Group items tagged

Social media is on the rise, and so are the privacy and security risks. Is it time to dial back on the whole Web 2.0 'friend' thing? The social media honeymoon is officially over. While it may not yet be time to fly to Reno for a quickie divorce, you might want to start thinking about sleeping in separate bedrooms for a while. Example du jour: Over the weekend, a rogue application spread across Facebook, warning users about bogus errors in their profiles. Clicking on the "Error Check System" app causes it to send false warnings to your entire FB posse, per the unofficial AllFacebook blog. There doesn't seem to be any payload associated with that app besides driving traffic, but the potential for abuse is obvious. But a bigger problem on social nets is an old familiar one: spam. So far, spam only accounts for about 5 to 25 percent of all e-mail passed on social networks, versus 90 percent of regular e-mail, says Adam O'Donnell, director of emerging tech for Cloudmark, which filters spam for some large social nets (but won't identify which ones). As more people start tweeting about what their cats ate for lunch and share their Facebook profiles with near-total strangers, though, that number will only grow. The type of spam on social networks is different too, says O'Donnell. Think fewer fake Viagra come-ons, more social engineering scams. In other words, the junk you get on social networks is more likely to be aimed at stealing your credentials or your identity -- and thus much more dangerous than garden-variety spam.

Social networkig may seed malware spread. Education is still one of the most successful computer security tools

Websense CTO Dan Hubbard outlines four ways companies can protect their information from threats and compromise on the social Web. 1) Most Web Posts on Blogs and Forums are Actually Unwanted Content (Spam and Malware) As more and more people interact with each other on sites allowing user-generated content, such as blogs, forums and chat rooms, spammers and cybercriminals have taken note and abuse this ability to spread spam, post links back to their wares and direct users to malicious sites. Websense research shows that 85 percent of all Web posts on blogs and forums are unwanted content - spam and malware - and five percent are actually malware, fraud and phishing attacks. An average active blog gets between 8,000 and 10,000 links posted per month; so users must be wary of clicking on links in these sites. Click here to find out more! Additionally, just because a site is reputable, doesn't mean its safe. Blogs and message boards belonging to Sony Pictures, Digg, Google, YouTube and Washington State University have all hosted malicious comment spam recently, and My.BarackObama.com was infected with malicious comment spam.

Be careful what information you give to recruiters!

Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach. The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor. The company found out about the breach earlier this month when people began receiving spam messages that appeared to come from Aetna and complained to the company, Michener said. The spam purported to be a response to a job inquiry and requested more personal information. The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained. Nonetheless, Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. The company is offering them one year of free credit monitoring, as SSNs are often used by identity thieves. "We wanted to err on the side of caution," Michener said. Aetna hired an IT forensics company to investigate how the Web site had been compromised. "At this point despite a thorough review, they've not been able to pinpoint the precise breach," Michener said. Aetna posted alerts on the job site, its main Web site and its internal intranet about the spam campaign, Michener said.

Last week, a commercial Twitter spamming tool (tweettornado.com) pitching itself as a "fully automated advertising software for Twitter" hit the market, potentially empowering phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service. TweetTornado allows users to create unlimited Twitter accounts, add unlimited number of followers, which combined with its ability to automatically update all of bogus accounts through proxy servers with an identical message make it the perfect Twitter spam tool. TweetTornado's core functionality relies on a simple flaw in Twitter's new user registration process. Tackling it will not render the tool's functionality useless, but will at least ruin the efficiency model. Sadly, Twitter doesn't require you to have a valid email address when registering a new account, so even though a nonexistent@email.com is used, the user is still registered and is allowed to use Twitter. So starting from the basics of requiring a validation by clicking on a link which will only be possible if a valid email is provided could really make an impact in this case, since it its current form the Twitter registration process can be so massively abused that I'm surprised it hasn't happened yet. Once a Twitter spammer has been detected, the associated, and now legitimate email could be banned from further registrations, potentially emptying the inventory of bogus emails, and most importantly making it more time consuming for spammers to abuse Twitter in general. If TweetTornado is indeed the advertising tool of choice for Twitter marketers, I "wonder" why is the originally blurred by the author Twitter account used in the proof (twitter.com/AarensAbritta) currently suspended, the way the rest of the automatically registered ones are? Pretty evident TOS violation, since two updates and 427 followers in two hours clearly indicat

