Group items tagged

The House of Representatives go for the second round of Cyber Intelligence Sharing and Protection Act as it passed legislation on Thursday. The newly granted powers are intended to stop computer security threats against a company's rights and property. But the definitions are broad and vague. The terms allow purposes such as guarding against "improper" information modification and ensuring "timely" access to information, functions that are not necessarily tied to attacks. Once handed over, the government is able to use this information for investigating crimes that are unrelated to the underlying security threat and, more broadly, for "national security" purposes, which is a poorly defined term that includes "threats to the United States, its people, property, or interests" and "any other matter bearing on United States national or homeland security." The bill's vague definitions like "cybersecurity purpose" and "cybersecurity system" also raise the frightening possibility of a company using aggressive countermeasures. If a company wants to combat a threat, it is empowered to use "cybersecurity systems" to identify and obtain "cyber threat information." But the bill does not define exactly how far a company can go, leaving it open to the possibility of abuse. The bill drew support from House Democrats, passing on a bipartisan vote of 288-127, although the White House repeated its veto threat on Tuesday if further civil liberties protections are not added. Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens' private information and companies to misuse it. U.S. authorities have recently elevated the exposure to Internet hacks and theft of digital data to the list of top threats to national security and the economy. Though thousands of companies have long been losing data to hackers in China and elsewhere, the number of parties publicly admitting such loss has been

http://hassassociates-online.com/articles/2013/04/23/house-passes-cybersecurity-bill-as-privacy-concerns-linger/ The House of Representatives go for the second round of Cyber Intelligence Sharing and Protection Act as it passed legislation on Thursday. The newly granted powers are intended to stop computer security threats against a company's rights and property. But the definitions are broad and vague. The terms allow purposes such as guarding against "improper" information modification and ensuring "timely" access to information, functions that are not necessarily tied to attacks. Once handed over, the government is able to use this information for investigating crimes that are unrelated to the underlying security threat and, more broadly, for "national security" purposes, which is a poorly defined term that includes "threats to the United States, its people, property, or interests" and "any other matter bearing on United States national or homeland security." The bill's vague definitions like "cybersecurity purpose" and "cybersecurity system" also raise the frightening possibility of a company using aggressive countermeasures. If a company wants to combat a threat, it is empowered to use "cybersecurity systems" to identify and obtain "cyber threat information." But the bill does not define exactly how far a company can go, leaving it open to the possibility of abuse. The bill drew support from House Democrats, passing on a bipartisan vote of 288-127, although the White House repeated its veto threat on Tuesday if further civil liberties protections are not added. Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens' private information and companies to misuse it. U.S. authorities have recently elevated the exposure to Internet hacks and theft of digital data to the list of top threats to national security and the economy. Though thousands of companies have

Book a flight online, perform an internet banking transaction or make an appointment with your doctor and, in the not-too-distant future, the 'Internet of Services' (IoS) will come into play. A paradigm shift in the way ICT systems and applications are designed, implemented, deployed and consumed, IoS promises many opportunities but also throws up big challenges - not least ensuring security and privacy, issues currently being tackled by EU-funded researchers. IoS is a vision of the future internet in which information, data and software applications - and the tools to develop them - are always accessible, whether locally stored on your own device, in the cloud, or arriving in real time from sensors. Whereas traditional software applications are designed largely to be used in isolation, IoS brings down the barriers, thereby lowering costs and stimulating innovation. Building on the success of cloud computing, IoS applications are built by composing services that are distributed over the network and aggregated and consumed at run-time in a demand-driven, flexible way. This new approach to software will make the development of applications and services easier - so that new and innovative services, not possible today, can be offered. It is likely to make a huge contribution to the EU's strategy to make Europe's software sector more competitive. You might want to read: http://hassbiggerprice.wordpress.com/tag/hass-associates-online-cyber-review-scam-du-jour-theyre-creative/ IoS services can be designed and implemented by producers, deployed by providers, aggregated by intermediaries and used by consumers. Anybody who wants to develop applications can use the resources in the Internet of Services to develop them, with little upfront investment and the possibility to build upon other people's efforts. In many ways IoS solves the challenges of interoperability and inefficiency that can plague traditional software systems, but it can also create new vulnerabilities. Ho

Source: http://www.huffingtonpost.com/jason-alderman/dont-get-spoofed-by-rogue_b_3574710.html When caller ID first arrived on the scene it seemed like a godsend to many people: Now you could easily identify who was on the line and ignore unwanted calls, whether from telemarketers, an ex-boyfriend or an unfriendly collection agency. But as often happens, unscrupulous individuals soon began manipulating the technology to defraud people by pretending to be someone else. Their scheme is called "caller ID spoofing" and disturbingly, it's perfectly legal in many cases. Here's how caller ID spoofing works and what precautions you should take to avoid being victimized: For a very low cost, businesses and individuals can use widely available caller ID spoofing software to generate calls which alter the telephone number and/or name that appear on the recipient's caller ID screen. Police, private investigators and collection agencies have used legal spoofing services for many years. Others who might have a legitimate reason to hide their identity when making a call include domestic violence victims and doctors returning patient calls who don't wish to release their private telephone numbers. Beyond that, the lines of legality begin to blur. The Truth in Caller ID Act of 2009 prohibits anyone from transmitting misleading or inaccurate caller ID information with the intent to defraud, cause harm or wrongfully obtain anything of value. Violators can be penalized up to $10,000 for each infraction. Unfortunately, such penalties haven't dissuaded many scammers. One common caller ID scam involves spoofers pretending to represent a bank, government agency, insurer, credit card company or other organization with which you do business. They count on you being reassured after recognizing the company's name on your screen. Related Articles: http://hass-associates-daffy.wikia.com/wiki/Main_Page Under the pretext of warning about an urgent situation (breached account, late payment,

