Thursday, December 13, 2007

This lover will take you for a ride !

A new threat on the Net ....... you may be cozy up with the wrong type of lover. A lover who does not exist and is only a computer program !! This robot will turn you on and get under your skin :)


Cyber lovers warned beware of flirtatious robots
Predatory program can attract 10 partners in 30 minutes
Sandra Rossi, 11/12/2007 15:58:04
Read the full story here

http://www.computerworld.com.au/index.php/id;1672098041;fp;;fpid;;pf;1

Internet users are being warned about a new malware trend involving the use of natural language dialogue systems that are already deployed within gaming technologies.

The software conducts fully automated flirtatious conversations in a bid to collect personal data from those seeking relationships online.

Tuesday, December 11, 2007

Its the war syndrome....

The generals have new weapons. The generals need not be uniformed with rows of medals on their chests . Their armies need not be working out everyday to be in good health etc.... They may never step out into the open to wage war because they attack through computers and networks using invisible bits and bytes to inflict more damage than "Little Boy" and it's descendants.

Well MI-5 has warned UK based corporations to be aware of Chinese espionage. The statement makes a vague reference to 'other states' but that is unqualified.
(Check the story at http://news.bbc.co.uk/1/hi/business/7123970.stm)

Then we have the White House, yesterday, asking for a few millions to fortify cybersecurity and $ 115 m is not small change.

To add to the terror scenario we have a teenager who was controlling the largest botnet from idyllic New Zealand. And then the personal data of a person no less than the Information Commissioner is farmed off the net at a cost of 35 p in less than an hour !
http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/12/04/ndata204.xml

So is the Internet going to become the nemesis of mankind ? Is this where they will launch wars of a personal nature or against a state ? And the intensity of the weapons will overshadow the infamous invisible WMDs.

The enemy may well be sitting at a console next to you in the neighborhood cybercafe.

Everyday we have a new doomsday scenario tale and a small world becomes smaller.

Dinesh O Bareja


Tuesday, December 4, 2007

120 countries building cyber-war capacity

*_McAfee report: Cyberespionage to be a top 2008 national security threat_*

By Jim Carr
03 December 2007

http://www.securecomputing.net.au/news/98544,mcafee-report-cyberespionage-to-be-a-top-2008-national-security-threat.aspx <http://www.securecomputing.net.au/news/98544,mcafee-report-cyberespionage-to-be-a-top-2008-national-security-threat.aspx>

A rise in international cyberspying will pose the most significant threat to the national security of the United States in 2008, according to a report from anti-virus vendor McAfee.

The company said that governments and "allied groups" will turn to cyberspying and cyberattacks against targets such as electricity grids, air-traffic control systems, financial markets and government networks - all critical infrastructure that, if compromised, could affect the country's national security, according to the report.

McAfee's annual "Virtual Criminology Report," which looks at global cybersecurity trends, was conducted in conjunction with NATO, the FBI, the Serious Organised Crime Agency (SOCA), an independent organisation formed by the United Kingdom's Home Office, and security experts from non-profit organizations and universities.

"Cybercrime is now a global issue," Jeff Green, senior vice president of McAfee Avert Labs and product development, said in a prepared statement. "It has evolved significantly and is no longer just a threat to industry and individuals but increasingly to national security. We're seeing emerging threats from increasingly sophisticated groups attacking organizations around
the world. Technology is only part of the solution, and over the next five years, we will start to see international governments take action."

Tim Jemal, senior vice president of government relations for the Cyber Security Industry Alliance (CSIA), cited this year's attack on Estonian interests as an example of governments being targeted by malicious hacker groups.


Cyberthreats to the United States pose a growing risk to national security, that's true," he said. "When a technology-savvy county like Estonia was recently crippled by botnet attack from Russian sources, it's a clear indication that cyberspace is being used by some criminal sources to
destabilize countries, and the United States is definitely a target."

Other trends include increasing threats to online financial services and the emergence of a complex and sophisticated market for malware, according to the report, which noted that 120 countries "now use the internet for web-espionage operations," with many of the cyberattacks originating from China.

While Jemal wouldn't comment on McAfee's estimate of 120 countries involved in web-based espionage, he said many were using the internet in other malicious activities.

"Twenty-five nations, including China, are engaged in cyberwarfare programs," he said. "They use cyberspace as a weapon against another country."

The report also indicates that cyberattacks have become "more sophisticated, progressing from initial curiosity probes to well-funded, well-organised operations designed." These operations, designed to slip under the radar of government defenses, increasingly encompass political, military, economic and technical espionage, according to the report.

Cybercriminals are also developing new attack methods. These include "vishing," or phishing via Voice over IP phone networks, and "phreaking," hacking into telephone networks to make long-distance phone calls.

Sunday, December 2, 2007

Bhelpuri - the ultimate privacy mish mash

Inspired by

http://timesofindia .indiatimes. com/articleshow/ msid-2586516, prtpage-1. cms


Isn't it apt that identity and card information was available in a bhelpuri, and that too at the hands of a techie with the source being the world's largest chip maker and the world\s largest car rental company.

