Date: Wed, 12 May 2010 15:49:12 +0530
From: sysman01@mtnl.net.in
Subject: [CCCNews] CCCNews Newsletter - dated 2010 May 12
To: sysman01@mtnl.net.in
May 12, 2010
Editor - Rakesh Goyal (rakesh@sysman.in)
In today's Edition - (This is a news-letter and not a SPAM)
FINALLY : Indian Govt to develop own operating system
BUG : Twitter hit by major disruption
CAUGHT : Ukrainian in biggest credit card con job held in Delhi
PIRACY : BSA Reports $51 Billion Worth of Software Theft in 2009
IT Term of the day
Quote of the day
* Direct Circulation in 4 Google groups (control-computer-crimes@googlegroups.com and IT-Sec-NSE@googlegroups.com) and 2 more groups
--
You received this message because you are subscribed to the Google Groups "control-computer-crimes" group.
To post to this group, send email to control-computer-crimes@googlegroups.com.
To unsubscribe from this group, send email to control-computer-crimes+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/control-computer-crimes?hl=en.
--Forwarded Message Attachment--
IT and Related Security News Update from
Centre for Research and Prevention of Computer Crimes, India
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
May 12, 2010
Today�s edition ��
FINALLY : Indian Govt to develop own operating system
BUG : Twitter hit by major disruption
CAUGHT : Ukrainian in biggest credit card con job held in Delhi
PIRACY : BSA Reports $51 Billion Worth of Software Theft in 2009
(Click on heading above to jump to related item. Click on �Top� to be back here)
FINALLY : Indian Govt to develop own operating system
TNN,
May 10, 2010
NEW DELHI: The government has set in motion an ambitious plan to develop its own software and end the reliance on foreign operating systems and anti-virus products after growing worries over the spurt in cyber attacks on Indian establishments.
The government formed a high-level taskforce in February to devise a plan for building indigenous software, said a senior intelligence official who is a member. The panel will also suggest ways to conduct third-party audits on existing software in government offices to prevent online sabotage attempts until the software�s launch, he said.
The overwhelming belief among government bosses is that an indigenous low-grade, but clean, software could nix the chances of foreign states infiltrating the computers of key Indian establishments and compromising the country�s security. �A sanitised, lower level operating system and application software may be preferred to the advanced versions, which necessarily require access to internet for upgrades,� the official said. The new software could be deployed in key departments that have been under constant cyber attacks. The taskforce also includes officials of the Prime Minister�s Office as well as defence, home and telecom & IT ministries.
The move to constitute the taskforce comes after the defence ministry raised concerns over use of anti-virus products of foreign vendors in the wake of a series of attacks on its systems by China-based hackers.
The technical arm of intelligence agencies too have objected to the use of foreign-made operating systems. Last December, PMO computers were attacked by hackers traced back to China. Similarly, hackers from Pakistan and terrorist organisations too have stepped up attacks on Indian websites in recent years. The taskforce is expected to submit its recommendations by June.
Operating system and anti-virus software makers said their products were completely safe. No company official spoke on record. The government is key customer, and sales to its departments are a big driver of revenues. Even so, some welcomed the move.
�It�s prudent for the government to develop an open source-based operating system on which it has total control. Codes for even anti-virus software and processors are available which can be customised,� said a technical head of a US-based network security giant.
The government�s move shines a light on a major chink in India�s technological armour. Despite home to nearly 10% of the world�s software developer base, the country still lacks an operating system or security product of repute. India is now making a late scramble to join nations that own both hardware and software technology critical for the safe upkeep of their defence, space and nuclear programmes. The government recently sanctioned Rs 50 crore to design an indigenous microprocessor.
The government�s unease with foreign technology and hardware has been on the rise in recent years. Recently, it warned telcos against installation of foreign gear. Last week, junior minister for communications & information technology Sachin Pilot told the Rajya Sabha about several measures the government has taken to detect and prevent cyber attacks.
No sensitive information will be stored on systems connected to the internet, while ministries and departments have been told to carry out regular IT systems audits. The government has also established a Crisis Management Plan against cyber attacks to be implemented by all central ministries, state governments and critical sectors, he said.
Last week, US counter terrorism head in the Clinton and Bush regimes, Richard Clarke, warned nations of an �electronic Pearl Harbour� that can shut down power, transportation, communication and all money from banks and exchanges. He said a massive cyber attack could paralyse the US in 15 minutes.
Taking cue, India is also taking further preventive steps. The defence ministry has already removed many of its computers off the internet. Its officers can�t carry pen drives inside offices. The government has also decided to connect all key government ministries and offices, which number over 5,000, to an alternate exclusive communication network that is being built for the armed forces. This will provide a secure backup during emergencies, or at times when the networks of private telecom operators cannot be used to transmit sensitive information.
