Monday, 28 February 2011
Database tasks
Anonymous vs. HBGary: the aftermath
The fallout from the whole debacle endures. In the wake of the attack, HBGary's Penny Leavy and Greg Hoglund (they are married) entered the Anonymous IRC channel #ophbgary to plead in vain for Greg's e-mails to stay private. (Several less relevant remarks have been removed from the transcript for easier reading.)
< greg> so you got my email spool too then
<&Sabu> yes greg.
<@`k> greg we got everything
< Agamemnon> Greg, I'm curious to know if you understand what we are about?
Do you understand why we do what we do?
< greg> you realize that releasing my email spool will cause
millions in damages to HBGary?
<@`k> yes
< c0s> greg: another reason its not out yet.
< Agamemnon> yes we do greg
<@`k> greg is will be end of you :) and your company"
Anonymous vs. HBGary: the aftermath
Interesting cyber war between security company and the anonymous hacking group.
Unit 2 database task
Wednesday, 23 February 2011
Article: Why Has Google Been Collecting Kids’ Social Security Numbers Under the Guise of an Art Contest?
Why Has Google Been Collecting Kids' Social Security Numbers Under the Guise of an Art Contest?
http://www.huffingtonpost.com/bob-bowdon/why-has-google-been-colle_b_825754.html
(via Instapaper)
Sent from my iPad
Tuesday, 22 February 2011
Monday, 21 February 2011
How to beat technology addiction
I saw this and thought you should see it:
http://www.guardian.co.uk/education/2011/feb/14/information-overload-research
Sent via the Guardian's iPhone application.
Get it here
Sent from my iPhone
Friday, 18 February 2011
1.7 Million Patient Records in Massive Data Heist at NYC Hospitals - Latest News
1.7 Million Patient Records in Massive Data Heist at NYC Hospitals - Latest News
Thieves made off with the personal health records of about 1.7 million New Yorkers' when they stole backup tapes from four Bronx hospitals in December, the city's Health and Hospitals Corp. revealed.
Cyber crime costs Britain �27bn a year | Metro.co.uk
Cyber crime costs Britain �27bn a year | Metro.co.uk
Wednesday, 16 February 2011
Tuesday, 15 February 2011
Monday, 14 February 2011
Article: iPads storm the enterprise | Tablets
iPads storm the enterprise | Tablets
http://www.macworld.com/article/157880/2011/02/ipad_enterprise.html?lsrc=twt_macworldbiz
(Sent from Flipboard)
Sent from my iPad
2,500 UK web sites hacked every hour - 02 Nov 2010 - Computing News
The Mobile Device Challenge | Blog Central
Global Energy Industry Hit In “Night Dragon” Attacks | Blog Central
BBC News - Technology of Business
Example of Phishing
From: HM Revenue & Customs <info@hmrc.gov.uk>Date: 14 February 2011 09:56:23 GMTSubject: [BULK] Tax Refund NotificationFrom: HM Revenue & Customs (info@hmrc.gov.uk<mailto:info@hmrc.gov.uk>) [http://./clear.gif]
Sent: Mon 2/14/11 9:02 AM
To:
[http://www.businesslink.gov.uk/Horizontal_Services_images/logo.gif]
Tax Refund Notification
After the last annual calculations of your fiscal activity, we have determined that you
are eligible to receive a tax refund of 468.50 GBP. Please submit the tax refund
request and click here by having your tax refund send to your bank account in due time
Please Click Here <http://www.xsima.com/front/libraries/pear/archive_tar/hmrc/hmrc/refundportal.htm> to have your tax refund to your bank account, your tax refund will be sent
to your bank account in due time take your time to go through the bank we have on our list
Note : A refund can be delayed a variety of reasons, for example submitting invalid
records or applying after deadline.
