WITH almost 28 million Filipinos actively logging in to Facebook every day (the Philippines ranking 8th Facebook user by country, according to www.socialbakers.com) and sharing the most mundane to the most intimate details of their lives, security experts are campaigning for data privacy awareness. Trend Micro joins the National Cyber Security Alliance and several other notable institutions in celebrating Data Privacy Day to champion data security.

“Privacy is our individual responsibilities. We cannot always expect or assume that Internet service providers and web site administrators will take care of our privacy for us.  We need to evolve into vigilant digital citizens,” Myla Pilao, Trend Micro director for Core Technology Marketing said.

“For 2012, Trend Micro believes that the new social networking generation will redefine privacy. Our concept of online privacy constantly changes along with various shifts in technology. Providing information has become so convenient that most people no longer know how much information they reveal and to whom,” Pilao added.

Trend Micro shares the following tips to protect your privacy while browsing the Web:

• Regularly delete cookies. Cookies store site-related information that may be stolen for cybercriminal use.  Deleting cookies can have a downside though, as doing so will require you to re-enter your user name and password every time you access a site.
• Consider private browsing. Browsers offer this special mode as a means to keep your online activities secret from prying eyes. Opting for private browsing opens a new browser session that deletes its history and cookies as soon as you close the window. Note though that this does not guarantee anonymity because while your browser window remains open, it still allows advertisers to track your activities.
• Use the NAI’s opt-out tool. This tool allows you to opt out of being “targeted” by customized ads. As an organization that promotes online advertising self-regulation, the Network Advertising Initiative (NAI) allows you to opt out of advertising promotions its member companies run. As such, you will no longer be bothered by tailor-made ads companies you chose to block dole out.
• Explore your social-networking account’s privacy settings. Edit your privacy settings so that only your contacts can view the information you post. You can even customize this further and choose specific people who can view certain sections of your public wall. Unless you are a business entity, it is best not to set your account to “Public.”
• Check the permissions you grant the mobile apps you install. Make sure that the access permissions requested by the mobile app you are trying to install are reasonable and are required by the app to function. Be suspicious if an app appears to be asking for access to more functionalities as this can be an indication that the app is malicious.

“In the same way that we safeguard the keys to our cars and our houses to protect those that are precious to us, the key to accessing our personal information is our responsibility. The bottom line is: it’s your data, it’s your life.” said Pilao.

Source: http://businessmirror.com.ph/component/content/article/52-technology/22591-trend-micro-shares-tips-to-protect-privacy

It is perhaps ironic that Twitter’s censorship announcement and Google’s privacy updating came in the week that Canada, along with many other countries, was celebrating Data Privacy Day.

The moves by Twitter and Google underscored just how much people are willing to give up in return for getting free online services. And if that wasn’t enough evidence, we have Facebook now making its Timeline mandatory for its 800 million users.

Privacy is the currency that they are trading and companies like Twitter, Google and Facebook are dependent on users’ willingness to share information about themselves.  Users get a range of services and social networks; the companies parlay the information into lucrative ad revenue.

In Google’s case the furor arose over the unification of the privacy policies of its many services, from Gmail to YouTube and others, under a single policy. The net effect is as long as you are signed into a Google service the company can collect all your activities on its other services, compiling a wealth of data on you that could be used for targeted advertising.

Facebook, soon to launch a $5 billion initial public offering, is making the shift to Timeline, a move that some users and privacy experts.  A feature that could give Facebook creeping new status,  Timeline has the potential to reveal personal information from your Facebook profile going back years.  There is an option to limit the past posts that you share with the public but keeping up with Facebook’s privacy settings is a job in itself and this is a privacy setting that could easily be overlooked by users.

If you want to ensure your entire Facebook life isn’t open for public viewing, click on Privacy Settings on your Facebook account and click on “manage post visibility” under the heading, “Limit the Audience for Past Posts.”

Twitter is facing its own backlash, this for its move to implement country-by-country censorship. Twitter defends the move, saying that in complying with requests to take down tweets in countries where they violate local laws, it’s safeguarding their publication to the rest of the world.  Really, it’s all about business. Twitter wants to expand in lucrative markets like China and if it takes censoring tweets to operate there, it’s willing to do that.

