Cyber Crime Report
Times of India, NIE Times.
Are children safe in cyber land?
Focus on safety for young Internet users
Mumbai: A teenager from Bandra received e-mails from an unknown person with nude photographs of herself. She was terrified & embarrassed to tell her parents. Eventually they found out & registered a case with the Mumbai police, who brought the culprit to book.
With the Internet being an integral part in the lives of the young, parents have come to realize the potential pitfalls their children face as a result of cyber crime. While celebrating cyber safety week, the Mumbai police in association with Nasscom & software firm Computer Associates held a seminar, which focused on the effects of Internet exposure.
Demonstrating the dangers faced by children on the Internet, Ninad Karpe, managing director, CA made a presentation on how after typing the words animal, farm & horse in the Yahoo search engine, the fifth website found was a pornographic one.
Karpe spoke of how a CA researcher had logged into an Internet chat room pretending to be a 12-year-old girl named Priya. “There were at least 20 responses to the message. Some of them were so obscene that we had to log off the chat room within minutes.” Karpe said.
Joint commissioner of police, (crime), Meeran Borwankar while citing cases of exploitation & abuse on the net, assured parents that in cases where girls were stalked & threatened on the Internet, the case would be handled confidentially, & the identity of the victim would be concealed. In addition to sexual exploitation, Borwankar cited cases of Internet fraud & incitement on religious grounds via the Internet.
Borwankar urged parents to come forward & register cases of cyber crime involving their children. She said the cops would do their best to book the culprits.
The other speakers, however, dwelt on the manner in which the Internet was turning into an outlet to channelise creative energy. Recounting an incident where a boy was expelled for hacking into his school’s computer system & freely distributing copies of the history exam paper to classmates, psychiatrist Harish Shetty said the boy’s intention was not to cheat but to prove that the school’s system was not impossible to hack into, as was claimed by authorities. Fascist control of a child’s cyber habits is unhealthy, felt Shetty.
“Technology is magic,” he said adding however that it should not replace human contact. “Most children spend hours on the Net out of sheer boredom because studies & play are not as exciting or as desirable,” said Shetty, adding the net was not a source of pleasure for children but a way of escaping from every day life.
Vijay Mukhi, chair, e-security Initiative, Nasscom gave a demonstration of the ease with which a computer, or an Internet password can be hacked into. “There’s nothing terribly complicated about hacking,” he said & went on to show that by downloading a program called Pass ware it was possible to discover the password of all those who had used a particular computer before the hacker: by installing ‘outlook passbook recover’ it is possible to hack into Outlook Express of a person. “If you leave a child unattended with the computer, he is bound to discover these programs,” said Mukhi.
Times International 18-04-2006
Evil web around cyber stalkers’ victims
Months after President Bush Signed an Anti Stalking Law, The Problem Persists.
New York: Clare Miller, a 44-year old publishing executive, recently stripped her nameplate from the tenant directory at the entrance to her apartment building, where she has lived for more than 11 years. She has asked the landlord to disconnect the buzzer & is changing her phone number.
Drastic measures, all, for an otherwise cheerful & outgoing person. But Miller has been unnerved by a sudden &, since last September, steady on slaughter of unsolicited & lusty phone calls, e-mails & late-night visits from strange men – typically seeking delivery on dark promises made to them online by someone, some where, using her name.
She is being harassed – cyber stalked. The term has by now found its way into dozens of state legislatures, police reports & talk – show lineups, joining other unsavory by products of the Internet age. Three months ago, President Bush signed anti – cyber stalking legislation. But cases like Miller’s make it clear the problem is not easily legislated away & show how devastating it can be to individuals.
A profile posted at the “adult personals” site iwantu.com included Miller’s name, address, phone number; along with solicitation for suitors to call or drop by her home. “My name is Claire E. Miller;” the ad began. It concluded: “I can make you very happy & satisfied. In my den of love pad. "
The problem is only likely to grow, fuelled by the availability of personal data online & the huge growth in social networking & dating sites, attracting investment from companies. “Cyber stalking is the horror of the horror of the internet,” said Parry Aftab, an attorney & executive director of WiredSafety.org, a network of 9,000 volunteers who patrol the web & assist victims of cyber stalking, child pornography & other online ills.
Jayne Hitchcock, director of Working to Halt Online Abuse, an organization that assists victims of Internet harassment, says it is common enough, Participants in online fantasy football leagues angered by some nuance of the competition, silently turn on & anonymously harass one another, & in eBay auctions, either the seller or the buyer turns stalker, she said. They channel that “Internet road rage,” into a variety of anonymous vendettas.
After receiving informal requests for information about cyber stalking from the FBI & other law enforcement agencies, Hitchcock’s group began tracking demographic details in 2000. In February, the group – which she says handles an average of 50 new cases each week – released a five – year analysis of data on the victims &, to the extent possible, the stalkers. The data is sketchy; victims volunteered to fill out a questionnaire, & harasser data is, in most cases, provided by the harassed. But there are some insights. For example, increasing number of men appears to be applying for help, & overt threats of offline harm occurred in about a quarter of the cases last year. Some advocates of civil liberty have complained about what they see as overly broad language of the federal update, which prohibits not only anonymous communications intended to threaten, abuse & harass, but also those intended to “annoy” – a term that might characterize a wide range of anonymous Internet banter that falls far short of cyber stalking.
Others though have argued that the First Amendment would protect such banter, & only cyber stalkers have anything to fear. That is, of course, if they can be found.
Times International 26-04-2006
Law enforcement logs in to catch online criminals.
One winter morning in January, Sonia Malhotra, 18, simply vanished. Soon after the fact dawned on her parents, they realized that jewellry & cash worth Rs. 8 lakh was also missing. They couldn’t figure out why or where she might have gone. All they had was conviction that someone had sweet-talked their daughter into running away from home. Worried, but unwilling to invite publicity by going to the cops, the Malhotras approached Raghu Raman, CEO of Mahindra Special Service Group, a company that specializes in information security.
With no clues & no witnesses, the case seemed hopeless. That’s until Raman went through Sonia’s computer & saw MySpace.com in her Internet history. MySpace.com is a network developed by Microsoft to compete with social networking sites like Friendster, LinkedIn & Orkut. These sites let users create a network of friends & virtual discussion groups. They also let users share pictures & all kinds of information on the Internet.
“It was a stroke of luck”, says Raman. He spent the next few days browsing through the stored histories of Sonia’s online conversations. This helped him put together a list of suspects. He then mapped her online friends to her real life friends & colleagues. “That’s when we zeroed in on Mohit. He had this quirky habit of using a ‘~’ (the title character) at the end of each sentence in chat – we saw the same quirk in his office notes too”, says Raman.
Most people believe that on the Internet nobody knows who you are. But that’s not true. “Evidence can be gleaned from any type of device – numbers erased from a mobile can be retrieved, appointments stored on PDA’s can demolish alibis, even your search history can provide clues”, says Nandkumar Sarvade, DCP police & IIT engineer, who is currently on deputation with Nasscom (National Association of Software Companies).
One such instance was when a man was nabbed for poisoning his wife. What gave him away? His search history: he had been looking for “how to murder someone & not get caught” & colorless AND odourless AND poison” on the Yahoo! Search engine.
Using the Internet is not a new thing for crime investigators, says N.S.Napanai, a Mumbai lawyer who specializes in Internet crime, Police have been scouring web sites, blogs & online chat rooms for years. But networking sites are a treasure trove of information, especially since they give you the exact connection between individuals along with their pictures.
“Suppose you have a witness who doesn’t know the suspect. You can make them browse through these pages & create an instant lineup of suspects in most of the cases.” Says Napanai. “In fact, cops abroad have also started putting together the digital version of a suspect’s face using video surveillance footage & matching it with photos on networking sites”, adds Napanai.
But it’s not that simple either. You can’t convict someone just on the back of a photo on a networking site. Nevertheless, it is a good link in the chain of evidence.
The best part about sites like MySpace.com, Friendster or Orkut is that criminals themselves help you fit the jigsaw in place. They have become online counterparts of local addas where you normally find people bragging to their friends about their accomplishments.
On their part, social networking sites are more than willing to help the police. They help them connect back the information via a person’s Internet Protocol address. That’s a unique string of numbers assigned to each computer on the Internet. Cops used this tactic in tracking down the culprit in a gang rape case in Delhi this January.
The woman became ‘friends’ with one of the accused (Kapil) over Internet chat. He ‘invited’ her over to his place for a party. For the unfortunate woman, the party began with a couple of soft – drinks with Kapil & with his two friends & ended with her waking the next morning with a terrible hangover & the realization that she had been sexually assaulted by the men, who had laced her drinks with sedatives.
“But this is just the tip of the iceberg”, says Raman. “As more cops log on, investigate tactics will only get bolder.” A Mumbai - based detective already has two profiles on MySpace: one under his real name & one under a nick. He snoops around web sites, checking out local profiles for suspicious activities. “This helped me nab criminals & also predict socio-economic crimes by observing the patter of comments.”
Net Leads to self-destructive acts: (2 May 2006)
Times International
Spending a lot of time in Internet chat rooms can induce self-destructive behavior amoung young among people, says a study Janis L. Whitlock & other researchers at Cornell University, lthaca, examined normal behavior in chat rooms & the use of message boards by adolescents.They absorbed 406 message boards to investigate how adolescents solicit & share information related to self - injurious behavior. Females between 14 & 20 visited these bulletin boards the most. They found that online interactions provide essential social support for ortherwise iscolated adolescents, but the online boards could also encourage self - injurious behavior & add potentially lethal behviors to the repertoire of established adolescents self-injurious, said Whitlock.
BOYFRIEND FROM HELL
(Mumbai Mirror) 21 May 2006
Jilted lover puts girlfriend's pictures on adult websites with her cell number after she turns down his proposal
Danish Khan
Unable to handle rejection from his girlfriend, a 25-year-old man put up her pictures and her mobile number on several adult websites with the message that she was available for sex for Rs 200 per hour.He was arrested two days after the traumatised girl complained to the police.Shripad Muralidhar Thosar, the son of an affluent businessman and the victim had known each other for over a year and according to Thane crime branch, the two had an affair. "They used to hang around together in Kalyan, Badlapur and Ambernath," said an officer. But things began to sour when Shripad proposed to his girlfriend, who declined saying that she wasn't ready for matrimony. "There was an informal understanding between them about marriage but when Shripad proposed she backed off," says a Thane crime branch officer which is investigating the case. They had a huge fight after which Shripad posted her pictures which he had clicked when they were seeing each other and her mobile number on the sites. "He was proficient in the use of computers but we never ever imagined that he would do something so terrible," says Sunil Gupte, the victim's brother-in-law. Soon after the victim was flooded with calls from prospective 'customers' who refused to believe her when she told them that the picture and the message on the websites had been a mistake. When the calls became unbearable the girl confided in her parents who approached the Badlapur police on May 17. The case was transferred to the Crime Branch and within two days Shripad was arrested. "We had a clear lead because the girl told us that she had split from this boy recently under not very pleasant circumstances. We knew who we were looking because the pictures posted on the web sites were those that he had clicked. Once we found the cyber cafe at Ulhasnagar from where the boy had posted the pictures it was easy to track him," says an officer. Shripad who has been booked under section 506(2) for using defamatory matter and section 509 of the Indian penal code for outraging a woman's modesty, has been remanded to police custody for four days.
