STE WILLIAMS

LCC The UK seems to be hoping for some sort of lasting agreement from its gathering of governments and businesses at the London Conference on Cyberspace (LCC).

Speaking at the conference, Foreign Secretary William Hague said it was time to “build on our common interests, developing firm ideas and proposals with real political and diplomatic weight”, which would seem to indicate that the UK is hoping for some lasting agreements from the conference.

The LCC has been billed by the Foreign Office as the first step in a long process of getting governments and businesses to agree on how to promote and protect the internet, although whether any of accord the conference will be binding remains to be seen.

Hague also said that despite concerns about cybercrime, the internet shouldn’t be under government control.

“Nothing would be more fatal or self-defeating than the heavy hand of state control on the internet, which only thrives because of the talent of individuals and of industry within an open market for ideas and innovation,” he said.

“The internet must remain open and not become fragmented and ghettoised, subject to separate rules and processes in different regions set by isolated national services, with state-imposed barriers to trade, commerce and the free flow of information and ideas.”

However, cybercrime and the digital divide are both hampering this goal and action needs to be taken to help those countries that aren’t as well defended or internet-capable, Hague said.

He also echoed his statements from earlier in the conference that social media should remain free and open as well, despite their role in global unrest.

“We reject the view that government suppression of the internet, phone networks and social media at times of unrest is acceptable,” he said.

“Cultural differences are not an excuse to water down human rights, nor can the exploitation of digital networks by a minority of criminals or terrorists be a justification for states to censor their citizens.”

The LCC is taking place over today and tomorrow. A follow-up conference on cyberspace is going to be held in Hungary next year and in the Republic of Korea in 2013, according to the Foreign Secretary. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/01/internet_agreement/

LCC As various bods gather in London for a conference on cyber-security, leading online rights campaigners have penned a letter to Foreign Secretary William Hague urging the government to maintain freedom and privacy while promoting security.

“We call for the UK government to seize this opportunity to reject censorship and surveillance that undermines people’s rights to express themselves, organise or communicate freely,” the letter states.

Of particular concern to the e-activists, who include Cory Doctorow of the Electronic Frontier Foundation and Simon Davies of Privacy International, are new laws on filtering out porn and terrorist material that are now under government consideration.

The campaigning gang are upset over MP Claire Perry’s crusade to require Brit netizens to opt in to view online grumble flicks, which is currently working its way around Parliament, and the new PREVENT counter-terrorism strategy, which includes proposals that will similarly remove legal but undesirable content from the net.

The letter also shoots down the Prime Minister’s suggestion of a social networking crackdown, a move mulled in the aftermath of the summer riots, and more generally the government’s “plans for more pervasive powers to surveil and access people’s personal information online”.

Eleven groups are represented on the letter, including names from The Index on Censorship and openDemocracy.

It looks like Hague might be taking the arguments on board, kicking off the cyber-security conference with a speech railing against net censorship. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/01/internet_freedom_letter/

Part 1 It has been a year since I have talked about securing browsers against privacy invasion. In that time, things have got worse, not better. In addition to the threat of malware and malicious scripts, we have the frightening new evercookie.

Leaving the criminal misuse of tracking for a later date, there is plenty to worry about from the use – and misuse – of our personal data by legitimate organisations. Advertisers are getting aggressive, and the techniques in use require a stalwart defence if we hope to retain our privacy.

Hello Mr Yakamoto and welcome back to the GAP! How’d those assorted tank tops work out for you?

The most pervasive breach of personal privacy – and threat to online anonymity – is the omnipresent tracking of our every digital move by advertisers and the companies that sell ad space to them. Targeted advertising has already gone so far that it is entirely possible that Google, Amazon and Facebook know more about you than your own mother.

Last night I spent four hours discussing a piece of media distribution software with one of the company’s founders. We went off the rails a little, engaged in some blue sky thinking and came to the conclusion that with some minor tweaking, that firm is sitting on software nearly capable of delivering a Minority Report level of personalised advertising.

It was an interesting thought exercise, and frankly it’s a little scary that such a thing is possible simply by bolting together various different extant technologies. Government surveillance is usually the threat bantered about, but that isn’t a real concern to me. Governments are notoriously terrible at actually implementing technology.