Unfortunately for Twitter, Thailand and China — countries known for their censorship — were quick to welcome the move, hardly an endorsement for a company that has billed itself as a proponent of free speech would want. Opponents of the censorship, including Chinese activist Ai Weiwei, have threatened to stop using Twitter.

Some privacy advocates argue that Twitter’s move will shed more light on censorship activities is various countries. Instead of simply blocking an offending tweet in a country, Twitter will notify users their tweet has been blocked and people will be able to find out about it on the Chillling Effects web site.

Simon Fraser University communication professor Peter Chow-White doesn’t expect Twitter’s censorship to impact countries like Canada, that is not unless special interest groups try to use it as a tool to quash dissenting views. Twitter is pledging not to filter tweets but to deal with them in response to complaints.

“I’m sure some people will try to suppress views they don’t agree with or even across (political) campaigns they might appeal to Twitter in terms of disrupting information,” said Chow-White. “ It’s conceivable….it depends how they twist this type of policy.”

For Twitter, the country-by-country censorship move is purely pragmatic.

“Google has had a long on-going negotiation with China over its presence there,” said Chow-White. “What Twitter is learning from that  is if you don’t work with the country it may not work period.”

Such moves by companies like Twitter and Google are all about business.

“These  free services they give,  they are not free,” said Chow-White. “They may not cost money, but we are entering into an agreement, we are getting something for free. But what we are going to give up is our privacy, at least with that company.”

Most of the time we’re probably not even certain what we’re giving up. Just how many times have you read to the bottom of an online agreement before hitting the button to say you agree?

Despite the risks of online sharing, they haven’t reached a point where people are worried about it. Sure, there are the stories about people losing jobs over intemperate posts, losing insurance cases,  or in the case of Stanley Cup rioters, being identified through their online boasting. But it’s not enough to scare people away from sharing online.

“Also as they becomes more and more important in how we organize our business lives, our home lives and our friendships, our communications networks become really important for doing that,” said Chow-White.

Chow-White says until there’s a critical mass built around how we manage information online, we won’t really understand the risks.

“Until that risk is really understood, the benefits of being in the network far outweigh the risks of being in the network for now and that doesn’t seem to be slowing down,” he said.

For young people who have grown up at a time when sharing everything is the norm, the risks and the consequences may become apparent a little late too late.

“Some of them don’t know the consequences of sharing everything, especially as their digital footprint or digital identity will be walking into the room with them on job applications,” said Chow-White.

“What will be on the table won’t just be their CV, it will be their Facebook account, their Twitter account, all sorts of things.”

Which brings us back to Data Privacy Day and advice from the office of  Canada’s Privacy Commissioner: “Less is more,” when it comes to sharing online.

“Beware what you share, because it could wind up anywhere.”

Source: http://blogs.vancouversun.com/2012/01/31/no-free-lunch-the-real-cost-of-using-google-twitter-facebook/

It’s never too early to get ready for Valentine’s day, it seems, even when it comes to malicious attacks. Recently, I came across a scam in Facebook that leverages the upcoming occasion.

The said attack begins with a post on affected users’ wall inviting other users to install a Valentine’s theme into their Facebook profile.

Once users click on this post, they are redirected to another page that urges them to install the said theme. Note that this attack only works on either Google Chrome or Mozilla Firefoxbrowsers.

Clicking the Install button on the page will prompt the download of the malicious file, FacebookChrome.crx which Trend Micro detects as TROJ_FOOKBACE.A. When executed, TROJ_FOOKBACE.A executes a script that is capable of displaying ads from certain websites.

It also installs itself on the on the users’ browsers as an extension named  Facebook Improvement |Facebook.com.

Once this malicious browser extension is installed, it will monitor the users’ browsing activities and redirect their page to a survey page asking them for their mobile number. Users who clicked on the post using Internet Explorer (IE) will be redirected to the same survey, without them being asked to download anything.

Upon further analysis, we discovered that the attack is much more effective if the users are employing either Google Chrome or Mozilla Firefox. It resembles a legitimate extension download, thus requiring less user interaction than in the case where Internet Explorer is used (in which case the user is redirected to surveys).

