Kebutuhan akan teknologi Jaringan Komputer semakin meningkat. Selain sebagai media penyedia informasi, melalui Internet pula kegiatan komunitas komersial menjadi bagian terbesar, dan terpesat pertumbuhannya serta menembus berbagai batas negara. Bahkan melalui jaringan ini kegiatan pasar di dunia bisa diketahui selama 24 jam. Melalui dunia internet atau disebut juga cyberspace, apapun dapat dilakukan. Segi positif dari dunia maya ini tentu saja menambah trend perkembangan teknologi dunia dengan segala bentuk kreatifitas manusia. Namun dampak negatif pun tidak bisa dihindari. Tatkala pornografi marak di media Internet, masyarakat pun tak bisa berbuat banyak.

Seiring dengan perkembangan teknologi Internet, menyebabkan munculnya kejahatan yang disebut dengan “CyberCrime” atau kejahatan melalui jaringan Internet. Munculnya beberapa kasus “CyberCrime” di Indonesia, seperti pencurian kartu kredit, hacking beberapa situs, menyadap transmisi data orang lain, misalnya email, dan memanipulasi data dengan cara menyiapkan perintah yang tidak dikehendaki ke dalam programmer komputer. Sehingga dalam kejahatan komputer dimungkinkan adanya delik formil dan delik materil. Delik formil adalah perbuatan seseorang yang memasuki komputer orang lain tanpa ijin, sedangkan delik materil adalah perbuatan yang menimbulkan akibat kerugian bagi orang lain. Adanya CyberCrime telah menjadi ancaman stabilitas, sehingga pemerintah sulit mengimbangi teknik kejahatan yang dilakukan dengan teknologi komputer, khususnya jaringan internet dan intranet.

Pengertian Cybercrime

Cybercrime merupakan bentuk-bentuk kejahatan yang timbul karena pemanfaatan teknologi internet. Beberapa pendapat mengindentikkan cybercrime dengan computer crime. The U.S. Department of Justice memberikan pengertien computer crime sebagai:

“…any illegal act requiring knowledge of computer technology for its perpetration, investigation, or prosecution”.

(www.usdoj.gov/criminal/cybercrimes)

Pengertian tersebut identik dengan yang diberikan Organization of European Community Development, yang mendefinisikan computer crime sebagai:

“any illegal, unehtical or unauthorized behavior relating to the automatic processing and/or the transmission of data”.

Adapun Andi Hamzah (1989) dalam tulisannya “Aspek-aspek Pidana di Bidang komputer”, mengartikan kejahatan komputer sebagai:

”Kejahatan di bidang komputer secara umum dapat diartikan sebagai penggunaan komputer secara illegal”.

Dari beberapa pengertian di atas, secara ringkas dapat dikatakan bahwa cybercrime dapat didefinisikan sebagai perbuatan melawan hukum yang dilakukan dengan menggunakan internet yang berbasis pada kecanggihan teknologi komputer dan telekomunikasi.

Karakteristik Cybercrime

Selama ini dalam kejahatan konvensional, dikenal adanya dua jenis kejahatan sebagai berikut:

a.                  Kejahatan kerah biru (blue collar crime)

Kejahatan ini merupakan jenis kejahatan atau tindak kriminal yang dilakukan secara konvensional seperti misalnya perampokkan, pencurian, pembunuhan dan lain-lain.

b.                  Kejahatan kerah putih (white collar crime)

Kejahatan jenis ini terbagi dalam empat kelompok kejahatan, yakni kejahatan korporasi, kejahatan birokrat, malpraktek, dan kejahatan individu.

Cybercrime sendiri sebagai kejahatan yang muncul sebagai akibat adanya komunitas dunia maya di internet, memiliki karakteristik tersendiri yang berbeda dengan kedua model di atas. Karakteristik unik dari kejahatan di dunia maya tersebut antara lain menyangkut lima hal berikut:

1. Ruang lingkup kejahatan
2. Sifat kejahatan
3. Pelaku kejahatan
4. Modus Kejahatan
5. Jenis kerugian yang ditimbulkan

Jenis Cybercrime

Berdasarkan jenis aktifitas yang dilakukannya, cybercrime dapat digolongkan menjadi beberapa jenis sebagai berikut:

a.                  Unauthorized Access

Merupakan kejahatan yang terjadi ketika seseorang memasuki atau menyusup ke dalam suatu sistem jaringan komputer secara tidak sah, tanpa izin, atau tanpa sepengetahuan dari pemilik sistem jaringan komputer yang dimasukinya. Probing dan port merupakan contoh kejahatan ini.

