Workers ’stealing company data
April 23, 2009
Workers ’stealing company data
http://news.bbc.co.uk/2/hi/technology/7902989.stm
|
By Maggie Shiels
Technology reporter, BBC News, Silicon Valley |
The study said companies fail to take proper steps to stop data theft
|
Six out of every 10 employees stole company data when they left their job last year, said a study of US workers.
The survey, conducted by the Ponemon Institute, said that so-called malicious insiders use the information to get a new job, start their own business or for revenge.
“They are making these judgements based out of fear and anxiety,” the Institute’s Mike Spinney told BBC News.
“People are worried about their jobs and want to hedge their bets,” he said.
“Our study showed that 59% of people will say ‘I’m going to take something of value with me when I go’.”
The Ponemon Institute, a privacy and management research firm, surveyed 945 adults in the United States who were laid-off, fired or changed jobs in the last 12 months.
Everyone that took part had access to proprietary information such as customer data, contact lists, employee records, financial reports, confidential business documents, software tools or other intellectual property.
‘Surging wave’
In the report, entitled Jobs at Risk = Data at Risk, the Institute showed that such data breaches put a company’s financial health in jeopardy.
That view is backed in part by another recent study by security firm McAfee. It estimated total global economic losses due to data theft and security breaches by organised crime, hackers and inside jobs reached $1 trillion last year.
24% of workers could still access data after leaving the company
|
Kevin Rowney , from the data loss prevention arm of security firm Symantec, the sponsors of the study, told the BBC there would be a “surging wave” of these insider attacks.
“It is conceivable that a company can lose its corporate life through a large scale data breach,” warned Mr Rowney.
He added: “The intellectual property of a company can represent the crown jewels and are almost worth more than the building. This is the core asset of a company and any breach or loss can be very expensive.”
Relaxed attitude
The Ponemon Institute revealed that part of the problem rests with companies themselves and their relaxed attitude towards security.
It found that only 15% of respondents’ companies reviewed or audited the paper documents or electronic files employees were walking out of work with.
Most data breaches are preventable said experts
|
The report also said that if businesses did conduct a review, it was very poor with 45% not being completed and 29% being fairly superficial.
“Many firms believe insider data breaches are the cost of doing business,” said Mr Spinney.
“They believe this is just something they have to live with. Our sense is that a lot of companies have really just given up, but this study shows these are preventable events.”
During the economic downturn, security experts have predicted that the number of insider attacks will rise.
Last week, Microsoft told BBC News that “with 1.5 million predicted job losses in the US alone, there’s an increased risk and exposure to these attacks”.
Mr Rowney said one way to limit such breaches was to boost security but also to change focus.
“The industry has concentrated on the protection of the containers where the data is stored like firewalls, access, controls and end point security systems.
“The end result is that most security teams are protecting the containers not the data itself. And that is a core flaw in the security methodology of many practitioners today,” claimed Mr Rowney.
Giant leap looms for mobile bugs
April 23, 2009
http://news.bbc.co.uk/2/hi/technology/8014111.stm
Giant leap looms for mobile bugs
By Jason Palmer
Science and technology reporter, BBC News, Prague
Phones on display, BBC
Mobiles are ubiquitous but few share the same essential software
The widespread outbreak of mobile phone viruses will occur when a sufficient number of them share an operating system (OS), according to researchers.
Viruses spread by Bluetooth could reach all users of a given OS in days, whereas those spread by multimedia messages could spread in just hours.
But the virulence will only appear when a given OS has about 10% market share.
This “percolation transition” was described at the Science Beyond Fiction conference in Prague.
Media mix
In 2008, Albert-Laszlo Barabasi, Director of the Center for Complex Network Research at Northeastern University in the US, published a study on the movements of more than 100,000 mobile phone users.
Their daily routines showed which “social networks” an individual user inhabits, and their patterns of movement exhibited surprising repetition and predictability.
Once any operating system reaches 10% of the whole user market…viruses will spread everywhere
Albert-Laszlo BarabasiNortheastern University
Now, Professor Barabasi and his team have turned their attention to how these networks could facilitate the proliferation of mobile viruses.
“There are actually more than 600 mobile phone viruses out there,” Prof Barabasi told BBC News. What is more, he explained, mobile phone viruses have reached a level of sophistication in two years that computer viruses took more than two decades to achieve.
“But why haven’t I ever got one?” he asked.
Slow movers
Mobile viruses can spread in two ways: through Bluetooth, or via a file sent as a multimedia message.
