The Federal Trade Commission today told the Senate Committee on Commerce, Science, and Transportation that the power to invoke civil penalties on spyware distributors would aid in deterrence.
Eileen Harrington, deputy director of the FTC’s Bureau of Consumer Protection, said enforcement options, such as seeking consumer redress or making the operators give up their ill-gotten gains, are not always sufficient. Many times, customers do not lose money, or it is difficult to quantify how much they did lose, she said.
Civil penalties would be a more effective deterrent, Harrington said.
Spyware and harmful adware are a critical threat to online security and privacy. It is wrong, and it must be stopped, Katherine McGuire, vice president for government relations at the nonprofit Business Software Alliance, told SCMagazineUS.com on Friday.
“While legislation is needed to fight privacy threats and to increase online safety, any new legislation should target bad behavior, and not attempt to dictate ‘good’ or ‘bad’ technology,” she said.
At a minimum, the use of spyware to steal personal information should be deemed a crime, said Tiffany Jones, director, government relations, at Symantec.
“As it stands right now, nowhere in the Federal Register is the word ‘spyware’ mentioned, nor the use of it to steal information,” she told SCMagazineUS.com. “So the most important thing is to make it a crime, first, and then develop penalties for committing that crime.”
source: networkworld.com/community/node/28716
When you want to surf the net, you click on the blue ‘e’ on you desktop. That’s all there is to it. Why should you have to choose a browser? And is there a choice at all? Isn’t the word ‘browser’ synonymous with ‘InternetExplorer’?
With the recent spate of browser-related security incidents all over the world, it might be useful to get to know what choices you have. Many of Microsoft’s products, and most importantly the ubiquitous Internet Explorer, make use of a technology called ‘ActiveX Controls’. While these are very useful pieces of software, and help to enhance many multimedia-related and other functionalities in your browser and on the desktop, they are also a huge security threat. It is extremely easy to hijack your browser by abusing one of the ActiveX interfaces, and through that security hole take over your entire computer in a matter of minutes.
In response to the innumerable viruses, worms and other exploits that have plagues Windows users in recent years, Microsoft released the Service Pack 2 for windows XP some time ago. This proposes to plug many of the security holes by imposing stricter controls over the ActiveX interface in Internet Explorer. This has met with moderate success, but still the exploits continue. Perhaps the time has come for the ordinary user to look for other choices in the field of the browser, which is one of the most essential pieces of software that we need in our everyday desktop computing.
First, take a look at Opera. This is an unbelievably small, tight, compact browser that is developed by a Norwegian company. While Internet Explorer for Windows XP is a humongous download, the latest version weighing in at nearly 100 megabytes, Opera is only a little more than 3 Mb, and offers much, much greater functionality at that! It’s incredible how much usefulness the guys from Scandinavia have been able to pack into this tiny, sprightly browser. From changing the browser identification code to applying a vast range of themes and skins, from offering multiple-tabbed browsing to the simple yet elegant idea of mouse gestures, Opera has sweet surprises and wonderful easter eggs waiting for you at every turn.
And those of you who have never used anything other than Internet Explorer in your life, you will probably discover for the first time how fast your internet connection really is, for Opera doesn’t have to negotiate with the great overhead of interfacing tightly with the operating system, like Internet Explorer does. You’ll be surprised to see pages which took more than half a minute to be displayed fully come to life in less than five seconds!
Another equally good choice is Firefox, which is really the Netscape browser of old, reborn in a new form and under a new license. Compared to Opera, Firefox is a bare-bones browser, with only the basic functions built in. this greatly simplifies the interface, making it a perfect choice for non-expert computer users. But those of you who need more usability built in, you’ll find an extensive repository of ‘extensions’, which add features to it. The extensions can be installed directly from within the browser, and you get to browse the features descriptions, user ratings and popularity of each extension before you choose it.
An added advantage of Firefox is that it is Free Software, and consequently its source code is publicly available. Even you can download it and find out which part does what, but even if you aren’t a programmer, you have the extra assurance that thousands of hackers all around the world are looking at the code every minute, so there no place where trojans, bugs or security loopholes can hide. This is what, in fact, makes Free Software such a great choice for the security conscious.
Six Apart is launching a new free open source product into beta called TypePad AntiSpam. While the product is new, the technology behind it has been used by Six Apart since May 2007 on millions of hosted TypePad blogs.
What’s TypePad AntiSpam?
- A free, open source system powered by TypePad for blocking comment spam on any site, free no matter how many comments you get.
