March 26, 2009

July 8, 2008

My New Blog

I have switched all of my blog entries to go to my new website
www.secureyourselfonline.com

That will be my new home :)

July 7, 2008

1 Million Dollar Prize

A professor at Harvard released a statement today that he has rated a new security format which is "Absolutely Unbreakable" in his opinion. And permanent privacy is putting it's money where it's clout is, 1,000,000.00 dollars to the first person who is able to crack the code of Permanent Privacy. The platform is based on 256 AES encryption method for the core data, and a more sinister trick for those trying to crack it. Essentially, prior to encrypting the email- you convert the text of the email into a series of non-sequential, non-repeating letters and numbers based upon a key you provide. You then contact the person you are contacting directly and provide them with the key to decrypt the data. You THEN use AES to encrypt the data, so if anyone is able to decrypt the AES cyphertext, they will have no idea of the next text to decrypt.

From the director of Permanent Privacy:"You can now send emails and store data with 100 per cent security. Even the Pentagon cannot read your secrets if they do not have the keys."

I give it two months before the code is cracked and some geek is one million dollars richer.

For more details on the contest:Go Here
You have to purchase a copy of the program to enter, which seems a little crappy to me- If you want to know how to improve your project you don't charge people to look at it.

July 5, 2008

LinkedIn Scamming Customers?

Anyone who is active in the professional world loves LinkedIn. (In my opinion) it is an absolutely flawless way to network, get your name out there, and build up on online resume that is able to be referenced on websites,blogs, or emails. It allows companies seeking employees an easy venue to find qualified personnel, helps skilled labor to find a company looking for someone just like them, and rekindles old flames left to die. Okay, so maybe isn't the hotbed of romantic activity on the internet, but its great for business. Especially LinkedIn's bottom line.


"How can LinkedIn benefit from networking?"


When you sign up for LinkedIn, you are asked to complete a resume of sorts. This initial information includes your name, date of birth, field of business,location and interests. Then you of course have the option of adding where you have worked, gone to school, and clubs/associations you are a part of. After all these personally identifiable things, you are then given the option of Joining Linkedin "Groups". These are generally trade groups or groups that allow a person to further network their profile. In short, LinkedIn has developed a complete advertiser's dream scenario. A company can buy your profile information from LinkedIn, and are provided with all of your information, along with means of contact for you. In general, LinkedIn has a full demographical breakdown of you and anyone you "Invite" to LinkedIn. And whereas the majority of LinkedIn users are over 40 and have incomes of over $100,000 dollars- they are the ideal targets of marketers, both legitimate and not. Recently LinkedIn decided to advertise merchandise to its users, but in a selective manner. For example, if Mercedes decided to advertise its new model, it would go to LinkedIn and they would choose from the member database the ones that fitted the marketing campaign. Then, LinkedIn decided to make a little more money by offering Premium Business and Premium Business Plus. With a regular membership you couldn't just send someone an e-mail, you had to be introduced first; with the new types of membership, this was no longer an issue. HR companies saw a great opportunity in this and for good reason. All they had to do was pay and they had access to all sorts of potential job candidates.

Their new Enterprise Corporate Solution gives access to all 23 million users of LinkedIn.

July 3, 2008

ALERT: YOUTUBE USERS COMPROMISED!

The ruling comes as part of Google's legal battle with Viacom over allegations of copyright infringement.

Digital rights group the Electronic Frontier Foundation (EFF) called the ruling a "set-back to privacy rights".

The viewing log, which will be handed to Viacom, contains the log-in ID of users, the computer IP address (online identifier) and video clip details.

While the legal battle between the two firms is being contested in the US, it is thought the ruling will apply to YouTube users and their viewing habits everywhere.

Viacom, which owns MTV and Paramount Pictures, has alleged that YouTube is guilty of massive copyright infringement.

The UK's Premier League association is also seeking class action status with Viacom on the issue, alleging YouTube, which was bought by Google in 2006, has been used to watch football highlights.

Legal action

When it initiated legal action in March 2007 Viacom said it had identified about 160,000 unauthorised clips of its programmes on the website, which had been viewed more than 1.5 billion times.

Following the launch of its billion-dollar lawsuit, YouTube introduced filtering tools in an effort to prevent copyright materials from appearing on the site.


