Archive for the ‘Security’ Category

« Older Entries

Timico abandons Chinese expansion plans

Wednesday, February 3rd, 2010

With all the fuss in the press about Google and their possible exit from the Chinese market I got a timely email this morning from the (a?) Chinese Domain Name registry.

We are the department of registration service in China. we have something need to confirm with you. We formally received an application on February 03,2010, One company which self-styled “LSHB Technology PLC” are applying to register “Timico” as Network Brand and Domain Names as below :
“timico.asia
timico.hk
timico.in
timico.mobi
timico.net.cn
timico.org.cn
timico.tw”
After our initial examination, we found that the Network Brand applied for registration are as same as your company’s name and trademark. These days we are dealing with it, hope to get the affirmation from your company. If your company and this “LSHB Technology PLC” as the same company, there is no need reply to us, We will accept their application and will register those for them immediately.

If your company has no relationships with that company nor do not authorized, please reply to us within 7 workdays, if we can’t get any information from yours over 7 workdays,we will unconditionally approve the application submitted by “LSHB Technology PLC”. Thanks for your cooperation.

Best Regards,

Amanda Hua
Senior Consultant
PX-Dnr

I could respond to this in a number of ways, in the first instance by simply ignoring it as the clever marketing scam that it is. I could also reply politely telling them that I am flattered that Timico is sufficiently on the map to be imitated by organisations in other countries but to go ahead and sell them the domains. 

Alternatively I could put out a press release in support of Google with a public affirmation that Timico has pulled its plans to move into China. I can think of better places to start our overseas expansion anyway: the Maldives, the Caribbean (that’s Carrribbean to American readers), Wales. 

Only kidding.  We already operate in Wales…

  • Share/Bookmark

Posted in Security, internet | 4 Comments »

report your terrorist website

Tuesday, February 2nd, 2010

The Home Office and the Association of Chief Police Officers (ACPO) has launched a public reporting webpage (on the Directgov website) for terrorist-related material found on the internet.

The public can report URLs of suspected terrorist material direct to a police unit who will investigate. If the website is found to be in breach of the Terrorism Act 2006 the police will issue a Section 3 Notice to have the content modified or removed presuming it is hosted in the UK.

The type of content users may report can be found here on the Home Office website and the reporting page itself here.

As part of the fight against terrorism this must be good though I imagine it will be difficult to maintain an adequate level of publicity for the scheme so that people know where to look to report a website.

Also the savvy terrorist will use hosting provider in a country that doesn’t care or doesn’t have the same laws so unless this initiative was conducted on a global scale it will probably only have a small effect.

  • Share/Bookmark

Tags: , , ,
Posted in Security, internet, regulatory | 1 Comment »

Woke up this mornin and nearly got the IMP blues

Tuesday, November 10th, 2009

I woke up this morning (there’s a song there…) to the news from the Daily Telegraph that ” Government announced yesterday it was pressing ahead with privately-held “Big Brother” databases”.  This is the Interception Modernisation Programme that has periodically been in the news this year with general opposition and a subject I have posted on in the past.  It would indeed have given the ISP industry a headache.

I now hear a contrary position from the Guardian which tells me “Legislation to access public’s texts and emails put on hold. Widespread concern about the safety and security of communications data prompts Home Office rethink.”

My understanding is that it is the Guardian that is right on this occasion and that the Telegraph has tapped into the wrong wires. I imagine that the Labour party has enough on its plate in the run up to an election without further alienating the voters.

When they woke up this morning someone got their wires crossed and my head it felt confused, oh yeah. “  I think that’s what I was trying to say :-)

  • Share/Bookmark

Tags: , , ,
Posted in Security, internet | No Comments »

Government confirms it won’t mandate IWF list

Friday, October 23rd, 2009

Further to my post of a couple of weeks ago it has been confirmed that legislation is unlikely to be introduced to mandate support for the IWF blocking list.

Alan Campbell, Parliamentary Under-Secretary at the Home Office, said that it remains the hope of Government that the target of 100 per cent of consumer-facing ISPs operating a blocking list will be achieved on a voluntary basis in answer to a Parliamentary question by James Brokenshire MP this week.

Mr Campbell said that the Government recognised the work of the internet industry in reaching the figure of 98.6 per cent of consumer broadband lines being covered by blocking of sites identified by the IWF. It remains the Government’s hope, he added, that the target of 100 per cent of consumer-facing ISPs operating a blocking list will be achieved on a voluntary basis.