Mumbai Mirror, June 1, 2006
A Rape every half hour in India
The report by the National Crime Records Bureau says crime against women & children are on the rise.
New Delhi: In India, a woman is raped every half hour & is killed every 75 minutes, according to the latest report of the National Crime Records Bureau (NCRB), which will be submitted to Parliament in July.
The report, based on data, also noted that crime against children increased by percent in over the previous year.
Foeticide cases - usually a female foetus - rose by 50 per cent. According to the report, New Delhi is the most unsafe place for women. In 2004, it accounted for 30 per cent of all rapes recorded in 35 major cities.
A senior NCRB official though the statistics relate to 2004 - due to poor data collection by state governments - the trends are unlikely to have changed much.
India's National Commission for Women said the statistics were not surprising. "We have been fighting in many ways to improve their situation." said Yasmin Abrar, a member of the commission.
However, Abrar said the high crime figures also reflected better reporting of incidents."More cases are being reprted now. The overall crime data collection has improved over the years." she said.
Among other crimes, a murder occurs every 16 minutes, an attempt to murder every 19 minutes, a riot every 9 minutes & a kidnapping & abduction every 23 minutes, the NCRB said. Thefts occur almost every 2 mintues.
Conviction rates in India for serious crimes like rape are low because victims are often reluctant to speak out due to social stigma & because of shoddy investigation by the police.
Can the blogger be sued?
4th June 2006 (Sunday Times)
Indian bloggers are freely posting nasty swipes on the World Wide Web.
Sharmila Ganesan on why catching them red-handed is difficult.
As an alternative media for serious writers to pen their stories, blogging was touted as the next big thing in web space. But only few years after its birth, the phenomenon is fast generating into a tool to settle scores, abuse professional rivals & air controversial comments.
Irate college kids are blissfully venting their frustration against professors, toppers & even celebrities in a language mothers would not approve of. Corporates are hiring bloggers to abuse their rivals, in a professional fashion. They name people & indulge in online character assassination. One such paid blogger hurled a series of unmentionables in Hindi against a rival.
The option to remain anonymous only helps their cause. Recently, a man who has just started blogging found that someone else had been making unparliamentary comments on him on the blog &, strangely in his name.
Recently, Sania Mirza was the victim of one such fake blog where the man pretended to be her posted lurid comments.
“The repressed sexuality of Indians finds an outlet on the blogs”, says Pawan Duggal, advocate Supreme Court. If they have an axe to grind, they might even falsely accuse the person of sleeping with someone. There are cases related to tearing of personal reputations, traveling of scandalous allegations & postings. “In the coming times, blogging is likely to become a potent tool for corporate warfare,” says Duggal.
That recruiters are already looking at the Internet for sourcing background information of candidates gives a serious turn to the issue. Yet, since there is no separate law for blogs, not much can be done, says Internet expert Vijay Mukhi. In fact, people abroad have received flask for creating blogs & lost their jobs. There are cases against not just the blogger but also the reader, for the comments made on his blog.
In India, legal recourse against blogging is hazy. While the victim can sue the blogger & the website hosting the blog for defamation, there is no dedicated law for or against blogs. Only a generic remedy is available under the umbrella IT ACT of 2000 & the Indian Penal Code. If the blogger makes a defamatory statement, both the website hosting that blog & the blogger can be held responsible. In case of obscene language or images, the blogger can be imprisoned for five years & fined Rs. 1 lakh. Second conviction would double the penalty.
While registering the blogger has to give his particulars but these may be wrong. Identity thefts are common & the victim can sue the blogger for defamation under the IPC. Or report the matter to the local police. The police has the authority to deal with the case since the blogging is responsible for third-party information.
Also, if a server outside the country like blog.com, blogspot.com & blogger.com hosts the blog, there is a clause in the IT Act. It states that if any person committing an offence is stationed outside India, but the effects are felt in the country, he can be held.
But implementation, say experts, becomes difficult due to geographical reasons.
Also, given the sheer number & nature of blogs, it is impossible for the officials to govern the entire blogosphere. Blogherald.com puts the approximate figure of Indian bloggers at one lakh & speaks of a further rise.
Though cyber lawyers receive numerous complaints against bloggers, not many find their way to High Court. The Indian Institute of Planning & Management controversy is by far the only famous reported case. It started last year when a Rashmi Bansal, editor of JAM, a local youth magazine, conducted an investigation that exposed IIPM’s tall claims in its advertisements as false.
Through interviews with students, recruiters, school experts & campus visits, Bansal unearthed the scam. IBM employee Gaurav Sabnis, an ex-IIM Lucknow student, who provided the link to the article on his blog, lost his job after IIPM threatened to sue him for libel. Sabnis refused to remove his postings he stated that IIPM contacted his employer, IBM & allegedly threatened to publicly burn the IBM Laptop computers they had purchased from IBM unless the posts were removed. Though he says IBM did not pressurize him to remove the blogspot, he decided to quit his job, as he did want IBM to suffer bad publicity. A string of fake blogs decrying Bansal & Sabnis followed.
Is also raised the debate of whether a blog can be called a mainstream medium.
Report of Cyber Law & Cyber Crime by Miss Geetika
Simplymessages.com
Q.1. What is the introductory background for Cyberlaws ?
Since the beginning of civilization, man has always been motivated by the need to make progress and better the existing technologies. This has led to tremendous development and progress which has been a launching pad for further development. Of all the significant advances made by mankind from the beginning till date, probably the important of them is the development of Internet. To put in a common man's language, Internet is a global network of computers, all of them speaking the same language. In 1969, America's Department of Defense commissioned the construction of a Super network called ARPANET. The Advanced Research Projects Agency Network (ARPANET), basically intended as a military network of 40 computers connected by a web of links & lines. This network slowly grew and the Internet was born. By 1981, over 200 computers were connected from all around the world. Now the figure runs into millions. The real power of today's Internet is that it is available to anyone with a computer and a telephone line. Internet places at an individual's hands the immense and invaluable power of information and communication. Internet usage has significantly increased over the past few years. The number of data packets which flowed through the Internet have increased dramatically. According to International Data Corporation ("IDC"), approximately 163 million individuals or entities will use the Internet by the end of this year as opposed to 16.1 million in 1995. If left to its own measure, it is highly unlikely that such a trend can reverse itself. Given this present state of the Internet, the necessity of Cyberlaws becomes all the more important .
Q.2. Why is there a need for Cyberlaw ?
When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could transform itself into an all pervading revolution which could be misused for criminal activities and which required regulation. Today, there are many disturbing things happening in cyberspace. Due to the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace. Hence the need for Cyberlaws.
Q.3. What is Cyberlaw ?
Internet is believed to be full of anarchy and a system of law and regulation therein seems contradictory. However, cyberspace is being governed by a system of law and regulation called Cyberlaw. There is no one exhaustive definition of the term "Cyberlaw". Simply speaking, Cyberlaw is a generic term which refers to all the legal and regulatory aspects of Internet and the World Wide Web. Anything concerned with or related to or emanating from any legal aspects or issues concerning any activity of netizens and others, in Cyberspace comes within the ambit of Cyberlaw. The growth of Electronic Commerce has propelled the need for vibrant and effective regulatory mechanisms which would further strengthen the legal infrastructure, so crucial to the success of Electronic Commerce. All these regulatory mechanisms and legal infrastructures come within the domain of Cyberlaw.
Q.4. What is the importance of Cyberlaw ?
Cyberlaw is important because it touches almost all aspects of transactions and activities on and concerning the Internet, the World Wide Web and Cyberspace. Initially it may seem that Cyberlaws is a very technical field and that it does not have any bearing to most activities in Cyberspace. But the actual truth is that nothing could be further than the truth. Whether we realize it or not, every action and every reaction in Cyberspace has some legal and Cyber legal perspectives.
Q.5. Does Cyberlaw concern me ?
Yes, Cyberlaw does concern me. As the nature of Internet is changing and this new medium is being seen as the ultimate medium ever evolved in human history, every activity of yours in Cyberspace can and will have a Cyberlegal perspective. From the time you register your Domain Name, to the time you set up your web site, to the time you promote your website, to the time you conduct electronic commerce transactions on the said site, at every point of time, there are various Cyberlaw issues involved. You may not be bothered about these issues today because you may feel that they are very distant from you and that they do not have an impact on your Cyber activities. But sooner or later, you will have to tighten your belts and take note of Cyberlaw for your own benefit. For example, you may knowingly or unknowingly book a Domain Name, say http://www.xyx.com/ which may be the trade mark of any other company, person or legal entity in any part of the world, say B. Domain Names are given to you on first come first served basis. But you may be involved by the other party being B in a Cyber legal dispute which may allege that you are deliberately involved in the practice of Cyber squatting (the practice of knowingly registering the trade mark of any legal entity, company or person with the intention of holding on to it and thereafter selling the same to the said legal entity, company or person at a handsome premium). You may also be involved in Cyber litigation as the concerned party, B, may approach the World Intellectual Property Organisation (WIPO) for adjudicating the matter and WIPO by a summary procedure may direct you to relinquish and release the said Domain Name to B, the concerned party. Needless to say, it shall be incumbent on the concerned party, B, to produce all documentary and other evidence to substantiate its claim to the concerned Domain Name. This is just one of the many examples that show the importance of Cyberlaw for you .
Q.6. What is the general awareness about Cyberlaw today ?
Today, the awareness about Cyberlaw is beginning to grow. Many technical experts in the beginning felt that legal regulation of Internet is not necessary. But with the rapid growth of technologies and Internet, it is crystal clear that no activity on Internet can remain free from the influence of Cyberlaw. Publishing a Web page is an excellent way for any commercial business or entity to vastly increase its exposure to millions of persons, organisations and governments world-wide. It is that feature of the Internet which is causing much controversy in the legal community.
Q.7. Is Cyberlaw constantly evolving ?
Yes, Cyberlaw is constantly being evolved. As new and new opportunities and challenges are surfacing, Cyberlaw, being a constantly evolving process, is suitably modifying itself to fit the call of the time. As the Internet grows, numerous legal issues arise. These issues vary from Domain Names, to Intellectual Property Rights to Electronic Commerce to Privacy to Encryption to Electronic Contracts to Cybercrime to Online Banking to Spamming and so on. The list is very long.
Q.8. What is the stage of development of Cyberlaw today ?
Cyberlaw today, on a global scale, is at an early stage of development. Just as different civilizations and societies in history have taken time to develop and refine their legal systems, in the case of Internet too, it will take some time for Cyberlaws to be fully developed and refined. Different countries in different parts of the world are adopting their own strategies to this new field .
Q.9. What is an IP address ?