“You have to have the right operating system; the viruses that will spread on the iPhone will not spread on Nokias, and vice versa,” said Prof Barabasi.
“It turns out that the Bluetooth way, because it’s driven by human mobility, is relatively slow. If you launch a Bluetooth virus it may take anywhere from days to months to spread, particularly if it’s not a popular phone.”
Crowd at festival. BBC
Mobile viruses have struck when lots of people gather
Eventually users take infected phones to shops and replace or reset them, or change phones altogether, and the viruses spread no further.
“The real question is about MMS viruses. They’re instantaneous: within two minutes everyone in your address book could have it; within a few hours everyone who is reachable would have it.”
To discover the reason that this hasn’t happened, the team turned to the network theory that was used in the 2008 work, making use of the data set that showed them the details of users’ movement and social connections.
In the network theory, there is a phenomenon known as a “percolation transition”.
In social networks, beyond the transition, everyone is connected to everyone. Applied to mobile viruses, the transition describes the point of no return: when everyone who could conceivably have a given virus will get it.
Up to now, viruses transmitted by MMS have spread sufficiently slowly that operators have had a chance to block them. The future scenario will be very different.
“Right now, we’re under the percolation threshold. Only 5% of users have smartphones and even those are fragmented into different operating systems – the largest one doesn’t even reach 3% of the overall market.
“We predict that once any operating system reaches 10% of the whole user market, then the percolation transition will happen, and then the [viruses] will spread everywhere.”
Near the percolation transition of 10% market share, viruses spread via MMS wouldn’t necessarily reach every single handset with a given operating system, but they would cast their net before operators will have time to respond.
On the other hand, a Bluetooth-mediated viruses, while having a much slower rate of infection, could conceivably reach every user of a given OS.
Keeping yourself Safe
April 22, 2009
|
By Mark Ward
Technology Correspondent, BBC News website |
Windows needs help to keep you safe online
|
There are now thought to be more than 200,000 malicious programs in existence – the vast majority of which are aimed at subverting Windows PCs.
These problem programs can arrive via e-mail, instant messenger, through your internet connection or even your web browser if you visit the wrong website. The threats are so numerous and appear so fast that Windows users must feel under siege.
While there is no doubt that attacks on PC users are getting more sophisticated, it is possible to avoid the vast majority of problems by taking some straight-forward steps and exercising some common sense.
If you are worried about your computer it is possible to scan it via the web to see if it is infected. Companies such as Trend Micro, Kaspersky and Microsoft all offer free scanning services.
Organisations such as the Computer Emergency Response Team (Cert) also offer advice on how to set up a safe net connection.
The first piece of security software every PC user needs is some anti-virus software. It must also be regularly updated to ensure it protects you against the latest threats.
One of the ways that virus writers try to catch out anti-virus software is by pumping out enormous numbers of variations of their malicious creations. Good anti-virus programs use heuristic techniques to spot viruses that have not been formally identified but have all the characteristics.
 |
STAYING SAFE ONLINE
Use anti-spyware and anti-virus programs
On at least a weekly basis update anti-virus and spyware products
Install a firewall and make sure it is switched on
Make sure updates to your operating system are installed
Take time to educate yourself and family about the risks
Monitor your computer and stay alert to threats
 |
Many PCs now come with anti-virus installed and though an annual subscription can seem expensive, it might be cheap when you consider how much it could save you if it stops your bank details being stolen.
As well as retail versions of anti-virus there are now some free programs that do a good job of protecting you. Avira, Avast and AVG all produce free anti-virus software.
Microsoft now sells a package of security programs but, so far, they are only available to US users.
A firewall is also an essential piece of security software for PC users. Newer versions of Windows XP have a firewall built in and this will give you protection against nuisance attacks and many of the more serious ones.
|
HI-TECH CRIME PLANS
The BBC News website is running a series of features throughout the week
Tuesday: What did we catch in our honeypot?
Wednesday: Anatomy of a spam e-mail and hackers face to face
Thursday: How to spot a phishing scam
|
However some people feel that the Windows XP firewall is a bit limited in its features. Many anti-virus programs have a firewall bundled with them.
There are free firewalls available too from firms such as Comodo and Zone Alarm.
To block some of the attacks it can also be useful to connect to the net via a hub or router. Often these have a firewall built in and, even if not, will do a good job of blocking a lot of the low level attacks.
Increasingly simply browsing the web can subject you to all kinds of dangers. Specially crafted websites can initiate so-called “drive-by downloads” that exploit weaknesses in Microsoft’s Internet Explorer browser to install programs you never asked for.
