Sunday, February 27, 2011

China Cleans Up Spam Issue

China was, at one point, the world's leading source of spam, but lately they have been dropping in the rank because they are slowly beginning to clean up this issue. Cisco Systems' IronPort group ranks China to be number 18 in terms of spam-producing countries. This is good, compared to two years ago when they ranked in the top 5. In 2009, they were ranked number 3 and by the end of 2009 was when they began to drop off significantly. Currently, China is ranked number 20 which is right behind Spain.

China is currently the home to approximately 420 million Internet users, and many of these users are accessing the Internet through hacked computers. In 2006, China began recognizing the major concerns and problems caused by the spam overload coming from their country. An anti-spam initiative was launched that brought network operators and security companies together in order to discuss this issue. Anti-spam supporters from the United States are now working more with China's members of the Internet Security team to work out standards and better ways of cooperating.

The thought process is that hopefully the U.S. will learn a few things from China and its efforts in fighting spam.Currently, the U.S. remains the top spamming country and is the source of about one-fifth of the world's spam.Although some security experts say that some of the spam messages are created by spammers that are not residing in the country, but the fact that the U.S. has so many hacked machines at our disposal is becoming a huge problem.

In an effort to control China's spam problem, they have made it more difficult to register new Internet domains  have put on more stricter controls on those who are able to send out emails. Although China is coming up with more and more ways to control their spam breakout, it is being studied that spammers have moved from China to Russia now. Although this may remain true, experts are having a hard time keeping track of China's improvements because they keep most of their doings on the "down low.

It is kind of scary how quickly spamming can become a problem, and I was unaware that the United States is top in this spam outbreak. Although, I am not shocked. We become aware of this issue, but not much is done about it. It seems as though China really put their foot down and decided that this wasn't going to be a problem in their country. Maybe other countries, now Russia ... and the U.S. need to consider doing the same.

Article Name: China Cleans Up Spam Problem
by: Robert McMillian

http://www.computerworld.com/s/article/9211658/China_cleans_up_spam_problem?taxonomyId=17&pageNumber=1

Saturday, February 26, 2011

Microsoft Moonlighting .. okay?

Smartphones are the new phone of today, and majority of people now own one. These phones allow you to download different applications including games, news, weather, etc, but most people don't have the newly introduced application, called Bubblegum. Bubblegum is an application that allows you to edit your photos on your phone and upload them up to Web sites such as Facebook. The reason for why most people don't have this application is because it is considered an app for a nascent market. This is people who have the new Windows 7 software inside their phones. Because the platform is new, developers need to learn more about it before writing many of those apps. In order to do this, Microsoft has decided to take a very unusual step. Microsoft has decided to relax a strict rule that they have had, and let employees moonlight in their spare time. The employees will keep the resulting intellectual property and most of the revenue, as long as the second job is writing applications for Windows Phone 7 based devices.

Microsoft is not being quiet about this process. They are throwing pizza parties for those employees willing to help, and are giving free Windows 7-based phones to all employees in the 19 countries where the phones are available. The major downside to this, is that if an app doesn't catch on, there is no money in the process for the employees who had taken up their leisure time to help. This possibility has made this incentive less attractive to the employees.

Some seem to think that Microsoft shouldn't be cheering their employees on that are helping with this development. Most companies want their engineers to give their all into their core jobs. Microsoft, though, says that they did this change in policy so developers could work on this project in their spare time, and still have the financial benefit and outcome of the work. The incentive has been part of the pull to get this work done, and so far, 840 applications have been published. It is said that Microsoft's new rules fit the broader rethinking of how large companies manage research. Not only are they rewarding their employees for working in their spare time, but they are also keeping that energy to catch up in the mobile market.

If Microsoft is going to do this in order to further themselves and catch up in the mobile market, it doesn't really matter what other companies think. In my opinion, the other companies are jealous of what Microsoft has thought of to better their company and their products. They obviously need to change things up in order to stay ahead and not fall behind other leading mobile phone companies, in their advancements to win over people's vote on which company is best.

