Archive for the ‘Security’ Category

Facebook and CEOP collaborate on child protection

Friday, July 16th, 2010

The Child Exploitation and Protection Centre (CEOP) and Facebook announced an initiative that gives Facebook users direct access to CEOP’s advice and reporting centre from their Facebook homepage.

The initiative is not based on a standard panic button solution but on a CEOP Facebook App and a CEOP Facebook page. This means that only users who install the app will have direct access to CEOP.

I have met CEOP CEO Jim Gamble during the course of meetings between CEOP and the ISPA and understand the hugely difficult nature of their job. CEOP volunteer staff have to spend much of their time looking at horrendous photographic evidence of child abuse. It isn’t something that a person can do for too long due to the mental stresses involved.

The success of the whole Facebook initiative depends on whether or not the CEOP app becomes viral. To facilitate the distribution of the app, Facebook has agreed to support the initiative via an advertising campaign.

CEOP deserves your support.

  • Share/Bookmark

sms #phishing

Friday, May 14th, 2010

Had a couple of sms phishing attempts in the last couple of days:

“FREEMSG: Our records indicate you may be entitled to 3750 pounds for the Accident you had. To claim for free reply with YES to this msg.  To opt out text STOP.”

The each appear to come from a different mobile number.  Needless to say anyone getting one of these should just delete them.  I wouldn’t reply STOP. I don’t think there is anything we can do other than deleting them.  Unless you start gettign a lot of these message s it is probably too small a problem for the networks to take onboard. 

I wouldn’t be tempted to reply STOP.

  • Share/Bookmark

The Awards Dinners scam

Thursday, April 29th, 2010

I went to the Secure Computing Awards evening on Tuesday in London, coinciding with the infosec show.  The comedian was good. The company was good. Apart from the almost unbearable heat of the the venue what I really noticed was the scam that is the awards system.

This is how it works. There must have been 24 award categories with 4 or 5 companies shortlisted for most! The vast majority of these companies will have taken a table so that they could be there to collect their Award. The vast majority of them of course did not win anything. A table for ten will have been at least £1k each (not to mention the travel and accommodation costs). So whilst awards are free to attend there is a hidden cost.

Of course the winners get a gold badge and bragging rights which is why we all still do it. Fortunately for me the timing was good as I was going to be staying in London anyway.  My thanks to Omar Aguirre and his team at Optenet for their hospitality.

  • Share/Bookmark

cleanternet – you know it makes sense #debill #deact

Friday, April 23rd, 2010

This video is doing the rounds. It helps you understand why the web filtering aspect of the Digital Economy Act is a very bad thing.

http://www.cleanternet.org/

  • Share/Bookmark

Facebook messages bringing a link to a website with a virus – look out

Sunday, March 28th, 2010

Just seen a wall post on Facebook from a friend warning of a virus being sent out from his account.  Next minute I got a Direct Message from him with a link in it. Fortunately I had just seen his warning and was able to delete it. 

This is going to be a problem I can see. I wonder what can be done about it?

  • Share/Bookmark

New scheme for replacing copper with fibre

Tuesday, March 23rd, 2010

I note the new scheme for pressurising BT to replace it’s copper local access network with fibre has not been completely going to plan as thieves today accidentally stole lengths of fibre by mistake. Doh.

The gang, who must surely be Fibre To The Home activists, are obviously from a Rural Cadre. I can only think their education suffered early on due to not having access to the internet and they found it difficult to tell the copper (Cu) apart from glass (Si). 

Also their thinking is misguided if they think that BT will replace the stolen copper with fibre.  The BT insurance policy is almost certainly “like for like”. So stolen copper has to be replaced by more copper. Doh again!

In any case on this occasion they went and pinched some Virgin Media fibre in Leeds. Obviously couldn’t spell either!! BT – Virgin Media – hard to tell the difference eh?

There is of course a serious side to all this in that thieves are apparently going around stealing copper as it has doubled in value in the last year.  BT’s network is easy game. Thanks to @bungieboy for the lead via twitter and ElReg’s Chris Williams for the detail.

  • Share/Bookmark

UK cybercrime defences are good says House of Lords but Estonia’s are rubbish

Friday, March 19th, 2010

Doesn’t quite match does it? The House of Lords telling us that the UK has strong defences against cybercrime. It is quite possible that your average crusted baronet has no idea what cybercrime is.