The Internet is a network of computers. Each computer on the said network has its own distinct entity and presence. That is the reason why every computer is given a distinct Electronic Address called the Internet Protocol address or in short IP address. This IP address is given by numerical values like 202.54.15.75. The IP address is just like any telephone number which identifies a particular computer on the Internet.
Q.10. What is a Domain Name ?
Since it is not possible to remember each and every numerical value of an IP address, the system of domain names evolved. Internet domain names, in a common man's language, are used as an easy-to-remember alias which point to a specific IP address. The dominant purpose of the domain name is simply to provide an easy method for remembering another's electronic address. It's a unique name used to identify, among other things, a specific Web site. Thus a typical domain name would be http://www.indiainfoline.com/.
Q.11. What are the components of a Domain Name ?
Any domain name consist of two components, namely the top level domain name(TLD) and a second level domain name. Thus in the said example, http://www.indiainfoline.com/, ".com" would be the top level domain name while "indiainfoline" would be second level domain name.
Q.12. What are the categories of Top Level Domain Names (TLDs)?
As on date, there are two categories of top level domain names. In the first category comes the domain names .com, .net, .org, .edu. When the system of registering domain names began, the norms were that the .com name is to be given to commercial organizations, while others such as .org, .net, .gov and .edu are to be assigned to non-commercial organizations, network providers, government agencies and educational institutions respectively. However, as time has passed, due to the enhanced volumes of domain name registrations, the said norms have been abandoned and today anyone can, without any restriction of any kind whatsoever, can register any domain name. The second category of top level domain names is the country code TLDs denoted by a two letter country code. For instance, the top level domain name for India is .in. The responsibility for assigning the same is given in each country to a specified country domain name registrar. In India, the TLD.in is registered by NCST at Bombay.
Q.13. Who registers Domain Names ?
The domain names were initially registered by Network Solutions only, who had the sole monopoly to register the said TLDs. This monopoly of Network Solutions continued for many years and only in 1999, the Internet Corporation Assigned Names and Numbers (ICANN) allowed other accredited registrars to register domain names. Today there are more than 100 registrars with whom one can register a TLD.
Q.14. What is the unique feature of Domain Names ?
The unique feature of domain names is that the said domain names are given on "first come, first served" basis. This feature of domain names gives rise to numerous legal issues and disputes. Thus the important thing in domain names registration is speed. To take an example, the domain name http://www.microsoft.org/ was available and was registered by Amit Mehrotra much before Microsoft Corporation could think of it. This led to numerous ticklish legal issues. Microsoft Corporation, despite having the trademark Microsoft, could not get the domain name http://www.microsoft.org/ because of the "first come, first served" criteria of domain name registration.
Q.15. How are Domain Names different from Trade Marks ?
To put it simply, Domain names are indeed different from trademarks. While it is possible that the same trademark may be registered by different persons in different categories and different lines of businesses, it may be possible to only register one domain name corresponding to such trademark. This aspect of domain names has led to numerous legal problems.
Q.16. What is Cybersquatting ?
Another legal issue surrounding domain names is that of Cybersquatting.Cybersquatting is the practice by means of which a person or legal entity books up the trade mark, business name or service mark of another as his own domain name for the purpose of holding on to it and thereafter selling the same domain name to the other person for valuable premium and consideration. Cybersquatters book up domain names of important brands in the hope of earning quick millions .
Q.17. What are the recent trends relating to tackling Cybersquatters ?
The Internet history has shown that while some corporate players have been willing to and have indeed coughed up money to get back their legitmate domain names, the recent trend is more towards taking the cybersquatters by the horns and fighting them out by legal processes. Courts throughout the world, including in India, have been proactive and have been granting injunctions to stop cybersquatters from operating their web sites.
Q.18. What is the latest most effective remedy against Cybersquatting ?
The latest breath of fresh air in the fight against Cybersquatting has been the Uniform Domain Name Dispute Resolution Policy which has been duly approved by ICANN. Under the said Domain Names Dispute Resolution Policy, a summary procedure is adopted to adjudicate the complaint of any complainant relating to any domain name on payment of processing fees. This policy has been in operation since the end of last year.
Q.19. Under the Uniform Domain Name Dispute Resolution Policy, have the Indian companies had any success ?
Under the said policy, Indian companies are also beginning to get back their legitimate domain names. The domain name http://www.theeconomictimes.com/ and http://www.timesofindia.com/ have been won back under the said policy. Two recent success for Indian Companies under the said policy include winning back the domain names http://www.tata.org/ and http://www.philipsindia.com/ by TATA and Philips India respectively.
CYBERCRIME
Q.20. What is Cybercrime ?
When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could also be misused for criminal activities. Today, there are many disturbing things happening in cyberspace. Cybercrime refers to all the activities done with criminal intent in cyberspace. These could be either the criminal activities in the conventional sense or could be activities, newly evolved with the growth of the new medium. Because of the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace. The field of Cybercrime is just emerging and new forms of criminal activities in cyberspace are coming to the forefront with the passing of each new day.
Q.21. Do we have any one exhaustive definition of Cybercrime ?
There can be no one exhaustive definition about Cybercrime. However, any activities which basically offend human sensibilities, can also be included in its ambit. Child Pornography on the Internet constitutes one serious Cybercrime. Similarly, online pedophiles, using internet to induce minor children into sex, are as much Cybercriminals as any others.
Q.22. What are the various categories of Cybercrimes ?
Cybercrimes can be basically divided into 3 major categories being Cybercrimes against persons, property and Government.
Q.23. Tell us more information about Cybercrimes against persons ?
Cybercrimes committed against persons include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail, and cyber-stalking. The trafficking, distribution, posting, and dissemination of obscene material including pornography, indecent exposure, and child pornography, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be overstated. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled.
Q.24. Is Cyber harassment also a Cybercrime ?
Cyber harassment is a distinct Cybercrime. Various kinds of harassment can and does occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial, religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes. Cyber harassment as a crime also brings us to another related area of violation of privacy of netizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes any other person invading the precious and extremely touchy area of his or her own privacy which the medium of Internet grants to the netizen.
Q.25. What are Cybercrimes against property ?
The second category of Cybercrimes is that of Cybercrimes against all forms of property. These crimes include unauthorized computer trespassing through cyberspace, computer vandalism, transmission of harmful programs, and unauthorized possession of computerized information.
Q.26. Is hacking a Cybercrime ?
Hacking and cracking are amongst the gravest Cybercrimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information. Coupled with this , the actuality is that no computer system in the world is hacking proof. It is unanimously agreed that any and every system in the world can be hacked. The recent denial of service attacks seen over the popular commercial sites like E-bay, Yahoo, Amazon and others are a new category of Cybercrimes which are slowly emerging as being extremely dangerous. Using one's own programming abilities as also various programmes with malicious intent to gain unauthorized access to a computer or network are very serious crimes. Similarly, the creation and dissemination of harmful computer programs or virii which do irreparable damage to computer systems is another kind of Cybercrime. Software piracy is also another distinct kind of Cybercrime which is perpetuated by many people online who distribute illegal and unauthorised pirated copies of software.
Q.27. What is Cybercrime against Government ?
The third category of Cybercrimes relate to Cybercrimes against Government. Cyber Terrorism is one distinct kind of crime in this category. The growth of Internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorise the citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a government or military maintained website.
Q.28. Is there any comprehensive law on Cybercrime today ?
Since Cybercrime is a newly specialised field, growing in Cyberlaws, a lot of development has to take place in terms of putting into place the relevant legal mechanism for controlling and preventing Cybercrime. As of now, there is absolutely no comprehensive law on Cybercrime any where in the world. This is reason that the investigating agencies like FBI are finding the Cyberspace to be an extremely difficult terrain. These various Cybercrimes fall into that grey area of Internet law which is neither fully nor partially covered by the existing laws and that too in some countries.
Q.29. Is there any recent case which demonstrates the importance of having Cyberlaw on Cybercrime within the national jurisdictions of countries ?
The most recent case of the virus "I love you" demonstrates the need for having cyberlaws concerning Cybercrimes in different national jurisdictions. At the time of the web publication of this feature, Reuters has reported that "The Philippines has yet to arrest the suspected creator of the 'Love Bug' computer virus because it lacks laws that deal with computer crime, a senior police officer said". The fact of the matter is that there are no laws relating to Cybercrime in the Philippines. The National Bureau of Investigation is finding it difficult to legally arrest the suspect behind the 'Love Bug' computer virus. As such, the need for countries to legislate Cyberlaws relating to Cybercrime arises on an urgent priority basis.
Q.30. What is the approach adopted by US Courts regarding Cybercrimes ?
The courts in United States of America have already begun taking cognizance of various kinds of fraud and Cybercrimes being perpetuated in Cyberspace. For the victims of various Cybercrimes, there is no one healing remedy. They can either file for civil damages or wait for the culprits to be nabbed and then to be tried under provisions, existing or envisaged which are not comprehensive at all. However, a lot of work has to be done in this field. Just as human mind is ingenious enough to devise new ways for perpetuating crime, similarly, human ingenuity needs to be channelised into developing effective legal and regulatory mechanisms to control and prevent Cybercrimes.
Q.31. Why do we need to fight Cybercrime ?
We all must remember that Cyberspace is a common heritage of ours which we have inherited in our life times from the benefits of ever growing technologies. This Cyberspace is the lifeline of the entire universe and given its irreversible position today, it is the duty of every netizen to contribute toward making the said cyberspace free of any trouble or cybercrime. To rephrase the famous words of Rabindra Nath Tagore in today's context, "Where the Cyberspace is without fear or crime and the head is held high, where knowledge is free, where tireless striving stretches its arms towards perfection, ….. into that cyber heaven of freedom, O my father, let our humanity
Only in Delhi
Mumbai Mirror, 19/09/2006
Romeos ruin women’s midnight march to protest sexual harassment; the invite to ‘come in something you wanted to wear on the streets but could not’ seemed irresistible as Romeos ‘leched’ at the protesters
IANS
New Delhi: A midnight march by women to protest against “touching, staring, groping, pinching and stalking” sounded heroic enough until the protesters ran into stalking Romeos lining up the path.
With 3,850 cases of violence, including 654 rapes and 197 sexual harassment complaints reported in the national capital in 2005, the event seemed the right way to highlight the women’s safety issues. But that was not to be.
The Night Action Plan I—as the event was christened—was organised by the Blank Noise Project. Their invite to “come in something you always wanted to wear on the streets but could not” seemed irresistible.
However, the protesters were “leched” at, ridiculed and booed along the three-kilometre stretch of the march—the first of its kind in New Delhi—that began at the Dilli Haat cultural complex and culminated at the Sarojini Nagar market. The organisers, who ran into trouble even before the roadside Romeos, managed to round up just 15 participants.
The protesters, in their spaghetti tops and accented English, made quite an impact on the streets.
Those who hadn’t turned up in a “mod and hep” attire seemed clearly overdressed. Armed with placards, posters and red arrow tags, the protesters split into groups of three and four and headed towards Sarojini Nagar, one of the city’s most popular middle class shopping area.
En route they discussed their harassment experiences on the streets even as the Romeos chased and sneered at the posters and stencilled messages against them.