The problem with this is that Mr Yakamoto may not want every website (or store) he visits to have such a personal relationship with him. Knowledge about what we purchase – or research online – when and from whom can have real world impacts.

Flaws in software can leave our entire browsing history vulnerable to malicious websites. Sometimes normally credible websites run by reputable companies simply give your information away.

Having your plans to join the surveillance society revealed inadvertently might not go over well at the next condo meeting. Your coworkers might become disgruntled were they to learn that you read books favouring a political party they despise.

Many of us still share information on our computers by having someone physically look at the same screen we see. The advertisements custom targeted at you can often be seen by those around you, inadvertently revealing more about us than we realise.

Would your employer be upset to see a message informing you about three replies in an advertisement for a job search site? And might there be an awkward moment when your shoulder-surfing girlfriend starts wondering why the advertisements on your nightly news sites have shifted suddenly from being predominantly about video games to predominantly about engagement rings?

What we buy, where and from whom is sensitive information. That this information is often combined with personally identifiable information such as our home address, phone number, credit cards, etc means that putting a real live person behind the data is not that hard. We don’t want to share that information with everyone around us, and yet we unknowingly do so every single day.

But how do they track us, and what can we do about it?

You best defence here is your browser. Since advertising tracking can come in many forms, you need a multitude of configuration changes or plug-ins to keep you safe.

Be wary however, even an up-to-date browser with a full suite of plug-ins – if improperly configured – can still reveal a remarkable amount of information about you. Take the time to run a test if you are concerned. If you use flash, you should go here and review your security settings.

Browser Referral

Every time you click a hyperlink on a web page, your browser sends information to the web server you are visiting. Included in this payload is the website you are currently visiting.

Traditionally, this has been an important source of information to virtually all website owners; it tells them how you found their website. It helps those running websites make the most out of limited advertising budgets and even keeps them informed of forums, complaint websites or news articles they have been mentioned on.

Lately however, more and more web users are becoming aware of the existence of browser referrals, and spoofing them. If you want to block websites from seeing your referral information, there are methods available. (IE, Safari, Firefox, Chrome and Opera)

Next page: Social media buttons and badges

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/01/how_to_stay_anonymous/

Researchers have devised a simple procedure that can be added to many electronic voting machine routines to reduce the success of insider attacks that attempt to alter results.

The approach, laid out in a short research paper (PDF), augments the effectiveness of end-to-end verifiable election systems, such as the Scantegrity and the MarkPledge. They’re designed to generate results that can be checked by anyone, by giving each voter a receipt that contains a cryptographic hash of the ballot contents.

The researchers propose chaining the hash of each receipt to the contents of the previous receipt. By linking each hash to the ballot cast previously, the receipt serves not only as a verification that its votes haven’t been altered, but also as confirmation that none of the votes previously cast on the same machine have been tampered with.

The procedure is intended to reduce the success of what’s known as a trash attack, in which election personnel or other insiders comb through the contents of garbage cans near polling places for discarded receipts. The presence of the discarded receipts is often correlated with votes that can be altered with little chance of detection.

The running hash is designed to make it harder for insiders to change more than a handful of votes without the fraud being easy to detect.

“This mitigation makes the attack far more difficult and makes it nearly impossible to alter more than a small number of votes,” Josh Benaloh of Microsoft Research and Eric Lazarus of DecisionSmith wrote. “This mitigation also offers additional benefits to many verifiable systems at minimal cost.”

Most verifiable election systems already include a cryptographic hash on receipts returned to voters, so the inclusion of a running hash should be relatively easy to incorporate, the researchers said. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/01/electronic_voting_fraud_mitigation/

Dozens of companies in the defense and chemical industries have been targeted in an industrial espionage campaign that steals confidential data from computers infected with malware, researchers from Symantec said.

At least 29 companies involved in the research, development, and manufacture of chemicals and an additional 19 firms in defense and other industries have been attacked since the middle of July, Symantec researchers wrote in the report (PDF) released Monday. The unknown attackers used back door trojans, including a variant of the publicly available Poison Ivy, to exfiltrate data from victims – including multiple Fortune 100 companies involved in the research and development of chemical compounds and advanced materials.