The ISPA met with Alun Michael MP on Monday to discuss this issue and it was agreed that ISPA was commited to the eradication of child abuse images in the UK and that it will continue to work with the IWF and Government to achieve this target.

The Parliamentary question can be found here.  Again thanks to Nick Lansman and his ISPA team for both this input and the excellent work they have been doing in the background on this issue.

  • Share/Bookmark

Tags: , , ,
Posted in Security, internet | No Comments »

New phishing attempt doing the rounds under guise of HMRC

Monday, October 12th, 2009

It amuses me more than anything to see phishing attempts hit my inbox though it does worry me that I will one day have this uncontrollable urge to click on the link provided.

Today’s, looking as if it had come in from Her Majesty’s Customs and Revenue, was mildly believable.  It is after all coming up to that time of year where we have to think about tax returns.

The message read:
Taxpayer ID: trefd-00000159883557UK
Tax Type: INCOME TAX
Issue: Unreported/Underreported Income (Fraud Application)

Please review your tax statement on HM Revenue and Customs (HMRC) website (click on the link below):

We caught this spam but it did attempt to get delivered to many Timico employees. For the safety of the reader I haven’t reproduced the link but I’d be mildly interested in a straw poll to see how many people got the email. And how many actually responded to it!

That’s not my taxpayer ID by the way :-)

  • Share/Bookmark

Tags: ,
Posted in Security | No Comments »

Internet security – a synonym for sleepless nights

Monday, September 7th, 2009

How do we sleep at nights? Everywhere I turn I seem to come across security issues relating to my use of the internet.

In catching up on my reading I find that a team of Japanese researchers have figured out how to crack the WPA encryption technology that up until now I had considered to offer my home wireless network a safe and secure browsing environment, at least from the next door neighbour.

As it is the wireless performance of my home router is suspect because I suspect that it is finds it harder to cope with WPA than the previously less secure but more performant WEP.

Next I’m writing a blog post and a security warning flashes up in front of my eyes on the Wordpress console telling me about a vulnerability in older versions of the blogging software that has caused some bloggers to lose large numbers of posts. Fortunately I am up to date with my patches.

One of my sons then complains that his website has been identified as a source of malware by Google. I investigate and find that indeed this is the case and remove the problem. His laptop, however, is a difficult kettle of fish to clean. It has conficker and some other nasties that won’t let any of the worm removal tools on to sort it out. So we are having to reflash his laptop and I then go around the house cleaning up all 12 memory sticks that the kids have in their possession (the fruits of a number of visits to trade shows :-) ) .

I could go on. It’s all very well for me though because I have dozens of highly skilled engineers sat outside my office door for who all this is bread and butter stuff. Our customers can also access these resources (for a fair price). The real problem is going to be for Joe Public who, as a consumer, is going to drown in the stormy seas of internet security.

Sorry if this one seems a little on the pessimistic side – it isn’t normally my nature.

  • Share/Bookmark

Tags:
Posted in Security | 1 Comment »

Email scams

Tuesday, June 9th, 2009

I went in to BBC Radio Lincolnshire this morning, as is my occasional wont, this time to talk about email scams. I am not particularly a security expert but I guess being in the ISP game I would get more exposure to this than your average Radio Lincolnshire listener.

It was all about phishing emails from people after your bank account details, and especially spoof emails notionally from people you know. As a bit of background research I googled “how to hack MSN” and I was astounded to find 952,000 websites on the subject.

Similarly there was plenty on Twitter and no doubt there will be stuff out there on Facebook and others. I didn’t follow more than a couple of links and the first article had already been removed. It does certainly highlight the vulnerabilities of the web.

I get phishing email daily, mostly caught in my spam quarantine folder, and all of which get ignored/deleted. I do get some very genuine looking spam though appearing to come from reputable contacts.  In one example a business partner of Timico’s had its contact databased copied a number of years ago.  I still get spam appearing to come from this partner.  There is nothing they can do about it. The data is gone.

I have never personally met someone who has been caught out by one of these phishing attempts. Not that is until last night when a friend rang me up and during the conversation mentioned that it had only just happened to him. He was busy and stupidly responded to an email and typed in his bank account details!

Luckily for him the bank spotted an unusual transaction and refunded the cash after calling him to check. It just goes to show how easily it can happen – to the unwary.

  • Share/Bookmark

Tags: , , , , , ,
Posted in Security, internet | No Comments »

Britain needs eJudge

Friday, May 15th, 2009

Had a meeting yesterday with the Police Central eCrime Unit in London together with a few other leading ISPs and content providers to discuss how the industry can help tackle eCrime.