b.                  Illegal Contents

Merupakan kejahatn yang dilakukan dengan memasukkan data atau informasi ke internet tentang suatu hal yang tidak benar, tidak etis, dan dapat dianggap melanggar hukum atau menggangu ketertiban umum, contohnya adalah penyebaran pornografi.

c.                   Penyebaran virus secara sengaja

Penyebaran virus pada umumnya dilakukan dengan menggunakan email. Sering kali orang yang sistem emailnya terkena virus tidak menyadari hal ini. Virus ini kemudian dikirimkan ke tempat lain melalui emailnya.

d.                  Data Forgery

Kejahatan jenis ini dilakukan dengan tujuan memalsukan data pada dokumen-dokumen penting yang ada di internet. Dokumen-dokumen ini biasanya dimiliki oleh institusi atau lembaga yang memiliki situs berbasis web database.

e.                   Cyber Espionage, Sabotage, and Extortion

Cyber Espionage merupakan kejahatan yang memanfaatkan jaringan internet untuk melakukan kegiatan mata-mata terhadap pihak lain, dengan memasuki sistem jaringan komputer pihak sasaran. Sabotage and Extortion merupakan jenis kejahatan yang dilakukan dengan membuat gangguan, perusakan atau penghancuran terhadap suatu data, program komputer atau sistem jaringan komputer yang terhubung dengan internet.

f.                   Cyberstalking

Kejahatan jenis ini dilakukan untuk mengganggu atau melecehkan seseorang dengan memanfaatkan komputer, misalnya menggunakan e-mail dan dilakukan berulang-ulang. Kejahatan tersebut menyerupai teror yang ditujukan kepada seseorang dengan memanfaatkan media internet. Hal itu bisa terjadi karena kemudahan dalam membuat email dengan alamat tertentu tanpa harus menyertakan identitas diri yang sebenarnya.

g.                  Carding

Carding merupakan kejahatan yang dilakukan untuk mencuri nomor kartu kredit milik orang lain dan digunakan dalam transaksi perdagangan di internet.

h.                  Hacking dan Cracker

Istilah hacker biasanya mengacu pada seseorang yang punya minat besar untuk mempelajari sistem komputer secara detail dan bagaimana meningkatkan kapabilitasnya. Adapun mereka yang sering melakukan aksi-aksi perusakan di internet lazimnya disebut cracker. Boleh dibilang cracker ini sebenarnya adalah hacker yang yang memanfaatkan kemampuannya untuk hal-hal yang negatif. Aktivitas cracking di internet memiliki lingkup yang sangat luas, mulai dari pembajakan account milik orang lain, pembajakan situs web, probing, menyebarkan virus, hingga pelumpuhan target sasaran. Tindakan yang terakhir disebut sebagai DoS (Denial Of Service). Dos attack merupakan serangan yang bertujuan melumpuhkan target (hang, crash) sehingga tidak dapat memberikan layanan.

i.                    Cybersquatting and Typosquatting

Cybersquatting merupakan kejahatan yang dilakukan dengan mendaftarkan domain nama perusahaan orang lain dan kemudian berusaha menjualnya kepada perusahaan tersebut dengan harga yang lebih mahal. Adapun typosquatting adalah kejahatan dengan membuat domain plesetan yaitu domain yang mirip dengan nama domain orang lain. Nama tersebut merupakan nama domain saingan perusahaan.

j.                    Hijacking

Hijacking merupakan kejahatan melakukan pembajakan hasil karya orang lain. Yang paling sering terjadi adalah Software Piracy (pembajakan perangkat lunak).

k.                  Cyber Terorism

Suatu tindakan cybercrime termasuk cyber terorism jika mengancam pemerintah atau warganegara, termasuk cracking ke situs pemerintah atau militer. Beberapa contoh kasus Cyber Terorism sebagai berikut :

• Ramzi Yousef, dalang penyerangan pertama ke gedung WTC, diketahui menyimpan detail serangan dalam file yang di enkripsi di laptopnya.
• Osama Bin Laden diketahui menggunakan steganography untuk komunikasi jaringannya.
• Suatu website yang dinamai Club Hacker Muslim diketahui menuliskan daftar tip untuk melakukan hacking ke Pentagon.
• Seorang hacker yang menyebut dirinya sebagai DoktorNuker diketahui telah kurang lebih lima tahun melakukan defacing atau mengubah isi halaman web dengan propaganda anti-American, anti-Israel dan pro-Bin Laden.

