Date: Fri, 4 Jun 2010 17:29:55 +0530
From: sysman01@mtnl.net.in
Subject: [CCCNews] CCCNews Newsletter - dated 2010 June 04
To: sysman01@mtnl.net.in
June 04, 2010
Editor - Rakesh Goyal (rakesh@sysman.in)
In today's Edition - (This is a news-letter and not a SPAM)
PROTEST : German Minister quits Facebook over Privacy
RISK : Bug made 10000 US Military GPS receivers useless for days
UPGRADE : Microsoft to improve Hotmail security
DEAL : US FTC cracks down on spyware seller
IT Term of the day
Quote of the day
* Direct Circulation in 4 Google groups (control-computer-crimes@googlegroups.com and IT-Sec-NSE@googlegroups.com) and 2 more groups
--
You received this message because you are subscribed to the Google Groups "control-computer-crimes" group.
To post to this group, send email to control-computer-crimes@googlegroups.com.
To unsubscribe from this group, send email to control-computer-crimes+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/control-computer-crimes?hl=en.
--Forwarded Message Attachment--
IT and Related Security News Update from
Centre for Research and Prevention of Computer Crimes, India
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
June 04, 2010
Today�s edition ��
PROTEST : German Minister quits Facebook over Privacy
RISK : Bug made 10000 US Military GPS receivers useless for days
UPGRADE : Microsoft to improve Hotmail security
DEAL : US FTC cracks down on spyware seller
(Click on heading above to jump to related item. Click on �Top� to be back here)
PROTEST : German Minister quits Facebook over Privacy
June 4, 2010
Germany's consumer minister said she was deleting her Facebook account in protest at the social network's disregard for privacy.
She made the announcement after meeting with Facebook's policy director Richard Allan and concluding the company was not serious about improving its privacy controls despite giving assurances.
"I will end my membership," Ilse Aigner told a news conference after the talks in Berlin. "First I have to inform all my 'friends' ... but it will happen very soon."
Advertisement: Story continues below
"My talks today with the Facebook executive unfortunately confirmed my scepticism. Many data privacy settings really have been improved, or are being improved, and improvements are due to follow.
"But from today's point of view the improvements at the end of the day are no way near sufficient to protect the users' privacy or to comply with German law."
She said that Germany's data protection agency was examining the settings and that she believed Facebook, which has 400 million users worldwide, could find itself slapped with fines in Europe's most populous country.
Aigner, a member of Chancellor Angela Merkel's conservatives, had already threatened such a move in April in an open letter to Facebook founder Mark Zuckerberg.
That came after Facebook sparked criticism from privacy groups and US and European lawmakers by allowing partner websites to use members' data.
The move was part of efforts by Zuckerberg to turn his massively successful website into a profitable business.
In response, Facebook last Thursday unveiled a redesigned privacy-settings page in a bid to "significantly reduce" the amount of information visible to everyone.
Facebook also said it was giving users more control over how outside applications or websites access information.
But critics say the changes don't go far enough. In particular they want Facebook to make all information private by default and then let people designate what information they wish to share in a so-called "opt-in" model.
At present, users have to opt out if they do not wish others to see information.
"Previously I was a big fan of Facebook and the idea of interacting with friends, acquaintances and colleagues around the world enriches our lives, and will continue to do so in the future," Aigner said.
"But we as users must be able to be in control of our data at any time. It cannot be that our data, that sensitive personal information are made available, passed on and sold without our being asked."
She also accused Facebook of making its privacy settings "deliberately" complicated.
"All in all, checking the data protection settings is not very easy. A tax return is easier to read," she said.
Partly for historical reasons, Germany is particularly sensitive about privacy issues, with campaigners bristling at plans by US internet giant Google to launch its Street View service in Germany later this year.
Using specially equipped vehicles, Street View, already available for cities in the United States, Japan, Australia and in some parts of Europe, allows users to view panoramic still photos at street level.