- A service for all bloggers, built into TypePad blogs already and implemented as a free plugin for users of platforms like Movable Type and WordPress.
- An open source engine which developers can use to create new antispam services, with customizable rules and logic.
- In beta! We’re hearing great results from testers so far, but wanted to open up TypePad AntiSpam to a larger audience so we can make sure the system is getting as smart as possible.
Like Akismet, TypePad AntiSpam takes a multi-headed heuristic approach to detecting and blocking comment spam on blogs. If you are a blogger, you’ll want to use Akismet or TypePad AntiSpam.
source: www.sixapart.com/blog/2008/05/typepad-antispam-whats-good-fo.html
The FBI recently issued an alert warning that wireless Internet networks, often called Wi-Fi hotspots, are more vulnerable to hackers than most users probably realize.
Often the security of the free public networks is low and this setting make it very easy for a hacker working from anywhere around the world to use computer codes to peek into your computer and steal sensitive information.
Here are some tips from the FBI and the Florida Department of Law Enforcement on how to keep your personal computer data safe:
- Make sure your laptop security is up to date. That includes firewall, anti-virus and anti-spyware software. Spyware is a kind of program that can collect information from your computer without your knowledge. It’s sometimes used by companies that want to collect marketing information about people who log on to their Web site, but spyware has also been used by hackers who want to mine information from someone’s computer.
- When using a public Wi-Fi service, avoid logging into financial accounts of any kind because hackers might be able to monitor your computer from another location to see what you are typing and steal your login information. For the same reason, you also want to avoid logging into e-mail accounts and instant messaging services.
- When logging on to a site, glance at the address bar to check that you’re at an authentic Web page. Hackers set up fake Web pages that look like the real thing to trick people into typing in their log-in information. But you can tell which are the fake pages by glancing at the address bar. If the address is different from what you originally typed, don’t enter your personal information. Close your browser and leave the Wi-Fi network.
- Don’t use the same password for all your online accounts. That way if hackers steal a password, they won’t be able to use it at more than one Web site.
- Make sure your computer does not automatically log on to wireless networks. You can do this by adjusting the Internet security settings on your computer. As an added precaution, turn the computer off when you’re not around to ensure that it’s not picking up a wireless network signal.
source: bostonherald.com/business/technology/general/view.bg?articleid=1096994
Tips and guides to protect your online privacy when you are surfing the net – When you venture online, the markers of your identity shrink greatly, and you are known only by your digital, electronic signatures. Any one who can mimic these can claim to be you, and wreak havoc on your financial affairs. That is why it is becoming more and more necessary to be able to protect your privacy on the internet and on your computer.
The average Joe Sixpack who uses a computer knows very little about its internal workings. Neither does he need to know anything about that, because everything is taken care of by the underlying Operating System, while he is left with click-click-clicking on the pretty icons in front of his face.
While this type of computing has made information technology available for the masses, it has also made them greatly vulnerable as regards their need for privacy. Often they have no clue that their personal data is being used by unauthorized persons for financial or other kinds of benefit, to their detriment.
How do you prevent unauthorized use of private data? There are a number of procedures that experts recommend. You cannot totally control whether your data will be stolen or not, but following these shall at least minimize the risks.
Primarily, you should use passwords to lock down all aspects of your computer and your online presence. You need to be specially careful about your social security number and your credit card number. Your telephone accounts can also some time be under threat, so it is best not to ignore those either.
PayPal announced plans to ban older and unsafe Web browsers in an effort to provide anti-phishing protection with the use of EV SSL certificates.
PayPal, the world’s largest online payment service, announced on Thursday that it is working on a plan to block users from making transactions from unsafe Web browsers.
PayPal released a white paper that outlines a five-pronged action plan aimed at slowing down the phishing epidemic. Part of this plan is to block any transactions from going through on browsers that don’t support EV SSL certificates.
PayPal’s chief information security officer Michael Barrett says letting users view the PayPal site on a browser that doesn’t have anti-phishing protection is equal to a car manufacturer allowing drivers to buy one of their vehicles without seat belts.
Some of the browsers PayPal is looking at blocking are old, out-of-support versions of Microsoft’s Internet Explorer and Apple Safari which offers no anti-phishing protection and doesn’t support the use of EV SSL certificates.
Firefox and Opera have announced that they will be offering support for EV SSL in their upcoming releases. It is unknown whether Safari will be offering EV SSL support in the near future.