Berdasarkan Motif Kegiatan

Berdasarkan motif kegiatan yang dilakukannya, cybercrime dapat digolongkan menjadi dua jenis sebagai berikut :

a.   Cybercrime sebagai tindakan murni kriminal

Kejahatan yang murni merupakan tindak kriminal merupakan kejahatan yang dilakukan karena motif kriminalitas. Kejahatan jenis ini biasanya menggunakan internet hanya sebagai sarana kejahatan. Contoh kejahatan semacam ini adalah Carding, yaitu pencurian nomor kartu kredit milik orang lain untuk digunakan dalam transaksi perdagangan di internet. Juga pemanfaatan media internet (webserver, mailing list) untuk menyebarkan material bajakan. Pengirim e-mail anonim yang berisi promosi (spamming) juga dapat dimasukkan dalam contoh kejahatan yang menggunakan internet sebagai sarana. Di beberapa negara maju, pelaku spamming dapat dituntut dengan tuduhan pelanggaran privasi.

b.   Cybercrime sebagai kejahatan ”abu-abu”

Pada jenis kejahatan di internet yang masuk dalam wilayah ”abu-abu”, cukup sulit menentukan apakah itu merupakan tindak kriminal atau bukan mengingat motif kegiatannya terkadang bukan untuk kejahatan. Salah satu contohnya adalah probing atau portscanning. Ini adalah sebutan untuk semacam tindakan pengintaian terhadap sistem milik orang lain dengan mengumpulkan informasi sebanyak-banyaknya dari sistem yang diintai, termasuk sistem operasi yang digunakan, port-port yang ada, baik yang terbuka maupun tertutup, dan sebagainya.

Berdasarkan Sasaran Kejahatan

Sedangkan berdasarkan sasaran kejahatan, cybercrime dapat dikelompokkan menjadi beberapa kategori seperti berikut ini :

1. a.             Cybercrime yang menyerang individu (Against Person)

Jenis kejahatan ini, sasaran serangannya ditujukan kepada perorangan atau individu yang memiliki sifat atau kriteria tertentu sesuai tujuan penyerangan tersebut. Beberapa contoh kejahatan ini antara lain :

• Pornografi

Kegiatan yang dilakukan dengan membuat, memasang, mendistribusikan, dan menyebarkan material yang berbau pornografi, cabul, serta mengekspos hal-hal yang tidak pantas.

• Cyberstalking

Kegiatan yang dilakukan untuk mengganggu atau melecehkan seseorang dengan memanfaatkan komputer, misalnya dengan menggunakan e-mail yang dilakukan secara berulang-ulang seperti halnya teror di dunia cyber. Gangguan tersebut bisa saja berbau seksual, religius, dan lain sebagainya.

• Cyber-Tresspass

Kegiatan yang dilakukan melanggar area privasi orang lain seperti misalnya Web Hacking. Breaking ke PC, Probing, Port Scanning dan lain sebagainya.

1. b.             Cybercrime menyerang hak milik (Againts Property)

Cybercrime yang dilakukan untuk menggangu atau menyerang hak milik orang lain. Beberapa contoh kejahatan jenis ini misalnya pengaksesan komputer secara tidak sah melalui dunia cyber, pemilikan informasi elektronik secara tidak sah/pencurian informasi, carding, cybersquating, hijacking, data forgery dan segala kegiatan yang bersifat merugikan hak milik orang lain.

1. c.              Cybercrime menyerang pemerintah (Againts Government)

Cybercrime Againts Government dilakukan dengan tujuan khusus penyerangan terhadap pemerintah. Kegiatan tersebut misalnya cyber terorism sebagai tindakan yang mengancam pemerintah termasuk juga cracking ke situs resmi pemerintah atau situs militer.

Penanggulangan Cybercrime

Aktivitas pokok dari cybercrime adalah penyerangan terhadap content, computer system dan communication system milik orang lain atau umum di dalam cyberspace. Fenomena cybercrime memang harus diwaspadai karena kejahatan ini agak berbeda dengan kejahatan lain pada umumnya. Cybercrime dapat dilakukan tanpa mengenal batas teritorial dan tidak memerlukan interaksi langsung antara pelaku dengan korban kejahatan. Berikut ini cara penanggulangannya :

a.             Mengamankan sistem

Tujuan yang nyata dari sebuah sistem keamanan adalah mencegah adanya perusakan bagian dalam sistem karena dimasuki oleh pemakai yang tidak diinginkan. Pengamanan sistem secara terintegrasi sangat diperlukan untuk meminimalisasikan kemungkinan perusakan tersebut. Membangun sebuah keamanan sistem harus merupakan langkah-langkah yang terintegrasi pada keseluruhan subsistemnya, dengan tujuan dapat mempersempit atau bahkan menutup adanya celah-celah unauthorized actions yang merugikan. Pengamanan secara personal dapat dilakukan mulai dari tahap instalasi sistem sampai akhirnya menuju ke tahap pengamanan fisik dan pengamanan data. Pengaman akan adanya penyerangan sistem melaui jaringan juga dapat dilakukan dengan melakukan pengamanan FTP, SMTP, Telnet dan pengamanan Web Server.