We urge Viacom to back off this overbroad request
Electronic Frontier Foundation

Q&A: What does this ruling mean?
Send us your comments

The US court declined Viacom's request that Google be forced to hand over the source code of YouTube, saying it was a "trade secret" that should not be disclosed.

But it said privacy concerns expressed by Google about handing over the log were "speculative".

Google's senior litigation counsel Catherine Lacavera said in a statement: "We are disappointed the court granted Viacom's over-reaching demand for viewing history.

"We will ask Viacom to respect users' privacy and allow us to anonymise the logs before producing them under the court's order."

The ruling will see the viewing habits of millions of YouTube users given to Viacom, totalling more than 12 terabytes of data.

Viacom said it wanted the data to "compare the attractiveness of allegedly infringing video with that of non-infringing videos."

YouTube and Google had "compelled" it to go to court, Viacom said, "by continuing to defend their illegal and irresponsible conduct and profiting from copyright infringement, when they could be implementing the safe and legal user generated content experience they promise".

It said it would not be asking for any "personally identifiable information" of any user.

"Any information that we or our outside advisors obtain will be used exclusively for the purpose of proving our case against You Tube and Google (and) will be handled subject to a court protective order and in a highly confidential manner."

'Erroneous ruling'

Leading privacy expert Simon Davies told BBC News that the privacy of millions of YouTube users was threatened.


The chickens have come home to roost for Google
Simon Davies, privacy expert

He said: "The chickens have come home to roost for Google.

"Their arrogance and refusal to listen to friendly advice has resulted in the privacy of tens of millions being placed under threat."

Mr Davies said privacy campaigners had warned Google for years that IP addresses were personally identifiable information.

Google pledged last year to anonymise IP addresses for search information but it has said nothing about YouTube data.

Mr Davies said: "Governments and organisations are realising that companies like Google have a warehouse full of data. And while that data is stored it is under threat of being used and putting privacy in danger."

The EFF said: "The Court's erroneous ruling is a set-back to privacy rights, and will allow Viacom to see what you are watching on YouTube.

"We urge Viacom to back off this overbroad request and Google to take all steps necessary to challenge this order and protect the rights of its users."

The body said the ruling was also potentially unlawful because the log data did contain personally identifiable data.

The court also ruled that Google disclose to Viacom the details of all videos that have been removed from the site for any reason.

July 2, 2008

ALERT:ATM PIN NUMBERS HACKED!

Hackers broke into Citibank's network of ATMs inside 7-Eleven stores this year and stole customers' PIN codes, according to recent court filings that revealed a disturbing security hole in the most sensitive part of a banking record.

The scam netted the alleged identity thieves millions of dollars. But more importantly for consumers, it indicates criminals were able to access PINs -- the numeric passwords that theoretically are among the most closely guarded elements of banking transactions -- by attacking the back-end computers responsible for approving the cash withdrawals.

The case against three people in U.S. District Court for the Southern District of New York highlights a significant problem.

Hackers are targeting the ATM system's infrastructure, which is increasingly built on Microsoft Corp.'s Windows operating system and allows machines to be remotely diagnosed and repaired over the Internet. And despite industry standards that call for protecting PINs with strong encryption -- which means encoding them to cloak them to outsiders -- some ATM operators apparently aren't properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.

"PINs were supposed be sacrosanct -- what this shows is that PINs aren't always encrypted like they're supposed to be," said Avivah Litan, a security analyst with Gartner research firm. "The banks need much better fraud detection systems and much better authentication."

It's unclear how many Citibank customers were affected by the breach, which extended at least from October 2007 to March. The bank has nearly 5,700 Citibank-branded ATMs inside 7-Eleven Inc. stores in the U.S., but it doesn't own or operate any of them.

Open Source Routers!

Netgear has announced the launch of its WGR614L open source Wireless-G router.

The fully-featured wireless router is designed to support a variety of applications created by the open source community.

The router supports Linux-based Tomato and DD-WRT firmware and will soon support OpenWRT.

It is powered by a 240MHz MIPS32 CPU with 16KB of instruction cache, 16KB of data cache and 1KB of pre-fetch cache, and incorporates 4MB of Flash memory and 16MB of Ram.