This summer, spammers suddenly happened onto URL shortening services as a prime weapon of choice. The popularity of URL shortening services has increased in recent years - particularly with the rapid adoption of sites like Twitter, where users have a character limit placed on their messages. There are many different URL shortening sites in operation around the globe. Most allow users to post a long URL into a field and get back a short URL within their domain name. Little in the way of security - such as Captcha puzzles - is built into such sites. This makes them a valuable tool for spammers, as they can introduce e-mail recipients or individuals on peer networking sites to predatory URLs that don't appear malicious. "The attraction from the spammers is not only is it easy to set up in advance using a number of different services for perhaps the same long URL, that will give a number of different domains that they can then use in their spam messages, and they don't have to break any Captcha in order to do that," said Paul Wood, senior analyst at MessageLabs Intelligence. MessageLabs started seeing slight spam use of URL shortening services in April. By late June and early July, the company saw three significant spikes in such usage. On July 9, 6.2 percent of all spam was observed using URL shortening services - 9 billion messages in one day alone.

Still think that today's computer viruses and other malware come from some maladjusted teen out to vandalize your PC to make a name for himself? Think again. The persistent myth is a holdover from days long gone, and it's important to dispel it if you want to know what you're up against-and how to protect yourself. The splashy worms and malicious viruses that clogged entire networks and indiscriminately wiped hard drives are essentially gone. Today, it's all about cash-and lots of it. If there's a way to use evil software to make money, whether it means taking over a PC to send pharmacy-advertising spam, or stealing financial logins and credit card info, or even hacking game accounts, it's out there in some form. There's even a thriving online black market that sells everything from software kits to roll-your-own malware to spam services using infected PCs to reams and reams of credit card data stolen by keylogger malware. It's most important to get rid of this myth in order to get rid of the idea that you can usually tell whether you're infected by obvious signs like big pop-ups or suddenly missing files. Malware writers today work to keep infections as quiet as possible for as long as possible so that they can continue to make money. But it's also important to keep in mind that today's online crooks have become very creative in figuring out how to make money with their malware. Stolen Webmail accounts have been used to send messages to the account's contact list asking for money transfers. Popular online games such as World of Warcraft are a huge target, with thieves raiding hacked accounts to sell the items or in-game currency for real money. So don't assume that there's no risk using an untrusted PC as long as you don't log onto your bank.

"All Facebook users can deactivate their profiles, but doing so quietly might not make quite the same statement as using another service to slam the door on the site. One such service, Seppukoo.com, created by the Italian group Les Liens Invisibles, drew attention late last year after launching a campaign to convince people to commit Facebook suicide. Wannabe ex-Facebook members can provide Seppukoo.com with their names and passwords and Seppukoo then not only deactivates their profiles, but also creates a "memorial" page that it sends to users' former Facebook friends. Facebook evidently isn't happy about this development. Last month, the company fired off a cease-and-desist letter to Les Liens Invisibles, complaining that users who provide log-in data are violating Facebook's terms of service. The company also alleges that the scraping of its data violates a host of laws, including an anti-hacking law, the federal spam law and the copyright statute. "

FaceBook is sooooo concerned about our privacy!

Do you know what your data did last night? Almost none of more than 27 million people who took the RealAge quiz realized that their personal health data was sold to drug companies, who in turned used that information for targeted e-mail marketing campaigns. There's a basic consumer protection principle at work here, and it's the concept of "unfair and deceptive" trade practices. Basically, a company shouldn't be able to say one thing and do another: sell used goods as new, lie on ingredients lists, advertise prices that aren't generally available, claim features that don't exist, and so on. RealAge's privacy policy doesn't mention anything about selling data to drug companies, but buried in its 2,400 words, it does say that "we will share your personal data with third parties to fulfill the services that you have asked us to provide to you." They maintain that when you join the website, you consent to receiving pharmaceutical company spam. But since that isn't spelled out, it's not really informed consent. That's deceptive. Cloud computing is another technology where users entrust their data to service providers. Salesforce.com, Gmail, and Google Docs are examples; your data isn't on your computer -- it's out in the "cloud" somewhere -- and you access it from your web browser. Cloud computing has significant benefits for customers and huge profit potential for providers. It's one of the fastest growing IT market segments -- 69% of Americans now use some sort of cloud computing services -- but the business is rife with shady, if not outright deceptive, advertising.