b.             Penanggulangan Global

The Organization for Economic Cooperation and Development (OECD) telah membuat guidelines bagi para pembuat kebijakan yang berhubungan dengan computer-related crime, dimana pada tahun 1986 OECD telah memublikasikan laporannya yang berjudul Computer-Related Crime : Analysis of Legal Policy. Menurut OECD, beberapa langkah penting yang harus dilakukan setiap negara dalam penanggulangan cybercrime adalah :

1. melakukan modernisasi hukum pidana nasional beserta hukum acaranya.
2. meningkatkan sistem pengamanan jaringan komputer nasional sesuai standar internasional.
3. meningkatkan pemahaman serta keahlian aparatur penegak hukum mengenai upaya pencegahan, investigasi dan penuntutan perkara-perkara yang berhubungan dengan cybercrime.
4. meningkatkan kesadaran warga negara mengenai masalah cybercrime serta pentingnya mencegah kejahatan tersebut terjadi.
5. meningkatkan kerjasama antarnegara, baik bilateral, regional maupun multilateral, dalam upaya penanganan cybercrime.

Perlunya Cyberlaw

Perkembangan teknologi yang sangat pesat, membutuhkan pengaturan hukum yang berkaitan dengan pemanfaatan teknologi tersebut. Sayangnya, hingga saat ini banyak negara belum memiliki perundang-undangan khusus di bidang teknologi informasi, baik dalam aspek pidana maupun perdatanya.

Permasalahan yang sering muncul adalah bagaimana menjaring berbagai kejahatan komputer dikaitkan dengan ketentuan pidana yang berlaku karena ketentuan pidana yang mengatur tentang kejahatan komputer yang berlaku saat ini masih belum lengkap.

Banyak kasus yang membuktikan bahwa perangkat hukum di bidang TI masih lemah. Seperti contoh, masih belum dilakuinya dokumen elektronik secara tegas sebagai alat bukti oleh KUHP. Hal tersebut dapat dilihat pada UU No8/1981 Pasal 184 ayat 1 bahwa undang-undang ini secara definitif membatasi alat-alat bukti hanya sebagai keterangan saksi, keterangan ahli, surat, petunjuk, dan keterangan terdakwa saja. Demikian juga dengan kejahatan pornografi dalam internet, misalnya KUH Pidana pasal 282 mensyaratkan bahwa unsur pornografi dianggap kejahatan jika dilakukan di tempat umum.

Hingga saat ini, di negara kita ternyata belum ada pasal yang bisa digunakan untuk menjerat penjahat cybercrime. Untuk kasuss carding misalnya, kepolisian baru bisa menjerat pelaku kejahatan komputer dengan pasal 363 soal pencurian karena yang dilakukan tersangka memang mencuri data kartu kredit orang lain.

Perlunya Dukungan Lembaga Khusus

Lembaga-lembaga khusus, baik milik pemerintah maupun NGO (Non Government Organization), diperlukan sebagai upaya penanggulangan kejahatan di internet. Amerika Serikat memiliki komputer Crime and Intellectual Property Section (CCIPS) sebagai sebuah divisi khusus dari U.S. Departement of Justice. Institusi ini memberikan informasi tentang cybercrime, melakukan sosialisasi secara intensif kepada masyarakat, serta melakukan riset-riset khusus dalam penanggulangan cybercrime. Indonesia sendiri sebenarnya sudah memiliki IDCERT (Indonesia Computer Emergency Rensponse Team). Unit ini merupakan point of contact bagi orang untuk melaporkan masalah-masalah keamanan komputer.

This occurred in Laredo, Texas which will fall within the 5th Circuit’s United States v. John precedent and, therefore, depend on what type of policies, notices, etc. the state had in place to notify the deputy constable that it was improper to access and use this information in this manner. Yeah, I know that sounds dumb — who shouldn’t know this, right? But, notice is often times the determinative issue in these cases — which is why your company needs clear and unambiguous policies tailored to cover such computer use!

Here is the rest of the story if you want to read more: Webb County Deputy Constable Indicted for Accepting Bribes – KRGV CHANNEL 5 NEWS – The Rio Grande Valley’s News Channel – Breaking News, Breaking Stories – RGV News.

The group gained control of @foxnewspolitics, bragging about it on several Twitter accounts (now suspended).

They didn’t stop there, though; after tweeting a suspicious message on the Fox News Politics account claiming the company had regained the control over that account, they started tweeting messages about a shooting in which President Obama was fatally wounded.

“BREAKING NEWS: President @BarackObama assassinated, 2 gunshot wounds have proved too much. It’s a sad 4th for #america. #obamadead RIP,” said one of the tweets.

