Hacking Jack Straw
By Davey Winder in Editorial
Posted in Data Protection, phishing, Blog, Security, email, Internet on
As phishing messages go, it was never likely to be the most successful. A high ranking member of the British Government asking his friends for 3000 bucks because he had lost his wallet while abroad? I don’t think so.
Yet that is, it would appear, exactly the email that hundreds of people in the address book of former UK Home Secretary and current Justice Secretary The Right Honorable Jack Straw MP have found themselves on the receiving end of. The United States may well be the phisher kings but Nigerian scammers would seem to be doing OK in the UK.
According to the Telegraph Jack Straw has confirmed that he “started getting phone calls from various constituents asking if I was really in Nigeria needing 3,000 dollars.”
However, the Justice Secretary is quick to play down the potential national security implications of his email account being hacked. The messages appear to have been sent from his Blackburn constituency account rather than his Westminster Government one.
That said, the emails did go to Ministry of Justice officials, council bosses and Labour Party members as well as his Blackburn constituents.
Straw told the newspaper that there were no Justice Ministry security issues as this was “an issue for constituents, not the Government.”
Still, it remains a highly embarrassing incident for the man who established the National Hi-Tech Crime Unit as Home Secretary some eight years ago, with a specific remit to crackdown on Internet crime including hacking. Not forgetting that the NHTCU website itself now sells holidays, after the unit was absorbed into the Serious Organised Crime Unit but nobody thought it prudent to hang on to the NHTCU.org domain for safe-keeping.
Graham Cluley, senior technology consultant at Sophos, reckons that “You have to wonder if the hackers broke into Jack Straw’s mailbox in a similar fashion to the attack used on Sarah Palin’s Yahoo account last September, where cybercriminals reset passwords by guessing the answers to secret questions.”
Or maybe, like most people, he just used an easy to guess password? Whatever, I am intrigued that there has been no official comment from Jack Straw with regard to the seriousness of hackers potential having access to his email archive and all that could entail.
Rated: 100% (1 votes)
Loading ...
Kaspersky patents malware removal
By Davey Winder in Editorial
Kaspersky Lab has successfully patented a technology for the detection and removal of malware applications, including previously unknown ones, that are installed on a user’s computer after a single virus incident.
United States Patent 7472420 is titled “Method and system for detection of previously unknown malware components” and covers a system, method and computer program product for “identifying malware components on a computer, including detecting an attempt to create or modify an executable file or an attempt to write to a system registry; logging the attempt as an auditable event; performing a malware check on executable files of the computer; if malware is detected on the computer, identifying all other files created or modified during the auditable event, and all other processes related to the auditable event; terminating the processes related to the auditable event; deleting or quarantining the executable files created or modified during the auditable event; and if the deleted executable files include any system files, restoring the system files from a trusted backup.”
In other words, it cleans up after a computer has been compromised by a virus, Trojan or some other piece of malware. Which is a good thing, considering that a single initial virus incident can lead to the downloading of many malicious programs and leave a user’s computer compromised until all the malicious software and methods of hiding have been identified and distributed through security software updates.
The new patented Kaspersky technology is based on the logging of system events that indicate the possibility of a virus infection (for example, modification of an executable file and/or a record in the system registry) and then determining the extent of a virus incident based on the records made. It launches a module that analyses preceding events and allows the source and the time of an infection to be determined, as well as analysing all child events related to the source event, which makes it possible to detect all malicious programs involved in the incident, including those that were previously unknown.
With 30 patent applications outstanding in the US and Russia Kaspersky still has some way to go to catch the king of the technology patent, IBM. However, if only it can patent a method of preventing its own databases from being hacked, life would be pretty perfect at Camp Kaspersky.
Best of all, it actually does something worthy rather than some of the stooooooooopid patents we have seen in recent years such as the daft Page Up Page Down patent that Microsoft was awarded.
Rated: 100% (1 votes)
Loading ...
Mooooving the cow back into business computing
By Davey Winder in Editorial
Posted in Business, Blog, hardware on
This week I have sometimes thought I must have inadvertently stumbled into some weird crack in the technology space time continuum. First there was a reminder from Dell that Psion still exists when, to be fair, most people had forgotten all about the former geek icons. OK, so that reminder only comes courtesy of Psion trying to convince everyone (and succeeding in scaring Google no less) that its has first dabs on usage of the Netbook trademark. Despite Psion issuing cease and desist letters requesting websites do not make money from use of the Netbook term, and despite Google banning it from adverts, Dell wasn’t having any of it and has filed a petition with the US Patent and Trademark Office for trademark cancellation.