Google has started warning people if they hit an unsafe site
|
At best these will annoy you with pop-up ads, at worst they will let someone else take control of your PC. Anti-spyware software will help stop these taking hold and help you clean up your PC if you do get hit.
There are add-ons for browsers, such as McAfee’s Site Advisor that warn you about potentially harmful sites. Also Google has now started warning when you are about to visit a potentially unsafe site. Search sites such as Scandoo will also flag sites loaded with malware.
These days adware tends to be very aggressive and it is far better to avoid an infection than try to clean up afterwards.
Security experts recommend migrating away from Internet Explorer to a browser such as Firefox or Opera. At the very least they say to keep Microsoft’s browser up to date with patches.
Anti-spyware activists Suzi Turner and Eric Howes run a website that lists the bogus security products to help you avoid falling victim. Microsoft makes free anti-spyware but there are many other products from firms such as Lavasoft and Spybot.
With Windows it is also important to keep your system up to date. Windows XP now regularly nags people about upgrades and Microsoft produces security patches on a monthly basis.
Phishing gangs try to steal confidential details
|
Microsoft recommends automatic updating so patches are downloaded and applied as soon as they become available. As the time between the announcement of a vulnerability and it being exploited is shrinking, it pays to act quickly.
The other things you can do to stay safe fall into the realm of common sense. To begin with never open an attachment on an e-mail you were not expecting – even if it appears to come from someone you know.
Never reply to spam e-mail messages as that just confirms your address is live and makes it more valuable. Be wary of any e-mailed message about online financial accounts you own. Learn to spot the signs of phishing e-mails.
Apple users who feel confident that they are invulnerable to attacks should also take steps to protect themselves.
While virus attacks are virtually unheard of, the platform can be subject to malware and adware.
The firewall on an Apple computer should be switched on and common sense regarding potential phishing attacks should be applied.
Hi Tech Glossary
April 22, 2009
See
High Tech Glossary
http://news.bbc.co.uk/2/hi/uk_news/5400052.stm
Unwanted programs that, once installed, bombard users with unwanted adverts. Often those pushing the aware programs get paid for every machine they manage to recruit.
Some adware poses as fake computer security software. Can be very hard to remove.
A hacker that uses his or her skills for explicitly criminal or malicious ends. Has been used to mean the writers of destructive viruses or those that use attacks to knock websites offline. Now as likely to refer to those that steal credit card numbers and banking data with viruses or by phishing.
The name given to an individual computer in a larger botnet and which is more than likely a home PC running Windows. The name is an abbreviation of “robot” to imply that it is under someone else’s control.
A large number of hijacked computers under the remote control of a single person via net-based command and control system.
The machines are often recruited via a virus that travels via e-mail but increasingly drive-by downloads and worms are also used to find and recruit victims.
The biggest botnets can have tens of thousands of hijacked computers in them. Research suggests they can be hired from as little as 4 cents per machine.
One of the names for the controller or operator of a botnet.
A company that guarantees that its servers will not be shut down even when the request to do so comes from law enforcement agencies.
These hosting companies are often located off-shore or in nations where computer crime laws are lax or non-existent and where extradition requests will not be honoured.
Someone who steals or trades exclusively in stolen credit card numbers and their associated information.
A euphemism that means to steal money from a bank account or credit card to which someone has gained illegal access.
Hackers who grab credit card data often do not possess the skills or contacts to launder the money they can steal this way.
A virtual “room” on the IRC text chat system. Most channels are usually dedicated to a single topic.
A sophisticated phishing attack that exploits weaknesses in the legitimate sites of financial institutions to make attempts to trick people into handing over confidential details more plausible.
A successful use of Cross-site scripting will make it look like all the transactions are being done on the website of the real bank or financial institution.
A hijacked PC or server used to store all the personal data stolen by keyloggers, spyware or viruses.
Criminal hackers prefer to keep their distance from this data as its possession is incriminating. Dead drops are usually found and shut down within a few days of the associated phishing e-mails being sent out.
Abbreviation for Distributed Denial of Service. This is an attack in which thousands of separate computers, which are usually part of a botnet, bombard a target with bogus data to knock it off the net.
DDoS attacks have been used by extortionists who threaten to knock a site offline unless a hefty ransom is paid.
Malicious programs that automatically install when a potential victim visits a booby-trapped website.
The vast majority exploit vulnerabilities in Microsoft’s Internet Explorer browser to install themselves.