The news is obviously fake: the main Fox News account says nothing about the shooting, and no other agencies or media outlets are reporting anything of the sort.

This is another one in a long string of hacking incidents which have grown increasingly common in the last couple of months. The group that hacked Fox News’ Twitter account doesn’t seem to be directly related to the two hacker groups that were in the spotlight lately — Anonymous and the recently disbanded LulzSec.

Update: We’ve contacted Fox News, whose spokesperson pointed us to another story saying that their Twitter account has been compromised, but declined to give any further comment at this time.

Furthermore, the @foxnewspolitics account on Twitter has now been erased.

Update 2:Jeff Misenti, vice president and general manager of Fox News Digital, said that Fox News is working with Twitter to address the situation as quickly as possible. “We will be requesting a detailed investigation from Twitter about how this occurred, and measures to prevent future unauthorized access into FoxNews.com accounts”, said Misenti.

Source : Mashable.

By Zeke Corley, License # 0D88231

May 6, 2011

From 1970’s Watergate to modern-day Epsilon, a breach of information can disrupt access to information, and potentially destroy businesses and careers. Cyber liability is an emerging area of risk that will leave your business vulnerable if you go without this valuable coverage. Whether information is kept in a safe or on a computer, lost by an employee or stolen by a hacker or thief, it is an expensive loss. Extensive security measures and Cyber Liability Insurance are the keys to lowering that exposure. You do not have to be a bank, a major university, or a high-profile organization to experience a loss. If you keep or send personal information, you need coverage to protect it.

Does your business have files with:

• Social security numbers?

• Credit card information?

• Employee information?

• Personal health information?

• Bank account information?

• Email database?

• Health or other sensitive information?

Consumers tend to trust businesses to destroy and / or protect their information so they pass it along willingly. But once the information has been compromised, the consumer learns that their information may actually be in the hands of a 3rd party, which they did not authorize. What value this information may have to the thief is not the point. But once this information is lost by your business, it is your responsibility to notify all clients and / or employees that have had their information compromised. Credit Monitoring costs, Data Forensic expenses, Crisis Management expenses, and Public Relations expenses, are among the many expenses incurred after the loss.

We understand that it is nearly impossible to run a business without some sort of internet presence. Those companies attempting to remain on the cutting edge will also use social media sites to blog or increase the visibility of their business through sites like Facebook and Twitter. Of course, with any access to the internet, someone has access to your computer mainframe. Many businesses use the internet to make purchases or transactions for the business or their clients. In this case, a 3rd party has now been able to access  sensitive information. It is important that the 3rd party indemnify the business for legal liability if the information is stolen. Businesses must be active in protecting sensitive information. Along with insurance coverage, be sure that you are using the best controls, such as:

• Network security

• Firewall protection to prevent unauthorized access

• Intrusion detection

• Anti-virus software

• Daily backup of valuable / sensitive data

• Website screening for copyright / trademark infringement or libel and slander

From the possibility of online identity theft, to a disgruntled employee using their access codes to misuse client information, to sensitive documents found in a dumpster and published by the local media, a business must take responsibility to deal with the possibility of a breach. Limits up to $1 million are available. This coverage is based on industry and revenues, and is relatively inexpensive.

Call us today for a quote!

SOUTHERN CALIFORNIA                 

By Zeke Corley, License # 0D88231

May 6, 2011

From 1970’s Watergate to modern-day Epsilon, a breach of information can disrupt access to information, and potentially destroy businesses and careers. Cyber liability is an emerging area of risk that will leave your business vulnerable if you go without this valuable coverage. Whether information is kept in a safe or on a computer, lost by an employee or stolen by a hacker or thief, it is an expensive loss. Extensive security measures and Cyber Liability Insurance are the keys to lowering that exposure. You do not have to be a bank, a major university, or a high-profile organization to experience a loss. If you keep or send personal information, you need coverage to protect it.

Does your business have files with:

• Social security numbers?

• Credit card information?

• Employee information?

• Personal health information?

• Bank account information?

• Email database?

• Health or other sensitive information?

Consumers tend to trust businesses to destroy and / or protect their information so they pass it along willingly. But once the information has been compromised, the consumer learns that their information may actually be in the hands of a 3rd party, which they did not authorize. What value this information may have to the thief is not the point. But once this information is lost by your business, it is your responsibility to notify all clients and / or employees that have had their information compromised. Credit Monitoring costs, Data Forensic expenses, Crisis Management expenses, and Public Relations expenses, are among the many expenses incurred after the loss.