State-owned BSNL and MTNL are building the Rs 10,000-crore, 40,000 km alternate-fibre network. The armed forces will shift a bulk of their communication needs to this network, thereby enabling them to vacate huge chunks of radio frequencies or spectrum they occupy for commercial telephony.
Globally, most operating systems and anti-virus software are linked via the internet. This ensures that as soon as security loopholes are found in browsers, operating systems or a product software, companies start installing and updating them online.
But glitches can still occur. Last week, US-based McAfee, the world�s second-largest anti-virus software maker, sent an update that started to recognise a genuine file as fake. This resulted in millions of computers getting shut down by themselves. The errors were rectified later.
BUG : Twitter hit by major disruption
BBC News
10 May 2010
http://news.bbc.co.uk/2/hi/technology/10106166.stm
Twitter has fixed a major bug that saw many users of the service appear to lose all of their followers and friends.
The problem began when a flaw was uncovered that allowed people to force others to "follow" them on the site.
People who typed "accept" followed by a person's Twitter name forced the user to be added to their list of followers.
The hack was quickly passed around the social network with many people using it to force celebrities to follow them.
It could have easily allowed spammers to insert messages into thousands of accounts.
Web flaw
Twitter quickly closed the loophole but was forced to temporarily reset many accounts as it cleaned up the damage. The reset made it look like many users had no followers and were also following no one.
"We identified and resolved a bug that permitted a user to 'force"' other users to follow them," the site said in a blog post.
People were still able to use the service during the disruption.
Twitter allows users to post messages - known as tweets - up to 140 characters long.
People can see what others are writing by choosing to "follow" them. However, unlike many social networks, both parties do not have to reciprocate the friendship.
The new bug allowed many people to force celebrities, such as Lady Gaga, to follow them by simply typing "accept @ladygaga".
This would make it appear that Lady Gaga had chosen to follow them and would also inject a user's tweets into the singer's feeds.
The flaw only worked on the website and not through third-party software used to access the service, such as Tweetdeck.
A Turkish man known as bilo31 originally posted details of the so-called "follow bug".
He explained on a Turkish website that he has little knowledge of computer programming, and had stumbled on the flaw by accident.
He said that he is a fan of a heavy metal band called Accept. When he tweeted "Accept pwnz", he discovered that he was automatically being followed by the user @pwnz.
Twitter has exploded in popularity since 2007, when it was launched, and now has more than 100 million users.
News of the flaw follows the discovery of a recent high-profile security bug at Facebook, another poster child of the social web.
The exploit - now fixed - exploited the site's privacy settings and allowed users to eavesdrop on their friends' live chats and see their pending friend requests.
CAUGHT : Ukrainian in biggest credit card con job held in Delhi
Faizan Haider
India Today
May 12, 2010
Officers from the Federal Bureau of Investigation (FBI) and its Indian counterpart detained a Ukrainian national from the Indira Gandhi International Airport (IGIA) on Monday for his involvement in Net fraud and identity theft.
The man, Sergey V. Storchak, was travelling on a Jetlite flight S2 120 (Goa-Mumbai-Delhi).
He is alleged to have been involved in the theft and sale of more than 40 million credit and debit card numbers.
The US justice department had described it as the largest hacking and identity theft case ever in the country.
A criminal case has been filed against Storchak for conspiracy to traffic in unauthorised access devices.
The FBI, which had issued a look- out circular (LOC) for Storchak, had intimated the Central Bureau of Investigation (CBI) about his presence in Delhi.
"The CBI had wanted to detain Storchak after his arrival in Delhi but allowed the Central Industrial Security Force (CISF) to handle the situation since the IGIA falls under its jurisdiction. The CBI also informed the Delhi Police about it," a Delhi Police officer said.
"While officers from the CBI, FBI and Delhi Police waited at the terminal, a CISF team went to the aircraft and escorted Storchak out. He was handed over to the CBI," the officer added.
Sources said that the FBI cannot arrest Storchak in India and will have to initiate the extradition process.
"Storchak had boarded the flight from Goa at 6.45 pm. The flight was scheduled to reach Delhi at 10.55 pm. His photo had been handed over to the CISF personnel so that they could identify him. His presence was also confirmed by the airline official as his name was there on the passenger list," the Delhi Police officer said.
Sources said 11 people were involved in the fraud and Storchak was one of them.
The US department of justice had charged them with conspiracy, computer intrusion, internet fraud and identity theft.
Three of the accused are US citizens, three from Ukraine, two from China, one from Estonia and one from Belarus. The identity of one person and his place of origin are yet to be established. Only his nickname "Delpiero" is known to the investigators.
