Military.com: posted CNN video of security companies and new defense mechanisms set to aggressively combat pirates.

Since 2002 auDA have been handling disputes over domain names (brands and individuals who believe they have the right to a domain/URL but are not the registered owner). Whilst some disputes appear to be clear cases of cybersquatting, others are just co-incidental making for an interesting debate.

VS
Above: It’s not always cyber squatting. But if it is, auDA is here to save you*

“GIVE ME BACK MY URL!”
In all about 160 cases are in the system which is not many considering this covers the last seven years. Although it’s a cost effective option (usually between $2000 and $4500 AUD) many companies still use a below the counter/direct approach and simply buy out a domain direct. Having been involved with quite a few of these direct URL ‘transfers’ there are sometimes good reasons to go direct – for instance if you lose the case at auDA, you may end up having to pay a LOT more as a result – so it pays to do your homework first to decide which route will work best.

Some interesting brands in the list below that have used auDAdrp: Facebook, Neilsen, BT, WhitePages, IBM, Telstra, Calvin Klein, Virgin, True Local, Hey Hey it’s Saturday (to name just a few). Current records show that roughly two thirds of cases were won by the complainant.

List of Domain Names that auDA have handled and resolved 2002-2009:

You can do a search here and see who won what and why:
http://www.auda.org.au/audrp/search/

Post by:
~@eunmac

* UPDATE:
Since posting this article I’ve had several people contact me complaining about auDA and its process. One person explained to me that they were told by auDA that their case (their registered business name taken) had been “investigated” and denied even though the domain had not been used in seven years, no trademarks, no business name, noe events etc. This person also claimed to have discovered a direct connection between the board of auDA and the holder of the domain. The following article “auDA a Law unto Themselves” goes into other issues with auDA.

http://www.domainnews.com/en/auda-a-law-unto-themselves.html

Any more stories? Post them in the comments.

New York City, the world’s financial center, prior to Rudy Giuliani becoming the mayor, was the center place where one would be scared of walking at night simply for a short stroll or going through the subway system. The city was the hub and cesspool of all kinds of robberies and personal attacks.

However, when Rudy Giuliani became mayor of the City on January 1, 1994 through December 31, 2001, he filled the streets, on every street corner, with high trained and well paid security officers and cops. He also installed CC cameras on every street corner.

His primary and focus mission was to clean up New York City, and it worked. Even prior to 9-11, New York City became one of the most safest cities in the world, where you could get up any time of the day and walk down the street, without the fear of being worried about some schmuck snatching your wallet or purse, or robbing you at gun or knife point.

Mayor Bloomberg has continued on Rudy Giuliani’s vision, to keep New York City safe, and to date, it has continued that momentum. Today, you can literally walk down the street, and not have to worry about keeping your eyes on your wallet or pulse, and simply worry about seeing all the great excitement stuff around the city.

On the other side, South Africa, obviously not a city but a country, in most of its metropolitan areas, such as Johannesburg, has nearly been the safe haven for all kinds of ruthless pick-pocketing, car hijackings, and at gun point robberies, some of them are usually deadly.

Most people would tell you not to be downtown Johannesburg after 5:00PM, that’s when most offices are closed for business. And that’s when most robberies and car hijacking take place, as they try to catch the rush hours, people going back home and well-uninformed tourists.

Thus, the question is; what can the government of Zuma do to help stop the car hijackings, robberies and attacks on civilians and tourists?

One possible economic cause of these types of acts, it’s because of the high rate of unemployment. South Africa has one of the highest rates of unemployment in the world, at one point years back, the rate of unemployment in South Africa was at about 35%. However, according to the Voice of America, “despite a recent spate of bad economic news, the latest unemployment rate for South Africa has actually declined. The Labor Force Survey reports a drop from 23.2 percent in the third quarter of 2008 to 21.9 percent in the fourth quarter. The improvement is largely due to an increase in construction industry jobs”.

But despite an improvement in unemployment in South Africa, still, the majority of those who are employed still earn less than what they need for buying basic necessities. The GDP per capita in South Africa is $10,100 (CIA World Factbook), and that’s good compare to the rest of Africa.

Then why the rate of robberies and hijacking still high in South Africa? Partly, because the majority of the unemployed are those who didn’t finish their secondary school education during the apartheid era. And, post independence, they found themselves having to compete for low paying jobs, which compare to their uneducated counterparts in America, they refused to work 9 to 5 jobs with low paying salaries. Thus, in the US, the selling of drugs and in South Africa, the life of robberies and hijacking, has become the only way of making a decent living, for the short-term of course, because soon o r later, the culprit either goes to jail for his or her actions or gets killed by the law enforcement officers or co-rivalries.

Giuliani turned around New York City by trusting his law enforcement officers he has placed on every street corner to carry on their mission, to protect and serve, keeping the city safe and secure. On the other hand, in South Africa, with the recent reported bad news of South African Police Officers shooting and killing a two-year old boy, whom they thought was carrying a knife or gun, and their unofficially authorized code of shoot to kill, how can Zuma trust his law enforcement officers to carry out their mission, to serve and protect, but shoot first, and ask questions later?

Another underlying issue; South African Police Officers are low paid government officials, and when they are low paid, they have no motivation or moral authority to work even harder as required, which also puts their safety in danger from those ruthless and merciless criminals.

In America, law enforcement officers (cops) are some of the best paid workers. They have great benefits, and they never have to worry about what to eat at home or where to sleep. Unlike in South Africa, where cops are some of the lowest paid employees.