Sometimes it is obvious that a drive-by download has occurred as they can lead to bookmarks and start pages of the browser being replaced. Others install unwanted toolbars.
Increasingly criminals are using drive-bys to install keyloggers that steal login and password information.
A bug or vulnerability in software that malicious hackers use to compromise a computer or network.
Exploit code is the snippet of programming that actually does the work of penetrating via this loophole.
Either a program or a feature built into hardware and which sits between a computer and the internet. Its job is to filter incoming and outbound traffic.
Firewalls stop net-borne attacks such as worms reaching your PC.
An individual computer or a network of machines set up to look like a poorly protected system but which records every attempt, successful or otherwise, to compromise it.
Often the first hints of a new rash of malicious programs comes from the evidence collected by honeypots.
Now cyber criminals are tuning their malware to spot when it has compromised a honeypot and to leave without taking over.
The numerical identifier that every machine attached to the internet needs to ensure the data it requests returns to the right place. IP stands for Internet Protocol and the technical specification defines how this numerical system works.
Abbreviation for Internet Relay Chat – one of the net’s hugely popular text chat systems.
The technology is also used by botnet herders to keep tabs on and control their flock of machines.
Program installed on a victim’s machine that records every keystroke that a user makes.
These tools can obviously be very useful for stealing login and password details. However, the data that is stolen often has to be heavily processed to make it intelligible and to extract names and numbers.
Portmanteau term for all malicious software covers any unwanted program that makes its way on to a computer. Derived from Malicious software.
A sophisticated attack in which a criminal hacker intercepts traffic sent between a victim’s computer and the website of the organisation, usually a financial institution, that they are using.
Used to lend credibility to attacks or simply steal information about online accounts. Can be useful to defeat security measures that rely on more than just passwords to grant entry to an account.
The practice of examining the individual packages of data received by a computer to find out more about what the machine is being used for.
Often login names and passwords are sent in plain text within data packets and can easily be extracted.
The practice of sending out e-mail messages that look as if they come from a financial institution and which seek to trick people into handing over confidential details.
Often they direct people to another website that looks like that of the bank or financial institution the e-mail purports to have come from. Anyone handing over details could rapidly have their account plundered.
The virtual door that net-capable programs open to identify where the data they request from the net should be directed once it reaches a computer.
Web browsing traffic typically passes through port 80, e-mail through port 25.
A slang term for networks that have been hacked into by criminal hackers. Derives from the deep, or root, access that system administrators typically enjoy on a network or computer.
The login details to get root access are often sold to spammers and phishing gangs who then use these networks to send out millions of e-mail messages.
An unskilled hacker who originates nothing but simply steals code, techniques and attack methods from others.
Many viruses and worms on the web today are simply patched together from other bits of code that malicious hackers share.
Malicious program that, once installed on a target machine, steals personal and confidential information. Distinct from adware.
Spyware can be contracted many different ways. Increasingly it arrives on a PC via a web download. Often uses a keylogger to grab information. Some are now starting to record mouse movements in a bid to foil the latest security measures. Some fake security programs pose as spyware cleaners.
Abbreviation for Transmission Control Protocol – the series of specifications which define the format of data packets sent across the internet.
Like the wooden horse of legend this is a type of program or message that looks benign but conceals a malicious payload. Many of the attachments on virus-bearing e-mail messages carry trojans.
A malicious program – usually one that requires action to successfully infect a victim. For instance – the malicious programs inside e-mail attachments usually only strike if the recipient opens them.
Increasingly the word is used as a portmanteau term for all malicious programs – those that users must set off or those that find their own way around the net.
A hacker that uses his or her skills for positive ends and often to thwart malicious hackers.
Many whitehat security professionals spend their time looking for and closing the bugs in code that blackhats are keen to exploit.
Self-propelled malicious program that scours the web seeking new victims – in the past this has been used to distinguish it from a virus that requires user action to compromise a machine.
Worms can infect and take over computers without any help, bar lax security, from a victim.
A Zero day vulnerability is one on which code to exploit it appears on the first day that a loophole is announced.
As most of the damage done by exploiting bugs occurs in the first few days after they become public, software firms usually move quickly to patch zero day vulnerabilities.
Another name for a hijacked computer that is a member of a botnet.
BBC Article Botnet ‘ensnares government PCs’
April 22, 2009
Botnet ‘ensnares government PCs’
http://news.bbc.co.uk/2/hi/technology/8010729.stm
|
By Darren Waters
Technology editor, BBC News website |
PCs inside a botnet can be forced to carry out instructions
|
Almost two million PCs globally, including machines inside UK and US government departments, have been taken over by malicious hackers.