The bhelpuri is the ultimate Indian smorgasbord - a mish mash of a snack which can be spiced up on a scale of 0 to infinity and can symbolize all the regulations and controls thrown into a wrapper and mixed into obliviion so no one knows what came from where - just pass the audit, make sure there is evidence controls.

Oh, I am digressing, this can be a plot for a new Bollywood blockbuster "Secure Bhel" and the catch line will be CIA on the street.... Compromised and Internationally Available.

Is this another lapse which is being swept under the carpet ? Now we wonder, as security professionals, that if a company on the bleeding edge of technology can send private data in this manner what is the state of it's internal systems. Not that they will reveal this.

Well that is the international giant, the bleeding edge technology company and they do not have a clue about security of private information, because they are busy securing technology IP. So how about the leading car rental company which handles tons of personal data from credit cards to driver licences, addresses, birthdates, travel plans etc - so how does current and valid personal data land up in a snack ! Is this how they treat personal data of clients - boy I would love to audit them and take them to the cleaners.

This rambling was prompted by this article......

Credit card info found on bhelpuri wrapper
1 Dec 2007, 0238 hrs IST,Kavita Kukday,TNN

MUMBAI: On Tuesday evening, Aneesh, a media professional in his thirties, bought a packet of bhelpuri from the roadside vendor in MIDC, Andheri. While munching on the snack, he happened to glance at the paper cone in which the vendor had mixed the bhel. His curiosity was piqued. It was a computer printout of an invoice for a car rental. Once he had eaten up his bhel, he studied it carefully: it had the name of a credit card holder, the 16-digit credit card number, the three-digit batch number (from the back of the card) and the expiry date. In short, all the ammo needed for online transactions.

It was an American Express card. The request had gone on email from tech firm Intel to Avis, an international car rental firm with offices in India. It was sent in March last year for an Intel guest who was staying at the Grand Hyatt and needed to hire a car for a day. Despite the invoice being more than a year old, the expiry date (Feb 2008) showed that the card was still valid. To heighten the risk, it was a company credit card, which automatically scales up the chances of misuse --- not only is the credit limit higher even the authenticity of the spends are tougher to track.

So how did such sensitive information find its way to the bhelwalla? While the paper trail is hard to trace to source, an important stop must certainly have been the raddiwalla.

An Intel spokesperson said, "It is an unfortunate incident and Intel is deeply concerned. We hold our employee confidentiality in the highest respect. We are currently investigating the matter."

Those in the credit card business warn that this is not an isolated case. Security norms for digital transactions are still very lax in India, and the use of shredders for documents is almost non-existent.

The bhel-puri credit card story, however, had a safe ending. The person eating bhel didn't head for the nearest cyber cafe. He carefully ironed out the paper cone and passed it on to a writer friend, who called TOI.

http://timesofindia .indiatimes. com/articleshow/ msid-2586516, prtpage-1. cms

Monday, October 22, 2007

Weapons of Mass Destruction ? The next battleground

No one found the WMDs ! The reason is simple ... the search was in all the wrong places.

They do exist but not in the tangible world as we know them. The WMDs we have grown up with are the nuclear devices, the chemical weapons, the large armies, the terrorists. These are passe.

WMDs today are unseen, they are invisible bits and bytes that can travel over fiber optic across continents before you can blink. These bits and bytes, shaped by some 'beautiful' criminal mind into a virus, a trojan, a DOS to wreak havoc and bring terror to the doorstep of the common man.

Critical infrastructure like airports, dams, utilities, power and nuclear facilities, defence facilities are on alert against the risk of attack but with barriers and para-military forces the threat is mitigated. What about the WMD attack - the attack which comes stealthily via the internet in the form of trojans, viruses, rootkits, web-bots etc. An attack which can paralyze the airport or can shutdown the nuclear facility.

Webface defacements, hacking, data theft and such IT crime is commonplace today and we have new reports daily - globally. So it is easy for a terrorist to construct the WMD and let it loose for destruction.

So how do we search and control those evil designs. The answers may be in a reorientation of education at all levels. By the inclusion of ethics in system design and development, in the use of technology. Or will it be necessary for system development to be licenced and controlled by governments as is the case with the manufacture of nuclear and conventional weapons.

Recent events in Estonia have shown what the WMD can do, and we do not know whether the hills of Kandhar have classes in computer technology after the wannabe terrorist has finished target practice and the indoctrination lecture for the day.

Thoughts to ramble on, and yes it is a terrifying thought but what if it was another 'Live Free Die Hard' scenario.









Rambing Securely

Yes I would like to make this a space to ramble on and on about InfoSec. Passionate I am about this from the day I realized that this is something which is where I want to be.

It was sometime in 2000 or earlier that I was exposed to the thought of security in technology. And I was excited about the subject and got to reading whatever I could get my hands on. Learnt what continuity meant, and that there existed a CIA triad which was the basis of all secure thought. And that the Deming cycle meant a lot to make life secure.

One has come a long way and I have gathered a lot of moss ...... and the excitement continues ! The passion is as strong as ever, and the quest for knowledge stronger.

With all the churn in the mind, I keep rambling, so I decided to blog all these thoughts. And maybe start some discussions which may (hopefully) lead to better something someplace.