Article: Moonlighting Within Microsoft, in Pursuit of New Apps
by: Anne Eisenberg

http://www.nytimes.com/2011/02/27/business/27novel.html?ref=technology

Monday, February 21, 2011

'kill switch' to save us from cyberattacks? or no 'kill switch'?

Three U.S. Senators have presented a new bill that would limit the authority of the president's request to shut down parts of the Internet during a major cyberattack. The Cybersecurity and Internet Freedom Act, introduced late Thursday, would explicitly deny the president or other U.S. officials "authority to shut down the Internet." One of the senators, Senator Joseph Lieberman, states that it is basically impossible to shut down the Internet in this country. He says that there is no 'kill-switch' in their legislation.

Lieberman, Susan Collins and Tom Carper, the bill's sponsors, introduced a cybersecurity bill that would have defined emergency powers that the president could use, in 2010. In these included shutting down parts of the Internet when there is an ongoing cyberattack on the nation's critical infrastructure. The new legislation has similar language, allowing the president to take emergency action to protect, but the new bill adds to this saying that the president, and any federal cybersecurity officials and government employees do not have the authority to shut down the Internet.

Many, including members of the Senate Homeland Security and Government Affairs Committee, argued that the bill would limit the powers that the president has in the Communications Act in 1934 to shut down wired and radio communications during war time. Although this is true, the bill failed to pass through Congress. Because of this, the new 221 page bill mirrors parts of the 2010 bill. This bill would require owners of critical infrastructure to fix vulnerabilities. It would also establish and create a national center that would focus on preventing and responding to various cyberattacks.

If the president knows that there are major cyberattacks occuring through our Internet stream, why shouldn't he have the power to shut it down? He is elected to serve and protect his people of his country, and if he is doing so, I don't see much of the harm. Sure, it would be inconvenient. But would most people rather be affected by a cyberattack? Who knows the major damange it could cause. Atleast, though, it was considered that the president take action.

Article Name: Bill would prohibit Internet 'kill switch'
by: Grant Gross

http://www.computerworld.com/s/article/9210339/Bill_would_prohibit_Internet_kill_switch_?taxonomyId=17

are you being watched?

Most people think that the only people that could hack into their personal data on their computer or snoop on their Internet activity is someone who is involved in the government, or someone that spends all of their time stuck to a computer and knows the ins and outs of everything involved with computers. What these people don't know is that while you are sitting in a Wi-Fi hot spot, your Internet activity could be being watched by someone who is sitting right next to you. A free program, called Firesheep, was released in October and is allowing anyone to access what other users of an unsecured Wi-Fi network are doing and then allow them to log onto these sites as the other person. Because this happened sparatically, website administrators are scrambling to add additional protections to block out this program.

Eric Butler, creator of Firesheep, says that he created this program to show that a widespread issue in website security is being ignored, and that it points out the lack of end-to-end encryption. Basically, while the password that you enter on password "protected" sites such as Facebook, Twitter, Amazon, eBay, etc is encrypted, the web browser's cookieis often not encrypted. Firesheep gets that cookie and allows these people that have Firesheep to log on and be you on these sites. This program isn't just now coming out to cause problems. It is said that over a million people have downloaded this program and are using it.

The only sites that are protected from this program and from snoopers are those that employ the cryptographic protocol Transport Layer Security or its predecessor, Secure Sockets Layer, throughout your session. Paypal and many banks do this, but there is a shocking number of those who do not. The biggest reason for why all websites won't go along with encrypting all communication is because it will slow down the site and cause a huge engineering expense.

Although it is only available to a small percentage of its users and has its limitations, Facebook has recently offered protection as an opt-in security feature. Although this seems nice, it will eventually block out all major applications on Facebook, making most users not want to accept the protection. Either that or they just won't even know about it. Joe Sullivan, chief security officer at Facebook, says that they hope to have this available to all users in the next couple of weeks.

You may be thinking, "Then I just won't go to free Wi-Fi hotspots. I'm protected at home.". You're wrong. Specific Wi-Fi cracking programs are available that work by faking legitimate user activity to collect a series of clues to get the passwords that you may enter into your computer. It is becoming more and more easier to get the password to your wireless router, making it easier to access other information.

