CyberSecurity Institute

They come, stay a few years and move on because, ultimately, we can’t pay what the industry pays for talent,” Larkin said, adding that the bureau also has experienced difficulties with keeping pace with employees’ training needs.

Because of those shortcomings, Larkin said, the I3C spent the past four years forging partnerships with the biggest names in the tech industry to share expertise, coordinate on intelligence and develop best practices and protocols for fighting cyber-crime.

Originally formed as partnership between the FBI and the National White Collar Crime Center (NW3C) to fight online fraud, Larkin said the unit had to evolve to keep up with the rapidly changing face of crime on the Internet.

Larkin discussed several major highlights over the years, including “Operation Web Snare” in August, which led to the arrests or convictions of more than 150 individuals and the return of 117 criminal complaints and indictments.

http://www.eweek.com/article2/0,1759,1733838,00.asp

The controversial move is designed to use the idle processing power of a computer to slow down the response times from spammers’ Web sites.

“Lycos has been trying to position itself in the fight against spam,” said Wessel Van Rensburg, product manager of communications for Lycos. It aims to use our community to fight spam. It uses idle computer power and sends requests to spam sites.

On its Web site, Lycos, which claims to have an army of more than 66,000 computers, says it has already attacked several Web sites, slowing one down by 85 percent of its operating speed. The software is open to Windows and Mac users.

The company said that when the screensaver is active it displays the location and URL of the sites users’ PCs are attacking, and that Lycos decides the Web sites it will attack.

A spokesman for the company said: “This gives Internet users the opportunity to hit spammers where it hurts. Sending spam is not a minor misdemeanour, as spam causes billions of pounds of damage to the economy. This is why we are upping the ante in the fight against those responsible for spam.”

But DDoS attacks are illegal in a many countries and some organisations have criticised the move. Steve Linford, director of non-profit anti-spam organisation Spamhaus, has dedicated the last eight years of his life to fighting spammers. He said that Lycos has failed to think the idea through. “It’s irresponsible of Lycos to put its name to it because it lends legitimacy to [DDoS] attacks,” said Linford. “Directing traffic is part of the degradation of the Internet we are trying to stop.”

On its Web log, security company F-Secure also warned users away from the idea.

http://news.zdnet.co.uk/internet/security/0,39020375,39175487,00.htm

If an online intruder has infiltrated your Windows PC, you may notice recurring slowdowns of e-mail and Web browsing, or you may notice nothing at all. Always use a personal firewall and keep security patches up to date. As of early November, all new Windows XP PCs come with Service Pack 2, which includes a firewall and automatic patching. Owners of Windows XP PCs purchased earlier than that should download Service Pack 2 from www.microsoft.com/athome/ security/protect/default.aspx. Users of older versions of Windows can get security tips at that same Web site. Once hijacked, it is likely to get grouped with other compromised PCs to dispense spam, conduct denial-of-service attacks or carry out identity-theft scams.

Those are key findings of a test conducted by USA TODAY and Avantgarde, a San Francisco tech marketing and design firm.

The experiment involved monitoring six “honeypot” computers for two weeks — set up to see what kind of malicious traffic they would attract.

The test did not measure Web attacks that require user participation, namely spyware, which gets spread by visiting contagious Web sites, or e-mail viruses, which proliferate via e-mail attachments.

However, the results vividly illustrate how automated cyberattacks have come to saturate the Internet with malicious programs designed to take the quickest route to break into your PC: through security weaknesses in the PC operating system.

“It’s a hostile environment out there,” says tech security consultant Kevin Mitnick, who served five years in prison for breaking into corporate computer systems in the mid-1990s.

Test results underscored the value of keeping up to date with security patches and using a firewall.

Attackers successfully compromised the Dell Windows XP computer using Service Pack 1 nine times, and the Dell Windows 2003 Small Business server once.

They included: four Dell desktop PCs running different configurations of the Window XP operating system, an Apple Macintosh and a Microtel Linspire, which uses the Linux operating system.

10:52:08 Less than four minutes from start of the test, an intruder breaks into Windows XP SP1 through the vulnerability most famously exploited by last May’s Sasser worm.

11:03:30 Eleven minutes later another intruder breaks into XP SP1 through the security hole exploited by the July 2003 MS Blaster worm.

He confirms XP SP1 is connected to the Internet, then begins making repeated attempts to connect XP SP1 to a server running an Internet Relay Chat channel, the equivalent of a private Instant Messaging line.

While attempted break-ins never ceased, successful compromises were limited to nine instances on the minimally protected Windows XP computer and a single break-in of the Windows Small Business Server.

To hijack the Windows Small Business Server, the attacker finagled his way into a function of the Windows operating system that allows file sharing between computers.

“Downloading and using other exploits, performing denial-of-service attacks, running spam-relay tools, running identity-theft tools are all very common activities of compromised machines,” says Martin Roesch, chief technology officer at tech security firm Sourcefire.

http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm

Opposition justice spokesman Joe Ludwig had said Labor would support the Bill now that the government had undertaken to conduct a full review of the Telecommunications Interception Act.

But both the Australian Democrats and Greens continued to oppose the bill – the Telecommunications (Interception) Amendment (Stored Communications) Bill 2004 – on the grounds that it intruded excessively on privacy.

Senator Ludwig said the opposition would not oppose the bill on the basis that the government had accepted a bipartisan recommendation of a Senate committee which called for a comprehensive review of the Telecommunications Interception Act over the next 12 months.

Democrats Senator Brian Greig said accessing private communications without a warrant and without the knowledge of the individual involved was a very intrusive practice. “I don’t have confidence that that review is going to come from the point of view of the suggestions and enhancement of the rights of citizens from a government which has serially been involved in putting legislation to this place which cuts across the rights of citizens,” Senator Brown said.

http://www.zdnet.com.au/news/security/0,2000061744,39168307,00.htm