The first thing that Zuma needs to do is to ask the South African Parliament to vote and pass a bill, authorizing a high increase of wages and salaries plus great benefits for all law enforcement officers, at least doubling their current salary and wages. And then deploy them at full force on every street corner. If they are well paid, then their families are well-kept and fed, and if their families are well fed and kept, then they don’t have to worry about receiving bribes from the robbers and thieves, and for that, they will be more motivated to do their jobs, keeping the streets safe and secure.

With the 2010 World Cup coming to South Africa, certainly strict security measures are being put in place. However, either pre-or-post the 2010 World Cup, South Africa needs to act fast, and make it its highest priority to end these kinds of acts, for the sake of its citizens and most importantly, the unsuspecting tourists from around the world who travel to South Africa, everyday.

Al Jazeera reports that pirates have freed a Spanish ship hijacked six weeks ago in the Indian ocean, allegedly in exchange for 3.5 million dollars.

On a related note: the Nigerian News Service on why nations should not negotiate with hijackers and kidnappers.

*Sorry this is so late, there’s been a lot going on. Tough moment in life; but, here it is. And I’ll even try to have the next chapter up over the weekend to make up for it. (The only promise I can make is Tuesday, though.)

On March 11, 2024, the men and women of the Collective State were turning on blank screened TVs at 7:30. 600,000,000 people, some in cold Siberian Cities, some in hot, Arabian military posts, some in farm collectives too hungry to notice the weather, all of whom – regardless of their time zone – were preparing to hear a tradition in their country. Listening to the broadcasts of the 7:30 Capitol Morning Show was their one connection with a broader world. 

As they switched on their televisions, their radios, huddled around makeshift transceivers, they were greeted with an unexpected voice and an unexpected sentence.

“Man is born free, yet he is everywhere in Chains.”

It is March 11, 2024, the 7:30 AM News Broadcast, and this … is James Matthew Capella XI. 

A rebel army in the Capitol City has seized control of the Collective State Media Building, and has – in essence – declared war upon the State. This video is being broadcast from the Eight Floor of the building, and nearly 600 million people are listening. 

I opened this rather unique broadcast with a quote from Jean Jacques Rousseau, a man who – while his flesh is long gone – has never died in spirit. In his Social Contract, he recognized the slavery of men, the submission of them to the state, the collective, the “General Will” – and attempted to justify them. Very well. This shall be the justification of our program – a program of individualism, human liberty, and independence. 

Some weeks ago I hung a banner above the doors of the Collective State Capitol National High School – a banner which declared that it was hung to Avenge the Death of Avery Boyd. My declaration that Avery Boyd was dead was a complete and unhidden contradiction to the position of the Collective State Government. The Government launched an investigation, and when they discovered it was me, began arresting and executing civilians in an effort to drag me out of hiding. 

Why would they go to such lengths? Why would they reveal the Civilian Terror Containment Squads, so well known to millions across the country, to a place where random massacres are unknown? Why hunt down, like an animal, a 16 year old whose only crime was speaking what he believed to be the truth?

In the final question, you find the answer; the truth. Your government has been lying to you. I will say it again, since it hasn’t been said in much too long – your government is lying to you. They seek to stay in power, but the only way they can is to lie, constantly, ceaselessly, producing a never-ending chain of contradictions and backhanded truths. They have had to blind you to your own nature, to what is right, to who is right, to what has happened and what hasn’t. They’ve nearly destroyed your ability to comprehend a fact on it’s own; and in your desperation, you run to the only group who tells you they understand. The State. 

But what they are telling you is not the truth; they are deliberately designed lies that keep the State in power. The evidence of this masquerade is all around you, yet in your blindness, you haven’t noticed it. I don’t know how effective this will be, but I’m going to point out the matrix of deceptive organizations in government and society. Maybe some of you who hear this will understand. 

Lets start with the building I’m now in; the Collective State Media Organization Capitol Complex. This organization, as I’m sure all of you can guess, is the only media outlet of the country. Every book, video, article, broadcast, or public expression is analyzed under its watchful gaze. This, of course, implies that you are incapable of discerning truth from fact. Instead, other people, who –somehow – can determine the difference, are appointed to determine right and wrong. Now, I won’t go into the contradictions this entails. I will merely point out that, after my banner was hung, they produced no evidence to the contrary. They made passionate and fiery speeches and hysterical declarations that he was alive. They began a brutal crackdown on the entire capitol. But they did not prove me wrong. Why? Because their goal is to destroy truth, not to uphold rightness. 

A few blocks away, there is the Collective State Currency Committee. In that building work several thousands of the top economic minds in the country, the best accounting minds who have escaped the hell of the business world. Their entire proffession is to make sure our material lives look amazing on paper, despite the starving masses in the streets. Every day the prices of our goods rise, and in a terribly poor effort to stop us from noticing, they give us more money. Perhaps it’s just that I’ve read economics, but I’ve always understood that the more money a society has, the less it’s worth. But, of course, it’s not their desire to make us better off. Slavery and oppression cannot achieve that. Destroying the greatest minds of our society by making sure they are under the boot of the “general will,” the “greater good”, or the “common man” cannot make us better off. No. Their goal is to make it so that we don’t understand what is happening; we see it in our starving children and neighbors, we feel it in our empty stomachs, we watch it as our soups become thinner and our bread tastes more and more like sawdust. But because we are not to know, not to understand, our government continues to enslave under the guise of mathematical models and GDP growth. 

