An onrush of condemnation and criticism kept the SOPA and PIPA acts from passing earlier this year, but US lawmakers have already authored another authoritarian bill that could give them free reign to creep the Web in the name of cybersecurity.

As congressmen in Washington consider how to handle the ongoing issue of cyberattacks, some legislators have lent their support to a new act that, if passed, would let the government pry into the personal correspondence of anyone of their choosing.

H.R. 3523, a piece of legislation dubbed the Cyber Intelligence Sharing and Protection Act (or CISPA for short), has been created under the guise of being a necessary implement in America’s war against cyberattacks. But the vague verbiage contained within the pages of the paper could allow Congress to circumvent existing exemptions to online privacy laws and essentially monitor, censor and stop any online communication that it considers disruptive to the government or private parties. Critics have already come after CISPA for the capabilities that it will give to seemingly any federal entity that claims it is threatened by online interactions, but unlike the Stop Online Privacy Act and the Protect IP Acts that were discarded on the Capitol Building floor after incredibly successful online campaigns to crush them, widespread recognition of what the latest would-be law will do has yet to surface to the same degree.

Kendall Burman of the Center for Democracy and Technology tells RT that Congress is currently considering a number of cybersecurity bills that could eventually be voted into law, but for the group that largely advocates an open Internet, she warns that provisions within CISPA are reason to worry over what the realities could be if it ends up on the desk of President Barack Obama. So far CISPA has been introduced, referred and reported by the House Permanent Select Committee on Intelligence and expects to go before a vote in the first half of Congress within the coming weeks.

“We have a number of concerns with something like this bill that creates sort of a vast hole in the privacy law to allow government to receive these kinds of information,” explains Burman, who acknowledges that the bill, as written, allows the US government to involve itself into any online correspondence, current exemptions notwithstanding, if it believes there is reason to suspect cyber crime. As with other authoritarian attempts at censorship that have come through Congress in recent times, of course, the wording within the CISPA allows for the government to interpret the law in such a number of degrees that any online communication or interaction could be suspect and thus unknowingly monitored.

In a press release penned last month by the CDT, the group warned then that CISPA allows Internet Service Providers to “funnel private communications and related information back to the government without adequate privacy protections and controls.

The bill does not specify which agencies ISPs could disclose customer data to, but the structure and incentives in the bill raise a very real possibility that the National Security Agency or the DOD’s Cybercommand would be the primary recipient,” reads the warning.

The Electronic Frontier Foundation, another online advocacy group, has also sharply condemned CISPA for what it means for the future of the Internet. “It effectively creates a ‘cybersecurity’’ exemption to all existing laws,” explains the EFF, who add in a statement of their own that “There are almost no restrictions on what can be collected and how it can be used, provided a company can claim it was motivated by ‘cybersecurity purposes.’”

What does that mean? Both the EFF and CDT say an awfully lot. Some of the biggest corporations in the country, including service providers such as Google, Facebook, Twitter or AT&T, could copy confidential information and send them off to the Pentagon if pressured, as long as the government believes they have reason to suspect wrongdoing. In a summation of their own, the Congressional Research Service, a nonpartisan arm of the Library of Congress, explains that “efforts to degrade, disrupt or destroy” either “a system or network of a government or private entity” is reason enough for Washington to reach in and read any online communiqué of their choice.

The authors of CISPA say the bill has been made “To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities,” but not before noting that the legislation could be used “and for other purposes,” as well — which, of course, are not defined.

“Cyber security, when done right and done narrowly, could benefit everyone,” Burman tells RT. “But it needs to be done in an incremental way with an arrow approach, and the heavy hand that lawmakers are taking with these current bills . . . it brings real serious concerns.”

So far CISPA has garnered support from over 100 representatives in the House who are favoring this cybersecurity legislation without taking into considerations what it could do to the everyday user of the Internet. And while the backlash created by opponents of SOPA and PIPA has not materialized to the same degree yet, Burman warns Congress that it could be only a matter of time before concerned Americans step up to have their say.

“One of the lessons we learned in the reaction to SOPA and PIPA is that when Congress tries to legislate on things that are going to affect Internet users’ experience, the Internet users are going to pay attention,” says Burman. H.R. 3523, she cautions, “Definitely could affect in a very serious way the internet experience.” Luckily, adds Burman, “People are starting to notice.” Given the speed that the latest censorship bill could sneak through Congress, however, anyone concerned over the future of the Internet should be on the lookout for CISPA as it continues to be considered on Capitol Hill.

