Thursday, December 13, 2007

This lover will take you for a ride !

A new threat on the Net ....... you may be cozy up with the wrong type of lover. A lover who does not exist and is only a computer program !! This robot will turn you on and get under your skin :)


Cyber lovers warned beware of flirtatious robots
Predatory program can attract 10 partners in 30 minutes
Sandra Rossi, 11/12/2007 15:58:04
Read the full story here

http://www.computerworld.com.au/index.php/id;1672098041;fp;;fpid;;pf;1

Internet users are being warned about a new malware trend involving the use of natural language dialogue systems that are already deployed within gaming technologies.

The software conducts fully automated flirtatious conversations in a bid to collect personal data from those seeking relationships online.

Tuesday, December 11, 2007

Its the war syndrome....

The generals have new weapons. The generals need not be uniformed with rows of medals on their chests . Their armies need not be working out everyday to be in good health etc.... They may never step out into the open to wage war because they attack through computers and networks using invisible bits and bytes to inflict more damage than "Little Boy" and it's descendants.

Well MI-5 has warned UK based corporations to be aware of Chinese espionage. The statement makes a vague reference to 'other states' but that is unqualified.
(Check the story at http://news.bbc.co.uk/1/hi/business/7123970.stm)

Then we have the White House, yesterday, asking for a few millions to fortify cybersecurity and $ 115 m is not small change.

To add to the terror scenario we have a teenager who was controlling the largest botnet from idyllic New Zealand. And then the personal data of a person no less than the Information Commissioner is farmed off the net at a cost of 35 p in less than an hour !
http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/12/04/ndata204.xml

So is the Internet going to become the nemesis of mankind ? Is this where they will launch wars of a personal nature or against a state ? And the intensity of the weapons will overshadow the infamous invisible WMDs.

The enemy may well be sitting at a console next to you in the neighborhood cybercafe.

Everyday we have a new doomsday scenario tale and a small world becomes smaller.

Dinesh O Bareja


Tuesday, December 4, 2007

120 countries building cyber-war capacity

*_McAfee report: Cyberespionage to be a top 2008 national security threat_*

By Jim Carr
03 December 2007

http://www.securecomputing.net.au/news/98544,mcafee-report-cyberespionage-to-be-a-top-2008-national-security-threat.aspx <http://www.securecomputing.net.au/news/98544,mcafee-report-cyberespionage-to-be-a-top-2008-national-security-threat.aspx>

A rise in international cyberspying will pose the most significant threat to the national security of the United States in 2008, according to a report from anti-virus vendor McAfee.

The company said that governments and "allied groups" will turn to cyberspying and cyberattacks against targets such as electricity grids, air-traffic control systems, financial markets and government networks - all critical infrastructure that, if compromised, could affect the country's national security, according to the report.

McAfee's annual "Virtual Criminology Report," which looks at global cybersecurity trends, was conducted in conjunction with NATO, the FBI, the Serious Organised Crime Agency (SOCA), an independent organisation formed by the United Kingdom's Home Office, and security experts from non-profit organizations and universities.

"Cybercrime is now a global issue," Jeff Green, senior vice president of McAfee Avert Labs and product development, said in a prepared statement. "It has evolved significantly and is no longer just a threat to industry and individuals but increasingly to national security. We're seeing emerging threats from increasingly sophisticated groups attacking organizations around
the world. Technology is only part of the solution, and over the next five years, we will start to see international governments take action."

Tim Jemal, senior vice president of government relations for the Cyber Security Industry Alliance (CSIA), cited this year's attack on Estonian interests as an example of governments being targeted by malicious hacker groups.


Cyberthreats to the United States pose a growing risk to national security, that's true," he said. "When a technology-savvy county like Estonia was recently crippled by botnet attack from Russian sources, it's a clear indication that cyberspace is being used by some criminal sources to
destabilize countries, and the United States is definitely a target."

Other trends include increasing threats to online financial services and the emergence of a complex and sophisticated market for malware, according to the report, which noted that 120 countries "now use the internet for web-espionage operations," with many of the cyberattacks originating from China.