U.S. lawmakers plan to introduce privacy legislation that would limit how Internet service providers can track their users, despite reports that no U.S. ISPs are using such technologies except for legitimate security reasons. Representative Rick Boucher, a Virginia Democrat, and three privacy experts urged lawmakers Thursday at a hearing before the House Energy Commerce subcommittee to pass comprehensive online privacy legislation in the coming months. Advocates of new legislation focused mainly on so-called deep packet inspection (DPI), a form of filtering that network operators can use to examine the content of packets as they travel across the Internet. While DPI can be used to filter spam and identify criminals, the technology raises serious privacy concerns, Boucher said. "Its privacy-intrusion potential is nothing short of frightening," he added. "The thought that a network operator could track a user's every move on the Internet, record the details of every search and read every e-mail ... is alarming."

IT directors are adding multiple layers of protection to their networks and constantly upgrade those measures to adjust for new threats. Is this good? Is the Internet too broken to fix? Is there a better path to enterprise network security? One option is a new "gated community" Internet, where users give up their freedoms and anonymity for safety. My initiation to the Internet and the World Wide Web occurred in 1994 in a large meeting room at an Atlanta hotel. Most of the 100 or so seats were empty. Those in attendance seemed fairly rabid about this new network and took exception to one speaker's prediction that the Web would become a major marketing vehicle. "Not gonna happen," said one attendee. "We'll spam them into submission if they try. We won't let this become commercialized." I kind of chuckled to myself. Those early adopters were mainly concerned with protecting the Internet from commercialization and marketing. Security was not even part of the discussion. Now, it is threatening to dismantle the Internet as a communication and commerce tool. Cyber attacks on U.S. government computer networks increased a reported 40 percent in 2008, according to data from the U.S. Computer Emergency Readiness Team. More than 100 million credit card accounts at Heartland Payment Systems were compromised last year. In November, the Pentagon suffered from a cyber attack in the form of a global virus or worm that spread rapidly throughout a number of military networks, and caused the agency to ban the use of external storage devices, such as flash drives and DVDs. And this is just the tip of the Internet security Relevant Products/Services iceberg. Enterprise networks are being used to launch phishing Relevant Products/Services and other Internet scams, such as the Conficker worm that infected 12 million computers late last year. IT directors everywhere are adding multiple layers of protection to their networks and constantly having to upgrade those measures to adjust fo

Chris Nolter Department store proprietor John Wanamaker is famously said to have quipped, "Half the money I spend on advertising is wasted; the trouble is, I don't know which half." The founder of Wanamaker's department store is known as the "father of modern advertising." His innovations, in late 19th-century and early 20th-century Philadelphia and New York, included publishing reliable prices in advertisements, copyrighting pitches, offering money-back guarantees and hiring a full-time writer to produce ad copy. A century later, advertising professionals have gotten more sophisticated and adapted to radio, television, outdoor and digital media. Wanamaker's observation about the value and effectiveness remains profound for merchants and manufacturers, as well as for media outlets that have seen broadcasting or print-advertising dollars reduced to digital pennies. The Internet has made the amount of space that can be filled with advertising virtually infinite, while the recession has all but emptied the advertising coffers of automakers, financial services firms and real estate companies. While digital media has disrupted the traditional ad business, it also presents the tantalizing promise to answer Wanamaker's question. Prior generations of digital advertising gave us spam and banner ads that tempted us with animated mortgage holders wildly dancing on the roof of their home or prizes for whacking a mole. The new proposition is that digital ads will allow advertisers to target audiences and track their returns on investment, and provide users with advertising and content that is more relevant. More than 400 advertising networks have come into existence to sell ad space on the expanding inventory of Web sites and pages. These networks connect advertisers with online publishers, often shopping ad space that a Web site's own sales staff cannot fill. Many of the networks cater to niches, such as food, wine, cars or sports. Increasingly, they are selling access to a

Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa. www.killdo.de.gg

BBC Click's tweet states that they took legal advice following comments on the potential violation of U.K's Computer Misuse Act. There's a slight chance that you may have unknowingly participated in a recent experiment conducted by the BBC. In a bit of an awkward and highly unnecessary move, a team at the BBC's technology program Click has purchased a botnet consisting of 22,000 malware infected PCs, self-spammed themselves on a Gmail account, and later on DDoS-ed a a backup site owned by security company Prevx (with prior agreement), all for the sake of proving that botnets in general do what they're supposed to - facilitate cybercrime. A video of the experiment is already available. Here are more details : Upon finishing the experiment, they claim to have shut down the botnet, and interestingly notified the affected users. Exposing cybercrime or exposing the obvious, the experiment raises a lot of ethical issues. For instance, how did they manage to contact the owners of the infected hosts given that according to the team they didn't access any personal information on them? It appears that they modified the desktop wallpapers of all the infected hosts to include a link notifying them that they've been part of the experiment. Thanks, but no thanks.

