Saturday, December 20, 2008

Is cyberwar coming?

from How Stuff Works

by Jonathan Strickland

Listen up, soldier! Not every battle takes place over rugged terrain, on the open sea or even in the air. These days, you'll find some of the fiercest fighting going on between computer networks. Rather than using bullets and bombs, the warriors in these confrontations use bits and bytes. But don't think that digital weaponry doesn't result in real world consequences. Nothing could be further from the truth. 

Consider all the different systems in the United States connected to the Internet:
Emergency services
Financial markets and bank systems
Power grids
Water and fuel pipelines
Weapons systems
Communication networks

That's just the beginning. Think about all the services and systems that we depend upon to keep society running smoothly. Most of them run on computer networks. Even if the network administrators segregate their computers from the rest of the Internet, they could be vulnerable to a cyber attack.

Cyber warfare is a serious concern. Unlike traditional warfare, which requires massive amounts of resources such as personnel, weapons and equipment, cyber warfare only needs someone with the right knowledge and computer equipment to wreak havoc. The enemy could be anywhere -- even within the victim nation's own borders. A powerful attack might only require half a dozen hackers using standard laptop computers.

Cyber Concerns
Worst Computer Viruses
Could hackers devastate the economy?

Another frightening aspect of cyber warfare is that a cyber attack can come as part of a coordinated assault on a nation or it could just be a malicious hacker's idea of a joke. By the time a target figures out the nature of the attack, it may be too late. No matter what the motive, cyber attacks can cause billions of dollars in damages. And many nations are woefully unprepared to deal with cyber attacks. With that in mind, the question isn't will there be a cyberwar -- the question is when will there be one?

Some people might argue that the cyberwar is already here. In fact, based on attacks perpetrated daily against the United States and other nations, the first real cyberwar began back in the late 1990s.

T’is the season

Fraud Prevention Tip of the Month December 2008 
from the Canadian Bankers Association

Snow is in the air, the malls are packed and coffee shops are selling peppermint lattes. Yes the holidays are once again upon us and in the spirit of the season, millions of Canadians will open their hearts and their wallets to those in need this December. When it comes to charitable donations, Canadians are very generous. According to Statistics Canada, Canadians reported donating over $8.5 million in personal contributions last year.

Unfortunately, the holidays provide fraudsters with an ideal opportunity to take advantage of unsuspecting donors. Criminals know that December is traditionally a time when people donate to charities and they use this opportunity to tug at our hear strings and rake in the cash. 

Warning signs

There are many worthy charities that may contact you at this time of year but, before you open your wallet or pull out your credit card, make sure that the charity is legitimate. PhoneBusters, Canada’s anti-fraud call centre, offers some warning signs that you can look for: 
Name game: Fake charities often use names that are very close to the names of legitimate and respected charities. With the hectic schedules people have around the holidays, many may not take the time to research a charity and can end up handing their money directly over to criminals. 
E-mail requests: Be wary of appeals for donations made by e-mail, especially if it comes from an organization you have not dealt with previously. Most reputable charities will not initiate contact with an e-mail that requests a donation and will only make e-mail appeals after they have built a trusting relationship. 
Unwarranted thanks: A common technique used by fraudsters is to thank a person for a donation they don’t remember making and then ask for follow-up information to “confirm” the donation. But be careful: the information you provide could be used for a number of fraudulent activities. 

Protect yourself 

While there are Grinches out there who will try to take advantage of people’s holiday cheer, PhoneBusters recommends you take the following steps to ensure your charitable donations go to those who need it most: 
Remember never to give out your personal or financial information over the phone or at the door. If you receive a request for information, thoroughly research the organization before providing any and ask why they require it. Also don’t be afraid to refuse if you don’t feel comfortable giving out such information. 
If you receive a telephone call from a charity, remember the person on the line could be misrepresenting a legitimate charity. Ask for information about the charity to be sent to you in writing, including their charitable tax number, which can be confirmed online with Revenue Canada. 
Call the charity. Find out if they know about the appeal and have authorized it and also ask what percentage of the contribution they will receive from the money you donated. Perhaps the charity will suggest a better way to give, where 100 per cent of your donation will reach people in need. 
Ask how much of your gift will be used directly by the charity and how much will go toward administrative costs. Legitimate charities are prepared to answer these questions and have the information readily available. 
If you receive a request for a cheque, always make it payable to the charity and never to an individual person. Also, consider mailing the cheque later as opposed to handing it over to someone who just knocked on your door. 

Another approach PhoneBusters suggests you take to ensure that you are protected from fraudulent charities is to decide at the beginning of each year which charities you will support and send payment directly to their head office. Then when approached by subsequent charities you can say that you have already given to the charities of your choice.

For more fraud tips, visit the Fraud and Security section of the Canadian Bankers Association website or PhoneBusters at

Thursday, December 18, 2008

:: What is Cyber Security? ::

It seems that everything relies on computers and the Internet now ... communication (email, cellular phones), entertainment (digital cable, mp3s), transportation (car engine systems, airplane navigation), shopping (online stores, credit cards), medicine (equipment, medical records), and the list goes on. How much of your daily life relies on computers? How much of your personal information is stored either on your own computer or on someone else's system? Cyber security involves protecting that information by preventing, detecting, and responding to attacks.

The Guelph Wellington Seniors Association hosts a web site on this topic at Cyber Security for Seniors. Please join us there!

Wednesday, December 17, 2008

Serious security flaw found in Internet Explorer

Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed. The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say. 

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it. 

Internet Explorer is used by the vast majority of the world's computer users. 

"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw. 

Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser. 

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified. 

Browser bait 

"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing." 

As many as 10,000 websites have been compromised since the vulnerability was discovered, he said. 

"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs." 

Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat." 

But Microsoft counselled against taking such action. 

"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group. 

He added: "We're trying to get this resolved as soon as possible. 

"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time." 

Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning. 

"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico's advice (of switching to an alternative web browser) is very sensible," he said. 

PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities. 

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough." 

"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it." 

"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.


1. Change IE security settings to high (Look under Tools/Internet Options)
2. Switch to a Windows user account with limited rights to change a PC's settings
3. With IE7 or 8 on Vista turn on Protected Mode
4. Ensure your PC is updated with the FREE updates
5. Keep anti-virus and anti-spyware software up to date

Story from BBC NEWS:

Published: 2008/12/16 09:20:39 GMT