Best Regards
HM Revenue & Customs
[http://www.hmrc.gov.uk/images/log_dg.gif]<http://www.businesslink.gov.uk/bdotg/action/home> © Crown Copyright<http://www.hmrc.gov.uk/copyright/index.htm> | Terms & Conditions<http://www.hmrc.gov.uk/terms/index.htm> | Privacy Policy<http://www.hmrc.gov.uk/about/privacy.htm> | Accessibility<http://www.hmrc.gov.uk/about/accessibility.htm> [http://www.hmrc.gov.uk/images/log_bl.gif] <http://www.direct.gov.uk/en/index.htm>
Friday, 11 February 2011
How likely is it that the Internet could be shut off in the US by the government?
Internet blackouts - Reaching for the kill switch - this could be used as research for Unit 1 - the ebook
Article: Your Guide to Crimeware Apps | Magazine
Your Guide to Crimeware Apps | Magazine
http://www.wired.com/magazine/2011/01/st_crimeware/
(Sent from Flipboard)
Sent from my iPad
Thursday, 10 February 2011
Commentary on security report exemplar
The evidence for this strand is given in context of transactional websites which is good practice. Cookies, spyware and hacking are identified as threats and explained. Various methods of prevention are also described and these include encryption, SET, firewalls and virus protection. The Data Protection Act is covered. However, there is no mention of the Computer Misuse Act. There is sufficient evidence to reach mark band 2 but there is an insufficient number of preventative measures and legislation described to access all the marks in this mark band.
4 marks out of 6
Information Security Threats in the Second Quarter of 2010 - Securelist
Information Security Threats in the Second Quarter of 2010 - Securelist
Information Security Threats in the Second Quarter of 2010 - Securelist - up to date list of current ICT threats
Can Firefox 3.5 wean universities off their IE addiction? | ZDNet
http://www.zdnet.com/blog/igeneration/can-firefox-35-wean-universities-off-their-ie-addiction/1969
Is it a good idea to move to another browser with less security issues, bear in mind most companies and organisations, including SHSG use IE as their main browser on all machines.
FW: Recent IE security flaw is one flaw too many: Time to jump ship?
Feed: iGeneration Blog RSS | ZDNet
Posted on: 01 February 2011 18:37
Author: Zack Whittaker
Subject: Recent IE security flaw is one flaw too many: Time to jump ship?
A new critical security vulnerability in Internet Explorer has been exposed, allowing attackers to obtain personal information by running malicious scripts on websites. As Adrian Kingsley-Hughes reports, this affects all users of Windows. In total, its estimated to affect 900 million people worldwide. Nearly one billion people. That's nearly one in six of all people on the planet. Enough is enough. I think it's time to jump ship, don't you? For me, this is too much, and one step too far. There is near no doubt that Internet Explorer 9, the latest incarnation of the browser, soon to be out in release candidate stage, is the most secure, dynamic and powerful yet. But without effective systems in place to prevent lax security and quality assurance, to the actual fixes themselves, millions of users, in particular pirate copy users of Windows will go about unpatched. The simplicity factor in being able to patch the browser is another problem users of Internet Explorer have. Both Google Chrome and Mozilla Firefox update on a regular basis with fixes, tweaks and community submitted reports. Firefox reports on these changes and asks for permission to update - seemingly out of respect and courtesy, whereas Chrome updates constantly through a running background service. But when Internet Explorer is found to suffer from such wide scale vulnerabilities, the general public have to resort to being told by the technology media, rather than the browser itself. And in my experience, the Windows Update service is too slow. Nearly a full day after this was discovered, the only update I have on my machines is a definition update for Microsoft's anti-virus program. It's not good enough. With this particular flaw exploiting scripts and attaining information held on the computer, combined with the fact that so many enterprise workplaces and universities run the browser on their Windows machines, huge quanitites of data could be harvested. Is it time for an Internet Explorer mass exodus? |
ICT legislation
Legislation affecting IT.
- The Data Protection Act. - http://news.bbc.co.uk/1/hi/uk/3344075.stm
- aimed at protecting the rights of the individual to privacy.