There was Susan who had left her three children behind to attend the midnight march. When she was groped by a man on a bus as a child, she had burst into tears. “I want girls to put up a fight, not weep.”
Most of the participants were molestation victims. Abigail, an American who works for an NGO, said she refuses to make eye contact with Indian men. She has been sexually harassed in buses and markets. Abigail, who speaks fluent Hindi, said, “Often men abuse me in Hindi, thinking that I do not understand the language.”
Armed with placards and posters, the protesters and headed towards Sarojini Nagar, one of Delhi's most popular middle class shopping area. En route they discussed their harassment experiences even as the Romeos chased and sneered at the posters and stencilled messages against them.
Youth misuses classmate’s profile, posts lewd scraps
Friday, September 29, 2006 City
He is caught following the girl’s complaint
Nilesh Nikade
A Bachelor of Management Studies (BMS) student of Thane was arrested on Thursday for creating a classmate’s profile and uploading her picture with offensive messages on an online community site without her permission.
The cyber cell of the Thane police got into the act following a complaint by a girl that someone had created her profile on Orkut.com with her picture and posted lewd messages. Within 48 hours the culprit was nabbed.
Orkut.com is an online community that connects people through a network of friends. It is a popular site with collegians who register as members, create their profiles and upload their pictures. But it can be misused, as a Thane student found out to her utter disbelief.
When Sushma Sharma (name changed on request) logged on to Orkut.com, she received a scrap (Orkut comment) saying ‘Hi’ from a profile that seemed her own. This made her wonder since she never wrote it in her own scrapbook. Out of curiousity she clicked on the profile, and to her utter dismay she was flooded with vulgar comments and cheap descriptions about her. The profile also had her photograph and cellphone number.
After that she started getting vulgar phone calls and her friends also informed her about offensive messages put up on her profile. A harassed Sushma and her parents complained to the Vartak Nagar police station, who forwarded the investigation to the Thane Cyber Cell (TCC)."
Police Inspector Shekhar Tore of TCC who investigated the matter said, “The orkut server is located in Sweden and therefore it was difficult for us to get information about the person who created the profile. We traced the fake yahoo email ID created on Sushma’s name and then got information about its log-in details. The IP address details of this yahoo account led to Sumer Castle apartment in Thane’s Kolbad area and another cyber café nearby.
Abhishek, 19, a BMS student, first denied committing any such crime but soon confessed. “I don’t understand what happened to me. I just did it,” said Abhishek, who knew Sushama as her classmate in junior college.
He has been booked under IPC 469 (publicising offensive message) and Section 67 of IT Act, 2000. He can be punished with up to five years in jail. 
The Thane BMS student was arrested yesterday
According to Police Sub Inspector Ravindra Chavan, “Orkut users should not put up their photographs on the site. They should not reveal personal information in their profile. Also no cellphone numbers or identity should be mentioned in the scrap book, as it is open to all.”
Bloggers' rubbish
Shobhan Saxena
1 Oct, 2006
TIMES INTERNET NETWORK
Everyone has a story to tell, but everyone is not a natural-born storyteller. Everyone has a right to an opinion, but a lot of people confuse it with meaningless fuming and ranting. Everyone has a right to be stupid, but some people abuse the privilege. There are a lot of people who are sick and tired of having to eke their way through life. A lot of people are sick of being nobody. A lot of people's lives have been reduced to inconsequential chatter with their inconsequential friends. Their thoughts are someone else's opinions and their lives a second-hand mimicry of others' life. Such people form groups, stick together and find comfort in each others' miseries.
Almost all of us know and meet such people here and there -the man who talks about 'what's wrong with this country' at the local tea stall; the men who can explain the stock exchange fluctuations in local trains; the man on a flight who claims to remember every match played by the Indian cricket team since 1975; the socialite in a party who can talk about hair extensions and why all men are dumb and love-cheat rats; and the embittered people who hate everybody in their office but have secret handshakes with some.
They are interesting people. They think that they have something to say. They want to be read and heard and seen. But their aspiration is blocked by the obnoxious monster called the Editor and their high-voltage facts mixed with slam-dunk fiction, with a lot of typos and commas and semi-colons in wrong places, go down a drain called the Editorial Process. So they turn to blogging and take refuge under a series of posts on a web page in the form of a diary, with hypertext links to other such diaries. The bloggers love to attack those they hate: from McDonald's to Starbucks to Karl Marx to Mandal to Germaine Greer to the colleague at the next work station. Blogs are an online stream of consciousness written by people who believe that they are under orders from someone to change the world.
Good idea. But the pace at which the blogosphere is getting cramped with half-wits, religious maniacs, failed writers, sociopaths and cold-blooded killers, is scary. They all scream so loudly that those talking sense have to drop their decibel levels. Every 10 minutes, some three million new bloggers invade the WWW with a vengeance. It looks like revenge of the amateur who dreams of becoming a reporter. And that's a cause for concern. The editorial content - uncontrolled and unregulated - has made it free for all: In the UK, PayPerPost and Bloggers Republic offer such opinions that would invite legal suits in a newspaper; the US marines are using myspace.com for giving a positive spin to their stories from Iraq, and in Canada, an "angel of death" wrote a blog before shooting at 20 people. Forget wrong grammar and bad spellings, bloggers are now writing murders on the web.
Bloggers claim in their hifalutin tones that they want to give a voice to the voiceless and replace the newspapers with their journalism. It sounds good, but look at the way they are doing this. Their vision is apocalyptic and their language is acidic. It's good fun, but this is no journalism. Learning and mastering good journalism is tough. You learn it in libraries, on flooded streets, in front of a rioting mob, in the middle of crossfire between a militia and a military, in war trenches, in the corridors of power and in the hamlets of deprivation. Sometimes, a reporter walks for miles in an area ravaged by a tsunami to get one quote from the man hanging on to a tree for a week. Bloggers don't have to worry about such inane things. They can learn history and politics from google. They can get their facts from newspapers and then slam them with their half-baked opinions.
And no one can beat Indian bloggers when it comes to self-obsessed preaching, gossiping and bitching. The Indian blog which has made the most news, carries nothing but office gossip of the two leading TV channels. Called warfornews, it leaves nothing to imagination, not even the office memos which are also posted on the blog. They are like a lynch mob who will not spare you if you dare to cross them. If this is a new form of journalism then it'll make sense only to those who live in a post-modern bubble.
But the smart people in the corporate world have realised the uses of these mercenaries. They are looking for bloggers who are interested in being paid. Eager to make quick bucks, many have already boarded the train of paid bloggers, blowing away their claims of citizen-generated media, free from the restrictions of top-down "old media". Since there is no accountability and no audit, we don't really know which blogger is being paid by whom to spin what kind of "truth" on the web.
But we must give the devil its due. There are bloggers who are doing good work. From the war-zones of Iraq and Lebanon to the red-light streets of Sao Paulo, there have been excellent stories missed by mainstream media. On the BBC, Mukhtaran Mai's blog is a good effort. This amateur output is raw but written with emotions. It has clicked with people in the West as there is some distrust of large media networks, particularly television, that fails to distinguish between a bike accident on the road and a big war devastating a country.
In the West, blogs have become an outlet for the rage that people are no longer allowed to express in the actual world. But, in India, with a booming and vibrant media, journalism without an editorial process is a dangerous trend. It's easy to dismiss journalism as literature in a hurry, but blogging is just organised gossip.
FBI wants to keep tabs on ISP’s
Express Computer
Date 06/11/2006
FBI Director Robert Mueller wants Internet Service Providers (ISPs) to record the online activities of their users. Fierce debate is raging about individual privacy online in reaction to this proposal.
Law enforcement groups claim that most of the time they contact ISPs, but by that time, the customer records that they are interested in may have been deleted in the routine course of business by the ISP. It is not clear yet, what a data retention law would require. Although a proposal suggests co-ordination that goes beyond ISPs and requires registrars, the companies that sell domain names, to maintain records too.
Privately, the FBI and Department of Justice representatives also desire to force each engines to keep detailed logs. This proposal could gain support since the usefulness of such records has been proved in past probes.
To join D-gang, just log on to Orkut
10/12/2006
Mumbai Mirror
Ruhi Khan
Cops initiate inquiry after they find Orkut communities dedicated to Dawood Ibrahim, Chhota Shakeel, Abu Salem and Tiger Memon; say underworld has started using Orkut to hire recruits
Want to join the underworld? Log on to Orkut. The underworld recruitments have gone techie with aspirants using Google’s friendship portal Orkut to pick up their new hands, said a crime branch official.
“We found that a few sections on Orkut are dedicated to gangsters like Dawood Ibrahim, Chhota Shakeel, Abu Salem and Tiger Memon. So we have initiated an inquiry”, said Deputy Commissioner of Police (Detection), Dhananjay Kamlakar.
A community dedicated to Dawood has over 1,700 members.
A community dedicated to Chhota Shakeel has 82 members. One Ayaz Munaf Memon based in Pakistan is its owner. The community has several fans who discuss Shakeel’s moves and business with awe and admiration. “Such online communities could serve as a platform for youngsters to join the underworld,” said a crime branch official.
Ayaz has also begun another community highlighting the role of Abu Salem, with members also calling them his “idol”. Another community on Tiger Memon has fans supporting his role in the bomb blasts and expressing their desire to join him. Interestingly, some have even used the online communities to send marriage proposals to the gangsters.
The D-company community has over 1,000 members and another community dedicated to Dawood has over 1,700 members glorifying the don. Abu Salem and Tiger Memon also have a fan following with almost 70 members. Interestingly most of these communities are linked and cops believes that it helps the individual communicate with each other online and sometimes vital information is also shared through codes.
A prominent message on the community ‘D-gang’ talks about recruitments: ‘This community has ‘D’, it’s about ‘D’ company and bhais of ‘D’ company. So wana Join ‘D’ company. If yes then remember ‘D’ company has some rules...aur ‘D’ ka pehela rule ‘dhande main dost bhi dushman hote hai’.
One post on the site addressed to Dawood’s henchman reads, ‘which unit u work with bhai in gold man unit or Pakistan unit plz tell me how can I join’ while another post, allegedly by a D-gang man, tells the aspirants to ‘meet him at Regal Plaza Hotel in Dubai any time... secret baatein or posts net pe nahi batatay’.
Tiger Memon also has a fan following with almost 70 members
The Mumbai crime branch has started monitoring the communities on Orkut and have found that many users want to sign up for the gangs and use it as an interface for applications. The police also believe that the underworld has also started using Orkut to hire recruits.
Orkut has been in trouble in recent times over other communities as well. A community was said to refer to the Maratha King Shivaji in a derogatory manner.
Google, the company that owns Orkut, shut down this community after the complaint.
Noida student arrested for Orkut Prank
29/12/2006
Lalit Kumar
Times Of India
Noida: A class 12 student of a Noida school was arrested on Thursday for allegedly uploading an obsence profile of a class 12 student of another school on Orkut, an e-community.
The girl, a businessman's daughter resideent of IP Ex-tension in Delhi, has been in "clinical dpression" since she saw the profile earlier this week.