“These attacks are primarily targeting private industry in search of key intellectual property for competitive advantage, military institutions, and governmental organizations often in search of documents related to current political events and human rights organizations,” the eight-page Symantec report stated. “This attack campaign focused on the chemical sector with the goal of obtaining sensitive documents such as proprietary designs, formulas, and manufacturing processes.”

The campaign, which the Symantec researchers have dubbed “Nitro,” wasn’t disrupted until the middle of September.

The majority of infected machines found connecting to command and control servers were located in the US, Bangladesh, and the UK. Other infected computers came from an additional 17 countries, including Argentina, Singapore, and China.

Some of the attacks have been traced to a computer that acted as a virtual private server by an individual located in the Hebei region of China. While a person calling himself Covert Grove claimed he used the system for legitimate reasons, the researchers said his denial seemed “suspicious.”

“We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role,” they wrote. “Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties.”

The attacks typically begin with emails purporting to warn of unpatched vulnerabilities in the Adobe Reader program from the recipient’s IT department. When the recipient clicks on one of two files included, Poison Ivy or Backdoor.0divy is installed. Security provider Norman ASA has technical information about the malicious payloads here.

Several other groups that appear to be unrelated are targeting some of the same chemical companies with malicious documents that exploit vulnerabilities in Adobe Reader and Microsoft Office. As a result, the victims are infected with Backdoor.Sogu, the same custom-developed threat used to steal personal information from as many as 35 million users of a South Korean social network, the Symantec researchers said. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/10/31/chemical_firms_hacked/

Security researchers have identified malware that hijacks the resources of infected Macs to illegally mint the digital currency known as Bitcoin.

The DevilRobber.A trojan has been circulating on The Pirate Bay and other BitTorrent trackers, where it’s bundled with the Mac OS X image-editing application Graphic Converter, researchers from Sophos blogged on Monday. Like previous malware attacking Windows PCs, it commandeers a Mac’s graphics card and CPU to perform the mathematical calculations necessary to generate new digital currency, a process known as Bitcoin mining.

As researchers from rival antivirus provider Intego point out in their own blog post, Bitcoin mining is just one of the many activities performed by the recently discovered trojan.

“This malware is complex, and performs many operations,” they wrote. “It is a combination of several types of malware: it is a Trojan horse, since it is hidden inside other applications; it is a backdoor, as it opens ports and can accept commands from command and control servers; it is a stealer, as it steals data and Bitcoin virtual money; and it is a spyware, as it sends personal data to remote servers.”

In addition to hijacking a Mac’s GPU and CPU for Bitcoin mining, DevilRobber.A also searches an infected machine for any Bitcoin wallets. If found, the malware will purloin the digital currency. It also steals passwords, browsing history from Safari browsers, and data from Vidalia, a Firefox plugin used to communicate over the TOR anonymity service.

So far, DevilRobber.A has been installed on only a small number of machines. But it’s part of a growing wave of increasingly sophisticated malware targeting Mac users. Over the past month, at least two other OS X trojans have also been discovered, including Tsunami, which is derived from an earlier Linux-infecting backdoor called Kaiten, and Flashback, which was recently updated to make it harder for researchers to do reconnaissance on it. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/10/31/mac_os_x_bitcoin_mining_trojan/

The Mexican branch of Anonymous have threatened to expose members of Los Zetas unless the drug cartel releases a kidnapped member of the hacking collective.

In an ultimatum posted on YouTube, Anonymous threatens to publish data on cartel members and affiliates in Veracruz unless an unnamed male victim is freed by 5 November. The kidnapping happened during a street protest in the Mexican state of Veracruz, according to the video. The hackers threaten to expose journalists, taxi drivers and corrupt cops that have collaborated with the cartel.

The Zetas are one of the most notorious of several rival gangs of drug traffickers that have plagued Mexico over recent years. Over recent months, turf wars and escalating attacks have increased the death toll.

