The Information Security Forum has published it’s Threat Horizon 2011 list, detailing the threats which the ISF reckons will present the most challenges for information security professionals during the coming two years. Future gazing within the world of ITSec is never an easy task, there are simply too many variables and the truth of the matter is nobody knows what the next big service to take off will be and how the bad guys will end up exploiting it. Which is why, for one thing, nobody was predicting hashtag spam and Twitter based third part phishing attacks a couple of years back. It is also probably why, right at the top of the Threat Horizon list in a stonking example of predicting the future by playing it as safe as possible, is the generic threat of, wait for it, criminal attacks.

The full list looks like this:

Criminal attacks
Weaknesses in infrastructure
Tougher statutory environment
Pressures on offshoring / outsourcing
Eroding network boundaries
Mobile malware
Vulnerabilities of Web 2.0
Incidents of espionage
Insecure user-driven development
Changing cultures

Apparently drawing upon the ‘knowledge and practical experiences of ISF Members, comprising some 300 of the world’s largest business and public sector organisations including many of the Fortune 100 corporations’ the Threat Horizon 2011 report is based upon research carried out within a ‘PLEST’ framework that takes into account Political, Legal, Economic, Socio-cultural and Technology factors.

“Many of the threats in 2011 will be familiar ones that are evolving and will present new and sophisticated attacks to compliment tried and tested techniques,” says Jason Creasey, head of research at the ISF. “It is also clear that the financial crisis is accelerating these changes, fuelled by increasing staff turnover and dissatisfaction along with the increased involvement of organised criminal groups that see online crime as a lucrative and low risk alternative to other nefarious activities.”

I don’t have access to those 300 big business brains, but I carried out my own research within a STBO framework that takes into account Stating The Blindingly Obvious and concluded that the security threats most likely to be causing us problems over the next couple of years, in no particular order as my crystal ball is on the blink, are: spam, malware, phishing, hacking, application vulnerabilities, OS vulnerabilities, malicious code and user stupidity.

Harry Potter has been naked on Broadway, Ron Weasley has got swine flu, but Hermione Granger is emphatically not dead despite what you might read online. Let’s run that past you again. Daniel Radcliffe, the actor who plays Harry Potter, has stripped off and bared all for his part in the Broadway production of Equus. Rupert Grint, the actor who plays Ron Weasley in the Harry Potter films, has been reported as suffering from swine flu (as am I, for that matter, writing this from my bed with Tamiflu on tap). But the delightfully sexy Emma Watson, the actress who plays Hermione Granger in the incredibly successful series of movies based on the fantasy novels of JK Rowling is not dead.

I mention that because if, like me, you are a Twitter addict then you might think otherwise. News of her demise has been spreading like wildfire on the microblogging site. But then again it has been spreading like wildfire across the entire Internet it would seem. The hoax story falsely claims that Watson was killed at the scene of a fatal car crash, and has been distributed to coincide with the release of the latest movie in the series, Harry Potter and Half-Blood Prince.

This is not just the work of some sicko prankster, of course, but rather a malicious ploy to herd traffic towards rogue AV products which claim your computer is infected in order to persuade you to buy a fake AV application to clear the infection. The sting being that the product is no solution, will not clear any infections and will quite often just pile a load of malware onto your machine instead.

I would have to give to bad guys some grudging respect in as far as they have done a pretty comprehensive job of Google SEO poisoning in this case, with the rogue AV links being right up there on the first page of hits related to searches for Emma Watson’s death.

The reports themselves are pretty convincing as well, apart from the obvious spelling and grammar errors. Mind you, some genuine news reports are little better so this is not always a foolproof spoof identification methodology. I looked at some of them on a sand boxed machine here so that you don’t have to. “Police footage captured her driving with speeds up to 80 miles per hour on very narrow roads” says one report, and “Resuscitation efforts continued en route to the Oxfordshire’s Medical Center, and for an hour after arriving there at 1:45pm - she was pronounced dead at 2:10pm”. Or how about “The 19 year-old actress, most famous for her roles in the Harry Potter films, was killed while being driven back to hotel after a screening of her latest movie, Harry Potter and the Half-Blood Prince, when a car collided with her vehicle”.

It isn’t the first time that Harry Potter has cast a spell over the Internet and it won’t be the last, however I do have a terrible feeling that with only a couple more movies to go before the franchise comes to an end the bad guys are going to be pumping Harry Potter for all it’s worth during the next couple of years.

I woke this morning and did my usually routine of grabbing the iPhone and checking my email, my text messages and my Twitter feed in that order. Oddly, some people on Twitter appeared to be complaining that their followers had been massacred. Follower numbers had dropped dramatically overnight, they said. I checked my follower count and discovered my faithful followers had escaped largely unhurt from whatever it was that had attacked them. Perhaps it was another Twitter security scare? Nope. OK, maybe one of those hashtag marketing schemes had fulfilled my prophecy and finally started to destroy the Twitter userbase? Kind of, as it happens.