Officials and campaigners in Germany were concerned that thieves could use pictures of private houses to gain illegal access and that photos of people were being published without their consent.
Google said last month it was halting the collection of Wi-Fi network information for Street View after admitting it inadvertently gathered personal data sent via unsecured systems.
RISK : Bug made 10000 US Military GPS receivers useless for days
Glitch Reveals Military Reliance on GPS Tech
June 01, 2010
Associated Press
http://www.foxnews.com/scitech/2010/06/01/glitch-shows-military-relies-gps/
DENVER -- A problem that rendered as many as 10,000 U.S. military GPS receivers useless for days is a warning to safeguard a system that enemies would love to disrupt, a defense expert says.
The Air Force has not said how many weapons, planes or other systems were affected or whether any were in use in Iraq or Afghanistan. But the problem, blamed on incompatible software, highlights the military's reliance on the Global Positioning System and the need to protect technology that has become essential for protecting troops, tracking vehicles and targeting weapons.
"Everything that moves uses it," said John Pike, director of Globalsecurity.org, which tracks military and homeland security news. "It is so central to the American style of war that you just couldn't leave home without it."
The problem occurred when new software was installed in ground control systems for GPS satellites on Jan. 11, the Air Force said.
Officials said between 8,000 at 10,000 receivers could have been affected, out of more than 800,000 in use across the military.
In a series of e-mails to The Associated Press, the Air Force initially blamed a contractor for defective software in the affected receivers but later said it was a compatibility issue rather than a defect. The Air Force didn't immediately respond to a request for clarification.
The Air Force said it hadn't tested the affected receivers before installing the new software in the ground control system.
One program still in development was interrupted but no weapon systems already in use were grounded as a result of the problem, the Air Force said. The Air Force said some applications with the balky receivers suffered no problems from the temporary GPS loss.
At least 100 U.S. defense systems rely on GPS, including aircraft, ships, armored vehicles, bombs and artillery shells.
Because GPS makes weapons more accurate, the military needs fewer warheads and fewer personnel to take out targets. But a leaner, GPS-dependent military becomes dangerously vulnerable if the technology is knocked out.
The Air Force said it took less than two weeks for the military to identify the cause and begin devising and installing a temporary fix. It did not say how long it took to install the temporary fix everywhere it was needed but said a permanent fix is being distributed.
Civilian receivers use different signals and had no problems.
The Air Force said it's acquiring more test receivers for a broader sample of military and civilian models and developing longer and more thorough tests for military receivers to avoid a repeat of the January problem.
In addition to various GPS guided weapons systems, the Army often issues GPS units to squads of soldiers on patrol in Iraq and Afghanistan. In some cases a team of two or three soldiers is issued a receiver so they can track their location using signals from a constellation of 24 satellites.
Space and Missile Systems Center spokesman Joe Davidson said in an e-mail to The Associated Press that the system is safe from hackers or enemy attack.
"We are extremely confident in the safety and security of the GPS system from enemy attack," he said, noting that control rooms are on secure military bases and communications are heavily encrypted.
"Since GPS' inception, there has never been a breach of GPS," Davidson said. He added that Air Force is developing a new generation of encrypted military receivers for stronger protection.
Iraq tried jamming GPS signals during the 2003 U.S. invasion, but the U.S. took out the jammer with a GPS-guided bomb, Hasik said.
The organizational skills required to jam GPS over a broad area are beyond the reach of groups like the Taliban and most Third World nations, Hasik said.
"The harder you try to mess with it, the more energy you need. And the more energy you use, the easier it is for me to find your jammer," Hasik said.
UPGRADE : Microsoft to improve Hotmail security
02 June 2010
http://www.h-online.com/security/news/item/Microsoft-to-improve-Hotmail-security-1013914.html
Windows Live Hotmail Microsoft has announced that an upcoming version of its online Windows Live Hotmail email service will include a number of new security enhancements. According to Anti-Spam and Anti-Phishing Team General Manager John Scarrow, "Security remains the number one concern of people who use email and a top priority for all Microsoft development efforts, products, and services � Hotmail included."