While Jemal wouldn't comment on McAfee's estimate of 120 countries involved in web-based espionage, he said many were using the internet in other malicious activities.

"Twenty-five nations, including China, are engaged in cyberwarfare programs," he said. "They use cyberspace as a weapon against another country."

The report also indicates that cyberattacks have become "more sophisticated, progressing from initial curiosity probes to well-funded, well-organised operations designed." These operations, designed to slip under the radar of government defenses, increasingly encompass political, military, economic and technical espionage, according to the report.

Cybercriminals are also developing new attack methods. These include "vishing," or phishing via Voice over IP phone networks, and "phreaking," hacking into telephone networks to make long-distance phone calls.

Sunday, December 2, 2007

Bhelpuri - the ultimate privacy mish mash

Inspired by

http://timesofindia .indiatimes. com/articleshow/ msid-2586516, prtpage-1. cms


Isn't it apt that identity and card information was available in a bhelpuri, and that too at the hands of a techie with the source being the world's largest chip maker and the world\s largest car rental company.

The bhelpuri is the ultimate Indian smorgasbord - a mish mash of a snack which can be spiced up on a scale of 0 to infinity and can symbolize all the regulations and controls thrown into a wrapper and mixed into obliviion so no one knows what came from where - just pass the audit, make sure there is evidence controls.

Oh, I am digressing, this can be a plot for a new Bollywood blockbuster "Secure Bhel" and the catch line will be CIA on the street.... Compromised and Internationally Available.

Is this another lapse which is being swept under the carpet ? Now we wonder, as security professionals, that if a company on the bleeding edge of technology can send private data in this manner what is the state of it's internal systems. Not that they will reveal this.

Well that is the international giant, the bleeding edge technology company and they do not have a clue about security of private information, because they are busy securing technology IP. So how about the leading car rental company which handles tons of personal data from credit cards to driver licences, addresses, birthdates, travel plans etc - so how does current and valid personal data land up in a snack ! Is this how they treat personal data of clients - boy I would love to audit them and take them to the cleaners.

This rambling was prompted by this article......

Credit card info found on bhelpuri wrapper
1 Dec 2007, 0238 hrs IST,Kavita Kukday,TNN

MUMBAI: On Tuesday evening, Aneesh, a media professional in his thirties, bought a packet of bhelpuri from the roadside vendor in MIDC, Andheri. While munching on the snack, he happened to glance at the paper cone in which the vendor had mixed the bhel. His curiosity was piqued. It was a computer printout of an invoice for a car rental. Once he had eaten up his bhel, he studied it carefully: it had the name of a credit card holder, the 16-digit credit card number, the three-digit batch number (from the back of the card) and the expiry date. In short, all the ammo needed for online transactions.

It was an American Express card. The request had gone on email from tech firm Intel to Avis, an international car rental firm with offices in India. It was sent in March last year for an Intel guest who was staying at the Grand Hyatt and needed to hire a car for a day. Despite the invoice being more than a year old, the expiry date (Feb 2008) showed that the card was still valid. To heighten the risk, it was a company credit card, which automatically scales up the chances of misuse --- not only is the credit limit higher even the authenticity of the spends are tougher to track.

So how did such sensitive information find its way to the bhelwalla? While the paper trail is hard to trace to source, an important stop must certainly have been the raddiwalla.

An Intel spokesperson said, "It is an unfortunate incident and Intel is deeply concerned. We hold our employee confidentiality in the highest respect. We are currently investigating the matter."

Those in the credit card business warn that this is not an isolated case. Security norms for digital transactions are still very lax in India, and the use of shredders for documents is almost non-existent.

The bhel-puri credit card story, however, had a safe ending. The person eating bhel didn't head for the nearest cyber cafe. He carefully ironed out the paper cone and passed it on to a writer friend, who called TOI.

http://timesofindia .indiatimes. com/articleshow/ msid-2586516, prtpage-1. cms