Isn’t it ironic that only a few buildings down is the Collective State Military Industry Complex? In order to keep this black bag of deception over the eyes of us all, a mammoth Military force has been assembled to enforce conformity and destroy the practical side of human independence. While the Media, the Economic Dictators, and other agencies have destroyed your ability to be mentally independent, the Military is designed to keep you from being physically independent. The State recognizes that there can be no real breach between your mind and body without total social chaos; so they seek to enslave both. Nontheless, they still try to hide it, if only enough to keep you in fear. Take the “new” Civilian Terror Containment Squads, who have been executing random groups of citizens here in the Capitol since shortly after I was discovered. Many of my listeners in other cities will recognize the name. They have been under their boot. Here, in the Capitol City, this is a relatively new phenomenon. We have been unaware of it. To those who are hearing my in this city, or in cities where the CTCS hasn’t been deployed, listen very carefully. The CTCS – and I’m quoting a COBRA Officer – has been around for 22 years, secretly administering the State’s perverted form of justice, and squashing any rebellion in any city across the country. 

  The list of agencies and their functions could go on. There are beaurau’s for protection, which are responsible for terrorizing you into compliance. There are offices of science which are charged with the supression of industry. There hundreds of beauraucratic offices which keep you enslaved.

Of course, one of the greatest lies that they have perpetrated, almost as great as the story that you are responsible for your neighbor’s life, is the story that there is nothing better. That no matter the state you live in, we live in the greatest place on earth. 

  Listen. Think. Act. You live, you breath, you believe. You are independent. Are you ready to tell yourself that there is nothing better for your mind then to live the life of a slave? That there can be no better state for man than to have others, who know nothing of him, to control every aspect of his life. Are you honestly ready to resign your life because the liars in the government have told you society is at it’s highest stage? I have not seen the outside world; I have not been outside of my city. But I refuse to believe that I cannot build for myself a world better than my protector’s have built for me. And if you be men, if you be even close to the independent, thinking beings you were born as, you will refuse to believe it too.

  If you are still listening to this, that means that the Rebel Army is still in control of the COSMO building. You have a chance, you can fight, you can stand up for the first time in your life and say that you will not take orders, that you will not be coerced, that you will live your own life. We can win, we have a chance. 

This is James Matthew Capella XI. Thank you for listening.”

For dozens of years afterword, it was rumored that the only places in the nation where any noise was being made were in the retreat from the COSMO building and in the anarchy of the Grey Building. Every other person who had seen the speech broadcasted sat silent, not know what to say – or if anything could be said.

Keep your eyes open for anything out of the ordinary.
Try to vary your routine and regular routes.
Beware of false appeals for help and “accidents”.
Never open your vehicle window or door for any stranger.
Avoid driving through high crime or unfamiliar areas.
Avoid driving late at night/early morning when the roads are quiet.
Sitting in a parked car, remain conscious of your surroundings.
Sleeping in a stationery vehicle is particularly dangerous.
Look out for suspicious people/cars when approaching a driveway

Even in a crowd, John Travolta stands out.

(Columbia) Denzel Washington, John Travolta, James Gandolfini, Luis Guzman, John Turturro, Michael Rispoli, Victor Gojcaj, Ramon Rodriguez, Aunjanue Ellis, Gary Basaraba, John Benjamin Hickey, Alex Kaluzhasky. Directed by Tony Scott.

We never know what awaits us when we walk out our front door every morning. Maybe it will be a good day, maybe a bad one. Maybe it will be an extraordinary day.

New York subway dispatcher Walter Garber (Washington) is having a bad day. He’s been demoted from a management position for the New York Transit Authority to dispatching trains because of the suspicion that he took bribes. He has to put up with the abuse from a nasty mid-level manager (Rispoli) and the stress of the upcoming trial hangs over him like a cloud.

A strange voice comes over the microphone for the train Pelham 123 where his buddy, Jerry Pollard (Basaraba) should be. It’s a man calling himself Ryder (Travolta) informing him that he and a group of armed men have taken the train and are demand a $10 million ransom to be delivered in an hour. After that, one passenger will be executed for every minute the ransom is overdue.

The mayor (Gandolfini), a lame duck going through a marital scandal of his own, turns out to be remarkably helpful and tolerant, not at all the way New York mayors have been portrayed onscreen these days. A patient hostage negotiator (Turturro) tries to help, but Ryder and Garber have formed a strange connection. As time ticks down and the city races against the clock to save the hostages, a relationship forms between Ryder and Garber, which will inevitably lead to a showdown that only one will walk away from.

Based on a 1974 movie starring Walter Matthau (as Garber) and Robert Shaw (as Ryder) – itself based on a John Godey novel – Pelham reunites director Scott and Washington, who have also done Crimson Tide, Man on Fire and Déjà vu to name a few. Whereas Matthau was rumpled, cynical and tough, Washington is basically a good-hearted heroic sort who made a mistake and is paying for it. While Shaw was icy and cool, Travolta is loud, angry and not very different from his character in Broken Arrow.

Perhaps it was a mistake, but I watched the 1974 original the night before I saw the remake. Whereas the original was gritty and realistic, the new one is sleek and modern. The 1974 edition had a loud, abrasive jazz score; the 2009 version is more traditionally scored. The first Pelham was low-tech and relied on characterization and tension for its thrills; the second uses digital effects and bigger car crashes to set the tone (although the 1974 version’s iconic car crash was quite elegant).

So is the first version better than this one? I think so, but that doesn’t mean it isn’t worth seeing. They are definitely different movies meant to appeal to different audiences. Some of the twists in the first Pelham were telegraphed whereas I have to admit that wasn’t the case in the new one. Director Scott is a veteran action director and while this isn’t going to be regarded as one of his best, it’s still solid and extremely watchable. The problem I have here is that he often uses stylized camera tricks such as slow-mo helicopter travelling shots, or cameras that spiral around their subjects. It’s annoying and unnecessary. Washington and Travolta are both dependable performers and while you don’t get the sense of their character’s soul as much as you might like, I’d rather see these two in mediocre performances than a lot of other actors at their best.