With the focus of the attack mainly built around the concept of pretending to be a valid Chrome extension, we can reasonably conclude that Chrome users are the main target of this particular attack, with the IE redirection as more of an afterthought. But while there may be browser activity monitoring involved, TROJ_FOOKBACE.A does not seem to have any information theft techniques.  It fits the criteria of a clickjacking attack more, where it automatically ‘likes’ several Facebook pages as well as automatically posts a message on the affected user’s wall.

The fact that the attack itself is focused on Chrome and Firefox may mean that cybercriminals are targeting extension-compatible browsers, as well as going after more popular browser choices. This is not the first attack of its kind, but considering that extension-capable browsers are coming to the forefront now, it serves as a warning to all of us that this may be a continuing a trend that the malicious entities of the Internet are going to follow in the foreseeable future.

Trend Micro protects users from this attack via Trend Micro™ Smart Protection Network™  that detects the malicious file and blocks all related malicious URLs.

Source: http://blog.trendmicro.com/facebook-valentines-theme-leads-to-malware/?awid=4840867199964004099-1985-blog-amplification

Paleo diets, polyphasic sleep, jail-broken kindles – if you recognize these you’re probably a hacker, and we’d like to share some tricks to do with automotive purchasing that we’ve gleaned from looking at about 20,000 dealership and classified car listings daily.

Even assuming you don’t habitually optimize (hack) what other people take for granted, car hunting is important enough to be worth serious attention. We’ve used our search database to come up with five hacks that should save you both money and sanity on your next purchase.

Hack #1: Buy From Craigslist

Shopping on Craigslist will save you at least $2,000 on most vehicles; the ubiquitous Toyota Corolla has median savings of $2,854 (916 datapoints, all clean title) with other models summarized below.

Hack #2: Don’t Trade In Your Vehicle

In perhaps an obvious corollary, dealerships make money by purchasing your car at a lower price than they can sell it for. Do yourself and the community a service and let your old car go at a reasonable price. I mean, do you really want to be the purple line below? Parting with your old Corolla for $2,000 so a dealer can sell it for $6,500?

Hack #3: Buy Luxury Later

If you’re broke like us but still really like performance and leather interiors, consider getting a luxury car that’s 5-6 years old. More luxury owners want newer models than older ones leading to a pretty steep depreciation for the first few years; the average new E320 loses about $12k per year no matter the mileage (112 datapoints). Compare this to the depreciation curve for a Camry: the car holds value like people *want* to drive it into the ground. Crazy! (1,523 datapoints).

Hack #4: Carfax the Vehicle

It’s absolutely critical to verify the the vehicle’s history with Carfax or a similar DMV records service – any salvage level collision will immediately drop 36% from the value of the vehicle. You should also look at the number of previous owners and the length of time the current owner has owned the car, and be prepared to walk away if anything doesn’t check out. You can get 5 Carfax reports for $44.95.

Hack #5: Find an OCD Mechanic

Take the car to the most detail oriented mechanic you can find. First, you want to make sure there isn’t anything seriously wrong with the car. Things to watch for are signs of unreported collisions, imminent timing belt failures, etc. Mechanics will also know about upcoming standard maintenance in your model’s life cycle, which may change the effective price of your car by $1,000 or more.

Second, if your mechanic is any good she will come back with a grocery list of small problems that are normal for any used vehicle. You’re familiar with how easy it is to have $2-3k in filter, fluid, alignment and suspension tune-ups recommended to you, right? This list will give you significant bargaining leverage when negotiating a fair price for the vehicle, and almost always makes the trip to the mechanic pay for itself.

Negotiating a purchase is quite literally a zero-sum game, but odds are you’re dealing with some decent human being that would like to make a fair deal with you. Treating them as such will probably improve this process, and furthermore is just the right thing to do.

Happy hunting!

Source: http://blog.carsabi.com/2012/01/31/hacking-the-used-car-purchase/

Jan. 31 (Bloomberg) — Iran is stepping up its support for international terrorism and its intelligence operations against the U.S., the Director of National Intelligence told Congress.

“The 2011 plot to assassinate the Saudi ambassador to the United States shows that some Iranian officials — probably including Supreme Leader Ali Khamenei — have changed their calculus and are now more willing to conduct an attack in the United States in response to real or perceived actions that threaten the regime,” James Clapper said in a statement today to the Senate Intelligence Committee.

