Norton (from Symantec) has launched a new online tool on its EveryClickMatters-website. It asks for some basic personal information as well as about online behavior (e.g., paying bills online, file sharing on P2P networks, etc.) It then calculates the potential value of this participant's identity on the black market. It sounds like a fun exercise, but most Internet users could be unpleasantly surprised, if not shocked, to find out how high the value of their ID could be for cybercriminals. It'... [More]

Michael Cobb, a contributor to SearchSecurity.com, makes the point that the factors driving the success of social networking sites like Twitter are the same elements of human behaviour that drive social engineering attacks, namely "a natural desire and willingness to share and engage with those we trust." He further advices that a corporate Twitter policy could combat social network threats. Social engineering is a well-known technique widely used in phishing attacks. One of the industry's most... [More]

Cross-site scripting (XSS) flaws have been a thorn in the side of website developers - and users of the Internet - for some time. As we have been reporting in our Finjan MCRC blog, XSS-flaws are a recurring problem. It is highly unlikely that they will go away in the near future. In this light, it is therefore quite unsettling to hear that, apart from websites being vulnerable to XSS flaws, O2 is now facing an XSS-security problem with its Wireless Box III. O2, already well established in cont... [More]

Reports from India, which suggest that the subcontinent could potentially become a hub of cybercrime, concern all Internet users. The reason is simple – we all live in the same global Internet village. According to Mr Herald D'Costa, director of the Indian IT security firm Intelligent Quotient, 97 % of Indian Internet users are unaware of IT security issues. With the majority of the population using Internet cafes, this comes is disconcerting. Cybercriminals active in India now have the ... [More]

An amusing story reached us from Australia last week that even has a moral attached to it. It seems that the Australian federal police were hacked after they boasted of their recent hacker bust. Early last week, an episode of ABC's Four Corners, an Australian show that looks at real-world events, took it upon itself to report on a police investigation that was busy ferreting out hackers across the land. According to Australian newswires, the police "brazenly boasted" about a number of recent h... [More]

A recent court case involving Google is making legal history. It was decided in court that Google has to reveal the identity of a blogger who called a model "s skank". The blog - 'Skanks in NYC' - and which was hosted by Blogger.com, owned by Google, made a number of personal comments about a model, promptly triggering legal action. For us, the most interesting aspect of this case is, that the court ruled that bloggers could not be anonymous. This can be seen a result of the maturity of the In... [More]

In its report “How Mobile Handsets Will Deliver 24x7 Social Computing” Forrester Research is encouraging companies to harness the power of mobile phones in order to communicate and stay connected with their customers. But when we look at the security aspect, users of mobile phones may be vulnerable…. More and more companies let their employees use their smartphones and mobile phones for business purposes, but it's not common for companies to extend their security envelope ar... [More]

Here is some good news - the Messaging Anti-Abuse Working Group (MAAWG) has published guidelines and best practices for mitigating large-scale botnet infections on residential Internet networks. The timing of this publication couldn’t be better - just after Twitter and a number of other social networking sites were effectively downed for several hours by a distributed denial of service (DDoS) attack on one individual blogger. Regardless of the motives behind this DDoS attack last week, t... [More]

Last Thursday, a Georgian blogger called "Cyxymu" - with accounts on Twitter, Facebook, LiveJournal, Google's Blogger and YouTube - was targeted in a denial-of-service (DoS) attack.  This technique uses a network of tens of thousands of compromised computers (aka “botnets") to flood a website's servers with page view requests, making it impossible for legitimate traffic to get through. If the amount of connection requests is large enough, it can crash an entire website, as happened to... [More]

Proof that life in the world of brick and mortar is inextricably linked to the online world was brought home to the citizens of New Jersey late last month when no less than seven water mains broke in the Jersey City Heights. Due to low water pressure in the Heights following the ruptures, fire officials posted four water tanker trucks at two locations in the area for use in the event of a fire. That's a pretty serious response to a computer glitch that appears to have been triggered by false d... [More]