It is pretty rediculous that we can't even be safe in our own homes with our security locked routers and Wi-Fi. You have to basically watch your back now wherever you go, and know the specifics of almost every website that you visit to know that you are fully protected. But, really, how many people really think that they need to do such a thing? Most people are unaware that things of this nature even occur. Why aren't these the top news stories on the 6:00 news?

Article Name: New Hacking Tools Pose Bigger Threats to Wi-Fi Users
by: Kate Murphy

http://www.nytimes.com/2011/02/17/technology/personaltech/17basics.html?_r=1&ref=technology

Tuesday, February 15, 2011

Firefox may be enabling a do-not-track system

Mozilla Corporation is in the process of enabling a do-not-track feature to their Firefox Web browser, but is running into a few problems. This feature would allow users to be able to visit any website without having their activity traced and monitored online. In order to to this, tracking companies need to agree that they will not monitor users who have enabled the do-not-track feature, and so far there have been no agreements publicly from any of these companies. This idea has come from certain growing privacy concerns about the online-tracking industry. Mozilla sees this move as attending to and honoring people's privacy choices.

Until recently, Mozilla, Microsoft Corp. and Google have been in competition focusing on speed and technical features more than privacy tools. However, last month Microsoft had stated that it would revive a powerful privacy feature in its Internet Explorer 9 that would allow internet users to stop certain websites and tracking companies from monitoring their activity. It was also said that Microsoft had done something along the same lines in their Internet Explorer 8. Google has also supposed to be announcing a privacy tool for its Chrome Web browser that will enable users to permanently opt out of ad-targeting. These privacy tools are said to be more difficult and complicated than stated here. It will require steps in deciding which sites to block, and identifying its extent.

Mozilla's privacy tool will not be set by default, but will only require the user to go in their settings and check a box to enable the do-not-track feature. Currently, Mozilla is unsure of when this will be released, but they intend on it being successful.

There are privacy settings in Microsoft's Internet Explorer, and as stated, it is complicated to change the settings for it. If you want to block certain settings, you need to individually identify which websites you wish to block, etc. It gets time consuming, and even though some people may wish to do so, they don't want to take the time to do it. It seems as though Mozilla's solution to this inconvenience would be much easier and less time consuming. All it really needs is the consent from the tracking companies.

Article Name: Firefox Web Tool to Deter Tracking
by: Julia Angwin

http://online.wsj.com/article/SB10001424052748704213404576100441609997236.html

Paying Attention to the "Fine Print"?

Facebook, along with many other social networking sites, have had their fair share of scams. From getting users' personal information to making you believe that the site is shutting down. This, once again, is holding true for many Facebook users. They are coming across a message that is said to be from Mark Zuckerberg, founder of Facebook, stating that the site will shut down and if you are interested in keeping your account, to visit a listed website. This site takes you through the steps of "keeping your account". It makes you allow this application to the user's website. Like the other applications on Facebook, this one will post status messages or other content on the user's Wall. It begins by posting the same message that the user had fell for in the first place.

While this is happening, a completely bogus explanation for why Facebook will be shutting down is presented to the user. It explains that Facebook is becoming way too overpopulated and that there are too many people complaining that the website is becoming too slow. It also says that there are too many Facebook accounts that are not being used, and they are requiring everyone who is active on their account to verify this so that they don't shut down their account. The scam ends by providing a pop-up window of surveys to be completed, and once one is completed it is shown that the user's Facebook is active and will remain active.

Clearly, this is is a scam and the information that has been provided to users on Facebook are false. It is said that for every survey that is completed, to apparently keep your Facebook account, more money is put into these scammers' and hackers' pockets. If you are one of these people who had accepted this application onto your Facebook account, you are advised to delete everything from that application.