The accused, a resident of sector 19 and student of Marigold Puclic School, may face up to 10 years of imprisonment if convicted for cyber crime. Police are also questioning about half a dozen other students, to whom the accused sent messages from fake profile.
This is fourth case of cyber crime in Noida and Ghaziabad since August 4, 2006. Area DSP Dinesh Yadav who is personally investigating the case, said: "It is possible there may be more arrests in this case."
He added: "He started the fake profile, purporting to that of the girl, with ID pimp-shop-420@yahoo.co.in. He put the girl's original photo and some obsence comments. When he contacted some associates from 'her' ID, one of the associates reported the matter to her parents and others." On Wednesday, the girl's mother, a teacher complained.
One in ten Brits is a victim of online fraud
Express Computer 16/04/2007
More than one in ten, 12 percent of the UK’s Internet users fell victim to fraud over the last 12 months.
A study sponsored by the Government & industry online safety campaign, Get Safe Online, found that on average users lost £875 as a result of these scams, which hit an estimated 3.5m of the UK’s 29m adult internet users.
The survey of 2,200 adults suggests around 1.7m people in UK suffered fraud while shopping online, 1.5m experienced another form of general online fraud & 1.2m were subject to bank account or credit card fraud as a result of activity online. Some unfortunates were subject to more than one type of fraud over the past year.
Despite the attitude the Internet safety is someone else’s responsibility held by many a majority (53 percent) thought that there should be an ‘Internet safety test’ – much like the driving test – to ensure surfers are aware of the online risks & of their personal responsibility to stay safe. More than three – quarters of those surveyed (78 percent) felt that there should be lessons in schools to teach youngsters safe surfing tips.
Botnets could eat the Internet
Express Computer 12/2/2007
Vast network of compromised PC’s, used by criminals for sending spam & spyware & for launching Denial of Service (DoS) attacks, are growing at an alarming rate & this trend might harm the Internet. This warning was expressed by the Father of the Internet Vint Cerf at the World Economic Forum in Davos. Cerf has predicted that a quarter of all the PC’s currently connected to the Internet around 150 million, can be infected by malware such as Trojans. Around the turn of the year security experts were watching one specific botnet called Spam Thru. This botnet had its own ant virus protection to clear other botnets off its path. It also had the potential to be ten times more destructive than most botnets while evading detection because of in-built defenses. One of the most worrying things about Spam Thru is that the major strike in traffic towards the end of 2006 must have been merely to test the waters & worse could follow in the near future.
Apple sued by Cisco for logo duplication
Express Computer 12/2/2007
Apple has sued Cisco over the use of the iPhone trademark logo held by Cisco. Cisco in turn claims that they obtained the trademark back in 2000 after acquiring Infogear. Infogear had previously owned the trademark & had sold devices known as iPhones for several years. Linksys, a division of Cisco, has also been selling wireless products with the iPhone name with new products added to the line in December. The issue is currently being threshed out through dialogue. Cisco’s goal was to collaborate with the use of the trademark on different products by the two companies. Cisco is seeking injunctive relief to prevent Apple from copying Cisco’s iPhone trademark.
Cisco allows Apple to use iPhone name
Express Computer 19/03/2007
Cisco systems & Apple have agreed to share the iPhone brand name.
The settlement is expected to help both companies strengthen their positions in the increasingly fierce battle to deliver video & other applications directly to consumers at home.
Cisco’s lawsuit, which was filed last month in San Francisco federal court, threatened to derail Apple’s use of the iPhone name for its iPod-cellular phone gadget. Cisco has been using the trademark since last spring on a line of Linksys phones that make free long-distance calls VoIP networks.
The Lawsuit was filed on January 10, 2007 a day after Apple CEO Steve Jobs unveiled the iPhone, which operates over cellular networks instead of the Internet.
Apple initially called the lawsuit silly & argued that it was entitled to use the name because the phones operate over different networks & would not compete with each other.
New Hacker trick may expose Oracle databases
Express Computer 19/03/2007
It was previously thought that an attacker needed high-level privileges on the database to exploit the so-called PL/SQL injection vulnerability ties. With a new attack technique, that is no longer true.
Oracle is aware of the new attack technique. In the past, PL/SQL injection flaws often required a "create procedure" privilege on the database, which most users do not have.
Using the cursor injection technique, anyone who can connect to a database can exploit such flaws.
In the future Oracle should no longer list the privilege requirements as a mitigating factor of PL/SQL flaws. Such mitigating factors may lead Oracle customers to postpone patching, which puts them at risk.
New Computer virus threatens biz nets
Express Computer 19/03/2007
A disgruntled hacker with a personal grudge against Symantec, which provides anti-virus software to leading Fortune 500 companies, could be behind a new, crippling computer virus that has already hit a division of at least one big US corporation on Thursday.
If it spreads, technology experts warn the latest strains of the insidious RINBOT computer virus could hijack network systems of business worldwide.
Once it's in, the virus quickly spreads & takes over many computers with the intention of turning the network into a botnet, or a zombie network & executes its intention stealthily.
BBC strikes Google - You Tube deal
Express Computer 19/03/2007
Three YouTube channels - one for news & two for entertainment will highlight short clips of BBC content. BBC hopes that the deal will help it reach YouTube's monthly audience of more that 70 million users & drive extra traffic to its own Web site. Traffic to the new YouTube channels will also generate the corporation.
The deal with Google, non-exclusive & set to run for several years will establish three different YouTube services such as BBC, BBC Worldwide & BBC News. The news channel, which will be launched later this year, will show about new items.
Visa Security summit has some advice for everyone
Express Computer 02/04/2007
Visa held security summit in Washington, DC. The summit was a platform for some advice for others in the transaction chain.
Just one-third of the largest merchants -those processing more than six million transaction a year-comply with payment card security standards. Visa will offer incentives for compliance this year such as giving its lowest fees to that are complaint before October, plus it will levy fines for non-compliance.
eBay & its PayPal group is the favored target for pishers. To ensure that customers can identify legitimate eBay e-mails, the company includes a digital signature on everyone it sends. It's trying to convince Internet service providers to route only e-mails that contain the signature. Another measure is a PayPal security key that creates a random code to authenticate each transaction.
IBM & Cisco team up for disaster recovery
Express Computer 09/04/2007
IBM & Cisco Systems have partnered to provide an emergency crisis response program to keep data centers & business running in times of disaster.
IBM & Cisco announced the IBM Management Services for Crisis Response at the Federal Office Systems Exposition (FOSE) in Washington, DC.
The new service from IBM & Cisco is a combination of communications, collaboration & coordination technologies, plus satellite & wireless capabilities that are deployed via air or ground in any type of emergency.
This service will help business; governments & first responder organizations prepare, respond & rapidly recover from disruptive events ranging from security breaches.
Traditionally, business relies on an array of products to prepare for a crisis & is left to their own devices to integrate those components into their infrastructure.
IBM & Cisco's service supplies all the open, modular, wireless & standards-based commercial platforms that are often compromised during catastrophic event.
Defense intelligence agency boots search firepower
Express Computer 09/04/2007
Within the next month, the US Defense Intelligence Agency will expand its use of an emerging search technology that improves the ability of the military, defense policy makers, & combat strategists to make more informed decisions.
It's the latest step in the agency's efforts to move beyond basic keyword search engine capabilities & apply search technologies that better its personnel connect the dots.
Weeks from now the platform's reach will be extended to include intelligence gathered through the interception of radio & other signals & news feeds such as Reuters as well as message traffic from the State Department.
When searching for information, DIA personnel may have as many as 300 individual data feeds, databases, & data from other intelligence agencies that they will be able to access. The 20 sources available today through Endear represent more than half of all the agency's data, & the agency plans to add more over the next two years.
Cyber squatting complaints on the rise: UN
Express Computer 09/04/2007
The UN copyright agency saw a 25 percent increase in "cyber squatting" complaints last year.
The World Intellectual Property Organization also known as WIPO, which handles arbitration for more than half of the world's cyber squatting disputes each year, registered 1,823 complaints in 2006 alleging abusive registrations of trademarks as Internet domain names.
The complaints came mainly from IT companies, banks & the world's top pharmaceutical firms, as well as famous fashion brands & the entertainment industry.
The growing number of professional domain name dealers who use computer software that automatically registers expired domain names or temporally registers them without paying charges, is of concern to trademark owners.
Anyone can register a domain name for as little as a few dollars. The arbitration system, which started in 1999, allows those who think they have the right to a domain to claim it without a costly court battle or payment of extortionate fees to buy the name.
New Ajax Attack Poses Threat to Web 2.0 sites
Express Computer 09/04/2007
Widely popular Web sites using so-called Web 2.0 technology should take heed of a new attack aimed directly at them. Security researchers at Fortify Software, a security company at a new wave of Internet attacks targeting Web 2.0 sites & the Ajax applications that have helped make them so dynamic. Coined JavaScript Hacking, attackers go after vulnerabilities in major Ajax toolkits, allowing them to pretend to be victimized users gain access to sensitive information.
While the vulnerability is widespread, the attacks aren't yet, Chess said. But he's sure that they are taking place & he's also sure the problem will escalate.
Applications built using Ajax, or Asynchronous JavaScript & XML, produce richer & more dynamic Websites, like Google Maps, MySpace, Gmail & the Netflix site. The sites do a lot of work behind one form after another, & more about the application automatically giving the user the information that he needs. The problem is that Web 2.0 sites are vulnerable in a way that Web 1.0 sites aren’t.
JavaScript isn’t at fault, said Chess. It’s the way the browsers handle it, & nearly all of the Ajax toolkits are vulnerable, according to report from Fortiy.
2006: Year of Cyber Crime
Express Computer 19/2/2007
It was the year when Cyber Criminals targeted everything from MySpace to Wikipedia. Even a Web Site maintained by a Kentucky Boy Scout troop wasn't safe for casual browsing.
Computer - security experts said 2006 was also the year that hacking stopped being a hobby & became a lucrative profession practised by an underground of computer developers & software sellers. Like true business people, bad guys not only broadened their reach by attacking popular social networking sites, they also diversified their product line by launching attacks through popular software applications like PowerPoint & Adobe Reader & expanded their activities overseas. Software makers who try to stop online crooks say they are bracing for a new level of nastiness in 2007, including malicious Web sites that are booby trapped with software that automatically loads itself onto machine of users who simply visit a site.(Example Indiatimes Chat Room)
Other scams include combining a traditional pump-and-dump stock scam with the take over of online brokerage accounts & renting out vast networks of zombie computers, known as botnets, to other digital desperadoes. Some of the code is designed so that it automatically downloads itself the minute a user accesses a Web page. Other sites propmpt a user to accept what seems to be legitimate software but is actually a malicious program. Last summer, some MySpace users who has forgotten to patch the computers were infected by a banner ad that silently installed spyware on their computers, according to iDefense Labs, a division of VeriSign.
Flaws in Online banking
Express Computer 19/2/2007
A study produced jointly by researchers at Harvard & the Massachusetts Institute of Technology, looked at a technology called site - authentication images. In the system, currently used by financial institutions like Bank of America, ING Direct & Vanguard, online banking customers are asked to select an image, like a dog or chess piece, that they will see every time they log into their account.