Source: http://rt.com/usa/news/cispa-bill-sopa-internet-175/

Despite rising concerns that cyberattacks are growing more and more sophisticated, hackers used relatively simple methods for 97% of data breaches in 2011, according to a report compiled by Verizon.

The findings suggest that organizations are overlooking basic precautions even as they buy new security systems. Verizon also found that in 80% of attacks, hackers hit so-called victims of opportunity — poorly defended sites that happen to catch their eye — rather than targeting specific companies.

Based on investigations into over 850 data breaches, the report was compiled with help from the U.S. Secret Service and with input from law enforcement agencies in the U.K., the Netherlands, Ireland and Australia, according to Verizon.

For the first time, attacks by so-called “hacktivist” groups such as Anonymousbreached more records — over 100 million — than did hackers looking specifically to steal financial or personal data.

Often, the breached companies lacked firewalls, had ports open to the Internet or used default or easy-to-guess passwords, said Marc Spitler, a Verizon security analyst.

All told, he said, “it is about going back to basic security principles.”

Source: http://www.computerworld.com/s/article/9225874/Basic_Defenses_Absent_at_Most_Breached_Sites

A research team led by University of Toronto Professor Hoi-Kwong Lo has found a new quantum encryption method to foil even the most sophisticated hackers. The discovery is outlined in the latest issue of Physical Review Letters.

Quantum cryptography is, in principle, a foolproof way to prevent hacking. It ensures that any attempt by an eavesdropper to read encoded communication data will lead to disturbances that can be detected by the legitimate users. Therefore, quantum cryptography allows the transmission of an unconditionally secure encryption key between two users, “Alice” and “Bob,” in the presence of a potential hacker, “Eve.” The encryption key is communicated using light signals and is received using photon detectors. The challenge is that Eve can intercept and manipulate these signals.

“Photon detectors have turned out to be an Achilles’ heel for quantum key distribution (QKD), inadvertently opening the door to subtle side-channel attacks, most famously quantum hacking,” wrote Dr. Charles Bennett, a research fellow at IBM and the co-inventor of quantum cryptography.

When quantum hacking occurs, light signals subvert the photon detectors, causing them to only see the photons that Eve wants Bob to see. Indeed, earlier research results by Professor Lo and independent work by Dr. Vadim Makarov of the Norwegian University of Science and Technology have shown how a clever quantum hacker can hack commercial QKD systems.

Now, Professor Lo and his team have come up with a simple solution to the untrusted device problem. Their method is called “Measurement Device Independent QKD.” While Eve may operate the photon detectors and broadcast measurement results, Bob and Alice no longer have to trust those measurement results. Instead, Bob and Alice can simply verify Eve’s honesty by measuring and comparing their own data. The aim is to detect subtle changes that occur when quantum data is manipulated by a third party.

Specifically, in Measurement Device Independent QKD, the two users send their signals to an untrusted relay — “Charlie” — who might possibly be controlled by Eve. Charlie performs a joint measurement on the signals, providing another point of comparison.

“A surprising feature is that Charlie’s detectors can be arbitrarily flawed without compromising security,” says Professor Lo. “This is because, provided that Alice and Bob’s signal preparation processes are correct, they can verify whether Charlie or Eve is trustworthy through the correlations in their own data following any interaction with Charlie/Eve.”

A proof-of-concept measurement has already been performed. Professor Lo and his team are now developing a prototype measurement device independent QKD system, which they expect will be ready within five years.

As a result of implementing this new method, quantum cryptography’s Achilles’ heel in the fight against hackers has been resolved. Perhaps, a quantum jump in data security has now been achieved.

Source: http://www.sciencedaily.com/releases/2012/04/120402094326.htm

Top 10 Scams of 2011 [Infographic] compliments of
Better Business Bureau

Business is always evolving and people are coming up with new inventions, technology and creative ways to make a buck. On the flip side of that coin there are always those people that are willing to make a buck and not give much in return for it. 2011 was not a year that was without scams.

This year the Better Business Bureau has put together an infographic giving the top 10 scams of the year that they’ve run across.