THE Government is looking to develop a way to protect individuals' personal data that can 'best address' three issues. These are privacy concerns, commercial requirements and national interest. An inter-ministry committee is already reviewing the issue, said Minister for Information, Communications and the Arts Lee Boon Yang. 'As data protection is a complex issue, with extensive impact on all stakeholders, this review will take some time,' he said. He said this in a written reply to a question posed by Ms Lee Bee Wah of Ang Mo Kio GRC in Parliament on Monday. She had asked if his ministry will consider a comprehensive privacy law, and wanted to know what laws there are to protect people from spam mail and the unauthorised sale of personal information. Also, what about those whose photographs have been posted on blogs and other new media platforms without their authorisation, she had asked. This would be considered a 'civil matter', said Dr Lee. 'The aggrieved persons could first ask the site's webmaster to remove the pictures,' he said. 'As with matters relating to online libel and personal defamation, they could also seek professional legal advice to determine the most appropriate legal recourse.' As for the protection of personal data, the minister said that although no generic data protection law exists, such data is still protected. He listed the various measures that are already in place. For instance, there are 'strict provisions' in sectoral laws such as the Banking Act, and codes for medical professionals to protect sensitive financial and health information, he said. There are also other industry codes of practices against the unauthorised use of personal information, he added. For example. the Telecom Competition Code requires licensees to take 'reasonable measures' to prevent the unauthorised use of consumers' information. In addition, there is a voluntary privacy code, which has been adopted by many companies in the private sector, said Dr

Federal regulators on Tuesday met to hear about whether the benefits of cloud computing justify increased regulation, as privacy activists claim, or whether such an approach would do more harm than good. "We need to be smarter about dealing with technology, and cloud computing is posing (a) risk for us," said Hugh Stephenson, deputy director for international consumer protection at the Federal Trade Commission's Office of International Affairs. The FTC convened the two-day meeting in its offices here, which follows a series of similar workshops held in previous years on topics like spam, privacy, and behavioral advertising. The agency may file lawsuits to halt "unfair or deceptive acts or practices," meaning that if cloud computing is not unfair or deceptive, the FTC would likely not have jurisdiction. To secure personal information on the cloud, regulators may have to answer questions such as which entities have jurisdiction over data as it flows across borders, whether governments can access that information as it changes jurisdiction, and whether there is more risk in storing personal information in data centers that belong to a single entity rather than multiple data centers. The current panoply of laws at the state, national, and international level have had insufficient results; FTC Commissioner Pamela Jones Harbour cited a 2008 PricewaterhouseCoopers information security survey (PDF) in which 71 percent of organizations queried said they did not have an accurate inventory of where personal data for employees and customers is stored. With data management practices that are not always clear and are subject to change, companies that offer cloud-computing services are steering consumers into dangerous territory, said Marc Rotenberg, executive director of the Electronic Privacy Information Center. Already, problems of identity theft are skyrocketing, he said, and without more regulation, data management services may experience a collapse analogous to that

More than 6 million current and former customers of online brokerage TD Ameritrade Holding Corp. will be able to benefit from the settlement of a class-action lawsuit filed over the theft of client contact information. Formal notice of a settlement agreement will be sent to people who used TD Ameritrade's services before mid-September 2007. U.S. District Judge Vaughn Walker in San Francisco approved a revised version of the settlement agreement earlier this month despite some misgivings about it. Last summer, Walker rejected an earlier version of the deal. Anyone who held an Ameritrade account or provided an e-mail address to the company before Sept. 14, 2007, could benefit from the lawsuit. The database that was breached included information on 6.2 million people. The plaintiffs in the lawsuit said they received unwanted e-mail ads about certain stocks. The ads appeared to be designed to manipulate the value of thinly traded stocks. Ameritrade officials and one of the lead plaintiff's attorneys, Scott Kamber, have said the data theft has not been linked to cases of identity theft. As part of the proposed settlement, the Omaha-based company will pay nearly $1.9 million in legal fees and cover the cost of one year of anti-spam service for the victims. Ameritrade also promised to better protect customer data. Those terms have not changed from the original proposed settlement. But the new agreement will more clearly state that Ameritrade customers were at risk of identity theft, and it will preserve customers' ability to pursue identity theft claims against Ameritrade. Most of the changes to the agreement happened because the Texas Attorney General's Office and a former named plaintiff objected to the previous deal. In his order, the judge questioned whether the settlement does enough to benefit Ameritrade clients whose information was stolen. "The court is particularly concerned that TD Ameritrade has agreed to pay the class counsel $1.87 million and yet the