The idea is that if customers do not see their image, they could be at a fraudulent Web site, dummied up to look like their bank's, & should not enter their passwords.
Havard & MIT researchers tested that hypothesis. In October, they brought 67 Bank of America customers in the Boston area into a controlled environment & asked them to conduct routine online banking acitivities, like looking up account balances. But the researchers had secretly with drawn the images. Of 60 participants who got that far into the stuy & whose results could be verified, 58 entered passwords anyway. Only chose not to log on, citing security concerns.
The system has some high-power supporters in the financial services world, many trying to comply with new online banking regulaions. In 2005, the Federal Financial Institutions Examination Council, an inter-agency body of federal banking regulators, determined that passwords alone did not effectively thwart intruders such as identity thieves. It issued new guidelines, asking financial Web sites to find better ways for banks & customers to identify each other online. January 2007 was set as the compilance date, though the coucil has yet to begin enforcing the mandate.
Viacom asks YouTube to delete pirated clips
Express Computer 19/2/2007
Viacom has asked YouTube to remove from its video-sharing site all clips pirated from Viacom-owned television networks.
Inspite of months of ongoing discussions with YouTube & Google, it seems that YouTube is still unwilling to come to a fair market agreement that would make Viacom content available to YouTube users. Filtering tools promised repeatedly by YouTube & Google have not been put in place, & they continue to host & stream vast amounts of unauthorised video.
YouTube & Google retain all of the revenue generated from the practice, without extending fair compensation to the people who have expended all of the effort & cost to create it. YouTube has subsequently agreed to remove more than 1,00,000 video clips produced by Viacom properties including MTV Networks, Comedy Central, BET & VH-1, according to a YouTube statement.
China detains six over 'panda' virus
Express Computer 5/3/2007
China has detained six men in their 20's for writing or profiting from a computer virus dubbed the "joss-stick buring panda" which has infected over a million computers.
The worm wreaked havoc among 2006 outbreak, deleting files, daaging programs and attacking web portals. It got its name from changing icons on desktops into cute cartoon pandas, the most famous of which holds three burning joss-sticks in his paws.
Chinese media have said tha the worm was able to steal account names of online gamers and instant messangers, which are hotly traded with real money in China's cyberspace. Police held Li Jun, 25 a native of Wuhan city in central China, who wrote the virus in October and had earned more than 100,000 Yuan ($12,890) by selling it to about 120 people. China's booming Internet is filled with technology savvy youngsters, but problems such as addiction to online games, hacking and virtual property theft are on the rise.
Router hack attack could expose home network users
Express Computer 5/3/2007
Home network users could be vulnerable to attacks from hackers who can alter the configuration of a broadband router or wireless access point.
According to Symantec's researcher's proof - of concept, the problem stems from inexpensive plug and play broadband routers. These devices are shipped from the factory with a default password that most home users would never think to change. Hackers, however, are aware of the risk these unchanged passwords pose, when combined with a Website that includes malicious JavaScript code.
The attack is twofold. First, the hacker creates a phony Web Page that inculdes the malignant JavaScript Code. When a home user views the page, the code running in the context of a Web browser, uses a technique known as Cross Site Request Forger and logs into the user's home broadband router. In general, these routers require password to log into.
However, as most people do not change the default password, and detailed information on the factory set passwords is readily available online, criminals can successfully log into the router. The JavaScript component of the attack can only work if the router's password has not been changed.
Surfing replaces rural coffee shops
Express Computer 5/3/2007
Online message boards and chat rooms are replacing rural coffee shops and feed mills as places for farmers to talk farming and trade tips as more of rural America goes online.
Fifty-one percent of U.S. famrs have Internet access, according to July 2005 report by the U.S. Department of Agriculture, up from 48 percent in 2003.
The popularity of online farm forums has grown as well. Some forums claim to have as many as 30,000 registered users. Enthusiasts say the forums have improved farm production and saved farmers precious dollars by helping them avoid costly mistakes in planting, fertilising, equipment buys and maintenance. And forums have enabled farmers - many of them miles from their nearest neighbor - to educate other build community.
Rural America has lagged behind the cities in Internet usage - especially broadband - because wiring the population - rich cities is more profitable and wiring the countryside more expensive due to long distances and natural barriers.
Privacy International criticizes Google
Express Computer 2/7/2007
London-based Privacy International has released a report that puts Google in a list of twenty sites that do not take consumer privacy seriously.
Google recently announced that it will store only 18 months of consumer search data and not 24 as it is presently doing but this is still dodgy. Every time you do a search on Google the search engine collects information about your interests and this can potentially be misused although the company swears that it does not pass on personal data.
Google constantly launches new services that broaden its appeal and give it access to yet more data—mail, documents and spreadsheets, checkout are some examples.
Google made a statement that said that the company was disappointed with the report and that it was inaccurate.
The report went so far as to state that no other company came close to garnering the status of “an endemic threat to privacy”.
Apple, AOL, Facebook, Hi5 were other sites that got flak. Microsoft was criticized for its past record. BBC’s online avatar and eBay got better reviews.
OpenOffice under attack across platforms
Express Computer 2/7/2007
Symantec has blown the whistle on a worm that spreads by means of OpenOffice.org documents and has the potential to attack Windows, Linux and OS X machines. Spotted last month, the worm is now being taken more seriously and is rated as a medium risk. It arrives as an OpenOffice file named badbunny.odg that launches a macro which carries the payload. Windows PCs are infected by dropping a file called drop.bad, which replaces the system.ini file in the user’s mIRC folder. A JavaScript virus badbunny.js is executed and it replicates to other files in the folder. On a Mac one of two Ruby script viruses are launched—badbunny.rb or badbunnya.rb. Linux PCs get XChat script badbunny.py and Perl virus badbunny.pl.
FBI tries to fight zombie hordes
Express Computer 2/7/2007
FBI is contacting more than one million PC owners who have had their computers hijacked by cyber criminals. The initiative is part of an ongoing project to thwart the use of hijacked home computers, or zombies, as launch platforms for hi-tech crime. FBI has found networks of zombie computers being used to spread spam, steal IDs and attack Web sites. It has been trying to tackle networks of zombies for some time as part of an initiative it has dubbed Operation Bot Roast.
This operation recently passed a significant milestone as it racked up more than one million individually identifiable computers known to be part of one bot net or another. Many people fall victim by opening an attachment on an e-mail message containing a virus or by visiting a booby-trapped Web page. Many hi-tech criminals are now trying to subvert innocent Web pages to act as proxies for their malicious programs.
Once hijacked, PCs can be used to send out spam, spread spyware or as repositories for illegal content such as pirated movies or pornography. Those in charge of botnets, called botherders, can have tens of thousands of machines under their control.
Operation Bot Roast has resulted in the arrest of three people known to have used bot nets for criminal ends. One of those arrested, Robert Alan Soloway, could face 65 years in jail if found guilty of all the crimes with which he has been charged.
For those without basic protections anti-virus companies such as F Secure, Trend Micro, Kaspersky Labs and many others offer online scanning services that can help spot infections.
Google backs green computer plan
Express Computer 2/7/2007
Search engine giant Google and US semiconductor firm Intel have thrown their weight behind a massive scheme to reduce carbon dioxide emissions. The ambitious plan sets out an industry-wide target to cut the amount of energy computers consume by 2010.
The scheme is expected to cut emissions by 54 million tonnes a year—equal to 11 million cars or 20 coal-fired power plants. Hewlett-Packard, Dell and Microsoft have all signed up to the campaign. Computers and other IT equipment have been blamed for causing as much global warming as the airline industry.
Utilities will be encouraged to offer rebates to consumers who buy the ‘green PCs’. Manufacturers who agree to the climate-saving program agree to design, produce and sell equipment that meet the US Environmental Protection Agency’s Energy Star standard of 80 percent initially. That will rise to 90 percent by 2010.
The initiative is an extension of the World Wildlife Fund’s Climate Savers program, which helps companies to reduce their harmful greenhouse gas emissions. Initial supporters also include Yahoo, Hitachi and Sun Microsystems.
Meanwhile in the UK, a new government taskforce has been formed to develop individual computers which use 98 percent less energy than standard PCs.
Safari for Windows Gets better security
Express Computer 2/7/2007
Apple has released Safari Beta 3.0.1 for Windows, an update to their recently-introduced Web browser for Windows XP and Vista. The new version is available for download from Apple’s Web site or through the “Apple Software Update” application (bundled with QuickTime or iTunes for Windows).
Apple CEO Steve Jobs introduced Safari for Windows near the end of his keynote presentation during this week’s Worldwide Developers Conference (WWDC) in San Francisco, California. Apple is releasing Safari for Windows in the hope of growing its market share in the browser market. Some market research pegs Safari in third place behind Firefox, with only the Macintosh market using it.
The public release of Safari 3 is a beta version—Apple has released it for trial purposes, with the intent of gathering feedback prior to its release. More details are available from the Web site.
The security improvements in Safari Beta 3.0.1 include correction for a command injection vulnerability, corrected with additional processing and validation of URLs that could otherwise lead to an unexpected termination of the browser, an out-of-bounds memory read issue, and a race condition that can allow cross-site scripting using a JavaSscript exploit. Apple notes that these security issues to do not affect the Macintosh version of Safari 3.
Spam disguised as an update from Microsoft
Express Computer 16/7/2007
Experts at Sophos have warned of a widespread attempt to infect e-mail users by sending them a warning about a bogus Microsoft security patch.
The e-mails, which have the subject line “Microsoft Security Bulletin MS07-0065” pretend to come from Microsoft, and claim that a zero-day vulnerability has been discovered in the Microsoft Outlook e-mail program. They go on to warn recipients that “more than 100,000 machines” have been exploited via the vulnerability in order to promote medications such as Viagra and Cialis.
Users are encouraged by the e-mail to download a patch, which it is claimed, will fix the problem and prevent them from becoming attacked by hackers.
However, clicking on the link contained inside the e-mail does not take computer users to Microsoft’s website but one of many compromised websites hosting a Trojan horse.
Private-eye hackers convicted
Express Computer 16/7/2007
Two police officers who moonlighted as private detectives have been convicted of bugging phones and hacking into computers on behalf of wealthy clients. Jeremy Young and Scott Gelsthorpe set up Active Investigation Services and ran a service dubbed “Hackers Are Us”. Gelsthorpe, of Kettering, Northants, and Young, of Ilford, east London, were convicted at Southwark Crown Court.
Gelsthorpe, 32, was convicted of two counts of conspiracy to cause unauthorised modification of computer material. He also admitted conspiring to defraud and cause criminal damage to property. Young, 39, had already pleaded guilty at the start of the trial to the same offences. Also convicted was David Carroll, 58, of Highgate, north London. But, two other men—Daniel Carroll, 36, from Westminster, London, and Maurice Kennedy, 58, of Barnet, north London—were acquitted.
AIS was set up in August 1999 by Young and Gelsthorpe, who were both serving Metropolitan Police officers at the time.