A bit of digging reveals that Twitter has been “correcting follower and following counts” which it says have been “incorrect for some folks” for some time now. Twitter management pushed “a change that will address this issue” overnight which led to a drop in followers for many people, although the actual percentages vary wildly. Twitter does admit that as a consequence “follower counts will drop for some people. In particular, those with large followings may see significant changes.”

So why has this clean up not impacted upon me too badly? Well perhaps it is because I only have a relatively low follower count of between 600 and 700 folk. The reason for that low count being that I make an effort to clean it up myself on a regular basis, so that I kick off as many of the blatant spam and marketing only accounts as I can. I really do not need the ‘Sexy Brittany Pics’ account or ‘I’m Lonely Tonight’ lady following my every word. Others might be too lazy to do this. Although I have a sneaky suspicion that nearer the truth would be that they are more motivated by gaining the highest number of virtual friends they can in some kind of sad willy waving exercise. Anyway, people with 1000+ follower counts who have not filtered out the spammers will have seen a bigger drop in numbers as Twitter corrects “for spam accounts and data inconsistencies” while “cleaning up artifacts in the system”.

In the strangest lawsuit to hit Apple since someone claimed Steve Jobs hired OJ Simpson as a hitman a couple of years back, the company now stands accused of conspiring with the Mafia to force a Missouri man into becoming a New York fashion model against his will.

The Mafia threatened a man with recordings saying ‘I’m going to kill him’ and Apple conspired with the gangsters by selling illegally bugged iPods. Well, that’s what a newly filed lawsuit alleges at any rate.

The phrase just because you are not paranoid does not mean they are not watching you probably does not apply in the case of Gregory McKenna whose allegations would appear to include that Apple has conspired with the Mafia in order to insert the word ‘herpes’ into one song on his iPod and use the device to transmit threatening messages.

In fact McKenna reckons that no less than two iPods were interfered with to allow the Mafia to transmit threats in coordinated effort with Apple. The lawsuit actually states that Apple “conspired with the Mafia and other Defendants to manufacture, distribute, and sell illegally bugged iPods and other electronic equipment to Plaintiff to perpetuate the stalking, extortion, and torture.”

It’s not just the Mafia and Apple that have it in for poor Mr McKenna though, as the lawsuit also names other defendants such as assorted agents of he FBI and a local auto mechanic in Missouri.

Apparently the Mafia started threatening him at a night club way back in 2000, because he refused to become a fashion model for them in New York. The lawsuit says that McKenna tried to report the threats to the St. Louis County Police but they did not take him seriously.

Still, it makes a nice change for someone else to be pressing the silly buttons instead of Apple. I’m still recovering from when Apple blamed Hitler for an iPhone app ban.

I couldn’t help but giggle at a recent survey which revealed the stuff of IT Pro nightmares. For me there is nothing worse than that call from the mother-in-law who needs help getting her Android phone talking to Outlook Express or some distant relative who understands I know a bit about wireless networking.

Webroot discovered, however, that of the 300 IT security professionals that it questioned about email management, compliance, archiving, encryption, spam, viruses, Web filtering and Web-based malware attacks, most of them were kept awake at night by the thought of email threat protection which was followed by data security and confidentiality issues and finally web threat protection practise.

Crikey, take a chill pill chaps.

Other findings from this survey were that IT Pros are worried about not having enough money to throw at security problems courtesy of the recession (meh) and the high cost of data breaches (meh) which some 23 percent of them said their companies had experienced (meh again).

Now, if you’ll excuse me, I have to grab some sleep before my sisters friend comes round expecting me to turn her netbook into a dual-booting delight…

That’s the allegation being made by New York Attorney General Andrew Cuomo as he served the social networking site Tagged.com with a notice of intent to sue over charges that it has sent spam emails which, in effect, stole identities from as many as 60 million of its users.

Cuomo has previously taken on the task of banishing child pornography from the Internet and is now, it would seem, turning his attention to spam and identity theft. In his notice of intent, Cuomo suggests that Tagged.com used an illegal spamming campaign in order to increase the traffic to its site and add millions of new users in the process.

He stated that Tagged.com had stolen “the address books and identities of millions of people” and as a result consumers had suffered by having their privacy invaded and being “forced into the embarrassing position of having to apologize to all their e-mail contacts.”

With some 80 million users, Tagged.com would seem to be a pretty successful social networking site that is only beaten by Facebook and MySpace on the membership numbers front. But Cuomo accuses it of tricking many of them into allowing access to their email contacts which were then spammed with promotional mail that appeared to come from the original user, who would have been known to the recipient of course. These messages suggested that someone had posted a private photo of friends online, when in fact no such photo existed according to Cuomo. Any attempt to access the photos which did not exist led to people having to sign up and become members of Tagged.com

Tagged CEO, Greg Tseng, has responded by way of blog postings in which he admits to being “dismayed” that Cuomo has issued an “inaccurate and inflammatory accusation” which, Tseng suggests, can only mean “they have not carefully reviewed the facts.”