Every time you get online, your privacy comes under attack. Whether it's an overbearing End User License Agreement, contact forms, or just website cookies, there are literally millions of ways that you can let your private information slip away online. One of the best ways to fight invasions of your privacy is to get informed and learn how to prevent it. Read on to find advice, organizations, and other resources that can help you keep your privacy safe online. Guides & Articles These resources have specific advice and information for protecting your online privacy. 1. EFF's Top 12 Ways to Protect Your Online Privacy: Read this guide from the Electronic Frontier Foundation to learn how you can protect private information online. 2. Frequently Asked Questions about Online Privacy: Get answers to questions about online privacy and safety from this resource. 3. Is Your PC Watching You? Find Out!: This article from CNN will help you figure out if your privacy is being violated through your PC. 4. Nameless in Cyberspace: Anonymity on the Internet: Find out why the right to anonymity online is so important to have by reading this article. 5. Consumer Privacy Guide: The Consumer Privacy Guide offers a variety of resources and information for protecting your privacy online. 6. This Email Will Self-Destruct: Learn about email security measures that you can take to protect your privacy. 7. Anti-Spam Resources: Visit this guide to learn how to stop receiving junk email. 8. All About Internet Privacy and Security: Read this guide to learn about security terms and Internet privacy settings. 9. Online Privacy: The Complete Guide to Protect You: WebUpon's guide discusses steps you can take to protect your online privacy. 10. Social Networking and Safety Online: Read this guide to learn how to practice common sense on social networking sites. 11. Internet privacy: Wikipedia's entry on Internet privacy offers a broad view at staying private o

DURING the Parliament session on Monday, MP of Ang Mo Kio GRC Ms Lee Bee Wah, asked the Minister of Information, Communications and Arts, Dr Lee Boon Yang, whether a comprehensive privacy law will be introduced to protect the privacy of individuals and their personal data. She also queried about the existing laws which are in place to protect people from spam mails and unauthorised sale of personal information, as well as protecting people whose photographs are posted on blogs and other new media platforms. Dr Lee's reply was: "The Government recognises the importance of data protection and the need to protect personal data. At the same time, we also appreciate the impact of data protection on businesses and the general public. I had previously informed the House that an Inter-Ministry Committee is reviewing Singapore's data protection regime. This review is on-going. We are currently looking into developing a data protection model that can best address Singapore's privacy concerns, commercial requirements and national interest. As data protection is a complex issue with extensive impact on all stakeholders, this review will take some time." With regards to unauthorised Use of personal data, he replied: "While there is currently no generic data protection law, it does not mean that there is no protection of personal data. In fact we have in place strict provisions in sectoral laws, such as the Banking Act and codes for medical professionals to protect sensitive financial and health information. There are also other industry codes of practices against the unauthorised use of personal information. For example, in the telecommunications sector, under the Telecom Competition Code, IDA requires licensees to take reasonable measures to prevent the unauthorised use of End User Service Information. A telecom licensee would be in breach of the Code if it shares with third parties its customers' information that was obtained from the use of its service, without the cust

Social networking users are more vulnerable than ever and taking more risks with their online privacy. According to the 'Bringing Social Security to the Online Community' poll by AVG, while the social networking community has serious concerns about the overall security of public spaces, few are taking the most basic of steps to protect themselves against online crimes. Participants indicated concern over growing phishing, spam and malware attacks, and nearly half of those surveyed are very concerned about their personal identity being stolen in an online community. Despite widespread use of social networks at home and/or at work, 64 per cent of users infrequently or never change their passwords on a regular basis, while 57 per cent infrequently or never adjust their privacy settings. Further, 21 per cent accept contact offerings from members they do not recognise, more than half let acquaintances or roommates access social networks on their machines, 64 per cent click on links offered by community members or contacts and 26 per cent share files within social networks. As a result of this widespread proliferation of links, files and unsolicited contacts, nearly 20 per cent have experienced identity theft, 47 per cent have been victims of malware infections and 55 per cent have seen phishing attacks.