The first one mentioned in the BBB Scam infographic is the one preying on unemployed workers looking for that next job. The job scam starts with a professional website, phone interview, a “You got the job!” statement and then you get a link to a form that says can you fill out this online credit form? Identity theft now becomes an unfortunately easy attack on these new victims.

The next one hits the social networking crowd with promises of winning everything under the sun. This sweepstakes and lottery scam targets people on Facebook and Twitter mostly. Messages like, “You won! Facebook founder Mark Zuckerberg wants to send you $1 million!” are sent to the users in hopes of getting them to click. The result is listed as the situation where clicking lets the scammer see your personal information, your friends and more.

Another social media scam preys on top news events to get users to click through and create a malware / virus installation on their computers that lets all their passwords and private information fly away to the scammer. Messages are sent to users that say things like, “Did you see the video of Osama bin Laden’s death? Upgrade your flash player to view…” which gets the user to update their software. Instead of upgrading Flash you download a virus that finds your passwords.

For those people that are looking to get some home improvement work done this scam can hit them in the wallet and standing there with very shoddy work at their home. This time the scam pitch comes in person and goes like this, “I’ve got a great deal on resealing your driveway. (fixing your roof, trimming your trees, etc).” The scam is done on anyone owning property but seniors are a prime target for this one. The result that is listed is Shoddy work and at wost, the money is received by the scammer and they perform no work at all and take off.

If you like to sell on Craigslist or eBay this one could target you and you won’t even know it until your bank account screams foul. Teh check cashing scam works by the scammer telling you, “Sorry I wrote the check for too much. Can you wire me the difference?” When the person wires the difference of the check a few days go by and the entire check bounces. Now the victim is out what they sold and the extra money they gave the person.

The next scam is the top phishing scam according to the Better Business Bureau and starts with an email from ACH (Automated Clearing House) about an electronic transaction problem. The target of this scam is anyone who uses electronic banking or online billpaying. Where does the victim end up? A link will take the user to a fake banking site that steals all their information and fools them into thinking their banking site wasn’t working.

Identity theft is popular and there are ways it happens quickly to just about anyone. The BBB identified the top identity theft scam for 2011 which involves a hotel, a sleepy guest and their credit card details. The scam starts by a late night call to a hotel guests room that says, “This is the front desk. So sorry, but there’s a problem with your credit card.” The sleep guest hands over the credit card details to try and get back to sleep and later find out their credit card is being used for all kinds of gifts.

Foreclosures and short sales are through the roof and there are a new fresh pile of victims every single month. This top BBB scam directly targets these people already in a life changing position when they’re losing their house. The pitch for this scam can come from email or by mail and tells the victim, “We can help you keep your house by dealing with your mortgage company for you…” The catch is this victims never get any help, no services are performed and they are more broke and in more trouble than when they started. This scam preys on desperation and is the top financial scam of 2011.

There are new auction sites that allow users to bid for items that look incredibly cheap but the catch is you have to pay for the item and for each bid. This is the top sales scam for 2011 and starts with a pitch that says, “Win an iPad, win a new computer, win a camera…all for just pennies a bid.” The victim ends up paying for every bid and often doesn’t even win the merchandise.

The top scam for 2011 may be the most surprising of all. The BBB created this 2011 scam infographic and they’re letting the cat out of the bag. The biggest scam of the year is the BBB phishing scam. The scam starts out with a pitch that is an email from BBB with the subject line “Complaint Against Your Business.” What does a concerned business owner do? They click the link and an attachment downloads malware that finds bank info and transfers money all under the guise of the Better Business Bureau.

Madison is pleased to announce the launch of its newest website, Cyber Liability Insurance. With an ever growing market of e-commerce, and sensitive data being stored on computer systems, data is susceptible to security breaches, e-vandalism, and even theft of computers and laptops. The need for insuring this data has never been higher.

Any business that stores personally identifiable information such as social security numbers, credit card numbers, and patient records should have this added protection for their organization.

“The importance of this coverage has been growing in recent years, said Kathryn Bowen, Executive Vice President at Madison Healthcare Insurance Services. The more data is being stored on computers, laptops and even now with cloud based services, the potential for data breach is a real threat.”

There are a multitude of coverage options that can be utilized and tailored to fit the needs of your business specifically. By speaking with you Madison representative, we will be able to go over possible coverage options and help make sure your coverage is the right amount of protection at an affordable rate.

