiring no action on the part of individuals," Google said.
Google rests at the middle of the web traffic exchanged between sites and enterprise users. Scanning for malicious traffic takes place on the fly, with filtering applied once Google spots a problem.
The feature set includes the ability to set access policies per a company's acceptable usage mandates. Audit reporting can get as granular as the URLs visited by an individual in the enterprise.
Roaming users who may have hoped to enjoy a little unfiltered access will find the zaibatsu's eye upon them no matter where they go. To the company's sysadmins, a protected machine is one they don't have to fix due to a malware infection.
Utilities At Risk Over Network Security
Utilities' legacy systems receive updates to allow centralized management of their resources over a computer network. Convenient? Sure. Safe? Questionable.
 | | Utilities At Risk Over Network Security | |
Why bother driving a car converted into a fuel bomb into a power substation when it's easier to grab control of an entire power grid?
The bad guys may be thinking this way today. Not enough of the good guys may be devoting the resources needed to thwarting such attacks as they need to do.
Paul Ferguson at security vendor Trend Micro said one potential threat to the integrity of Supervisory Control And Data Acquisition (SCADA) systems stems from a vulnerability in one Windows-based software suite.
"This vulnerability "could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet," SANS said of the problem.
"Exploitation of the vulnerability for remote code execution has not been proven, but it has not been eliminated as a potential scenario." Core Security picked up on the problem, where the flaw rests with a Windows component in the Invensys Wonderware InTouch SuiteLink service.
The National Vulnerability Database scored the threat as High. It's network-exploitable, with low complexity of access. Authentication is not required to reach the vulnerable component.
The idea a denial of service could bring about another situation like the blackout suffered in the Northeast a few years ago should be unconscionable to utility companies and security professionals. Let's hope this and similar issues receive proactive detection and repair, before anyone can create an attack to exploit it.
Trojan Plaguing File Sharing Networks
A massive outbreak of malware began hitting media swappers hundreds of thousands of times nearly a week ago.
 | | Trojan Plaguing File Sharing Networks | |
The number of detections topped 500,000 for users of popular file sharing clients like eDonkey and Limewire, as a malicious Trojan sought a way in to machines via bogus MP3 files.
The outbreak began Friday, according to security vendor McAfee. Due to the nature of the Trojan arriving via fake MP3 and video files dumped onto file sharing networks, the company rated the Trojan a Medium threat.
"This is one of the most prevalent pieces of malware in the last three years," Craig Schmugar, threat researcher at McAfee Avert Labs, said in a statement. "We have never before had a threat this significant that arrives as a media file."
Once the Trojan, dubbed Downloader-UA.h by McAfee, finds a home on a PC, running it will trigger the download of additional components. These will pop ads up on the infected machine.
Schmugar further noted how the Trojan brings in a browser control that runs a purported music player. In reality, it loads a Flash-based player on a web page that plays a limited number of songs.
With one wave of malware flooding networks, it's not hard to imagine copycats making similar attacks. The real danger will come if some of the more sophisticated malware backers combine their operations with some kind of rapidly developed zero-day exploit.
That's a big threat since any security solution lacking the ability to pick up on the problem before having a signature file updated would pose little obstruction to that kind of attack. It's just one more reason giving security pros sleepless nights.
EFF Wonders About Digital Music Rights
The disclosure by Microsoft that they will disable license servers and eliminate the ability for MSN Music customers to listen to music purchased from the service on new computers drove the Electronic Frontier Foundation to cry foul.
 | | EFF Wonders About Digital Music Rights | |
A replacement hard drive or new computer purchase for an MSN Music user means the end of their songs from that service after August 31, 2008. Microsoft wants to nudge those holdouts to the Zune Marketplace, as MSN Music dropped off the Net two years ago.
The EFF complained about the situation, citing how the music industry's demands for DRM protection in songs ultimately meant fewer rights for music fans. They asked Microsoft to reconsider, an option that looks unlikely to happen.
EFF Civil Liberties Director Jennifer Granick wrote a followup piece to the situation, which she called a "debacle" for MSN Music customers. In that piece, she pointed out the dangers of End User License Agreements (EULAs) and how they unduly limit consumers:
MSN Music's EULA is a case in point. When active, MSN Music's webpage touted that customers could "choose their device and know its going to work".
But when customers went to purchase songs, they were shown legalese that stated the download service and the content provided were sold without warrantee. In other words, Microsoft doesn't promise you that the service or the music will work, or that you will always have access to music you bought. The flashy advertising promised your music, your way, but the fine print said, our way or the highway.