Security experts Finjan traced the giant network of remotely-controlled PCs, called a botnet, back to a gang of cyber criminals in Ukraine.
Several PCs inside six UK government bodies were compromised by the botnet.
Finjan has contacted the Metropolitan Police with details of the government PCs and it is now investigating.
A spokesman for the Cabinet Office, which is charged with setting standards for the use of information technology across government, said it would not comment on specific attacks “for security reasons”.
|
 When we look at a similar network last year they were in the hundreds of thousands. Now were looking at mega-size botnets.  Yuval Ben-Itzhak, chief technology officer for Finjan
|
“It is Government policy neither to confirm nor deny if an individual organisation has been the subject of an attack nor to speculate on the origins or success of such attacks.”
He added: “We constantly monitor new and existing risks and work to minimise their impact by alerting departments and giving them advice and guidance on dealing with the threat.”
It is the second time in a year that PCs inside government departments have been hacked to form part of a botnet.
On this occasion, the machines were infected with software which allowed them to be taken over and enslaved in the botnet due to vulnerabilities in web browsers.
At the mercy
Once a machine has been compromised, it can be instructed to download further software, which puts the machine at the mercy of malicious hackers.
|
STAYING SAFE ONLINE
Use anti-spyware and anti-virus programs
On at least a weekly basis update anti-virus and spyware products
Install a firewall and make sure it is switched on
Make sure updates to your operating system are installed
Take time to educate yourself and family about the risks
Monitor your computer and stay alert to threats
|
The compromised PCs are capable of reading e-mail addresses, copying files, recording keystrokes, sending spam and capturing screen shots.
Once a single machine inside a corporate network has been made part of the botnet it puts other machines on the network at risk.
The Cabinet Office would not give details of what the compromised machines had been instructed to do, nor the names of the different government departments that had been infiltrated.
The cyber criminals, who have not been caught, were selling access to the compromised machines, thought to be mainly PCs inside companies, on a hackers’ forum in Russia.
One thousand machines were being sold at a time for between $50 and $100.
Finjan reports that the botnet is under the control of six criminals who are able to remotely control the infected machines.
Different organisations
Almost half of the infected machines were in the US. Six percent of the botnet, about 114,000 machines from 52 different organisations, were from the UK, among them a single PC inside the BBC’s network.
Many of the infected machines will have been caught by routine information security policies at firms, as it was in the case of the BBC, but Finjan says many of the botnet PCs are still active.
|
We are aware of this botnet and are taking appropriate action Metropolitan Police spokeswoman
|
More than 70 different national government agencies from around the world were caught up in the malicious network.
Yuval Ben-Itzhak, chief technology officer for Finjan, told BBC News: “When we looked at the network domain names to see where the [compromised PCs] come from we were surprised to see many government networks, including UK government computers.
“Obviously we reported it and they have now dealt with it. There were six UK agencies with at least one computer in each department that was running the bot.
“I’m not at liberty to name the actual agencies – but this isn’t a unique story to the UK, they were running in many other non-UK, government bodies too.”
Government bodies
A number of different government bodies are responsible for IT security and deployment across the UK.
They include the Central Sponsor for Information Assurance, the National Technical Authority for Information Assurance, and the Centre for the Protection of National Infrastructure (CPNI), the government body which is part of the British Security Service and responsible for providing security advice to organisations that make up critical services in the UK.
All of the infected machines were Windows-based PCs and the vulnerability was targeting security holes in Internet Explorer and Firefox.
Mr Ben-Itzhak said: “What is unique is the number the size of the network. When we look at a similar network last year they were in the hundreds of thousands. Now were looking at mega-size botnets.”
In contact
A spokeswoman for the Metropolitan Police said: “This is an ongoing investigation. We are aware of this botnet and are taking appropriate action.”
Large botnets can be used to co-ordinate attacks to knock parts of the network, or specific websites, offline, called a Distributed Denial of Service attack.
Last year, the CPNI told a Cabinet Office-commissioned independent review that stopping such attacks was difficult.
It said: “The attacks are relatively low in sophistication, but have been highly effective due to the large number of compromised machines involved.
“It is difficult to defend against a sophisticated Distributed Denial of Service attack without impacting legitimate business use.”
The CPNI recommended that the best defence against these attacks was appropriate monitoring of the network.
Additional reporting by Daniel Emery.