“Because this is a relatively new coverage, we are excited to be involved at such an early stage of the process,” said Bowen. “We are positioned in a unique way, where we can help a variety of customers in not only the healthcare field, but literally any business in any background. This is an exciting opportunity for Madison to branch out in to other areas outside of the healthcare insurance market. We are very confident that our level of expertise and extremely high standard in customer service will greatly benefit not only our existing clients, but also our future clients for years to come.”

Source: http://www.prweb.com/releases/2012/2/prweb9164415.htm

During October, November, and December of 2011, Corporate Recruiters and Staffing Firms posted about 6,400 online job ads for cyber security professionals, according to WANTED Analytics™(http://www.wantedanalytics.com), the leading source of real-time business intelligence for the talent marketplace. After several corporate security threats, hiring for cyber security knowledge, skills, and abilities grew slowly and resulted in a four-year high in demand during September. However, during this last quarter of 2011, the volume of job ads declined, ending the year up just 2% versus the same time period in 2010.

The majority of jobs that commonly require candidates to have cyber security skills are technology related, with Computer Security Specialists, Application Software Engineers, and Systems Administrators seeing the most ads. Other fields with high volumes of ads that require cyber security skills are Intelligence Analysts, Business Development, and Operations Analysts.

Metropolitan areas with the highest volume of job listings for cyber security skills during October, November, and December of 2011 were Washington (DC), Baltimore (Maryland), and Huntsville (Alabama). Employers in Washington, DC accounted for about one-third of hiring demand, with more than 2,100 unique listings during this three-month period. Despite placing the most job ads, this represents a 21% year-over-year decline in hiring. On the other hand, Baltimore and Huntsville both experienced year-over-year increases.

Companies that are sourcing for cyber security skills are likely to find these jobs moderately hard-to-fill, with conditions varying slightly by location depending on the available talent supply. According to the Hiring Scale™, companies in Huntsville, Alabama are currently experiencing one of the more difficult conditions when recruiting candidates with security skills. Hiring demand in Huntsville continues to grow, while the local talent pool is not growing at the same pace. Employers in this area are likely to compete heavily to attract talent and experience a longer time-to-fill than many other areas across the United States. The average duration of an online job posting with cyber security skills is 7 weeks, one week longer than the national average. In comparison, the Hiring Scale also shows that the easiest places to currently recruit cyber security skills are Sacramento (CA), Omaha (NE), and Utica (NY). These areas are likely to fill job openings faster than the rest of the United States.

The Hiring Scale measures conditions in local job markets by comparing hiring demand and labor supply. The Hiring Scale is part of the WANTED Analytics platform that offers business intelligence for the talent marketplace.

To see additional charts and detail, please visit http://www.wantedanalytics.com/insight.

The Hiring Scale is available at http://www.hiringscale.com.

About WANTED Analytics™

WANTED Analytics™ helps recruiting organizations make better decisions faster with real-time business intelligence on jobs, employers, and talent. Analytics brings together, for the first time, years of hiring demand and talent supply data to create a true talent intelligence platform for hard-to-fill positions.

Clients in the staffing, HR, RPO, media, and government sectors use WANTED Analytics™ to find sales leads, analyze employment trends, gather competitive intelligence, forecast economic conditions, and source hard-to-fill positions.

About WANTED Technologies Corporation

WANTED Technologies (TSX-V:WAN) provides real-time business intelligence for the talent marketplace. Founded in 1999, the company’s headquarters are in Quebec City, Canada, and it maintains a US-based subsidiary with primary offices in New York City. WANTED began collecting detailed Hiring Demand data in June 2005, and currently maintains a database of more than 600 million unique job listings. For more information or to sample WANTED’s services, visit http://www.wantedanalytics.com.

WANTED is also the exclusive data provider for The Conference Board Help Wanted OnLine Data Series®, the monthly economic indicator of Hiring Demand in the United States.

The TSX Venture Exchange does not accept responsibility for the adequacy or accuracy of this release. Any statement that appears prospective shall not be interpreted as such.

Source: http://www.prweb.com/releases/2012/2/prweb9172492.htm

WASHINGTON — A developing Senate plan that would bolster the government’s ability to regulate the computer security of companies that run critical industries is drawing strong opposition from businesses that say it goes too far and security experts who believe it should have even more teeth.

