Professional e-crime…
February 24, 2008
It looks like the house of lords is to debate again the report it submitted to the government last summer. This is in the shadow of these news articles which shows that the on-line environment seems to becoming a more organised and sinister place. We have heard about the shift from the hobbyist hacker to the organised criminals well it looks as the professionalisation of this move has shifted up a gear. Websites and adverts are now starting to appear advertising (quite blatantly) for people with language skills to help target phishing emails and make them more believable. The three languages are Russian, Mandarin and Portuguese.
Finally ISP’s have been asked by the Dept of Culture Media and Sport to tackle the problems around the illegal downloading of copyrighted material. I wonder how this is possible to do, IDS, deep packet inspection or just a random sampling. It is very easy to obfuscate traffic especially further up the Internet hierarchy you go.
Thanks
Paul
Data Protection Shakeup
January 3, 2008
Today a influential group of MPs has said that breaches of the Act should include custodial penalties (here). Is this really the answer?
It has long been understood within the world of information security that the majority of mitigations are put in place after the ‘event’ has happened and loss has been incurred. Amendment of section 60 via the upcoming Criminal Justice and Immigration Bill looks like the likely way it will be done. This does seem similar to the way that Sarbanes-Oxley section 404, and payment card industry (PCI) brought in the need for firewalls, anti virus and security patching to mainstream IT. It sharpened the mind when penalties ranging from custodial sentencing to large fines were brought in and more critically the executive were accountable.
However it seems that this type of amendment was mooted a while ago (link)
Paul
Whose data is it anyway?
January 2, 2008
How many of you have a Friends Reunited account? I have. Today I received a email from ITV.com asking me to take part in the beta personalisation service, which was interesting as I don’t recall actually visiting ITV.com let alone signing up for a beta. After digging around it seems that Friends Reunited was purchased by ITV.com back in December 2005. This does bring up an issue around my data which is held within Friends Reunited and the federation of that data to 3rd parties. It makes sense that when I signed up for Friends Reunited I ticked the “I agree” box for the T&C’s and didn’t actually read what it said (like most people) so my details can be shared with others. Which got me thinking….
How many web 2.o services depend upon access to the personal data within facebook, myspace, linkedin to exist – and what would happen if this “open access” was no longer open? Do these internet augury’s have the right to allow or deny access to information of which they are custodians rather than owners? Reading this Wired article on scraping (here) it seems that major information providers are taking a much more serious view on how people – and more importantly who – can get access to the data they hold.
Thanks
Paul
Christmas Fever
December 17, 2007
Christmas is coming, and the fraudsters are getting fat – at least that’s what the recent Post Office survey is suggesting. The BBC reports that the over 50s are worried about online fraud, affecting them going online to purchase items. So if online fraud does happen to you, what can you do to minimise the impact on you? One thing you can do is use services provided by Garlik, Experian and Equifax. All these services can help you pre-empt and cleanup problems caused by identity theft and online fraud. Obviously the best thing is follow some simple rules (available here). Merry Christmas and a secure new year.
A cool new tool to look after your online identity is here (QDOS)
Paul
Make your own ID?
November 26, 2007
Have a look at this blog entry on”how to make your own identity” (link here) and let me know what you think.
Thanks
Paul
networksecurityip.wordpress.com 