Officials said that the accused used to obtain the credit and debit card numbers by 'wardriving' and hacking into the wireless networks of major retailers in the US. Once inside the network, they installed 'sniffer' programmes that would capture card numbers, as well as password and account information. After collecting the data, the accused used to conceal it in encrypted servers that they could control from Eastern Europe and the US. The stolen numbers were 'cashed out' by encoding card numbers on the magnetic strips of blank cards. They then used these cards to withdraw tens of thousands of dollars at a time from the ATMs. In one case, Sergey's fellow countryman Maksym Yastremskiy had allegedly received proceeds $ 11 million.
PIRACY : BSA Reports $51 Billion Worth of Software Theft in 2009
Global software piracy rate rises to 43 percent, stifling innovation and economic growth
11 May 2010
Business Software Alliance
WASHINGTON: The rate of global software piracy climbed to 43 percent in 2009, a two-percentage-point increase from 2008 fueled in large part by expanding PC sales in emerging markets, according to the seventh annual Business Software Alliance/IDC Global Software Piracy Study.
"Software theft exceeded $51 billion in commercial value in 2009. The public and private sectors need to join forces to more effectively combat an epidemic that stifles innovation and impairs economies on a global scale," said BSA President and CEO Robert Holleyman.
A 43-percent piracy rate means that for every $100 worth of legitimate software sold in 2009, an additional $75 worth of unlicensed software also made its way into the market. This underscores the increasing sophistication of pirates and the urgent need for stronger anti-piracy efforts.
"Software theft hurts not just software companies and the IT sector, but also the broader economy at the local, regional and global levels by cutting out service and distribution firms," said John Gantz, chief research officer at IDC. "Lowering software piracy by just 10 percentage points during the next four years would create nearly 500,000 new jobs and pump $140 billion into ailing economies."
In the United States, software piracy remained at 20 percent, the lowest level of software theft of any nation in the world.� However, given the size of the PC market, the commercial value of pirated software in the United States was $8.4 billion in 2009.
IDC, analyzed 182 discrete sets of data from 111 countries around the world to develop the BSA/IDC Global Software Piracy Study. Based on this methodology, BSA and IDC conclude that software piracy has had a profound effect on both consumers and businesses. Additional findings include:
��� =Piracy rates increased in 19 global economies, up from 16 in 2008.�
��� =The factors driving up the global piracy rate include growth in the consumer PC base and in emerging markets -- both segments with high piracy rates:
��������� � Globally, PC shipments to consumers rose 17 percent in 2009, while shipments to businesses, governments and schools dropped 15 percent.
��������� � The PC markets in Brazil, India and China accounted for 86 percent of the growth in PC shipments worldwide.
��� =For every dollar of legitimate software sold, another $3-4 in revenue is created for local firms.
��� =China saw the largest increase in the commercial value of pirated software of any country -- growing $900 million to $7.6 billion.
��� =India, Chile and Canada each saw the greatest improvement in reducing software theft, each achieving a 3 percentage point decline in their piracy rates in 2009.
"Given the economy, 2009 piracy rates are better than we expected. But incremental improvements are not enough. Few if any industries could withstand the theft of $51 billion worth of their products. To foster innovation and maximize the economic impact of the IT industry, governments must act -- particularly those in fast-growing, high-piracy countries," said Holleyman.
New IT Term of the day
cloud computing
A type of computing, comparable to grid computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. The goal of cloud computing is to apply traditional supercomputing, or high-performance computing power, normally used by military and research facilities, to perform tens of trillions of computations per second, in consumer-oriented applications such as financial portfolios or even to deliver personalized information, or power immersive computer games.
To do this, cloud computing networks large groups of servers, usually those with low-cost consumer PC technology, with specialized connections to spread data-processing chores across them. This shared IT infrastructure contains large pools of systems that are linked together.� Often, virtualization techniques are used to maximize the power of cloud computing.
The standards for connecting the computer systems and the software needed to make cloud computing work are not fully defined at present time, leaving many companies to define their own cloud computing technologies.� Systems offered by companies, like IBM's "Blue Cloud" technologies for example, are based on open standards and open source software which link together computers that are used to to deliver Web 2.0 capabilities like mash-ups or mobile commerce.
Cloud computing has started to obtain mass appeal in corporate data centers as it enables the data center to operate like the Internet work through the process of� enabling computing resources to be accessed and shared as virtual resources in a secure and scalable manner.
Liberty has never come from the government. Liberty has always come from the subjects of government. The history of liberty is the history of resistance. The history of liberty is a history of the limitation of governmental power, not the increase of it.
Woodrow Wilson
Note -
- As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
- If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
- If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
- If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
- Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.
The latest auto launches and test drives Drag n' drop
No comments:
Post a Comment