Cyber Crime and RSA Conference
April 22, 2009
|
Page last updated at 21:18 GMT, Tuesday, 21 April 2009 22:18 UK
|
Call to rally against cyber crime |
||||
Security professionals are being called on to band together to fight the highly organised cyber criminals of the world. The call was made at a San Francisco conference organised by security firm RSA – the largest event of its kind. RSA President Art Coviello said the online fraudsters “are not bound by any rules of law” and “control massive armies of zombie computers”. Recent reports claimed cyber criminals had infiltrated everything from the US power grid to the Pentagon. In his keynote speech to the conference, Mr Coviello urged the industry not to underestimate the global cyber security threat and the sophistication of criminals. “Our adversaries operate as a true ecosystem that thrives through interdependence and constantly adapts to ensure its growth and survival. Mr Coviello said that meant it was time for the security industry to come together to defeat the criminal element at large. “We must evolve from acting independently to solve discreet information security problems to acting collaboratively to create a common development process. ‘Anyone can be a victim’ Statistics revealed at the conference show how the internet is increasingly being used by online fraudsters. Sophos, a security software company, said a web page was infected every 4.5 seconds and that every day more than 20,000 new samples of malware were discovered. Symantec, one of the biggest security software firms in the world, said it had blocked 245 million attacks per month in 2008 – roughly 200,000 attacks every half hour.
“Information is the most valuable thing we protect,” said Symantec CEO Enrique Salem. “Attackers are shifting their approaches. They are moving away from the idea of mass distribution to a few threats being distributed to what we call micro-distribution where there are millions of distinct threats. “They are targeted at individuals. They are targeted at trying to steal confidential information. Anyone can be a victim,” warned Mr Salem. The trend away from random attacks to more targeted ones was echoed by Microsoft’s Scott Charney. “We have seen over the years that the internet has become much more focused in terms of bad guys going after medical records, financial data and now you see widely reported nation state attacks,” he said. “We have everything from randomised criminals who are opportunistic to organised crime and that creates a huge challenge for the internet community,” Mr Charney added. At the RSA conference, Microsoft revealed it was testing some of its new identity-based security technology in Washington State schools, where students and teachers will be able to securely access grades and class schedules. About 50 schools and 24,000 pupils are taking part in the pilot using the company’s Geneva claims-based identity platform. Collaboration At the conference, RSA President Mr Coviello suggested a number of ways the industry could come together to mitigate the cyber security threat.
He outlined three key practices that included collaborating on standards, sharing technologies and integrating technologies and controls into the infrastructure. Brett Galloway, Senior Vice-President of Cisco’s Wireless Technology Group, agreed with that collaborative approach and said it was already happening to some degree. “The work that goes on between the companies, the standards and the work that goes on between companies operationally to integrate, inter-operate and make sure that our customers bring these solutions together is actually quite profound and important. “We clearly live in an era of increasing sensitivity and increasing threat not only from commercial bad guys but other sorts of bad guys as well,” noted Mr Galloway. Microsoft’s Mr Charney said he was confident the industry would band together for one very clear reason. “I think when you have a common enemy, which is what the cyber criminal is, it really galvanises organisations to work closely together.” Mr Coviello was just as optimistic and pointed out to the audience that by joining forces they increase their prospect of success. “There’s an African proverb that advises, ‘If you want to go fast, go alone; if you want to go far, go together’,” Mr Coviello concluded. |
||||
Six Things You’re Yet To Back Up and How To Back Them Up
April 13, 2009
Six Things You’re Yet To Back Up and How To Back Them Up
#1: Your Blog
You started a blog some time ago and now it’s grown into a big community of sorts. Your life without your blog would be a nightmare. It’s always good to have a backup of your blog so that in the worst case scenario, you can safely restore the contents of the blog and start writing again as if nothing happened! If you’re on WordPress, WP DB Backup is the only plugin you’ll ever need to do a regular backup of your blog. You can install the plugin and tell it to send automatic backups of your blog to your email inbox. Install. Configure. Forget. Just as easy as that. Pro Blog Design has a complete guide on how you can go about doing it. Blog Backup If you’re blogging using other platforms, check out this post that lists some good apps that can backup your blog.
#2: Your Gmail
Most of you reading this should be using Gmail. And I’m sure with the amount of storage that Gmail provides, you’ll never feel like deleting emails. So what if Google locks you up one day and that is the day when you desperately need to have a look at an email you sent? You wouldn’t worry much if you had used Gmail Backup. The program works on Windows, Mac and Linux and it’s not just limited to backing up Gmail messages, but can also restore them to another account. You gotta have POP/IMAP enabled for your account for this to work. gmail_backup This tool is being continuously developed as you can see on their site, and there are niggles that are being ironed out periodically. You need to give your Gmail ID and password and so use it at your own risk.