Legislation set to come out in the days ahead is intended to ensure that computer systems running power plants and other essential parts of the country’s infrastructure are protected from hackers, terrorists or other criminals.

The Department of Homeland Security, with input from businesses, would select which companies to regulate; the agency would have the power to require better computer security, according to officials who described the bill.

Lawmakers have not finalized the details, but those are the most contentious parts of legislation designed to boost cybersecurity against the constant attacks that target government, corporate and personal computer networks and accounts.

Authorities are increasingly worried that cybercriminals are trying to take over systems that control the inner workings of water, electrical, nuclear or other power plants.

That was the case with the Stuxnet computer worm, which targeted Iran‘s nuclear program in 2010, infecting laptops at the Bushehr nuclear power plant.

As much as 85 percent of America’s critical infrastructure is owned and operated by private companies.

The emerging proposal isn’t sitting well with those who believe it gives Homeland Security too much power and those who think it’s too watered down to achieve real security improvements.

Source: http://www.newsday.com/news/nation/senate-cyber-security-plan-met-with-criticism-1.3507123

With people more likely to fall victim to cyber crime rather than physical acts of violence or robbery the security industry is facing a need to deliver more user education.

One of the main themes that came out of a recent UKFast roundtable was that the chances of someone being a victim of cyber crime were now much greater and more likely than previously and more had to be done to encourage awareness of users around passwords and best practices.

“It is vital to protect your information as well as possible. Passwords need to be long, complex and changed regularly. Most importantly, we should have different passwords for each account, so if one account is compromised we are not gifting access to every one of our accounts and profiles,” said Neil Lathwood, UKFast’s IT director.

Recent figures from the latest Norton Security report 2011 have tried to size the problem being faced by users and Tony Dyhouse, cyber security director with the ICT Knowledge Transfer Network, used those figures to put the the threat into context.

“Fourteen people every second are falling victim to cyber crime and more than two thirds of online adults have been a victim of cyber crime in their lifetime – that’s 431m adult victims every year and a very significant number,” he said.

David Cook, solicitor advocate and cyber security expert at the Manchester office of Pannone, said that the losses due to cyber crime were now matching the annual worth of the drugs market.

“Comparing cyber crime to street crime, anyone can be a victim of cybercrime because everyone has a computer, a mobile device or a set top unit and it’s very easy for anyone to commit a cyber crime. Most people wouldn’t have the bottle to break into a house but a hell of a lot of people would find it easy in a room at home on their own to click a few buttons and see where they could go,” he said.

Source: http://www.microscope.co.uk/news/reseller-news/better-passwords-could-help-protect-against-cyber-crime-threat/

During Munich Security Conference, held on Sunday, officials attending the conference emphasized over the need of speeding up cyber security in India. In the past few years, cybercrimes have been causing havoc in many countries like US and China. Therefore, to protect India from cybercriminals, it is necessary that right steps are being taken.

The experts have informed that the cybercriminals can use weapons like Stuxnet software ‘worm’ which could damage the nuclear program like that in Iran, which happened a year ago. The former Director of the American CIA and National Security Agency, General (retd) Michael V Hayden noted, “Someone used a cyber-weapon in peacetime to physically destroy what the nation (Iran) would describe as its critical infrastructure. It was a new class of weapon that caused a thousand centrifuges in Iran to self-destruct”.

The Swedish Foreign Minister, Carl Bildt is of the view that these days stealing cyber weapons have become much easier than stealing nuclear weapons. Whole world is terrified by the moves of cybercriminals.

The ongoing cybercrimes have raised questions over the security and privacy in many countries. It has been warned by the Russian cyber expert, Eugene Kaspersky that the developed countries are at higher risk of becoming the victim of cybercriminals.

Amidst the ongoing cybercrime, India does have a reason to be worried about. It has been unveiled that India’s neighbor, China, has been launching attack over the cyber security of various counties like US, UK and Germany.

Therefore, a mechanism and strategy has to be drafted so that cybercrimes could be kept on tab and the security of the nation could also be maintained. India needs to work on the strategies before it is too late.

Source: http://newspoint.co.za/story/412/2008-increased-cases-cybercrime-matter-concern-india