If the mere mention of the word, Psion rather than Netbook that is, were not a big enough shock to my system there was more to come. hands up all those business buyers who recall the thrill of a new system being taken off the delivery van and coming resplendent in a black and white cow patterned box? Go on, admit it, you always loved those boxes didn’t you? I certainly did.
Anyway, the thing is, the cow computer is coming back. Yes, Gateway is being re-launched once more in Europe at least. Now owned by Acer, Gateway Professional will be heading your way as a channel only concern selling notebooks, desktops and servers to mid-sized enterprises. Oddly enough, I am led to believe that Acer is going to be pushing Gateway as a consumer only brand in the US, which is an odd strategy but I am sure that Acer must know what it is doing. Well, I am not, but I will give them the benefit of the doubt.
There is no word on the grapevine as to if we can expect the new Gateway kit to come in cow coloured boxes sadly.
Rated: 100% (1 votes)
Loading ...
Hotmail CAPTCHA: cracked in 20 seconds
By Davey Winder in Editorial
Posted in Data Protection, Spam, Security, Microsoft on
Although many people would like you to believe otherwise, the Completely Automated Public Turing test to tell Computers and Humans Apart (better known as CAPTCHA) is not foolproof. Yahoo! knows this, Google knows this, and now it would look like Microsoft knows it as well.
According to security researcher Sumeet Prasad at Websense the Microsoft Live Hotmail service CAPTCHA system has been busted wide open.
This is made all the more embarrassing for Microsoft courtesy of one small detail: just a few short months ago Microsoft had redesigned the CAPTCHA authentication it uses in order to prevent automated bot registration.
According to Websense “As the latest attack shows, those efforts have failed.” Its research suggests that the kind of anti-CAPTCHA attacks Microsoft is feeling are part of a strategy of escalation on the part of the spammer gangs in order to ensure that they can continue to exploit Microsoft branding and trust in order to sell their wares.
Worryingly, it appears that this latest attack is not the usual automated bot account creation system using command and control templates, but instead a much more sophisticated effort involving automated but encrypted communications between the spammer bots and compromised machines in order to secure the cracking attempts. Well, I say attempts but I mean successes. According to Prasad the success rate in converting a CAPTCHA cracking attempt into a fully active Live Hotmail account is as high as 20 percent. That’s one in every five attempts being successful.
If that were not frightening enough, it takes just 20 seconds from start to finish to do the cracking.
A full step by step expose of the technology and techniques employed can be found here.
Rated: 100% (1 votes)
Loading ...
Apple Bans Bouncing Barack and Trouserless Bill
By Davey Winder in Editorial
Refusing entry to the iPhone App Store is nothing new as far as Apple is concerned. We have already seen Opera given the no entry treatment and let’s not forget the virtual pint of beer fight or the infamous ‘I am Rich‘ application nonsense. However, banning a game called Obama Trampoline which unsurprisingly features US President Barack Obama bouncing on a trampoline seems, well, a little over the top. If the iPhone truly is a “console experience” as Apple insists then surely bouncing Barack Obama on a trampoline would be a perfect application? I can see nothing defamatory in using a bouncing Barack to burst balloons; nothing offensive about doing the same with Sarah Palin or Hillary Clinton for that matter, both of which feature in the game.
I know, perhaps it is the much publicised love affair the 44th US President has with his BlackBerry that was to blame. Or maybe it was the inclusion of Bill Clinton with no trousers that crossed the line into objectionable content territory.
Apple is keeping quiet about the precise reasons, for now.
Rated: 100% (1 votes)
Loading ...
Bill ‘Super Villain’ Gates does a Steve ‘Monkey Dancing’ Ballmer
By Davey Winder in Editorial
Posted in Business, Blog, Microsoft on
It certainly seems that way, at first glance, if the reports flooding Twitter and the Blogosphere are anything to go by.
As a speaker at the Technology, Entertainment, Design (TED) conference in California you might expect the former Microsoft head honcho to mention something about Windows 7 and how it will change the world, or maybe one of those Microsoft presents the future now type speeches.
You probably would not expect him to walk on stage, scream something about not only poor people should experience this, and then throw a whole swarm of live mosquitoes into the crowd!