Microsoft isn't alone. Many other DRMed music services also make false promises to customers including Apple iTunes, RealNetworks and Napster 2.0.
Her assessment of EULAs and the courts is not an optimistic one for consumers. "Unfortunately, courts have generally tended to enforce even the more onerous EULAs, such as those that limit fair use rights," she said.
The ultimate irony comes with the changes taking place for major music labels these days. On sites like iTunes and Amazon, one can purchase and download music without any DRM in place. MSN Music customers could not have predicted this in 2006, but it appears that without a big court fight or a change of heart at Microsoft, the license server shutdown will proceed as scheduled.
India Cites Ongoing Chinese Cyber Attacks
A year and a half of electronic warfare against public and private network resources in India has been traced back to a variety of attacks and antagonists in China.
 | | India Cites Ongoing Chinese Cyber Attacks | |
Botnets, keyloggers, and network mapping all plague India on a regular basis, as its gigantic rival in Asia seeks weaknesses within the country's information infrastructure.
Unnamed government officials told the Times of India of the continued incursions. Worse, governmental efforts to stop those attacks, or to retaliate, appear ineffective.
"Dedicated teams of officials - all underpaid, of course - are involved in a daily deflection of attacks. But the real gap is that a retaliatory offensive system is yet to be created," the report said.
Publicly, blame for such attacks tends to be spread around by government types. Hackers of undisclosed origins stand at the end of the finger-pointing of guilt.
Privately, everyone knows exactly who is to blame. In India, research into attacks routinely found their origins in China. India fears a scenario similar to the Russian attacks on Estonia that crippled that country's infrastructure.
What surprises us, given the continued drumbeat by major tech companies demanding more foreign worker visas from India and other countries, is that India isn't able to combat the Chinese, as the Times admits.
Microsoft, Intel, and others in the tech industry push for Indian workers, but judging by the Times it seems not enough know how to set up a firewall or a router to deny even the network mapping taking place, let alone the penetrations into the country.
Maybe as long-time H-1B observer Norm Matloff noted, these companies may want to be aware of an article in Nature magazine. The piece by two researchers debunks the myth of superior math and science talent coming from India and other countries.
That could explain why China continues to routinely abuse India on the network front. Not enough people with the skills needed to fight a cyberwar are really available.
|
|
|
|
|
Latest Fox News Feed |
AdWords Arithmetic: 4=1, 3=1, 3=2
Google are redefining basic mathematics within the AdWords system. Four can equal one, two can equal five, and three can equal one, two or three.
Understanding the information presented "as is" within your AdWords account is of vital importance. This article clarifies how the average position may not be as it appears.
Click Fraud; balancing between over-reaction and oblivion.
A few years ago, Click Fraud was little more than speculation among the more paranoid tech people. Today it is a well known problem, widely covered by the BBC, BusinessWeek, The Washington Post and many more non-technical and (usually) non-paranoid publications.
Recent surveys, however, have demonstrated that most companies running PPC campaigns are either totally unaware of the issue or are so afraid of it that they are driven away from it or massively curtail their spending. The correct approach, as in all matters AdWords related, lies somewhere between the two.
What price Google Analytics?
In an age where information is a commodity, personal data, preferences, habits, politics, tastes and more have value. And there are companies out there who are willing to pay for this information.
So why do so many people lose sight of this when it comes to Google Analytics?
Customer Defence System
The Customer Defence System is used by many, yet put into words by none. The Customer Defence System is unique. No-one consciously aspires to apply such a system, yet most companies are to some extent doing so. Get it right and you'll be able to slash your sales in no time at all.
Three different ways to success
A joint interview with three very different software companies that we've worked with. Each sell their software to very different markets. The only thing that they have in common is that they have worked with our company for many years, and that all three are extremely successful.
Google AdWords Q & A
Two qualified Google AdWords Professionals answer a variety of questions on organic listings vs. PPC, choosing which ads to keep and delete, how to optimise your account, quality score, click fraud and more.
|
|
Popular Fox News Searches |
|
news feed WWF news latest for news feed news feed wwf nesws news web marketing madical news health news fox news News and Opportunities news sabah times digital camera news news right now fox news WWF NEWS Developer News medical news feed Search result for Related feed to KEPUTUSAN PERMOHONAN SMK TEKNIK Free And Clear Real Estate Articles By JOHN BECK related feed to permohonan borang kemasukan teknik vokasional Tips for Opening a Online Forex Trading Account |
|