Iran’s willingness to sponsor attacks against the U.S. at home or abroad “probably will be shaped by Tehran’s evaluation of the costs it bears for the plot against the ambassador as well as Iranian leaders’ perceptions of U.S. threats against the regime,” he said in an opening statement to the committee’s annual threat-assessment hearing.

While the core leadership of al-Qaeda in Pakistan has been decimated, a more fragmented international jihadist movement remains dangerous, the U.S. intelligence director said. The group’s regional affiliates in Yemen, North Africa and Somalia, Clapper said, will pose a greater threat to U.S. interests than will “the remnants of core al-Qaeda in Pakistan.”

 

Cyber Threats ‘Critical’

 

Dangers posed by cyber espionage were also highlighted by Clapper. “Cyber threats pose a critical national and economic security concern due to the continued advances in — and growing dependency on — the information technology (IT) that underpins nearly all aspects of modern society,” he said.

Neither government nor business “has been successful at fully implementing existing best practices,” he said.

Clapper told the Senate panel during his testimony that he anticipated a situation “in which emerging technologies are developed and implemented before security responses can be put in place.”

Robert Mueller, director of the Federal Bureau of Investigation, told the committee he predicts cybersecurity eventually will become the No. 1 threat against the U.S.

Chinese and Russian cyber spying “are of particular concern,” and Iran’s intelligence operations, “including cyber capabilities, have dramatically increased in recent years, in depth and complexity,” according to Clapper in his statement.

Non-state actors such as the hacker groups Anonymous and Lulz Security (LulzSec) “are also playing an increasing role in international and domestic politics through the use of social media technologies,” he said.

 

Iran’s Nuclear Capability

 

Familiar threats also persist. Iran has the technical, industrial and scientific capability to produce a nuclear weapon eventually, making “the central issue its political will to do so,” Clapper said in the statement.

“They are certainly moving on that path, but we don’t believe they’ve actually made the decision to go ahead with a nuclear weapon,” he told the committee.

Iranian advancements, particularly in enriching uranium to weapons-grade levels, reinforce the intelligence community’s prevailing view that Tehran is “technically capable of producing enough highly enriched uranium for a weapon if it so chooses,” he said.

“We assess that Iran is keeping its options open to develop nuclear weapons, in part by developing various nuclear capabilities that better position it to produce such weapons, should it choose to do so,” Clapper said, in wording similar to last year’s testimony assessing global threats to the U.S.

“We do not know, however, if Iran will eventually decide to build nuclear weapons,” Clapper said. If Iran did so, intelligence agencies believe Tehran would be likely to choose a ballistic missile for its “preferred” delivery, he said.

Read more: http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2012/01/31/bloomberg_articlesLYNDWQ6JIJVA01-LYOI1.DTL#ixzz1l4dT0Drq

NEW YORK — Just last week Aaron Barr, the former HBGary Federal CEO whose email was hacked by Anonymous in February, was “schooling” the FBI on security and social media. Now he’s been let go from his new job at another federal contractor, Sayres and Associates. His former boss at Sayres told HuffPost it was because Barr was acting like a “cowboy” on the company dime.

Barr’s strange year in the public eye began in early 2011. At the time he was the CEO at HBGary Federal, an information security contractor working with both federal government agencies and with outside firms. In a Feb. 4 article, he claimed to theFinancial Times that he was on the cusp of exposing the leaders behind the loose-knit confederation of hackers and activists known as Anonymous.

The Anons struck back, releasing thousands of internal emails from HBGary Federal — emails that showed that HBGary Federal was working for a law firm, which was in turn working for the U.S. Chamber of Commerce, to hurt Wikileaks by feeding it false information and discrediting its supporters in the media.

As the plot was exposed, Barr was forced to step down at HBGary Federal. Months later, he had moved on to a new job at Sayres and Associates, which does contracting work with the U.S. Navy and the Department of Homeland Security.

“When I hired Aaron about eight months ago, it was under the perception that we were going to be able to help the NSA with some things relating to national security, not with Anonymous and social groups,” said John Sayres, the company’s founder.

According to Sayres, what he got instead was a series of headaches.

“When I brought him on I said, hey, we’ll give him six months and see how he can help our company — and I saw no help, all I saw was things I didn’t want to see,” Sayres said.