#3: Your Mobile Phone
Perhaps the most indispensable gadget is your mobile phone. With hundreds of contacts, heaps of text messages, and more importantly, your calendar, you should have gotten it all backed up. No hassles if you’ve got a Nokia mobile phone because the Nokia PC Suite makes the backup process a piece of cake – a step-by-step guide is here is for your reference. If you want to put it up in the cloud, you can use either Mobical or Zyb. While both of these tools can allow you to backup contacts and other data and even modify them, Zyb adds a social layer to the entire thing by showing updates from your contacts on social networks.
#4: Your PC Drivers
As I mentioned in my Windows Freeware Utilities post, it’s absolutely essential that you have a backup of all hardware drivers on your PC. It’d be a nightmare not to have them backed up, because if you’ve reinstalled Windows, you absolutely need to have a driver backup that has to be restored to keep all your hardware working properly. DriverMax comes handy here, because it can scour your hard disk for all driver files and save them all together in a folder or as a compressed .zip file for later retrieval. It can also update your drivers automatically. Another tool worth trying is DriverScanner from Uniblue. Although its main purpose is to scan and update outdated drivers, it does give you options to back them up. It has won several accolades as well. The catch: You’ll have to pay to use it.
#5. Your Windows OS Settings
Despite the shiny new hardware and the blazing speed of your new PC, it still seems alien to you because you’re missing the customization that you did your old PC. backup_xp_settings The Files and Settings Transfer Wizard is buried under the Accessories > System Tools in your Windows Start Menu can be used to backup and transfer settings like IE Options, Display, Sound Properties and many other settings. The Wizard can also be used to back up fonts and file type associations.
#6. Your Bookmarks
As you frequently scour and research using the internet, you tend to accumulate bookmarks in your browser. But when you’re on a cyber cafe you can’t get your bookmarks right? That’s when Xmarks (formerly, Foxmarks) comes in handy. It’s a must have if you frequently work with multiple computers. All you need to do is install the Foxmarks addon for Firefox/IE/Safari and create an account there. xmarks Your bookmarks are immediately backed up and can be restored later. It’s primarily a sync tool so it does let you sync your bookmarks with multiple PCs. They can even be accessed via your mobile.
Related posts:
1. Read and extract data from .NBU Nokia Backup Files //tweetmeme_style = ‘compact’; If you have a Nokia mobile… 2. How to Backup and Restore Contacts, Files and Other Settings from your Nokia Mobile Phone? //tweetmeme_style = ‘compact’; It’s always good to have a…
3. How to transfer settings and files from one computer to another with Magic Transfer //tweetmeme_style = ‘compact’; If you’re looking for an easy…
4. How to update the firmware of your Nokia mobile phone? //tweetmeme_style = ‘compact’; Got a Nokia mobile phone? It’s…
5. SugarSync Review and Three SugarSync 30 GB
Annual Subscriptions Giveaway! //tweetmeme_style = ‘compact’; SugarSync is a complete, and a… Related posts brought to you by Yet Another Related Posts Plugin.
Cost of leaving Computer on overnight
April 13, 2009
Leaving computers on overnight = $2.8 billion a year
Thu Mar 26, 2009 12:13PM EDT
Admittedly I don’t think much about it at all. I leave my laptop running overnight because I know it’ll take five minutes or more to get things going in the morning — not just booting up, but launching the various apps I start the day with, downloading my overnight email, filtering out the spam, and otherwise “getting settled.” But all the power wasted while computers are sitting idle overnight adds up, and one study has finally tried to measure it. The tally: An estimated $2.8 billion wasted on excess energy costs each year in the U.S. alone. On a CO2 basis, that’s 20 million tons of carbon dioxide, about the amount produced by 4 million cars on the road. The full report is available for download here (scroll down to “PC Energy Report US 2009″). But big numbers like that become almost meaningless in an era of trillion-dollar bailouts, so to put the wasted energy in perspective, the study provides the data in terms you can better understand: If you run a company with 1,000 PCs left on overnight, you can save about $28,000 a year if they are turned off after hours. That’s not chump change. Of course, it’s also a fact that your PC will function better if you restart it regularly, and nightly shutdowns can help you avoid having to suddenly reboot in the middle of the day when you’d otherwise be productive. So even though this little laptop, by my math, eats up only about a quarter’s worth of power overnight, maybe it’s a smart idea — and ultimately a time-saver, too — to shut it down after hours after all. Via USA Today
Spam
April 13, 2009
Spam level *declines*… to 97 percent of all email
Wed Apr 8, 2009 2:15PM EDT
If you think you’re getting a lot of spam these days, well, that’s because you are. In Microsoft’s latest biannual report on the state of computer security, the company says that in the second half of 2008, a full 97.3 percent of email traffic was unwanted spam (or malicious email like phishing attacks and outright viruses). Surprisingly though, that’s down a bit from the first half of last year, when total spam volume reached a whopping 98.4 percent of all email sent.