Specifically, Tseng insists that Tagged has not raided email address books or spammed millions. He states that the ‘invite your friends practice’ has been “standard practice among all top social networks for over five years” and to compare it to spam and identity theft “generates unnecessary alarm among consumers.”

Tseng says that “Tagged users are given clear notice at every step of the registration process, if they choose to import and invite their contacts they must affirmatively enter their email password and are able to choose which contacts they do not wish to invite before any email invitations are sent from Tagged on their behalf.”

However, he does admit that Tagged began testing a new Tags photo-sharing feature based registration process in June which led to some members complaining that they had “inadvertently elected to send invitations to all the contacts they had uploaded.” Tseng insists that it learned from this feedback that it was too easy for people to unintentionally invite their friends to join them on Tagged and so stopped using that process.

Tseng is confident that once all the facts are reviewed the Attorney General will be able to “resolve this matter amicably” adding that “we realize that some were confused and accidentally agreed to invite their friends. We are truly sorry for any inconvenience or frustration that these people experienced.”

There was a huge fanfare of media attention yesterday as Google proudly announced that one of the longest beta tests in software history, well it certainly felt like that, had finally come to end. Yes, the GMail webmail application that was launched on April Fool’s Day way back in 2004 has finally emerged from it’s beta status. So why has it gone straight back into beta today?

Apparently not everyone is comfortable with losing the beta sticker from their GMail service, it makes them feel a little uneasy or something. So those obliging people at Google have added a ‘Back to Beta’ configuration setting for the app, under the GMail Labs tab, which according to the description that accompanies it “soothes the soul by putting the familiar beta sticker back on the Google Mail logo.” Sigh.

Meanwhile, back in the sane world, Google seems to be admitting that the decision to remove the beta tag from Google Mail was taken to appease the business customers who feel uneasy buying into the whole Google Apps thing when there’s a bloody great big ‘Beta’ sticker on one of the key parts. So maybe we haven’t escaped the insanity after all.

Matthew Glotzbach, Director, Product Management, Google Enterprise explains “Ever since we launched the Google Apps suite for businesses two years ago, it’s had a service level agreement, 24/7 support, and has met or exceeded all the other standards of non-beta software. More than 1.75 million companies around the world run their business on Google Apps, including Google. We’ve come to appreciate that the beta tag just doesn’t fit for large enterprises that aren’t keen to run their business on software that sounds like it’s still in the trial phase.”

What has the iPhone 3GS and the Palm Pre got in common? Yep, both seem to be somewhat tainted with buyer regret syndrome.

In the case of the iPhone 3GS there is the double whammy of battery life being rather shorter in use than expected together with the much reported overheating problems which can even apparently turn a white 3GS a fetching shade of pink.

But what about the Palm Pre, surely the hugely anticipated iPhone beater cannot be about to fall at the first hardware quality hurdle? Well according to reports coming out of the US where users have had a chance to play with the thing in earnest already, the news would appear to be yes it is.

Although Palm itself is keeping quiet about handset returns, assorted online support forums are starting to get noisy with complaints from users who are complaining that in the month since the Pre went on sale they have had problems with that large slide-out keyboard which looks so attractive to heavy texters and email users alike. These seem to revolve around it being wobbly and certain keys working loose very quickly. Some users are complaining that the device even shuts down when the keyboard slides out.

But the most noise of all would appear to be being caused by the case, which some users are reporting has poor sealing around the edge seams, and the screen. The screen being the most serious, not perhaps because of the ‘dead pixel’ complaints but rather of the folk who say it cracks very easily.

Reading the various forums makes for hugely interesting, if somewhat disturbing, reading. Especially when there are people who claim to be on their second, third and even fourth Palm Pre in the space of less than a month.

Of course, it is hard to know what to make of all this until Palm itself actually comments on the issue. The forum postings would seem to suggest, at the very least, that quality control could do with something of a kick up the arse to ensure that those units which are not 100% do not get sent out. The extent of the problems is proving just as hard quantify as the cause, with analysts claiming that the estimated return rate is well below average for a new smartphone.

You might think that it would be bad news for Palm, with so many problems being reported so quickly after launch. Yet the Palm Pre continues to get very highly rated reviews wherever they appear, and let’s not forget that the overheating iPhone fuss has not exactly slowed down sales of the 3GS which sold out last week in the UK and continues to be in very short supply, such is the demand for the device.

The silly thing is that when it comes to operating systems I tend to wait until the first service pack is available before taking the plunge and investing, safe in the knowledge that the initial bugs have been squashed at this point. Plenty of others do exactly the same. Yet when it comes to smartphones, well gadgets in general, I am just as likely as the next mug punter on the Clapham Omnibus to be lining up outside the Apple Store on the day of release with his hand wedged deep into his pocket fiddling with a huge wodge of cash.