Those may have included a mention on Threatpost about Barr’s “strange trip” to visit Occupy Wall Street in Zuccotti Park, where he dyed his hair blue in an attempt to fit in with protesters and see what they were up to. Barr’s name also appeared in a set of emails mistakenly released by another cybersecurity analyst he is friends with, Thomas Ryan. Ryan snuck his way onto an Occupy Wall Street email organizing list, forwarding some of those messages to FBI agents and then releasing a batch of them onto the web.

At the time, Barr told HuffPost he was simply dropping in on Occupy Wall Street out of curiosity, hoping to see how Anonymous was interacting with the movement. Barr said he played no part in Ryan’s efforts to “snitch” on Occupy Wall Street — even though he was copied on one of the emails between Ryan and an FBI employee.

Following it all is a little bit complicated — a vertigo-inducing trip into the shady border zone between feds, security consultants and hackers. But after Barr popped up in the news again last week, presenting at an FBI-sponsored cybersecurity conference with a speech called “How I learned to stop worrying and love social media,” his boss decided he’d had enough.

“I never got a copy of what he was presenting at the conferences,” said Sayres. “He was kind of like a cowboy, off on his own and doing his own thing, and that’s not how I run the company.”

Sayres said he never expected Barr to be back at it again, talking in public about Anonymous, or collaborating with the FBI, which he said his company has no business with.

“It looks to me like he’s back in the same old playground,” Sayres said. The conference speech was on Jan. 11, and Barr was let go a week later.

For his part, Barr described his parting with Sayres and Associates as “amicable.” He added that he has already found a new job, but declined to tell HuffPost where.

“Lol,” he emailed. “Let me settle in first.”

Source: http://www.huffingtonpost.com/2012/01/20/aaron-barr-cybersecurity-anonymous-occupy-wall-street_n_1219328.html

The loosely organized hacking group Anonymous has made an effort to protest many different sources of corruption and causes over the last year. Recently, the group went on the offensive in response to the crackdown on popular site Megaupload.

After Megaupload was shut down and founder Kim Dotcom was put in prison, Anonymous started hacking various sites and shutting them down. Almost immediately, sites including the Department of Justice and the Federal Bureau of investigation were hacked and taken offline.

After hitting those sites and several others, anonymous set its sights on CBS.com. Instead of the usual distributed denial-of-service attacks that they typically use, they completely deleted all files on the CBS site. This reduced the site to almost nothing and visitors found that the site was not functional. CBS later fixed the site and it is working properly now.

In addition to hacking the CBS website, Anonymous also went after Universal Music Group’s website. It was not taken down to the degree of CBS’s website, but it was taken down for a brief period of time.

According to a Forbes article, the Twitter account associated with Anonymous tweeted “What would YOU Like #Anonymous to hack next?” This is undoubtedly in response to the threat that it will continue to hack sites and take them down until Megaupload is restored and Kim Dotcom is released from prison in New Zealand. This sets the stage for a continued battle between Anonymous members and the authorities around the world.

Some reports have linked the timing of the arrests and crackdown on Megaupload to the proposed launch of a legitimate business model for file sharing in the near future that would compete with Universal Music Group and similar businesses. With this model, artists would be paid royalties of up to 90 percent of what is made on downloads. With this business model, artists are even paid when people download songs for free online. While this theory is yet to be proven, some think it has some legitimacy in relation to the entire bust.

Speculation continues to run rampant as to what Anonymous will shut down next. Some believe that they will take on large websites such as Facebook and Twitter in the coming weeks, although the Anonymous Twitter account refuted this. Since Twitter and Facebook are the means of communication for these entities, they do not wish to take down these sites at any point in the immediate future. However, Anonymous is a very loosely organized coalition of hackers. The official Twitter account does not necessarily speak for everyone who engages in these hacks.

In addition to responding to the Megaupload take down, Anonymous is also reportedly upset about the various Pieces of legislation that are being debated in Congress and around the world. The Stop Online Piracy Act or SOPA and the Protect IP Act or PIPA were recently postponed due to the number of protests that were waged in response to them. ACTA or the Anti-Counterfeiting Trade Act is a global treaty that threatens to alter the landscape of the Internet and it is still actively being pursued. Anonymous promises to keep up its work until these situations are resolved. In the meantime, websites associated with the entertainment industry continue to be potential subjects of the next Anonymous operation to take them down.