This is definitely a Hollywood action film, with all that is good and bad about the genre. If you like that sort of thing (and I do), I guarantee you’ll go away entertained. If you prefer thrillers to action movies, you might do better to rent the original than see this. This movie won’t blow you out of the water, but it will accomplish what a lot of movies fail to do – it won’t make you regret plopping down the ten bucks to see it.

WHY RENT THIS: A slick Hollywood action movies with some very nice scenes. Washington and Travolta aren’t at the top of their game, but their game is such that even a sub-par performance by either is worth checking out. Gandolfini makes a great mayor.

WHY RENT SOMETHING ELSE: No new ground is broken in the action movie genre. There is more brawn than brain to this movie. Scott succumbs to “look-ma-I’m-directing” disease.

FAMILY VALUES: Some blue language, a couple of cold-blooded killings but otherwise suitable for older kids..  

TRIVIAL PURSUIT: The first name of Denzel Washington’s character was changed from Zachary to Walter in honor of Walter Matthau, who played the role in the original film.

NOTABLE DVD FEATURES: None listed.

FINAL RATING: 6/10

TOMORROW: Bolt

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

.TM Names Are Now One of the Most Secure on the Internet

Catering to trademarked and brand-conscience corporations serious about their corporate image the .TM Domain Registry has signed with DNSSEC, providing its users with enhanced security against phishing and the malicious community. As a first-of-its-kind for DNSSEC, .TM domain owners can update their DS records in real time.

Click here for more information.

Facebook Phishing Attack Powered by Zeus Botnet, Researchers Say

Asking Facebook users to click on the e-mail provided link to receive their updated password, phishers are using this method as another way to trick users in revealing their usernames and passwords.

Sending the phishing messages at 30,000 per minute as shown researchers the messages are coming from the Zeus botnet.

Click here for more information.

Internet phone systems become the fraudster’s tool

A new angle from cybercriminals include obtaining banking credentials by placing calls FROM the bank. Hackers are breaking into the phone systems of smaller banks because:

• Smaller banks can’t afford the security resources of larger banks.

• People like to bank with smaller local banks.

Hackers will break into phone systems and place calls to customers from the bank’s phone system. Using a prerecorded message regarding suspicious account activity bank customers are asked to respond by inputting their account number and ATM password.

This form of hacking is becoming easier because many of the phone systems are now Internet-based using VoIP.

Click here for more information.

U.K. Proposes To Cut-Off Pirates Internet Connections

The UK looks to curb illegal downloads by disconnecting violators from the internet. Violators would first receive a letter, followed by Internet slowdowns if they persist. If continued violators would face disconnection from the Internet. At this point Britain is looking at France’s 3-Strikes law in that disconnection would occur for a year.

Not mentioned was France’s use of a violator going before a judge to have their day in court before Internet connectivity has been disconnected. ISPs are not in favor of the UK’s move fearing they would have to become the police of the network.

Click here for more information.

Symantec reveals lack of confidence in online retailers

A recent study shows those in the UK have a higher trust in banks protecting their information than other organizations specializing in online retail. The same holds true with Germany in that, while not as confident as the Brits, Germans are more inclined to trust banks with their personal information than they are online-retailers.

Click here for more information.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Net set for ‘language shake-up’

Since 2008 ICANN approved the allowance of names written in non-Latin/ASCII character sets. If approved by the body on October 30 the first applications for Internationalized Domain Names (IDNs) will be accepted by November 16. The first IDNs could therefore be up and running by mid 2010.

Click here for more information.

Mobile Broadband Operators Heading for Capacity Crisis

A recent study states that Internet traffic via mobile Internet devices will rise 25 times by 2012, yet for the same time period revenue for operators is expected to increase by a factor of 2. This illustrates that the cost for providing mobile broadband capacity is still high.

Comment: This illustrates the strong arguments providers are making towards the US’ FCC regarding Net neutrality. Providers are saying Net neutrality is OK for traditional ISP networks, but argue strongly against Net neutrality rules being levied upon wireless networks.

Click here for more information.

Developing countries must boost broadband: UN

Lack of broadband infrastructure means developing countries are missing out on information technology benefits. Missing, or limited broadband infrastructure means loss of the development of offshore companies that may be used to help with the respective country’s economy.

Also lost are advantages people may have with the use of mobile phones. With lower access to broadband people are working to take advantage of what applications can be accessed via cell phones as in Africa the number of mobile subscribers outpaces fixed line subscribers by a factor of 20.

In developed countries people are 200% times more likely to have broadband access than in lesser developed countries. Also, in lesser develop countries broadband can be very expensive. For example, in Africa’s Burkina Faso, Central African Republic and Swaziland, broadband runs $1,300 per month while the monthly charge in Egypt and Tunisia is only $13.

The report came from the UN conference on Trade and Development.

Click here for more information.

Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

Researchers have been studying the vulnerability of Internet accessible devices where default passwords have not been changed and are still in place.

Out of 130,000,000 IP addresses scanned, nearly 300,000 devices had administrative interfaces that could be remotely accessed via the Internet. Of those 300,000 devices 21,000 still used default passwords. Even if default passwords had been changed cyber criminals could still determine passwords through brute force of cracking passwords. With that said, through extrapolation it is believed that 6,000,000 devices on the Internet are vulnerable.

Cybercriminals could access such devices to conduct click fraud, DNS cache poisoning or launch attacks on other systems.

Click here for more information.

500,000 job hunter details exposed in Guardian hack

Hackers launched an attack on The Guardian’s Jobs website and made off with information from 500,000 people who had posted their resumes on the organization’s jobs website. The hack was stopped midway through, but what was exposed on the various resumes or CVs were names, email addresses, cover letters and the resumes themselves.