hass associates review articles Think the Internet Leads to Growth? Think Again Remember the year 2000 in the months after the Y2K bug had been crushed, when all appeared smooth sailing in the global economy? When the miracle of finding information online was so novel that The Onion ran an article, "Area Man Consults Internet Whenever Possible?" It was a time of confident predictions of an ongoing economic and political renaissance powered by information technology. Jack Welch-then the lauded chief executive officer of General Electric (GE)-had suggested the Internet was "the single most important event in the U.S. economy since the Industrial Revolution." The Group of Eight highly industrialized nations-at that point still relevant-met in Okinawa in 2000 and declared, "IT is fast becoming a vital engine of growth for the world economy. … Enormous opportunities are there to be seized by us all." In a 2000 report, then-President Bill Clinton's Council of Economic Advisers suggested (PDF), "Many economists now posit that we are entering a new, digital economy that could inaugurate an unprecedented period of sustainable, rapid growth." It hasn't quite worked out that way. Indeed, if the last 10 years have demonstrated anything, it's that for all the impact of a technology like the Internet, thinking that any new innovation will set us on a course of high growth is almost certainly wrong. That's in part because many of the studies purporting to show a relationship between the Internet and economic growth relied on shoddy data and dubious assumptions. In 1999 the Federal Reserve Bank of Cleveland released a study that concluded (PDF), "… the fraction of a country's population that has access to the Internet is, at least, correlated with factors that help to explain average growth performance." It did so by demonstrating a positive relationship between the number of Internet users in a country in 1999 with gross domestic product g

http://hassassociates-online.com/articles/security-holes/ Vulnerabilities The larger and more complex information systems are, the greater the possibility of error in logic and loopholes in algorithm. These are weak points that could enable hackers to breach a system and compromise the integrity of information stored. Programmers themselves who are not yet adept in writing software code can unknowingly misuse the code and lead to a vulnerability. A classic example of vulnerabilities that can be exploited is a weak password or its repeated use on various services or software. There are also websites containing malware that installs automatically once visited. Even legitimate software could be a venue for an exploit due to unknown errors (bugs) generated by the program. The end-user or the human element in information systems is arguably the weakest point that hackers easily utilize. 0-day exploits 0-hour or 0-day attack is the exploitation by outside parties of a security hole in a computer program which is unknown from its developers. The term comes from the premise that the attack unfolds on the "day 0, meaning no awareness as of yet from the developers so there is no opportunity and time to issue a fix for the threat. Zero-day exploits are usually shared among hackers even before the developer knew. Programmers could use the vulnerabilities via several avenues: on web browsers and email. Web browsers allow for a wider target. Meanwhile, using email, hackers can send a message that includes an executable file on the attachments, set to run once downloaded. Such 0-day threats are in the time frame where a security hole is exploited up to the time that the program developers issued a patch for it.

Hass and Associates Cyber Security/ Security Holes

http://www.wellsphere.com/brain-health-article/hundreds-of-south-african-facebook-profiles-have-been-cloned/1954857 Computer forensics expert Bennie Labuschagne said scammers used programs designed to "deep mine" online accounts to bypass security features."Cloning is very common and it is now like the 419 scams, only on social networks," he said. One of the South African Facebook victims, Dinesh Ramrathan, said yesterday: "A Facebook friend called me to find out why I had sent her a message asking for money online. I then discovered that my page had been duplicated. "My friends were caught off guard and accepted friend requests from the hacker, who then started sending requests for money." The impostor claimed that Ramrathan was in trouble and needed money urgently."I am lucky because all my Facebook friends know me personally outside of the social network so they knew that I was not in trouble," he said. Debby Bonnin's husband received a friend request from her even though they were already Facebook friends. One of sixmillion local users of Facebook, Bonnin said: "My major concern is identity theft and all the possible ramifications of that. On Facebook the prime issue is reputation. But the person behind the false profile could use your identity to access confidential information from your friends and then there could be security or financial problems that arise." Another Facebook user, Josh Delport, said his stored scores and tokens on game applications on the site had disappeared. University of KwaZulu-Natal associate professor of information systems Manoj Maharaj said that, though Facebook could not be hacked because of its hi-tech security features, the affected users might have put themselves at risk by clicking on links to external games, applications and shopping sites. "Users are clicking on these links without realising that their information is being passed on. If one of those sites is hacked, their information, such as credit card details, is easily a