I’m being a bit unfair here in the interest of humour.

This week the House of Lords European Union Committee published its report into protecting Europe against large-scale cyber attacks. The report looked into the resilience of Europe’s and the UK’s internet infrastructure which is deemed part of critical national infrastructure.

The report argued that there is a wide variation between Member States on this issue, with the UK having “sophisticated and well-developed defences to guard against attacked and disruption”.

Estonia however, and for example, which as a nation is heavily dependent on the internet, is knackered (my word not their Lordships) if subjected to even a minor cyber attack.

The Committee made a number of findings including: the public sector should take the initiative on how cyber-security could be developed on a global basis; EU and NATO should work closer together, and the Government should encourage this to happen; and the European Commission should propose establishing national Computer Emergency Response Teams (CERTS).

More here

  • Share/Bookmark

Timico abandons Chinese expansion plans

Wednesday, February 3rd, 2010

With all the fuss in the press about Google and their possible exit from the Chinese market I got a timely email this morning from the (a?) Chinese Domain Name registry.

We are the department of registration service in China. we have something need to confirm with you. We formally received an application on February 03,2010, One company which self-styled “LSHB Technology PLC” are applying to register “Timico” as Network Brand and Domain Names as below :
“timico.asia
timico.hk
timico.in
timico.mobi
timico.net.cn
timico.org.cn
timico.tw”
After our initial examination, we found that the Network Brand applied for registration are as same as your company’s name and trademark. These days we are dealing with it, hope to get the affirmation from your company. If your company and this “LSHB Technology PLC” as the same company, there is no need reply to us, We will accept their application and will register those for them immediately.

If your company has no relationships with that company nor do not authorized, please reply to us within 7 workdays, if we can’t get any information from yours over 7 workdays,we will unconditionally approve the application submitted by “LSHB Technology PLC”. Thanks for your cooperation.

Best Regards,

Amanda Hua
Senior Consultant
PX-Dnr

I could respond to this in a number of ways, in the first instance by simply ignoring it as the clever marketing scam that it is. I could also reply politely telling them that I am flattered that Timico is sufficiently on the map to be imitated by organisations in other countries but to go ahead and sell them the domains. 

Alternatively I could put out a press release in support of Google with a public affirmation that Timico has pulled its plans to move into China. I can think of better places to start our overseas expansion anyway: the Maldives, the Caribbean (that’s Carrribbean to American readers), Wales. 

Only kidding.  We already operate in Wales…

  • Share/Bookmark

report your terrorist website

Tuesday, February 2nd, 2010

The Home Office and the Association of Chief Police Officers (ACPO) has launched a public reporting webpage (on the Directgov website) for terrorist-related material found on the internet.

The public can report URLs of suspected terrorist material direct to a police unit who will investigate. If the website is found to be in breach of the Terrorism Act 2006 the police will issue a Section 3 Notice to have the content modified or removed presuming it is hosted in the UK.

The type of content users may report can be found here on the Home Office website and the reporting page itself here.

As part of the fight against terrorism this must be good though I imagine it will be difficult to maintain an adequate level of publicity for the scheme so that people know where to look to report a website.

Also the savvy terrorist will use hosting provider in a country that doesn’t care or doesn’t have the same laws so unless this initiative was conducted on a global scale it will probably only have a small effect.

  • Share/Bookmark

Woke up this mornin and nearly got the IMP blues

Tuesday, November 10th, 2009

I woke up this morning (there’s a song there…) to the news from the Daily Telegraph that ” Government announced yesterday it was pressing ahead with privately-held “Big Brother” databases”.  This is the Interception Modernisation Programme that has periodically been in the news this year with general opposition and a subject I have posted on in the past.  It would indeed have given the ISP industry a headache.

I now hear a contrary position from the Guardian which tells me “Legislation to access public’s texts and emails put on hold. Widespread concern about the safety and security of communications data prompts Home Office rethink.”

My understanding is that it is the Guardian that is right on this occasion and that the Telegraph has tapped into the wrong wires. I imagine that the Labour party has enough on its plate in the run up to an election without further alienating the voters.

When they woke up this morning someone got their wires crossed and my head it felt confused, oh yeah. “  I think that’s what I was trying to say :-)

  • Share/Bookmark