Click here for more information.

Gift Cards Convenient And Easy To Hack

As with credit and debit cards, gift cards are a form of currency and are thus subject to cybercrime, as noted in recent research.

Cybercriminals can “sniff” the information through a scanner directly in the checkout line and then cloned and used against the retailer’s hacked web-based gift card application.

Cybercriminals can also clone unused gift cards. This occurs by cybercriminals taking unactivated cards, cloning the cards and placing the cards back on the rack for display. Once the card is purchased and activated the cybercriminal has access to the account.

The SQL injection flaw is also another method cybercriminals may use to hack web-based gift card applications to obtain information.

Recommendation is to begin utilizing same encryption standards being studied for the credit and debit card providers and processors.

Click here for more information.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Still No Internet Or SMS Allowed In China’s Muslim Region

Four months after ethnic riots killed 200 people in China’s Muslim region, access to the Internet remains blocked. Important anniversaries were the reason for the continued block, however the last of the important anniversaries is over.

Some companies have had to relocate employees outside the region so they could continue their business of selling products online.

While one marketing manager believes the Internet should come back in about a month, the Chinese government has given little sign as to when restrictions will be lifted, however will do so gradually as the province stabilizes.

Click here for more information.

Zurich Insurance admits big data loss

Personal account details were lost on more than 500,000 customers last year, admits Zurich Insurance. Those, whose information was compromised, were 51,000 people from the UK, 550,000 from South Africa and 40,000 from Botswana.

In August, 2008, the data was backed up on tape and sent to the organization’s South African storage center when the tape was lost.

Click here for more information.

Operation Eagle Claw nets 18 Nigerian spammers

Determined to remove the country from the list of countries producing the most fraudulent e-mails, Nigeria’s Economic and Financial Crimes Commission. “Eagle Claw”, the operation dedicated for cleaning up Nigeria’s cyber image, should be 100% operational within 6 months. To date, however, the operation has identified and shut down 800 fraudulent web sites/e-mail addresses as well as arrested members from 18 syndicates identified with e-mail scams. When running at full operation, and working closely with Microsoft, Eagle Claw should take down fraudulent e-mails at a rate of 5,000 per month.

Click here for more information.

Fed’s Security Spending On A Roll: Over 8 Percent Growth Over Next Five Years

With a 300% increase in attacks on US federal networks and systems over the last 5 years, tightening federal security regulations and President Obama’s emphasis on security, the budget for IT security spending will jump from $7.9 “m”illion to $11.7 “b”illion in 2014.

Click here for more information.

Botnet click fraud at record high

Cyber criminals, wishing to profit from click fraud, are turning to botnets to generate the fraudulent clicks. In the 3rd quarter of 2009 42.6% of fraudulent clicks were generated by computer bots.

The increase in botnet use comes at a time when the overall amount of click fraud has dropped; from 16% in Q3 of 2008 to 14.1% last quarter. This signifies the manual form of click fraud has decreased by even a larger margin, thus pointing to the fact that botnets are playing the larger roll in click fraud.

The two most known botnets, Gumblar and Bahama Botnet, place malware on infected computers that will result in PCs returning altered Google results. In other words, if users click on an ad they are, instead, redirected to a site with little to know content. The revenue generated by clicking on the ad is therefore sent to the owner of the fraudulent site instead of the legitimate presenter of the ad.

Click here for more information.

FCC Approves Net Neutrality Rule Making

In a unanimous vote the five-member, bi-partisan commission, voted in favor of the rule-making process. This does not mean they agree on the “how” and “to what degree” the Internet should be “open and free” versus “regulated”.

This “rule-making” process opens the door for the formal acceptance of comments on Net neutrality. The comment period will close January 14, with March 14 being the date on which reply comments can be accepted.

One of the republicans that make up the five-member commission disagrees that the FCC has the legal authority to regulate network management of the Internet as proposed.

Click here for more information.

Stephen Fray

The fool who decided to hijack a plane at Sangster Airport has been sentenced to 83 years in prison and will probably serve 20, but I feel sorry for him.

It was made clear in the psychology reports and interviews that there was something mentally wrong with him and that before this time, he was a “well mannered child.”

Also he’s now 22 years old and so will be spending the best part of his life behind bars of a not very nice prison.  You gotta feel sorry for the guy as this ruling is more about sending out a message to the tourist community.       Read more on him here.

A session, a lasting connection between a user agent (user browser) and a server application (web application, site, etc) have a very short time life just like a cookie therefore it caries all the information necessary to the application to communicate between all of its parts.

The lasting connection, a true characteristic of a session, is also the reason why is important to take a very careful look at how the session works and how to increase its security.

In order to facilitate things and understanding of session, consider the session as a cookie holds an array and it is stored at the server while the application is being executed (or until your browser closes).

In PHP a session can be either stored in the filesystem or in the database. Either choice of storage has its pros and cons regarding security but in the overall both work in the same way. Consider the previous example: The login form. Once the user connects correctly logs into the application is necessary to keep the username / password or username / logged state so all parts of the application understands that the current user has correctly logged at some point and will keep like that until he decides to logoff.

To correctly construct that scenario the first thing to be done is to set the session. With PHP, unless you specify it, a session will not be started. There are 2 ways to start a session:

1. You open the session on every single script of your application using <?php session_start(); ?>
2. You open it only once, at the application bootstrap, and includes the bootstrap in every step of the application

It might seem that both are the same, therefore the second option is by far more clean and secure.

bootstrap.php

<?php
session_start(); // the session start must be the first thing of every script. If any header or even an echo is done before the session start, it will break
// Adding some security to avoid session fixation attacks
if (!isset($_SESSION['sinit'])) {
session_regenerate_id(); // this will give the session a new identifier and keep the current session information
$_SESSION['sinit'] = true;
}
// the bootstrap file is also a good place to start libraries such as ob_start and to define your constants that will be shared all over the application
// since it’s a full php file, with no HTML coding (or any other coding), there is no need to close the PHP open tag

At the bootstrap the application now have the session instantiated and also have a small security that checks if the sinit (session initiated) session variable has already being set and otherwise it will regenerate the session identifier keeping the previous data. This will help your application to prevent from the most usual Session Fixation attacks.