Part of the problem is the speed at which things happen in the internet world when compared with the “good old fashioned” Old Bailey style of justice where response times are slow and delay is the norm . 

For example a police officer working on a case can take days for to obtain a court order requesting data on a suspect from an ISP.  In this time the gang has moved on and is lost to the justice system. A Communications Provider needs a court order to do this as providing such data without one is in breach of privacy laws, despite the cause notionally being a good one.

The solution is likely to be to put a system in place to speed up the process.  Whilst speed of communications between police and ISP could possibly be improved it seems to me that the whole area would benefit from specialist “eJudges”. 

An eJudge would be conversant with the  workings of the internet and being able to respond in real time to requests for Court Orders.  Such a judge would not have to sit in on normal court sessions.

The bit about understanding how the internet works is a real issue.  In recent times ISPs have been the subject of court orders requiring them to “remove certain websites from the internet”. 

Whilst an ISP can take down a site hosted on its own servers it can’t completely remove it from the internet because that site is likely to be cached in many places (countries) and could be easily replicated elsewhere.

In this instance the ISP would likely be in breach of the court order even though it had removed the offending site from its own server.

I realise that it is unlikely that a court would pursue the ISP in such a case but this does hilight the ignorance of  the judiciary in these matters.  

Rumpole of the Bailey is not equipped to cope with modern criminals and specialist eJudges would be a very cost effective solution.

  • Share/Bookmark

Tags: , , ,
Posted in Security, internet | No Comments »

Home Secretary announcement on Communications Data

Tuesday, April 28th, 2009

Big in the news yesterday was Home Secretary, Jacqui Smith’s announcement that the Government will not be creating a central facility to store details of our telephone and email communications.  It even made prime time BBC TV News. Instead the Government will pursue a strategy of getting individual Communications Providers to store their own customers’ information.

I wasn’t going to comment on this because there was so much press coverage, much of which included answering statements infrom the industry trade body ISPA which I had already had a hand in. It is however worth restating some of the points.

Firstly I am, as an individual, nervous about having all this information situated in a single central database.  It is a near certainty that at some time all of it will be compromised, either by negligence or by criminal activity. 

Secondly I think the Government is misguided if it believes that it will be able to excercise any sort of control over what happens on the internet.  Technology is changing so quickly that any system implemented by Government is going to be expensive whatever its purpose (monitoring/intercept, preventing P2P illegal downloads, preventing access to illegal websites, location tracking etc etc -) and would very quickly be out of date.  The costs of maintaining it would be a significant line item in any budget statement.

Moreover, based on track record, you can bet your bottom dollar that the time taken to implement any such a system(s) would be so long that it would probably have to be reinvented several times during its development and eventually end up in Regents Park Zoo in the White Elephant enclosure. 

PS I can see an idea for the next sci fi movie blockbuster here. It’s a cops and robbers story in cyberspace. Hollywood producers queue here :-)

  • Share/Bookmark

Tags: , , ,
Posted in Security, internet | 4 Comments »

European Commission forecasts 193 Billion Euro cost of cyber attacks on networks

Tuesday, April 14th, 2009

I note that the as cyber attacks on networks become more sophisticated the EC has forecast a 10% – 20% probability that telecoms networks will suffer a major breakdown within the next 10 years.  They have also estimated a potential global cost of 193 billion Euros as a consequence of such a breakdown.

To mitigate against such a scenario the EC is establishing a Public-Private Partnership for Resilience which “will help businesses share information with public authorities to ensure that adequate and consistent levels of preventive detection, emergency and recovery measures are in place in all Member states”.

I’m all in favour of this kind of thing though somewhat sceptical about its likely efficacy.  Industry is more likely in my mind to sort out its own shop through the likes of the IETF and LINX et al.

That said I do think that Government is goingto have to become far more deeply involved than it is in the internet space.  We are seeing it starting to happen and the Digital Britain Report (final report due out in early May which is light speed as far as Government is concerned) is part of this. 

It is easy to see that the potential cost of telecom network disruption could be huge.  I don’t know what the likely cost of last week’s BT fibre break in London is going to be but  just the costs of managing customer complaints would have been significant let alone the costs of the disruption to traffic. 

I missed out on a few news items to comment on last week due to being on holiday.  It’s good to be back though :-) .

  • Share/Bookmark

Tags: , , , ,
Posted in General, Security, internet | No Comments »

« Older Entries