Gelsthorpe, who had been in the job for six years, was still on active duty while Young was on sick leave for depression throughout the time he was involved with AIS and only resigned after he was arrested. The pair made up fake names for themselves—Jamie Black and Sean Durney—to make their activities harder to trace. AIS offered many of the typical private investigation services including surveillance at £25 to £50 per man per hour. But they were dubbed “Hackers Are Us” in court for the “extras” they offered for a wealthy elite. They used illegal means to provide extra services for clients and had a price list for those services.
IBM launches the world’s fastest supercomputer
Express Computer 16/7/2007
IBM has launched the world’s fastest commercial supercomputer Blue Gene/P. Blue Gene/P is three times more potent than the current fastest machine, BlueGene/L, also built by IBM. The latest number cruncher is capable of operating at so called “petaflop” speeds - the equivalent of 1,000 trillion calculations per second.
Currently the most powerful machine is Blue Gene/L, housed at the Lawrence Livermore National Laboratory in California. Used to ensure that the US nuclear weapons stockpile remains safe and reliable, it has achieved 280.6 teraflops or trillions of calculations per second. The machine packs 1,31,072 processors and is theoretically capable of reaching 367 teraflops.
The standard one petaflop Blue Gene/P comes with 2,94,912-processors connected by a high-speed, optical network but it can be expanded to pack 8,84,736 processors. Codenamed Roadrunner, it will be able to crunch through 1.6 thousand trillion calculations per second.
The computer will contain 16,000 standard processors working alongside 16,000 “cell” processors, designed for the PlayStation 3 (PS3). Each cell chip consists of eight processors controlled by a master unit that can assign tasks to each member of the processing team. Each cell is capable of 256 billion calculations per second.
Another contender for top supercomputer has been unveiled by Sun. Its Constellation machine will be able to run at a maximum speed of 1.7 petaflops. The first Constellation machine called Ranger, is being put together for the University of Texas at Austin and will run at 500 teraflops.
Encrypting Passwords
Express Computer 6/8/2007
When it comes to choosing a password, you want one that is easy to remember and yet difficult to crack. There is a way by which one can create a complex password which remains easy to remember. Such passwords can be created using ciphering techniques using various algorithms.
This task sounds difficult and the average computer user might be baffled with such terms. A simple way of achieving this task is to automate it so that anybody can create a robust password. There are some Web sites that do this job of encrypting a simple password and making it difficult to crack. One particular site www.passwordchart.com makes use of encryption technology by taking a phrase that you key in and using it to generate a table which in turn is used to create a password based on a simple text that can be remembered easily. The resultant password generated is an alphanumeric string of characters.
This sort of ciphering basically uses a MD5 hash and it is a simple substitution cipher. For this, an MD5 hash of the chart selection phrase is performed and the first four bytes of the hash are used as a random number seed to a Mersenne Twister pseudo-random number generator. Next, the password chart is filled using sequences of one to three random upper and lower case letters and optionally numbers and punctuation by grabbing successive numbers generated by the Twister. The reason for the random sequence length is to make reversing the substitution cipher that much harder to do. Finally, the alphanumeric characters in the password are converted using the chart. This is basically a simple substitution cipher that can help people maintain relatively secure passwords. This process can be worked out on any computer. It also works offline if the chart generated is printed and preserved.
Google lemon
Express Computer 6/8/2007
Google appears to be quite serious about security. Cross site scripting (XSS) and other sorts of injection attacks pose a threat to Google. In order to deal with them, Google’s security team is developing a black box fuzzing tool called Lemon to automatically find XSS problems in applications. Do not expect to use this in-house developed security tool in the near future as Google plans to keep a tight lid on this effort.
Fuzzing, also known as fault injection testing, is a widely used technique in security circles to try and break down applications and expose flaws.
According to the blog of a Google developer, their vulnerability testing tool enumerates a Web application’s URLs and corresponding input parameters. It then iteratively supplies fault strings which designed to expose XSS and other vulnerabilities to each input; this analyses the resulting responses for evidence of such vulnerabilities.
Google Lemon can also determine other types of security issues such as cooking poisoning and response splitting attacks. Lemon is home-made and is being actively developed by Google to spot new attack vectors.
Google initially looked out for commercially available fuzzers in the market but later realised that its needs would be served best by developing its own product. Lemon is highly customised for Google apps and the company has no plans to market it externally.
In the recent past, Google has seen a number of serious XSS flaws, some of which included an AdWords flaw in December and a Google Desktop flaw in February that were publicly disclosed and originally discovered by third parties.
Anonymous Web search now a reality
Express Computer 6/8/2007
Privacy advocates have been raising a hue and cry about how Google and other popular sites store a user’s search history for months on end. Ask.com is the first to respond to this concern with a tool that lets you cover your tracks and do your Web searches in complete anonymity. AskEraser is the tool that lets you set your privacy preferences so that Ask.com does not store the history of what you have searched for. To ensure that users are aware of this, their privacy settings will be displayed on search pages. As to when this tool will see the light of day, expect a time frame of year-end for US and UK and early 2008 for the rest of us. Of course, if you do not choose to use the tool, Ask.com will do what other search engines do, viz., keep track of your search habits for a year and a half. What this means is if the government asks for information on who searched for what on Ask.com from a particular IP address, the site will not be able to comply as it will not store the information once a user chooses not to let it do so with the AskEraser tool.
Faster GPS on smartphones
Express Computer 6/8/2007
Nokia, the leader in mobile phones, now offers a service to trim the time taken by a GPS aware cellular phone to figure out where it is. Without this service, a N95 smartphone would take about three minutes to get its GPS in gear. With it, that time’s cut down to one minute. Shipments of phones with GPS are expected to go up by an order of magnitude by 2009 when compared to 2005 shipments. The conventional mechanism uses a telco’s cell sites to speed up location finding. The new service uses data from a SIM card and software to catch satellite signals. As GPS works with the help of satellites this is a good thing. While the N95 is at the upper end of the mobile phone spectrum, owners of mid-range phones need not despair as the Finnish firm will add GPS functionality to a broad range of phones and all these devices will be in a position to take advantage of this new service. Nokia’s entry into location finding has been facilitated by its acquisition of Gate5. It offers maps and routing for free and charges for navigation.
Firefox is big in Europe
Express Computer 6/8/2007
Firefox is making the big time, at least in Europe. With a jump of 3.1 percent of market share in 32 European countries over four months as per XiTi Monitor, the Web browser scored 21.1 percent of the market in the first week of July 2006. This July, that figure’s bumped up to 27.8 percent.
Microsoft continues to own two-thirds of the browser market but there are countries where Firefox is huge. Eastern Europe comes to mind, particularly Slovenia, Poland, Hungary and Croatia. An active community of users in these nations is cited as the reason behind Firefox’s success.
Firefox has gone from strength to strength. Two years back its share of the European market was 14 percent. That’s almost doubled now. At that time it was most popular in Finland and Germany.
The battle between the latest versions of Firefox and Internet Explorer has gone in Firefox’s favour this time around, albeit by a thin margin. As per XiTi Monitor, during the week of July 2 to 8, 2007, the average visit share in a European country was 23.1 percent for Firefox 2 and 22.6 percent for Internet Explorer 7. This, the research firm feels, is the result of Firefox users being quicker to upgrade to the latest version as opposed to those using IE who are still using older versions.
FBI uses spyware
Express Computer 6/8/2007
The US Federal Bureau of Investigation has used spyware to find out the identity of a person who sent bomb threats to a high school. The spyware known as CIPAV (Computer and Internet Protocol Address Verifier) is purported to be a Windows program that is transmitted through e-mail or IM. Once installed, it does a search of the hard disk and sends back names of running programs, Web browser data and registry information. At this point CIPAV starts recording sites that are visited but it does not monitor what is being communicated. As of now it is not known whether CIPAV can capture keystrokes. In the case of Timberline High School, the bureau used the IP address collected by CIPAV to figure out the identity of the ex-student who was making threats. This person had used no less than five GMail addresses and a MySpace account. To do this he logged in from three PC bots in Italy. The bureau had got Google and MySpace to hand over IP addresses and got those of the Italian PCs. At this point CIPAV was unleashed to after getting a search warrant. On previous occasions the bureau has used keyloggers that had been directly installed onto target PCs. CIPAV with its action at a distance is something new.
Wi-Fi’s free for Londoners
Express Computer 6/8/2007
With the launch of a free metropolitan Wi-Fi network in the city of London, city dwellers can log on from anywhere without having to pay for their pleasure. This is a joint undertaking of Free-hotspot.com and MeshHopper. A 13.6-mile stretch of the river Thames that runs through the city is unwired for free. MeshHopper has a fee-based Wi-Fi network that covers the same area. The business model of the free network is, as you would expect, advertisement-based. To get free access you have to view an advertisement of 15 to 30 seconds every 15 minutes. The alternative is to fork out 2.95 pounds per hour or 9.95 pounds a month. Also the freebie is slower at 256Kbps as opposed to double that speed with the paid for version. The network will be extended to 22.3 miles by August. Earlier, a free Wi-Fi network in the city of Norwich had been launched with support from the local council. Manchester is slated to be next. A similar network is being set up in Paris where Alcatel-Lucent and mobile operator SFR are working together to offer free wireless access to people in the capital of France. Many American cities offer either free or subsidised Wi-Fi access with San Francisco and Mountain View being among their number.
Canada to apply levy to iPods
Express Computer 6/8/2007
With the Canadian Copyright Board has not only upheld a levy on iPods to compensate copyright holders for losses due to piracy, it has also stated unequivocally that it believes that this levy can be applied to other devices as well, including cellphones and computers. It has said that a thing that is ordinarily used by individual consumers to make private copies should not be excluded from the private copying regime for the sole reason that it has other uses.
While the decision is likely to be appealed, it is perhaps a sign of the times. As peer-to-peer downloading continues unabated and, in fact, keeps on growing, alternative revenue models are being sought. The private copying levy is one such model. However experts feel that for a levy like this to make sense, it would have to address downloading and uploading. Meanwhile the levy is proving unpopular and pressure is building for a fair use provision. Fair use covers the usage of copyrighted content in small measures and is the basis of sampling in the music business and the usage of excerpts by reviewers among other things.
Office 2007 as an application platform
Javed Sikander, Director Industry Architecture, Microsoft Corporation talks to Express Computer about the concept of Office Business Applications (OBA), how ISVs are entering into partnerships with Microsoft to create an ecosystem for Office 2007 as an application platform and the competition Redmond faces in this space.
Javed Sikander
The concept of OBA
There is a lot of complexity at the back-end creating a results gap between personal and business productivity. Our goal is to extend the power and familiarity of Office to back-end line-of-business (LOB) systems.
Conventionally companies have taken data from LOB systems and put it in Excel to analyze it and then taken the data back to the LOB system. With OBA we directly link Office clients to the LOB system.
Using SharePoint with Workflow Foundation it is easy to create an Excel report, send it to a particular user for review and then to another for approval using Workflow Foundation with SharePoint Server.