The Monterrey casino attack in August, which claimed the lives of 53 people, and the the 2011 Tamaulipas massacre, involving the mass murder of an estimated 190 plus abducted bus passengers back in April, were both blamed on the Zetas. Some Zetas members are former Mexican Special Forces soldiers, the US Department of Homeland Security warns. A woman from Nuevo Laredo, Marisol Macias Castaneda, 39, was beheaded for posting about the Zetas on a local online discussion forum last month just days after two bloggers were found hanging from a bridge in the same northern Mexican border city.

If Anonymous follows through on its threat to expose details of the Zeta’s operations, it will almost certainly result in further bloodshed. Analysts warned the Houston Chronicle that outing cartel members would leave bloggers and others more vulnerable to reprisal attacks by the cartel. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/10/31/anonymous_versus_mexico_cartel/

Check Point has acquired governance, risk management and compliance (GRC) firm Dynasec. Financial terms of the deal, announced Monday, were undisclosed.

The acquisition allows Check Point to extend its 3D Security line of firewalls and VPNs to add features that enable companies to “view security as a business process, focusing on policy, people and enforcement”, according to the Israeli security firm.

Functions of GRC technology include security policy distribution and response, IT risk evaluation and compliance dashboards, as well as security problem remediation. The market, fiercely competitive but not fully formed, has some overlap with the adjacent Security Information and Event Management (SIEM) market that has been a hotbed of acquisitions of late.

McAfee and IBM have both bought into the SIEM market with the acquisition of start-ups NitroSecurity and Q1 Labs, earlier this month, for example. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/10/31/check_point_buys_grc_firm/

Surprising no one, the Chinese government has denied that it had anything to do with the hacking of two US satellites in 2007 and 2008.

“This report is untrue and has ulterior motives. It’s not worth a comment,” commented Foreign Ministry spokesman Hong Lei at a Monday press briefing, reports Reuters.

The report to which Hong was referring was a draft of the annual report of the US-China Economic and Security Review Commission, which didn’t detail the exact natures of the hack of the two US satellites – Terra (EOS AM-1) and Landsat 7 – although it did note that “the responsible party achieved all steps required to command the satellite.”

“Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions,” the draft said. “Access to a satellite’s controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission.”

The report did not specifically specifically name China as the “reponsible party”, but it did point out that the Chinese military has discussed investigating how to disable enemy space-based observation systems, including “ground-based infrastructure, such as satellite control facilities.”

Frankly, if the militaries of all spacefaring nations aren’t investigating such possibilities, they should be denounced for dereliction of duty.

Neither Reuters nor The Guardian, which also reported Hong’s remarks, noted whether spokesman Hong was able to keep a straight face when he said: “China is also a victim of hacker attacks and we oppose any form of cybercrimes including hacking.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/10/31/china_denies_satellit_hack/

The Mexican branch of Anonymous have threatened to expose members of Los Zetas unless the drug cartel releases a kidnapped member of the hacking collective.

In an ultimatum posted on YouTube, Anonymous threatens to publish data on cartel members and affiliates in Veracruz unless an unnamed male victim is freed by 5 November. The kidnapping happened during a street protest in the Mexican state of Veracruz, according to the video. The hackers threaten to expose journalists, taxi drivers and corrupt cops that have collaborated with the cartel.

The Zetas are one of the most notorious of several rival gangs of drug traffickers that have plagued Mexico over recent years. Over recent months, turf wars and escalating attacks have increased the death toll.

The Monterrey casino attack in August, which claimed the lives of 53 people, and the the 2011 Tamaulipas massacre, involving the mass murder of an estimated 190 plus abducted bus passengers back in April, were both blamed on the Zetas. Some Los Zetas members are former Mexican Special Forces soldiers, the US Department of Homeland Security warns. A woman from Nuevo Laredo, Marisol Macias Castaneda, 39, was beheaded for posting about the Zetas on a local online discussion forum last month just days after two bloggers were found hanging from a bridge in the same northern Mexican border city.

If Anonymous follows through on its threat to expose details of the Zeta’s operations, it will almost certainly result in further bloodshed. Analysts warned the Houston Chronicle that outing cartel members would leave bloggers and others more vulnerable to reprisal attacks by the cartel. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/10/31/anonymous_versus_mexico_cartel/