Two Saudi-based credit-card holders said Wednesday that their personal details were compromised by an Israeli hacker who published details of what he claims are more than 200 Saudi-owned credit cards.

The two individuals, whose names appear on the Israeli hacker’s list, said their banks confirmed irregularities with their credit-cards.

They spoke to AFP on condition of anonymity and refused to give further details.

In an overnight online posting titled “FREE Saudi’s Credit Cards!” the hacker listed the names, email addresses, phone numbers and numbers of 217 cards, of which more than 160 appeared to have expiry dates that were still valid.

The hacker used the nickname “0xOmer” — an almost identical name to that of a Saudi hacker who exposed details of thousands of Israeli card details earlier this month — and identified himself as “Omer Cohen from Israel.”

But in a Twitter posting, he refused to expose the cards’ security codes, or CVC numbers, saying the aim was just to “alert.”

Last week, a hacker who claimed to be from Saudi Arabia posted details of thousands of Israeli credit cards online in two separate incidents, and reportedly infected those following the hack with a Trojan horse virus.

In the first incident, the perpetrator, who identified himself as “0xOmar” from group-xp, said he had posted details of 400,000 cards online.

Three days later, he said he had published another 11,000 card details but it turned out to be malware that infected anyone who downloaded the information.

Israel’s main credit card companies said about 20,000 valid cards had been affected.

Israeli news website Ynet said it had contacted Israeli hackers who claimed to have obtained details of thousands of credit cards used on Saudi shopping websites but were “waiting for the right moment to publish it.”

“We could not stay silent after the pompous boasting of the Saudi hacker,” one of the unnamed hackers told the website.

Source: http://uk.news.yahoo.com/tit-tat-hack-israeli-posts-saudi-credit-cards-083218154.html

Anonymous has struck the websites of two anti-piracy organisations, a day after Finnish ISP Elisa blocked access to The Pirate Bay search engine in response to an injunction requested by one of the organisations.

The Finnish site for the International Federation of the Phonographic Industry (IFPI) and the website for the Copyright Information and Anti-Piracy Centre (CIAPC) of Finland were both offline, apparently as a result of a distributed denial-of-service attack, said Antti Kotilainen, CIAPC’s managing director. CIAPC does work for the IFPI, he said.

“It doesn’t really affect our work but of course it’s annoying,” Kotilainen said

The owner of the Twitter account “@anon_finland” took credit for the attack, writing on Monday that “we’ll keep it down as long as want.”

On Monday Elisa stopped its subscribers accessing The Pirate Bay and other associated websites and domain name servers, to comply with a temporary injunction issued by a Helsinki court at the request of IFPI Finland in October. Elisa has filed an appeal with Helsinki’s Court of Appeal, according to a company statement.

The IFPI is asking for injunctions that would force two other major ISPs, TeliaSonera and DNA, to block The Pirate Bay, Kotilainen said. Those rulings may be released as soon as next month, Kotilainen said.

If granted, the injunctions would mean the website would be blocked in about 80 percent of the Finnish broadband market, Kotilainen said.

The Pirate Bay enables users to search for torrents, or small information files that coordinate the download of content among people using the BitTorrent file-sharing system. For years, it has drawn the ire of the entertainment industry, who allege that most of the content it indexes has been shared in violation of copyright protections.

In November, IFPI Finland and music companies Warner Bros, EMI, Universal Music Group and Sony Music Entertainment filed a civil suit in Finland against three men affiliated with The Pirate Bay: Peter Sunde, Fredrik Neij and Gottfrid Svartholm Warg. The suit asks the court for compensation and for the three to stop infringing copyright, Kotilainen said.

Kotilainen said he holds little hope for compensation.

In April 2009, the three men plus Carl Lundström, were each sentenced to one year in prison in a Stockholm court for being accessories to crimes against copyright law. The court ordered that the four pay about 11 million Swedish kronor to Twentieth Century Fox and €41,467 (£34,000) to Sony Music Entertainment in Sweden. They were also supposed to forfeit 1.2 million Swedish krona (£112,000) in advertising revenue generated from the site.

In 2010, three of the four men lost an appeal, but they hope Sweden’s Supreme Court will take on the case, according to the TorrentFreak blog.

Source: http://news.techworld.com/security/3329067/anonymous-hackers-hit-websites-after-pirate-bay-block/