"There has been growing demand for more powerful platforms to support open source enthusiasts seeking to create more robust, commercial-grade applications for their wireless routers," said Som Pal Choudhury, senior product line manager for advanced wireless at Netgear.

The router features a single 10/100 internet Wan port, a four-port 10/100 Lan switch, an 802.11g access point and all of the most common security and logging features.

"An important feature of our offering is the dedicated and responsive open source community which enables users to easily exchange ideas and troubleshoot issues," explained Choudhury.

"New applications currently being developed include traffic shaping applications, redirections to captive portals for hotspots, guest access via a separate SSID, upstream and downstream QOS and intelligent bandwidth monitoring. "

Ironically the router is also 'Works with Windows Vista' certified. The WGR614L is available now for around $69.

July 1, 2008

British Health Records Stolen

This is really beginning to get to me. With the proliferation of laptops in our society, you would think that knowledge of security would begin to rapidly spread as well. However, this is the second story in less than a week of a laptop being stolen from a car. Now, if this was an office of some sort, with semi-inconsequential data it would be understandable. But it seems that more and more, Healthcare IT staff are carrying around patient data on their personal laptops. These are people who are carrying around credit card info, banking numbers, social security numbers, Names, dates of birth. And i still wouldn't have a problem with it if they would take some sort of rudimentary precautions to ensure the protection of the data. However, there have been cases of IT staff storing full system backup tapes, laptops, USB Crypto keys, and entire servers in the back of their cars. They are then completely amazed when these top-level security measures are thwarted by a crook with a crowbar. This latest incident occured after a British IT worker for the NHS trust left his laptop unsecured in his car, along with 21,000 patients details. To make things worse, none of the information was encrypted. So the thief now has complete access to any and all patient data. The NHS trust reinforced the now common perception that they were completely technologically incompetent by stating (trying to make the situation better) "the data will almost certainly by wiped by the thief"

What steps should you take in order to secure a system from theft?
A. Set a Bios Level Password
B. Set at least a 14 digit password.
C. Require some sort of Biometric Authorization for Access
D. Always keep your data in an encrypted folder
E. If practical, Hide private data inside of another file
F. Keep any backups in humidity controlled, insulated environment.
G. Rule of Thumb: If your system can be seen, its public data.
H. Thumb of Rule: If your system is in your car, it deserves to be stolen.

Mcafee's Spam Project.

Have you ever pondered to yourself, "What would happen if I left my computer without anti-virus, routine maintenance, or any care to be taken of it?" Do you imagine a zombie computer, revving its engine repeatedly in disgust of your lack of decent ownership?Well,Mcafee has released the results of its Spammed Persistently All Month campaign- So you do not have to wonder anymore.

The project asked a group of 70 users from 10 countries to surf the web unprotected and gather as much spam as possible.

The guinea pigs were able to amass a total of 104,000 spam messages, an average of 2,096 messages per person and 70 messages per day for each user.

Americans topped the spam haul, amassing 23,233 spam messages between five users. Brazil finished a distant second with 15,856 messages, and the UK was fifth with 11,965.

Participants in the study also noticed significant system slowdowns from unwanted software installations.

"In just 30 days there was quite a noticeable change in the performance of their computers," said McAfee Avert Labs senior vice president Jeff Green.

"This showed just how much malware was being installed without their knowledge, and that spam is much more than a nuisance. It is a very real threat. "

The US also led the study in the number of adult-oriented spam messages, while the UK received the highest number of Nigerian '419' messages. Brits received more than 23 per cent of the infamous money transfer scam attempts.

Financial services messages were the most popular spam topics, followed by advertisements and health and medicine messages. Adult emails were the fourth most-popular, while offers for free items were fifth and 419 scams tenth.

McAfee also noted an increasing number of location- and language-specific spam, particularly in France and Germany. The large spam loads in Brazil and Mexico also suggest a new focus on emerging economies.

"Our participants came from all walks of life, from all over the world and, given their interest to take part in the experiment, they were well aware of the problem," said McAfee chief executive Dave DeWalt.

"Despite this, they were all shocked by the sheer amount of spam they attracted in such a short time and the lengths the spammers would go to in order to achieve success."AA