The new version of Hotmail will include updated account recovery features that will allow users to use a registered mobile phone and "other items" to prove that they own their account. Should a user lose their password or have their account compromised, an account recapture code can be sent to them via SMS and used to regain access to their account. When using public terminals, such as those found in coffee shops and airports, users will be able to request a single-use code that will be delivered to them via an SMS and used in place of their standard password. Scarrow says that the option should help to prevent passwords "from being stolen by key loggers and the like".
Like Google's GMail email service, which is now encrypted via SSL by default, the new Hotmail will support the option to maintain an SSL encrypted connection for a users entire session. Once launched, users will also notice "safety logos" next to messages from trusted senders, such as banks and other common phishing scam targets, which Microsoft recognise to be legitimate � making it easier for users to spot malicious imitators.
More details about the upcoming update to Hotmail, including a short video, are available in a post on the Window Live blog. The new version of Hotmail is expected to roll out later this summer.
More details -
DEAL : US FTC cracks down on spyware seller
By Robert McMillan
IDG News Service
June 2, 2010
http://www.computerworld.com/s/article/9177620/FTC_cracks_down_on_spyware_seller
IDG News Service - The U.S. Federal Trade Commission has reached a settlement with Florida spyware vendor CyberSpy Software, two years after suing the company for selling "100 percent undetectable" keylogging software.
Under the terms of the settlement, announced Wednesday, CyberSpy can keep selling its RemoteSpy spyware but must take new steps to prevent it from being misused or advertised as a tool for spying on someone else's computer.
To prevent its program from being used illegally, CyberSpy must make changes to it to prevent surreptitious installation, and "encrypt data transmitted over the Internet, police their affiliates to ensure they comply with the order, and remove legacy versions of the software from computers," the FTC said in a statement.
The FTC sued CyberSpy in November 2008 in an effort to get it to change its business practices.
CyberSpy used to advertise its product as a tool that let users "secretly and covertly monitor and record PC's without the need of physical access."
Today, it's billed as a tool that lets users spy on their own PCs -- in order to keep tabs on children or employees.
The company previously had provided detailed instructions on how to attach a RemoteSpy executable file to an e-mail message, disguised as a photo or legitimate file attachment, the FTC said.
Today, CyberSpy simply advises users to do a Google search on compressing executable attachments, if they want to send RemoteSpy to their own computer and keep it from being blocked by e-mail filters.
Spyware such as this can be a big headache for system administrators. In March, a surgical assistant named Scott Graham was sentenced to three years probation and ordered to pay US$33,000 in restitution to an Akron, Ohio, hospital, after a spyware program that he'd sent to an employee's Yahoo e-mail address was inadvertently installed on a computer in Akron Children's Hospital's pediatric cardiac surgery department.
The spyware product, called SpyAgent, captured about 1,000 screen shots containing confidential patient information and sent them to Graham, prosecutors said.
New IT Term of the day
digital wallet
(1) Encryption software that works like a physical wallet during electronic commerce transactions. A wallet can hold a user's payment information, a digital certificate to identify the user, and shipping information to speed transactions. The consumer benefits because his or her information is encrypted against piracy and because some wallets will automatically input shipping information at the merchant's site and will give the consumer the option of paying by digital cash or check. Merchants benefit by receiving protection against fraud.� Most wallets reside on the user's PC, but recent versions, called "thin" wallets, are placed on the credit card issuer's server.
(2) Digital Wallet, a registered trademark of Minds@Work, is a self-powered portable hard drive used for storing digital camera images.
Demagogue : one who preaches doctrines he knows to be untrue to men he knows to be idiots.
H.L. Mencken
Note -
- As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
- If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
- If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
- If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
- Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.
Build a bright career through MSN Education Sign up now.
Posts
No comments:
Post a Comment