We understand that it is nearly impossible to run a business without some sort of internet presence. Those companies attempting to remain on the cutting edge will also use social media sites to blog or increase the visibility of their business through sites like Facebook and Twitter. Of course, with any access to the internet, someone has access to your computer mainframe. Many businesses use the internet to make purchases or transactions for the business or their clients. In this case, a 3rd party has now been able to access  sensitive information. It is important that the 3rd party indemnify the business for legal liability if the information is stolen. Businesses must be active in protecting sensitive information. Along with insurance coverage, be sure that you are using the best controls, such as:

• Network security

• Firewall protection to prevent unauthorized access

• Intrusion detection

• Anti-virus software

• Daily backup of valuable / sensitive data

• Website screening for copyright / trademark infringement or libel and slander

From the possibility of online identity theft, to a disgruntled employee using their access codes to misuse client information, to sensitive documents found in a dumpster and published by the local media, a business must take responsibility to deal with the possibility of a breach. Limits up to $1 million are available. This coverage is based on industry and revenues, and is relatively inexpensive.

Call us today for a quote!

SOUTHERN CALIFORNIA                 NORTHERN CALIFORNIA

4. Trojans, viruses, spyware, and other malware

Software trojans, viruses, spyware, and other malware can not only damage or destroy your computer data but is also capable of monitoring your computer to learn more about your viewing habits on the Internet or even log all your keystrokes to capture sensitive data such as passwords and credit card information. To help protect your computer from these threats we suggest installing a virus protection program as well as a spyware protection program.

5. Know how to handle e-mails

Today, e-mail is one of the most popular features on the Internet. Being able to identify threats sent through e-mail can help keep your computer and your personal information safe. Below are some of the most common threats you may encounter while using e-mail.

• Attachments – Never open or run e-mail attachments. Viruses, spyware, and other malware are commonly distributed through e-mails that have attachments. For example, an e-mail may want you to open an attachment of a funny video, when it’s actually a virus.
• Phishing – Phishing or an e-mail phish is an e-mail that appears to be from an official company (such as your bank) indicating you need to log onto the site to check your account settings. However, the e-mails are actually sites setup to steal confidential information such as your passwords, credit card information, social security information, etc. See our phishing dictionary definition for additional information about this term as well as examples of these type of e-mails. (For more information have look to the posts about phishing)

6. Alternative browser

Before the release of Microsoft Windows XP SP2 and Internet Explorer 7.0, Microsoft Internet Explorer was notorious for security and spyware related issues. Although it has improved since then we still highly recommend considering an alternative browser such as Mozilla Firefox.

7. Run system scans to check for vulnerabilities

There are several sites on the Internet that allow users to check their computers for potential threats or issues their network or computer may have that can allow users unauthorized access to their computer. Below are a listing of recommend sites to try:

Gibson Research Corporation – The Gibson Research Corporation, or GRC, is a great location to learn about network security as well as well as test your computer or network for vulnerabilities.

Hacker Wacker – Another great site with computer security related information, help, and programs to help test your computer and/or network.

Source: The university of Tennessee & Computer hope

By: Roozbeh Babaeizadeh ( Law in Cyberspace )

Below is additional information about helping to secure your computer and prevent any unauthorized access from other people or software programs; helping keep your information safe.

1. Operating system and software patches and updates:

There is no such thing as perfect software, often a software program may have several issues and could potentially have security vulnerabilities that can leave your computer open to attacks that compromise your computer and your data. Software patches, updates, and drivers are made available, often for free, to consumers to help keep a software program and operating systems running properly and secure. If the program you’re using does not have any type of method of checking for updates on its own it is up to you to verify the program is up-to-date. Often this can be done by visiting the web site of the developer who created the program. A listing of third-party companies and links to each of their pages can be found on our third-party support page.

2. Passwords:

Make sure a password has been set on computer. Default passwords such as password, root, admin or no password will allow easy access to your computer or your Internet account.

1. Change passwords often. It is recommended at least once every few months.
2. Create a BIOS password.
3. When creating a password, add numbers or other characters to the password to make it more difficult to guess; for example: 1mypassword23!.
4. Do not use sticky notes around your computer to write down passwords. Instead use a password manager.

3. Get a hardware or software firewall

We highly recommend all users have some type of firewall solution. There are two types of firewall’s your computer and/or network can have.

1. Hardware firewall – A hardware firewall is a hardware device that is connected to your network. Often many home users who have a home network use their network router as a firewall solution.
2. Software firewall – A software firewall is a software program that you install on your computer that helps protect that computer from unauthorized incoming and outgoing data. Below is a listing of a few of the more widely used software firewall programs.

In addition many of the antivirus scanners released today also include their own version of a firewall program. If you have a antivirus scanner that also has a firewall program you do not need to worry about getting one of the above programs or another third-party firewall program.