The bootstrap is prepared and the next step is to include the bootstrap on the login script. The bootstrap will add the initiated session on the login script and the application will be able to use the session to hold the login information from the user, so it can be used in other parts of the application.

login.php

<?php
include_once(‘bootstrap.php’); // getting the instantiated session and variables

if (isset($_POST['doIt'])) {

// initiating the session variables that will hold the logged user information
$_SESSION['username'] = null;
$_SESSION['logged'] = false;

$username = $_POST['username'];
$password = (int) $_POST['password']; // casting the password so it can be converted to a integer since everything on a post variable is, at first, a string

if ( (!empty($username) && is_string($username) && $username === ‘myUsername’)
(!empty($password) && is_numeric($password) && $password === 123456789)) {
// for now let’s use a hardcoded username and a hardcoded password just to exemplify the process
// the username and password is correct and the user is correctly logged on. Now is necessary to tell the remaining parts of the application.

$_SESSION['username'] = $username;
$_SESSION['logged'] = true;

header(‘location: userProfile.php’);
}
?>
<html> ….

With the code snipped above the application now holds the information that the user myUsername is now logged and there is no more need to requested for the user to login or force his logout.

This code would not make much sense if we don’t use it in other parts of the system. Let’s add on this little application 2 more sections, the user profile and a logout page to clean the session.

userProfile.php

<?php
include_once(‘bootstrap.php’);

if (!isset($_SESSION['username']) || !isset($_SESSION['logged']) || !$_SESSION['logged']) {
// checking if the user is logged, otherwise, redirect to logout
header(‘location:logout.php’);
}
?>
<html>
<head>
<title> User Profile </title>
</head>
<body>
<h3>Welcome to your profile page, <?php echo $_SESSION['username']; ?></h3>
<fieldset>
<legend>Action Menu </legend>
<dl>
<dt> Edit your profile </dt>
<dt> <a href=”logout.php”>Logout</a> </dt>
</dl>
</fieldset>
</body>
</html>

At the user profile the application checks the session to see if the user is correctly logged and otherwise redirects the user-to-be to the logout page that will clean the session and redirects him to the login page. At the user profile page the application makes use of the information in hands and uses to interact with the user (in blue). When the page is displayed it will show:

Welcome to your profile page, myUsername

Bellow the message it will show the user some action options for editing his profile information and loggout of the application.

To finish up, let’s clean the session once the user is ready to logout.

logout.php

<?php
include_once(‘bootstrap.php’);
// cleaning the session variables
$_SESSION = array();

if (isset($_COOKIE[session_name()])) {
// to guarantee that the previous session will not be hijacked, destroy the cookie that held the session name
setcookie(session_name(), ”, time() – 42000, ‘/’);
}

// finally destroy the session
session_destroy();

header(‘location: index.php’);

This will fully clean up the session and redirect the user to the first page of the application. It seems a simple set of scripts all over but this will fully exemplify how the session should be handled through the application.

The basics still being, for every session instantiated it must have a session destroy and clean up part. Managing variables, creating, destroying, adding values and updating, works in the same way as an array, but in this case the array is handled by the system and it has its own name $_SESSION.

The series is getting close to the end and soon enough everything will be set together. Keep learning and playing with the session and check this 2 articles from Chris Shiflett blog. It shows very well how session and security should be walking side by side.

1. Session Fixation
2. Session Hijacking

Have fun.

CNN
…Although he is only 18, Colton Harris-Moore has been on authorities’ radar for years. “Colt,” as he is called, was first arrested for burglary at age 12, said Detective Ed Wallace, a spokesman for the Island County Sheriff’s Office. The break-in at a local school earned Colton a few weeks in a juvenile facility, Wallace said.

Local media reports tally nine arrests for Harris-Moore before the age of 15. Now police in five counties in Washington state are looking for him.

Harris-Moore dropped out of high school and, according to Wallace, police believe he spent his teens burglarizing unoccupied homes on Camano Island, a vacation community of about 15,000 people off the Washington state coast. He became known as “the Barefoot Burglar,” because, investigators say, he preferred to prowl shoeless.

Gradually, Wallace alleges, Harris-Moore moved onto more sophisticated crimes.

“He will typically break into a home or vehicle and copy down the credit card numbers,” Wallace said. “He then leaves the credit cards behind so people don’t realize they have been stolen.”

This kid’s messed up yo!

Source: http://ecmtechnicalsupport.wordpress.com/2009/06/19/public-access-to-records-in-oracle-ucm-can-make-web-sites-vulnerable/

Public Access to Records in Oracle UCM Can Make Web Sites Vulnerable

I was recently surprised to find a lot of companies running Oracle UCM systems that were exposed in a way that someone could hijack the website. We were looking for documents related to generic properties forms on the internet and quickly found 4 large government and corporate companies with systems left wide open with material relating to their websites. We logged on as a guest user and we could have deleted the web content or checked out the content and checked in new content giving us control of what is on their websites. I was able to get the emails of the contributors from the system and emailed them to let them know that they need to lock down their site. It was interesting that I never got a response from any of the people and that the web sites are still exposed. When mixing critical business content and public access you can’t take security and rights issues lightly. In this case, a simple checkbox can make the difference between fast access to important ECM records and becoming a victim of HTML theft.