OK, I guess he made his point. The point being that people in the developed world do not really understand just how bad the malaria thing is in developing countries. The Bill and Melinda Gates Foundation is investing millions of dollars in an attempt to eradicate the problem.
However, if you happened to be sitting in the crowd at the conference, an innocent geek, then some uber-nerd chucking a bucket of mozzies over you is probably not going to make it a night to remember for the right reasons, and might even just put your off donating any money to the cause.
News of the incident quickly started spreading via Twitter courtesy of some very well known tech types, eBay founder, Twitter CEO and so on, being amongst the people in that audience.
The media has grabbed this as evidence that Gates has gone insane. However, I have another theory: he is just fed up with Steve Ballmer getting all the headlines and so decided to take a leaf out of the Monkey Dancer Marketing Manual. Either that of his money really has made him mental and Gates will next be seen wearing a spandex bodysuit, cape, mask and insisting on being known from now on as Mosquito Man the least scary super villain in history.
Rated: 70% (2 votes)
Loading ...
Business to take data protection lesson from Government? ROFL!
By Davey Winder in Editorial
Posted in Business, Standards, Data Protection, Blog, Security on
This has to be one of the most absurd press releases I have seen for a long time, in fact it had me rolling around the floor in stitches for the first 10 minutes after reading the title alone. Get ready for some ROFLing, here it comes:
“Companies can learn from Government when it comes to protecting data, says BeCrypt”
Hahahahahahahahahahahahahahahahahahahaha. Bonk.
Is this the same Government which recently all but admitted that data security is a myth? The same Government that lost a memory stick with details of all 84,000 prisoners in the UK? The same Government which lost the financial data of some 25 million people? The same Government that wants a Big Brother database which contains details of every email, every text message, every phone call you make?
Look, I am sorry, I can agree with the premise that the Facebook Generation mindset which expects, nay demands, easy access to as well as the sharing of data has to change because security dictates. Especially as the average cost of a corporate data breach has just been revealed as being USD $6.65 million by a new report.
However, when this perfectly sensible argument is then immediately followed by the assertion that “companies need to learn from government if they are to protect confidential and sensitive data from theft or loss” I am afraid I can only assume that the cold weather has frozen a common sense circuit.
Yet that would appear to be exactly what the CEO of security outfit BeCrypt, Dr Bernard Parsons, is suggesting in a recently published paper. He claims that the technology of today has placed similar demands on both the private and public sector, and the UK Government response to high profile data breaches last year means there is now a published framework of culture change that can be adopted by organisations in the private sector.
While admitting that established systems of classifying data have failed to meet today’s demands, Dr. Bernard Parsons says “The Government’s response has been to shift the focus to measure data loss in terms of risk, associated with loss of confidentiality, integrity or availability and the impact to the organisation. Companies can learn from this framework to manage their own data security, however, a ‘sea change’ to a risk management culture is required. There are also technological solutions available today that provide the security assurance to government graded levels and that can be deployed across the organisation to manage the access, flow and safeguarding of data.”
Ok, so what seems to be happening here is that the Government Security Policy Framework and the Information Assurance Maturity Model have both been published, and Parsons is arguing that both provide a practical framework for IA compliance. “They contain effective guidelines that are open to review by all, the lessons for Corporations are there to be learnt and adopted” he says.
Possibly, but my problem is that this Government has reached a position where it finds itself without any measure of trust, where nothing it does or says is going to convince anyone that it knows what it is talking about when it comes to data security. If it can go a full year without losing any data, then maybe I will take this whole thing a little more seriously. But then again, maybe Lord Lucan is still alive and little green men really do hold positions of power in the US military.
Rated: 100% (1 votes)
Loading ...
Tag cloud
Archives
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- 80 percent of viruses love Windows 7
165 comments
- Has Microsoft gone mental?
- Has the US Army declared war on Windows 7?
- Cuil frozen out: market share drops to next to nothing
- Xbox 360 FAIL
- The 24GB RAM Desktop is born
- Use old version of Windows instead of Linux, says teacher
- Microsoft reveals time-based licensing model
- How Marblecake Hacked Time
- Nexus Two - The Next Generation
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Google Chrome stands alone at PWN2OWN (100%)
- Betting on Hubdub technology (100%)
- Has Google gone insane as GMail goes back to beta? (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- Has the US Army declared war on Windows 7? (100%)