Another recommendation outlined in the PayPal white paper is the “creative use of new email signing standards and cooperation with major ISPs to block unsigned email” that looks to be from PayPal, but isn’t, before it even reaches the customers.
Barrett says that if phishmail never makes it into a customer’s inbox, the customer cannot become a victim. Thus, ISPs need to adopt technologies to block fraudulent emails at the network edge. PayPal recommends installing anti-phishing and anti-spam technologies, like DomainKeys and Sender Policy Framework.
source: www.halflifesource.com/paypal_targets_phishing_epidemic/article2390.htm
One thing is certain. You have to fight spyware, there is no alternative. You cannot leave the issue aside, you cannot say that, “let it stay the way it is.” I mean, you can always say that if you like, but the risk might be a bit too high. You live the issue as a side one, you do not think about it at all, it’s a lot of trouble, you think, and all of a sudden you realize that the actual trouble is beginning now. Maybe somebody from Bangladesh has your bank pin number. And maybe they want to use it for siphoning some money out of your savings account.
You never know, and how will you? Did the people at Troy discover the Trojan Horse as what it was? They revelled in short lived pleasure and later paid dearly for their foolishness. You might have to pay dearly too, mind you that, in the literal sense of the word.
Know first what a spyware is. That, of course, should be the very first step to combating it. To fight anything, you have to have knowledge over it, you cannot box the shadow warrior! Or can you?
A federal appeals court has ruled that MySpace.com is immune from a lawsuit over the alleged sexual assault of a teenage girl by a man she met on the social networking Web site.
The Texas girl’s family had sued MySpace and its parent company, News Corp., claiming that MySpace didn’t protect young users from sexual predators.
Girl’s family claim MySpace didn’t protect young users from sexual predators. The girl was 14 when a 19-year-old man she met on MySpace allegedly sexually assaulted her in a Travis County parking lot in May 2006.
Court notes girl circumvented Web site’s safety features by lying about her age. The girl was 13 but misrepresented herself as 18 years old when she created a MySpace profile in 2005.
MySpace applauded court’s ruling, saying it takes safety of users very seriously.
Cyberstalking has recently made its place among the most notorious and destructive crimes that involve the use of the internet. And not unlike real life stalking, it is also perhaps the most terrifying.
Cyberstalking occurs when a person is able to gain personal information about you through the internet and online sources, and then uses that knowledge to harass and intimidate you. You wouldn’t believe how much information bout you may be freely available on then net; just do a search on your name at any competent search engine, and you’ll be surprised. And experienced cyberstalkers have advanced electronic methods at their disposal that will reveal even more.
Your cyberstalker’s geographical location is arbitrary. The internet is a medium that makes nothing of a million miles. You never know who is stalking you. In real life cases of stalking, you are sure that it must be someone who lives near you, very probably in the same city or maybe even on the same street. In case of cyberstalking, your enemy might as well live at the opposite end of the earth – you’d never know, and neither would it really matter. He or she can continue to haunt you from wherever they are.
Many cyberstalkers are adept enough that they do not even have to do the harassment themselves. They can easily make other people do their job for them unknowingly. For instance, they could make a false and disparaging comment about you on a public forum, and provide your business e-mail address. This will normally result in a huge flood of hate mail that will simply drown out normal, useful mail, and maybe make it necessary for you change your address, breaking important correspondence for weeks.
Spam king Sanford Wallace and phishing buddy Walter Rines hijacked some 300,000 MySpace accounts and sent hundreds of thousands of spam messages and comments across the service. They got their punishment: a whopping $225 million judgment in favor of MySpace, Information Week reports.
MySpace decided to sue when it discovered the duo had lured MySpace users into revealing their login information through phishing sites. After obtaining user IDs and passwords, the pair distributed messages to the users’ friends list with links to various Web sites involving gambling, pornography and ringtones. According to court documents, Wallace and Rines distributed 735,925 messages during the scam and earned over $500,000 in the process.
A blog purporting to be from Sanford Wallace (The site registration address matches the address on the court docuuments.) Says:
I am amazed whenever I read an article written about the latest crimes I’ve committed and the latest court orders I’ve broken.
I don’t even learn about most of these claims until I read about them somewhere on the Internet. I live a low profile life. In the meantime, the world around me apparently still blames me for every spam and phish page on the Internet.
Please, move on to the real spammers.
..I am still waiting to be served. And I haven’t been hiding either. The whole case was one big PR move..
source:
www.crn.com/security/207800154
government.zdnet.com/?p=3813
blogs.pcworld.com/staffblog/archives/006956.html