Source: http://ecmtechnicalsupport.wordpress.com/2009/06/19/public-access-to-records-in-oracle-ucm-can-make-web-sites-vulnerable/

Public Access to Records in Oracle UCM Can Make Web Sites Vulnerable

I was recently surprised to find a lot of companies running Oracle UCM systems that were exposed in a way that someone could hijack the website. We were looking for documents related to generic properties forms on the internet and quickly found 4 large government and corporate companies with systems left wide open with material relating to their websites. We logged on as a guest user and we could have deleted the web content or checked out the content and checked in new content giving us control of what is on their websites. I was able to get the emails of the contributors from the system and emailed them to let them know that they need to lock down their site. It was interesting that I never got a response from any of the people and that the web sites are still exposed. When mixing critical business content and public access you can’t take security and rights issues lightly. In this case, a simple checkbox can make the difference between fast access to important ECM records and becoming a victim of HTML theft.

I haven’t updated in a while, but I sure have saved up a lot of links! Here’s a whole batch of wrongness all over the world – and all of it done in the name of god.

• 12-Year-Old Girl Dies While Giving Birth In Yemen
• Sudan Court Fines Woman for Wearing Trousers
• Israel OKs hundreds of new West Bank apartments
• Preacher used juice cans to hijack Mexican jet
• Iraq’s New Surge: Gay Killings
• Serbian gay parade is called off
• Carrie Prejean to Values Voter Summit: ‘God chose me’ with the gay-marriage question

Any of these stories speak to you? Please comment.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Up to 9 Percent of Machines In An Enterprise Are Bot-Infected

Bot infections are on the increase in enterprise networks. Smaller than the traditional BotNets, these smaller botnets (nearly 60% of the 600 botnets studied in a recent survey) have only a handful to a few hundred bots that make up the botnet. Only 5% of the bots found on enterprise networks were tied to the large botnets, such as Zeus/ZDbot and Koobface.

Bot growth within enterprise networks grew 5%-7% last year and is in the range of 7%-9% this year.

Analysis shows the smaller botnets are more focused in their attacks. They are also more “aware” of the network on which they reside, receiving commands to navigate network shares, retrieve files and access databases. The information retrieved is later up for sale on the cybercriminal market.

To help avoid detection, such botnets utilize different pieces of malware. Damballa, one of the larger botnets, consisted of 50,000 machines, yet operated on just less than 100,000 different forms of malware. Even the smaller botnets use hundreds of different malware pieces.

Click here for more information.

Malware torrent delivered over Google, Yahoo! Ad services

Cyber criminals were able to slip malicious banner ads onto ad syndication services operated by Google, Yahoo and ValueClick. Users, clicking on the malware-laced ads, found their computers infected with a Trojan. After three days the malicious ads ended when the website disappeared.

Click here for more information.

Pill spam: The hard figures

At the heart of the Canadian pharmacy spam engine is the Russian affiliate of spam and malware known as “partnerka”, boasting 124,000 Canadian pharmacy websites where takers of the spam e-mail can purchase their pills. Of the “partnerka”, GalvMed powers the Canadian Pharmacy websites. GalvMed’s sister organization, SpamIT, is allegedly the behind the Storm, Waleded and Conficker botnets.

With an average order of $200 and a commission fee as high at 40%, 20 drug purchases per day can yield $1,600 in commissions per day.

Click here for more information.

UK Music Artists Agree Softer Policy to Tackle Illegal ISP File Sharers

In the wake of “3-Strikes” laws either passing or being defeated, UK music artist agree with a 3-strikes law with a twist. Instead of disconnecting a user from the net, who has already received two warnings to stop their downloading of illegal music of videos, or sending them before a judge to pass judgment on whether they are to keep their Internet connection as well as pay fines, this group of UK artists have agreed to restrict bandwidth instead of completely disconnect the user. Under this proposal bandwidth would be restricted to the point where the downloading of music or videos would no longer work, but they could still access websites and use e-mail.

Click here for more information.

Spuds and Spam: Idaho No. 1 Most Spammed State

While this story talks about the most, and least spammed states in the US, the interesting statistic is on a global basis, 4 and 6 million bots worldwide produce the majority of the globe’s spam. Such botnets serve-up over 87% of all unsolicited e-mail, which roughly equates to 151 billion spam e-mails per day.

Click here for more information.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Phishing worm spreads across Twitter

A new phishing scam is spreading across Twitter via messages. The message includes a link to a video clip. People, clicking on the link will be taken to a counterfeit Twitter page asking to user to re-login, thus the user handing over their Twitter credentials. Hackers are interested in acquiring Twitter credentials because people tend to reuse their passwords for different accounts.

Click here for more information.

Google Exec Calls For ISPs to Get Tough on Botnets

Citing the AISI (Australia Internet Security Initiative) whereby the government will be asking its ISPs to provide minimum customer security levels through offered assistance and working to identify and isolate infected computers on their respective networks, this executive says ISPs need to step up as they are in the best position for detecting computer infection.

While such efforts will require increased support staff and detection technology, there is no monetary incentive to help with the identification and notification of infected computers. Until there is incentive ISPs will view profits over Internet safety. Hackers know this and are capitalizing on this fact by creating and spreading more malware.

Click here for more information.

Couple’s Lawsuit Against Bank Over Breach to Move Forward

A couple who lost $26,000 due to their username and password being stolen from their bank by a hacker has launched a lawsuit against their bank. Unlike credit card companies who have to notify customers if their information were breached, regulations are apparently different. The bank claims the money had already been wired outside of their control before the couple notified the bank of their missing funds.