User Interface Extensibility
Developers can extend the Office 2007 User Interface (UI) and make it context-sensitive using Visual Studio tools for Office 2007. For instance, take the case of a user viewing a Purchase Order notification in Outlook. The developer can add buttons to the Ribbon UI and open a custom task pane that lets the user do stuff that would normally require you to open a LOB application.
Business Data Catalog
The Business Data Catalog (BDC) lets you model entities like customers and suppliers. You can feed the model through a Web Service or an ADO.NET connection and feed it into a Web part on the client side.
Familiarity breeds adoption
By putting the Office Ribbon UI in front of a LOB system you can drive adoption.
A lot of unstructured activities on any business process get done in Excel or Word. You can capture these activities and extend the LOB.
Partnerships
We are doing Duet with SAP. You can push data from SAP into Outlook, including real-time reports from ERP and queries from SAP NetWeaver BI.
We are also working with partners who are creating vertical-specific solutions. The source code for these sample apps is available. OBA Central is a portal for OBA related information.
What it takes
There are different levels of OBA. You can simply visualize information from the back-end system in Office clients. Or you can set up collaboration outside the back-end using SharePoint. SOA is about decomposing IT assets into sets of common services and rationalizing these. You model complete business processes as composite applications consuming services from the back-end.
Does it work with older versions of Office?
Some partners are building OBAs for Office 2003. The concept works for Office 2003 as well with Information Bridge Framework, Visual Basic for Applications and Smart Tags.
Market opportunity
Building customized applications has become easier. If you buy ERP and implement it, five years later your business has evolved and IT is busy catching up.
Competitors
There is no complete platform that matches OBA point-for-point. SharePoint would compete with Documentum or Filenet. There are EAI platforms like WebSphere and WebLogic. When it comes to client-side extensibility there is no one else. In composite applications, SAP has NetWeaver but it only supports SAP-centric applications. We have a vendor-neutral platform.
Office as a platform
Office has evolved into a platform. Our partners need to start building expertise around it. SharePoint adoption is going through the roof and you need SharePoint specific practices. Bringing the power and familiarity of Office applications is a win-win for Microsoft, our customers and partners.
Express Computer - 11/6/2007
Facebook launches Facebook platform
In a massive developer evnt in San Francisco, Facebook officially launched Facebook Platform. A number of third party applications were also announced, including Microsoft, Amazon, Slide, RockYou, Box.net, Red Bull, Washington Post, Project Agape, Prosper, Snapvine, iLike, PicksPal, Digg, Plum and others. Seventy companies in total are currently developing applicaitons.
Facebook is giving an unprecedented amount of access to developers. The API would allow, for example, a third party to recreate Facebook Photos, the most used photo application on the web. Users could then remove the default Facebook Photos and install the third party version instead.
Applications can serve their own ads and/or conduct transactions with users. Ads can basically be shown anywhere that Microsoft ads are not currently shown.
There will be a special applications area on Facebook where users can browse and add third party apps. But there is also a crucial viral component - when a friend adds an application, it is noted in their news stream on their profile. Clicking on the item brings you to the app, where you can add and/or interact with it yourself.
Users will also be adding applications to their site, where others can click and add it to their own profile. The apps will essentially look like any other Facebook application.
The payoff is two way. Not only do developers get deep access to Facebook’s twenty million users, Facebook also becomes a rich platform for third party applications.
Facebook’s strategy is almost the polar opposite from MySpace. While MySpace frets over third party widgets, alternatively shutting them down or acquiring them, Facebook is now opening up its core functions to all outside developers.
Express Computer - 11/6/2007
IPv4 unallocated addresses to be exhausted by 2010
The American Registry for Internet Numbers (ARIN) published a resolution that its Board of Trustees had passed on IP number availability. The resolution says that since IPv4 addresses are running out, ARIN should take any and all measures necessary to assure veracity of applications to ARIN for IPv4 numbering resources and encourage migration to IPv6 numbering resources where possible. People occasionally provide fraudulent information to ARIN to obtain address space, and as the amount of IPv4 space remaining decreases, this could happen more often. Therefore, the Board of Trustees wants ARIN staff to focus on preventing registration fraud. Most people and organisations connected to the Internet, be they consumers, ISPs, or content companies, are much more interested in what’s in their best interests. By and large, they’re happy to stick with IPv4. Despite the best efforts of organizations like ARIN, the simple fact is that, compared to IPv4, IPv6 gives you access to very little content and very few users. So far, nobody has been able to get past this issue, although the IPv6 experiment proposes to change this by giving away free access to “10 gigabytes of the most popular ‘adult entertainment,’” but only over IPv6.
According to ARIN’s statistics, 19 percent of the IPv4 address space is still available, with 13 percent unavailable and 68 percent “allocated.” The group is reluctant to make predictions on when the supply of IPv4 addresses will run out, choosing instead to monitor distribution and consumption trends so that others can do the predicting. It’s certainly possible that the remaining 48 blocks of 16.78 million IPv4 addresses in the global pool will be used up by 2010. However, ARIN and its counterparts across the globe each hold about two years’ worth of address space to allow for day-to-day operation. This brings the total amount of free address space to the equivalent of 72 blocks. In both 2005 and 2006 ten of those blocks were used up, but so far this year, the rate of usage seems to be increasing somewhat.
Express Computer 11/6/2007
Symantec update crashes Chinese computers
Windows components were mistaken to be malware upon a flawed signature update by Symatec’s Norton anti-virus product.
The Norton AntiVirus product from Symantec picked up a bad update file on May 17. In turn, thousands of Windows users found their machines crippled by the new signatures, Chinese publication Xinhua reported.
Norton diligently wiped files from updated computers in which the update file pegged a couple of vital components, netapi32.dll and lsasrv.dll, as being malicious content. This resulted in systems crashing with recurring problems after rebooting.
A company spokesman cited in the report said that Symantec was working on a solution to the issue. Affected by last week’s update are Windows XP machines with Norton AntiVirus, running Microsoft’s simplified Chinese version of that operating system. Several installations of that combination exist in China and most systems falling victim are grabbing the bad update file.
Express Computer, 11/6/2007
USB Worm has a taste for Firefox, YouTube
A USB worm found by FaceTime’s research team has been discussed by Chris Boyd, known to security pros as Paperghost.
USB drives are the 21st Century equivalent of the floppy disk, and they are proving just as troublesome when it comes to spreading malware.
It was shown by Boyd that the USB worm variant uses an autorun.inf file to spread onto a machine once the drive is connected. This variant puts up annoying messages when someone launches the Firefox browser, which the worm then closes.
In addition, even switching to Internet Explorer to connect to Orkut or YouTube brings up similar messages about which state the site has been banned in. Boyd also revealed how some of the files associated with this worm are designed to look like .exe files on the desktop.
Google under EU scanner
According to EU advisors, Google is violating European Union privacy laws by storing user information on customer queries for prolonged periods of time.
An independent European Union committee has been set up and begun an investigation in order to determine whether Google follows the privacy guidelines set by the EU.
This 28-member panel, which advises the European Commission and EU governments on data protection issues, is demanding that Google address concerns about its practice of storing and retaining user information for up to two years.
The information preserved by Google includes items such as any search terms typed, addresses of the Internet servers, and personal information contained on identifier programs, better known as cookies.
The standard information is retained from everyone who uses the search engine but the privacy groups are now concerned the data is being used to create profiles.
In Europe and the United States, regulators are claiming that the Google as well as rivals Microsoft and Yahoo might be on lines of violating Internet users' civil liberties by using stored information for click based advertising model.
In recent times, this California based company purchased online advertiser DoubleClick for $3.1 billion.
Although Google has initiated personalisation efforts, it's an industry-wide issue. It is not only Google, but because of their size and popularity, they have been at the centre point of this debate.
Google is expected to respond to the charges before the June meeting of the advisory group.
According to Google, respecting user privacy and balancing a number of important factors, such as maintaining security and preventing fraud and abuse are important aspects of their commitment.
The EU move comes due to a consumer group's request to the Federal Trade Commission for an investigation of Google's privacy protection policies which was spurred by its proposal to buy DoubleClick.
Google is often a target because of the amount of information the company has amassed gathered and people are starting to worry that their footprint is too big and they have become too powerful.
Google has been responsive to those concerns. In March, it cut the time it keeps users' data on Web searches to between 18 and 24 months, Sterling pointed out, but that might not be enough to keep regulators off its back.
Express Computer 11/6/2007
Report slams FBI network security
The Government Accountability Office, the US federal government’s watchdog agency, released a report critical of the FBI's internal network, asserting it lacks security controls adequate to thwart an insider attack.
In the report, titled “Information Security:
FBI Needs to Address Weaknesses in Critical Network,” the authors— Gregory Wilshusen, GAO’s director of information security issues, and Chief Technologist Keith Rhodes said the FBI lacks adequate network security controls.
The bureau, which had the opportunity to review the GAO’s findings before publication, responded that it wasn’t arguing with some of the technical observations expressed in the GAO report, but disagreed that the FBI is open to unacceptable risk of an insider attack.
The GAO report also criticised FBI network security in other regards, saying that there was a lack of encryption to protect sensitive data and patch management wasn't being done in a timely manner.
The GAO's analysis of the FBI internal network had been requested by Rep. James Sensenbrenner, chair of the Judiciary Committee in the U.S. House of Representatives.
Express Computer 11/6/2007
New Vulnerability found in Opera
A vulnerability has been discovered in Opera, which can be exploited to compromise a user's system.
The vulnerability is caused due to a boundary error in the handling of certain keys in torrent files and can be exploited to cause a stack-based buffer overflow when a user right-clicks a malicious torrent entry in the transfer manager.
While the vulnerability is confirmed in version 9.20 for Windows, other versions may also be affected.
Cross platform OpenOffice virus
In order to demonstrate a way to infect Windows, Linux and Mac OS X systems with a single script, a virus writer has written a proof-of-concept OpenOffice document.
The virus which is dubbed BadBunny by antivirus firm Sophos, is a script embedded in an OpenOffice Draw file and performs different actions based on the host's operating system. For Windows users, the program drops a file for the instant messaging client mIRC that attempts to spread the virus. On the Mac OS X, the program places two Ruby scripts that attempts to propagate the file, and on Linux machines, BadBunny drops scripts written in Python and Perl to copy itself to other systems.
The program, which has not been seen in the wild, seems unlikely to spread, said Graham Cluley, senior technology consultant for Sophos.
One of the senior technology consultants feels that the group responsible for writing the BadBunny malware doesn't seem to have much confidence in it spreading since they have sent it directly to Sophos Lab.
This virus is not the first to target OpenOffice. A year ago, a group of virus writers had sent the Stardust OpenOffice virus to antivirus companies. OpenOffice does not attract many attacks, so online thieves have started exploiting flaws in Microsoft's Office software to create attacks aimed at infiltrating computer systems within government agencies and corporations.
The latest proof-of-concept virus for OpenOffice poses little risk to users. According to Sophos, it received its name from the files it attempts to create during infection as well as a pornographic picture involving a man in a bunny suit.
posted by Nisha Talreja @ 3:47 AM
7 comments