To be continue…

By: Roozbeh Babaeizadeh ( Law in Cyberspace )

He has been arrested and has pleaded guilty to a two-count Information filed on May 14, 2010, which charged Frost with causing damage to a protected computer system and possessing 15 or more unauthorized access devices said Steven M. Dettelbach, United States Attorney for the Northern District of Ohio.

He admitted gaining access to other computers and networks through different methods which were scanning the Internet searching for vulnerable computer networks to attack or intrude by means of obtaining user names and passwords. He also spread malicious programs on the compromised computers for the sole reason of getting personal information, credit card numbers and CVV security codes. In addition, he intentionally set up Distributed Denial of Service (DDoS) to attack the Internet websites. www.joinrudy2008.com, www.billoreilly.com, and www.anncoulter.com, among others were just some of his victims.

He also initiated Denial of Service against  the University of  Akron’s server computer which knocked off the line for almost 8 ½ hours, causing damages of $10,000. Well, maybe if he’d had a hobby he wouldn’t have caused so much damage! On the serious thought this is nothing new. I’m pretty sure crimes like this are committed all the time around the world but this one manged to make it into the news. Who knows how many go unheard of!  Why are the people in charge not doing anything about this serious problem?!

What’s your take on it? 

The built-in 256-bit Advanced Encryption Standard (AES) security safeguards all your documents and other files against illegal admittance. The SecureDrive software aids in creating a confidential secure zone where one can place the secret files which can be accessed by the user only. The password put to access the secret files will enable only the password owner to have access and none other.

One can have an advantage to resize the Private Zone and frequently change the password.

Transcend JetFlash USB flash drive weighs 8.5gms and measures 60.9mm x 19.3mm x 8.5mm. It features USB 2.0 Interface and is CE, FCC, BSMI certified.

Moreover, it comes in various storage capacities. One can buy JetFlash 620 8GB USB flash drive at a price of Rs. 960, 16GB costs Rs. 1850 and 32GB can be picked up for Rs. 3625.

I finished this documentary in 1994. It’s a total relic but I’m quite proud of it. I shot in 18 cities in 4 countries. It was just me, my backpack, some equipment and this really heavy 286 laptop! I traveled by train, and slept on floors. It took me months to edit. I edited at night, after the 911 Media Arts Center, by myself.  The edit system was linear. By 4am I was talking to myself!

This was a fun project.  I met some amazing people — everyone was so smart.  Unauthorized Access was finished while the World Wide Web was being developed — so it was the early days of the internet, Gopher was the new thing .  I don’t think there were any laws about hacking when I started making this — the whole subject was so new.

Thank you to the Cult of the Dead Cow for uploading the documentary to YouTube!

The “unauthorized access” provision of the Computer Fraud and Abuse Act (CFAA) has turned out to be quite an asset to those looking to prosecute people for all manner of actions involving computers, even though it was originally meant to target hackers.

A company named LVRC Holdings filed a lawsuit against a former employee, his wife, and their independent consulting business. LVRC had accused [the former employee] of using company computers “without authorization” in order to e-mail himself LVRC client files in order to use that information for his personal business after leaving the company.

Based on that description, one might assume that [the employee] had used his or someone else’s credentials to break into the network after he quit, but that’s not exactly the case. As it turns out, [he] had e-mailed the documents to his home PC while he was still an employee at LVRC, using login information that the company admin had sent to him. The documents he e-mailed included a financial statement for the company, LVRC’s marketing budget, and admissions reports for patients, among other things. Not so coincidentally, [he] apparently did this while he was in talks to acquire part of LVRC. Those talks eventually broke down and [he] left the company.

[He] subsequently used the data to help his own consulting business, which he runs with his wife. You could argue that his actions were unethical and downright slimy, but LVRC brought charges under the CFAA, saying that he had gained unauthorized access to LVRC machines in order to get the data. LVRC had argued that [his] intent at the time of access determined whether or not he was authorized—basically, the company said he was committing a “thought crime.”

Now, I have no problem believing the defendant in this case is a sleazy weasel. But a hacker? Seriously, does that pass anyone’s laugh test? Apparently the Ninth Circuit Court of Appeals agrees with my assessment that regardless of the defendant’s ethics deficiency a hacker he was not.

The Ninth Circuit Court of Appeals has ruled, however, that it cannot be used to prosecute someone for being disloyal with company info after quitting—a decision that is being applauded by CFAA critics who want to limit the statute.

The Ninth Circuit judges disagreed with LVRC’s creative interpretation of “unauthorized access” by noting that [the then employee] had permission to access the computer at the time he sent the e-mails—because, of course, his job with LVRC required him to use that computer. “We hold that a person uses a computer ‘without authorization’… when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone’s computer without any permission), or when the employer has rescinded permission to access the computer and the defendant uses the computer anyway,” the judges wrote.