Click here for more information.

New cyber-security research centre opens in Belfast

The Centre for Secure Information Technologies (CSIT) is a new £30m government and industry-sponsored organization based in Belfast. The CSIT will focus on embedded security tech for next-generation IT equipment as well as real-time analysis of CCTV footage for “criminal activity”.

Click here for more information.

Cybersecurity Today: The Wild, Wild West

When a new computer is connected to the Net for the first time it is not uncommon for the computer to receive its first probe from a hacker in about 4 hours. Within a week a rootkit had been installed on its hard drive. Within two weeks the computer was part of

Because the US is so dependent on the internet the US networks have become the target of choice. On July 4, 2009, 170,000 computers in 74 countries were part of a botnet. The botnet was used to attack government websites in South Korea and the US with a Distributed Denial of Service (DDoS) attack.

Click here for more information.

Net Neutrality Opposed by State Legislators

News Bits reported earlier this week that republicans in the US Congress have introduced a bill that, if passed, would prohibit the FCC being able to make suggestions policy. This would preclude the FCC from enacting suggestions for Net neutrality from becoming formal.

To continue this effort, a group made up of republicans from various legislatures at the state level are coming out against the FCC chairman’s efforts towards Net neutrality citing that an open Internet is best guaranteed by market competition.

Click here for more information.

The exploding Internet, 2008

For those who appreciate graphical layouts, the following provides a graphic regarding Internet usage by country with the largest number of users.

China, with 253,000,000 users makes up 17% of the world’s users. This also represents 29% of the Chinese population that currently who use the Internet.

The US, with 220,000,000 users makes up 15% of the world’s users. This also represents 72.5% of the US population that currently who use the Internet.

Japan, with 94,000,000 users makes up 6.4% of the world’s users. This also represents 74% of Japan’s population that currently who use the Internet.

Brazil, with 67,500,000 users makes up 3.4% of the world’s users. This also represents 26% of the Brazilian population currently who use the Internet.

India, with 60,000,000 users makes up 5.2% of the world’s users. This also represents 4% of the Indian population currently who use the Internet.

Germany, with 52,500,000 users makes up 3.6% of the world’s users. This also represents 64% of the German population currently who use the Internet.

The UK, with 43,200,000 users makes up 2.9% of the world’s users. This also represents 69% of the UK population currently who use the Internet.

E-commerce spending worldwide equaled $6.8 trillion dollars, representing approximately 15% of the global GDP.

Click here for more information.

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Scaling the Root

An independent, third party organization was selected to analyze the impact of scaling the root in order to meet future needs currently on the horizon.

Currently the root zone is relatively small and changes slowly. This is expected to change with the support of DNSSEC, the addition of IDNs, support for IPv6 and the addition of new TLDs.

As a result of the study it is found DNSSEC will have the largest impact to the root zone and is suggested that DNSSEC be added prior to the addition of IDNs, IPv6 and new TLDs. While the addition of new TLDs will have an increased entry of 1 per new TLD, the implementation of DNSSEC results in a increase of the root zone data by 4.

Another way of looking at impact of changes is:

• New TLDs and IDNs will increase the number of TLD entries in the root zone.

• New TLDs, DNSSEC, IPv6 and IDNs will, in their own right, will increase the size of the root file.

• DNSSEC, IDNs and IPv6 will increase the amount of data required for each TLD.

• DNSSEC and IPv6 will increase the number of variables per TLD.

• DNSSEC and IPv6 will increase the number of changes per TLD per year.

Click here for more information.

Security Just Got A Lot More Complicated

Remaining undiscovered for more than a year, security researchers stumbled across an new form of malicious software. Known as Induc, this innovative piece of malware performs its nasty business through the use of a compiler. Induc infects compiled code while leaving a program’s source code alone. So while the source code looks fine the malware resides in the unreadable compiled code. Induc currently operates upon Delphi, versions 4.0 to 7.0. What makes this harmful is the malicious code can reside in complied code that has been digitally signed since the source code has remained untouched.

Click here for more information.

Facebook app flaws create Trojan download risk

A Romanian hacker has discovered Facebook applications that have cross-site scripting vulnerabilities. Five applications developed by Newscloud have been discovered to have the vulnerability. At this point access to the five applications have been blocked by Newscloud.

Click here for more information.

FCC chairman proposes Net neutrality rules

Net neutrality is, “…not about government regulation of the Internet. It’s about fair rules of the road for companies that control access to the Internet” says FCC Chairman, Julius Genachowski.

October is the expected timeframe for when an FCC panel will vote on adopting general guidelines into official commission rules.

The six principles that may be turned into official commission rules are:

1. “Accessing content. The first rule states that consumers should not be limited in the content they choose to view online, as long as it’s legal.”
2. “Using applications. Internet users should be able to run any application they want as long as they don’t exceed service plan limitations or harm the provider’s network. ”
3. “Attaching personal devices. Consumers should be permitted to connect products they buy to their Internet connection, as long as the devices operate within the service plan and do not harm the network or enable theft of service. ”
4. “Obtaining service plan information. Customers should be able to easily review their options when buying Internet service plans and learn about how those plans protect against spyware and other invasions of privacy. ”
5. “New rule: Non-discrimination. Internet providers would be prohibited from selectively blocking or slowing Web content or applications. ”
6. “New rule: Transparency. Providers would be required to make their network management practices clear and available to consumers. ”

Click here for more information.

Tech Insight: How To Make Business Partner Security Work

In a study of 500 data breaches over the last 4 years, 57% involved partner networks used by an external attacker. Understanding what data partners need to have access to and at what times can allow access to be tightened, thus mitigating damage due to data breaches.

Click here for more information.