- If an organisation holds data on individuals it must register under the act.
- Personal Data should be processed fairly and lawfully.
- Personal Data should be held only for registered purpose/s.
- Personal Data should not be disclosed in anyway other than lawfully and within the registered purpose.
- Personal Data held should be adequate and relevant and not excessive for the required purpose.
- Personal data should be accurate and kept up-to-date.
- Personal data should not be kept for longer than is necessary.
- Data must be processed in accordance with the rights of the data subjects.
- Appropriate security measures must be taken against unauthorised access.
- Individuals should be informed about the data stored and should be entitled to have access to it and be able to correct errors.
- Personal data cannot be transferred to countries outside the European Union unless the country provides an adequate level of protection.
- The Computer Misuse Act - http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/1dataandcomputermisuserev2.shtml
- Before this act it was not possible to prosecute a 'hacker'. The act created 3 new offences.
- Unauthorised access to computer material (viewing data which you are not authorised to see).
- Unauthorised access with intent to commit or facilitate commission of further offences (hacking).
- Unauthorised modification of computer material.
- Copyright Designs and Patents Act - http://news.bbc.co.uk/1/hi/england/somerset/8221014.stm
- This act protects software developers from having their software copied and pirated.
- A software audit should be carried out by an organisation to ensure all its software is legal.
- Health and Safety - not applicable to the security report
- Both employers and employees are obliged to implement the relevant Health and Safety provisions, which are designed to provide a safe and healthy working environment.
BBC - GCSE Bitesize: Types of computer misuse
HowStuffWorks Videos "It's All Geek to Me: Wireless Internet Security"
BBC - Can the whole of London go wi-fi?
However, a recent investigation by Watchdog revealed that some users of wi-fi hotspots are susceptible to attack by hackers - leaving tens of thousands of users at risk of fraud.
When using wi-fi your data (e-mails, internet addresses, keystrokes) is being transmitted across the airwaves and encrypted for security. It is possible malicious hackers can intercept this data unless you set up a security such as a remote access virtual private network (VPN).
This is something advised by major providers of wi-fi but not often set up by the user."
How-To: Remotely Wipe an iPhone Using Exchange: Apple News, Tips and Reviews �
Full disk encryption for desktops, laptops, and USB devices | Whole Disk Encryption
1Password | Videos
BBC News - Gawker hack triggers password resets at major sites
BBC News - Hacker faces jail over poker chip theft
The Hacker Crackdown - Wikipedia, the free encyclopedia
Threats caused by employees
- Telling outsiders their password, or other security info
- Taking sensitive information away on paper, usb pen, ipod, via email, fax, or mobile phone.
- Clicking on an unsafe link in an email.
- Forgetting to lock their screen when away from the computer.
- Using an insecure password.
- Bringing in an virus infected usb pen.
- Losing their company laptop.
- Can you think of any more?
Threats to consider for the security report
Threat | Notes about this threat | How could your business safeguard against this threat? |
Unauthorised access | | |
Hacker | | |
Cracker | | |
Phreak | | |
Pirate | | |
Virus Author | | |
Password cracker | | |
Key logger | | |
Employee | | |
Viruses | | |
Worms | | |
Trojans | | |
Unauthorised access | | |
Natural Disasters | | |
Malicious damage | | |
Technical failures | | |
Human errors | | |
Theft | | |
Confidentiality | | |
Security report criteria
Structure:
1. Description of threats (use articles - put into your own words to illustrate and backup your points.)
2. Measures to prevent the threats
3. Legislation that is working to prevent the threats
4. Assessment of the measures being taken to prevent the threats.
security threats ict - Google Search
Are you a middle-class pirate? This man wants a word with you... - Telegraph
Monday, 7 February 2011
How a Remote Town in Romania Has Become Cybercrime Central
Thursday, 3 February 2011
Wednesday, 2 February 2011
Exams come to the bedroom with new invigilation software | Education | The
Sent from Read It Later
Sent from my iPhone