(LVRC’s other point of contention was apparent evidence that [the now former employee] had logged onto the company website using his login credentials after he had left in order to mine traffic data, but the court noted that [he] provided “undisputed evidence” that at least two other employees had used his work PC after he left and that the company had apparently not wiped the machine.)

Though it’s clear that [the former employee] was acting against the interests of LVRC at the time he sent the documents, the CFAA was not written for cases like this.

Exactly. It should be noted that the CFAA has been notoriously misused in several other high profile cases including “MySpace Mom” Lori Drew, whose conviction was recently overturned due to this questionable interpretation of the CFAA. Also a domain registrar that spammed customers pretending to be Register.com. Certainly in both of these cases, the defendants engaged in deplorable and unethical behavior involving computers. But they were not by any definition “hackers”. Losers, maybe. Scum, probably. Hackers, not so much.

I have moved to new site and here is new article link from where you can post comments/feedback.

http://sanketinfo.blogspot.com/2009/06/sharepoint-web-services-permission-for.html

Sorry for any inconvenience.

~Sanket

In light of these developments and the ongoing attention being paid to these serious problems, it should not come as a surprise that the California legislature is review proposed new laws, including creation of a new state governmental agency, to enforce patient privacy rights with respect to medical records.

Recommended Action: Providers need to review their compliance with existing medical records privacy requirements, both under federal (HIPAA) and state (CMIA) requirements. Although confidentiality of medical records has received historically relatively little attention from regulators over the past two decades (CMIA was enacted in 1981), it can no longer be deemed a low priority. In the current environment, providers cannot afford to attract attention from government regulators with lax privacy safeguards.

Harry Nelson is a partner in Fenton & Nelson, LLP. Fenton & Nelson counsels healthcare providers on HIPAA, CMIA, and other compliance issues. For additional information, please contact Fenton & Nelson at harry@fentonnelson.com

©Harry Nelson 2008

I thought on how he got hold of the pictures, then I remember that some months ago, I have let him my account on an online storage service by providing him my username and password. He was asking for some MP3s from me and I happen to have got some of what he was looking for. Instead of providing him a link to each one of the files, I just gave him my username and password. I never thought he would be able to find my pictures as he only was looking for MP3s, and the semi-nude pictures were in a secret album within the account. He must have downloaded some of them then and chose to just share it now.

The thing is also he visited my friends’ profile with my semi-nude picture as his primary photo. Although my face is blurred on the pictures, one of my friends already checked his profile and recognized me. Thinking he still might visit more of my friends, I decided to just delete my account.

I called the perpetrator to confront him about his use of my pictures, bu I couldn’t reach his phone number. I instead sent him emails and messages but he did not reply. In panic, I instead reported his profile to Friendster admin since he also has some nude picture of pubescent boys. The following morning, Friendster admin deleted his profile, and by noontime I got the person’s reply on both email and messenger.

What actually happened has been entirely my fault all along. The day before it happened, I used a free internet access near our office after I had my dinner. I forgot to logout. Somehow, the person who came next to me on the computer have found out about it and decided to send him my pictures, which are on my private album, and likewise they downloaded pictures of young boys in swim trunks and also sent to the same profile. My friend has been leaving testimonials on my profile and that was how probably the person who violated my profile got to know that he has a crush on me.

My friend thought I have willingly sent those pictures to him, and have unwittingly posted them on his profile as he thought it was okay, since my face is blurred out. He only visited two or three of my friends’ profiles since then and did not mean any harm.

Now, we ended up without our accounts because of my stupid mistake. I did not tell him I was the one who reported his profile, and instead suggested that the admin might have found those pictures and deleted the account in violation of their terms and conditions of use.

But email is so convenient and cost effective!  Can it not be private and confidential too?  What can a person or small business do to protect him/herself and clients?   

 Most solutions are expensive and complex, serving  “closed” communities with relatively high technical skill levels and professional support.   An exception that’s easy, safe and affordable is Compriva Private Email  (www.compriva.com).  

Compriva offers private, confidential encrypted email and attachments between subscribers for about the cost of two postage stamps per month.   There are no volume limits, ads or gimmicks on this service, and it works with Outlook, Outlook Express and Windows Mail.

A cool feature called Compriva Private Notes provides a unique way of receiving encrypted emails from any contact.   A Compriva subscriber emails a link which his/her contact simply clicks on to compose and send an encrypted Compriva Private Note to that subscriber.  It’s free and works  from any browser … PC, Mac or smartphone.

 There are other vendors that offer “free” email certificates that can be used by the technically-empowered to encrypt email.  Most lack an underlying certificate distribution model that makes it easy for any user to participate.  Compriva Private Email solves this problem neatly…and it’s free to try.