The latest report (which covers security through the end of 2008, so Conficker isn’t part of the package) is available for download here. (Be warned: The full report is 184 pages long. Consider checking out the smaller highlight report instead.)
The good news: Spam filters are getting better than ever. Microsoft’s filter system for Exchange now scrubs out 39 out of every 40 emails sent. Spam also saw that slight decline thanks to the shut down last year of the ISP McColo, a major haven for spammers who suddenly had to go shopping elsewhere.
What are we being spammed about? Pharmacy and other product ads make up the lion’s share of spam, accounting for 72.2 percent of all spam sent. Only 10 percent of the total spam share now involves sexually-oriented pharmaceuticals; that’s a huge decline from previous studies, as apparently Viagra and Cialis are no longer that hard to come by.
Image-only spam, dating come-ons, financial spam, and fraudulent diplomas round out the remainder of the most common spam subjects.
Alternate statistics show the total spam level at lower — one source pegs it at a mere 81 percent of mail traffic (a figure which seems awfully low) — and also notes that even with the taking down of McColo and other spammer ISPs, spam traffic will inevitably rise again to “normal” levels.
In the related world of malware infections, the Microsoft report noted that worldwide, 8.6 machines were suffering from malware for every 1,000 which were clean. That sounds pretty good, but it still translates to about 9 million computers worldwide suffering from malware attacks.
What do you need to watch out for today, attack-wise? The most common attacks at the moment target Microsoft Office and PDF files, and those types of attacks are further on the rise.
Researchers: Cyber spies break into govt computers
April 13, 2009
Researchers: Cyber spies break into govt computers
By CHARMAINE NORONHA, Associated Press Writer -
Sun Mar 29, 2009 6:52AM EDT
TORONTO – A cyber spy network based mainly in China hacked into classified documents from government and private organizations in 103 countries, including the computers of the Dalai Lama and Tibetan exiles, Canadian researchers said Saturday. The work of the Information Warfare Monitor initially focused on allegations of Chinese cyber espionage against the Tibetan community in exile, and eventually led to a much wider network of compromised machines, the Internet-based research group said. “We uncovered real-time evidence of malware that had penetrated Tibetan computer systems, extracting sensitive documents from the private office of the Dalai Lama,” investigator Greg Walton said. The research group said that while it’s analysis points to China as the main source of the network, it has not conclusively been able to detect the identity or motivation of the hackers. Calls to China’s Foreign Ministry and Industry and Information Ministry rang unanswered Sunday. The Chinese Embassy in Toronto did not immediately return calls for comment Saturday. Students For a Free Tibet activist Bhutila Karpoche said her organization’s computers have been hacked into numerous times over the past four or five years, and particularly in the past year. She said she often gets e-mails that contain viruses that crash the group’s computers. The IWM is composed of researchers from Ottawa-based think tank SecDev Group and the University of Toronto’s Munk Centre for International Studies. The group’s initial findings led to a 10-month investigation summarized in the report to be released online Sunday. The researchers detected a cyber espionage network involving over 1,295 compromised computers from the ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan. They also discovered hacked systems in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan. Once the hackers infiltrated the systems, they gained control using malware — software they install on the compromised computers — and sent and received data from them, the researchers said. Two researchers at Cambridge University in Britain who worked on the part of the investigation related to the Tibetans are also releasing their own report Sunday. In an online abstract for “The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement,” Shishir Nagaraja and Ross Anderson write that while malware attacks are not new, these attacks should be noted for their ability to collect “actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed.” They say prevention against such attacks will be difficult since traditional defense against social malware in government agencies involves expensive and intrusive measures that range from mandatory access controls to tedious operational security procedures. The Dalai Lama fled over the Himalaya mountains into exile 50 years ago when China quashed an uprising in Tibet, placing it under its direct rule for the first time. The spiritual leader and the Tibetan government in exile are based in Dharmsala, India.