There has been word going around, ever since Facebook has been active, that its applications are not all valid. When you "Allow" for an application to access your account, you are sometimes allowing hackers to access your account information...not just to view your page. These things are sometimes easily mistaken for a cool game or a fun application, which is how the hackers grab a user's attention. More people just need to be on the look out for what is trying to really hack into their accounts.

Article Title: "Facebook closing all accounts" scam hits users
by Zeljka Zorz, HNS News Editor
http://www.net-security.org/secworld.php?id=10517

Wednesday, February 9, 2011

Is your facebook safe?

Facebook, one of the largest social networking sites available today, is taking action against a newly created site called Lovely Faces. Lovely Faces is an online dating site that was created as a way to demonstrate how easily data is misused that is placed on different sites, such as Facebook. This dating site features 250,000 profiles of men and women, whose personal information and photos were "scraped" off different social networking sites and used without their permission. Paolo Cirio, an Italian media artist, and Alessandro Ludovico, a media critic and editor in chief of Neural magazine in Italy, are Lovely Faces' creators. These two admitted to using an automated bot program to systematically scrape personal and public information from 1 million Facebook profiles.


Through a different PDF file, provided in the news article, the creators explained their thought process. They thought that, after downloading and scraping all of these different people's profiles, that they had it all figured out. They knew what the people on these networking sites really wanted. They thought that these people were on these networking sites because they wanted to attract new people, begin new relationships, and receive love through their digital traits. Although this may hold to be true, Cirio and Ludovico also came up with the idea that these people were trapped in Facebook's privacy rules and regulations. Their idea of creating Lovely Faces was to give these virtual identities a place to expose themselves freely, and they could break away from Facebook's "constraints and boring social rules."


When the data and information was scraped from the different profiles, it was downloaded into a database and run through a face recognition software program that would group the different individuals in different categories. These categories were based on their facial expressions, such as "easy going", "funny", "mild", and "smug". The two creators stated that Lovely Faces demonstrates how awesome social networks can also be seen as a "goldmine" for identity theft. Facebook states that they have, and will continue, to take legal action against organizations that violate their terms. They say that they have already demanded that Lovely Faces delete the collected data, and they will continue to be on top of this.


It is scary sometimes how easily your personal information can be stolen, but what some people don't understand is that whenever you put something on the internet, whether you intend on it being private, it is public. It isn't hard to hack into someone's account, as shown through Cirio and Ludovico. They basically turned these people into interested men and women, who were looking for a relationship. When in turn, they really weren't. It is interesting how often things like this happen, but disappointing that we need to be more protective of what we let loose online. 



Article Name: Duo scrapes 1M Facebook profiles to create mock 'dating' site

By Jaikumar Vijayan



http://www.computerworld.com/s/article/9208558/Duo_scrapes_1M_Facebook_profiles_to_create_mock_dating_site?taxonomyId=84 http://www.face-to-facebook.net/press/face2facebook_press_release.pdf

Tuesday, February 8, 2011

Your Apps Are Watching You

An article, "Your Apps are Watching You" by Scott Thurm and Yukari Iwatani Kane discusses how privacy on certain Smart Phones, such as the Iphone, are not as strict as you may think. It was found that different Smart phones are spreading personal information about the cell phone owner such as location, age, gender, zip code, the phone's unique ID number, and other sorts of personal information, to different companies without the user's consent. This sort of act is occurring when certain applications on the phone are accessed by the user.

Both Google and Apple back up their privacy content laws by stating that they had created strong privacy protections for their customers, especially for and regarding location based data. An Apple spokesman said, "Privacy and trust are vitally important."The Journal tested different Apps in Apple's Iphone and in Google's Smartphones and found that the most common shared detail was the phone's unique ID number. This ID number is tracked by the carrier and company to monitor what the user is downloading, using, how much time they use the different apps, etc.

Google and Apple seem to think that they have a hold on what their privacy laws control, but it is obvious that there are several ways of getting around these issues. There are certain applications that ask for permission to transmit personal information through the phones, but it can be said different about other applications. Most people are unaware of the fact that their phones are doing this, and that nothing is really being done about it.

http://online.wsj.com/article/SB10001424052748704694004576020083703574602.html