tv crime2
Government CIO says National Research Council was hit by intrusion from ‘sophisticated’ state-sponsored actor

The Canadian government has said it will take it a year to build a more secure IT infrastructure after the National Research Council (NRC) was hit by a recent cyber attack it’s blaming on Beijing.

In a brief statement, the NRC said that intelligence agency the Communications Security Establishment had recently “detected and confirmed” an intrusion into its infrastructure.

“Following assessments by NRC and its security partners, action has been taken to contain and address this security breach, including protecting its information holdings and notifying the Privacy Commissioner. NRC has also taken steps to inform its clients and stakeholders about this situation,” it added.

“NRC is continuing to work closely with its IT experts and security partners to create a new secure IT infrastructure. This could take approximately one year however; every step is being taken to minimize disruption.”

A separate statement by the Government of Canada CIO went further, claiming the attack was perpetrated by a “highly sophisticated Chinese state-sponsored actor”.

“While the National Research Council’s networks do not currently operate within the broader Government of Canada network, since the detection and confirmation of the cyber intrusion, the National Research Council’s networks have been isolated from the broader Government of Canada network as a precautionary measure,” it added.

“We have no evidence that data compromises have occurred on the broader Government of Canada network.

China appears to have assumed its typical stance in response to such allegations – outright denial.

Yang Yundong, a Chinese embassy spokesman in Ottowa, emailed Bloomberg to angrily refute what he described as “groundless allegations”.

The question now remains whether, after potentially a whole year, the NRC’s newly fortified security systems will be up to the task of defending against the next generation of advanced attacks no doubt currently being developed by nation states.

Amichai Shulman, CTO of security firm Imperva, argued that any “meaningful change” to IT infrastructure takes time.

“It is quite obvious today that adopting a technology across a large organization takes more time than it takes for the next technology to emerge,” he told Infosecur

“This is the reality and we should embrace it. Organizations find different ways to handle this risk in the general IT domain and particularly in the IT security domain.”

Planning infrastructure changes with “visionary consultants” and installing products from vendors who have capabilities “on top of market requirements” are just two ways to future-proof systems, he added.

“Moreover, by working with vendors who provide holistic solutions rather than niche products and system integrators who provide the integration between products of different domains the organization is better fitted for the unforeseen challenges of the day after deployment ends,” claimed Shulman.

Richard Cassidy, senior solutions architect at Alert Logic, argued that auditing and continual review of “security systems, practices and data” can help organizations stay one step ahead of more advanced threats.
“It is positive that the need to review existing infrastructure and practices has been identified, but more importantly for NRC is in the understanding on why the incident occurred and how they can assure they put in place processes around existing available technologies to continually monitor, review and respond to anomalies, suspicious activity or unauthorized access attempts to critical assets once the new infrastructure is implemented,” he added

Reported by Infosecurity

tv pirate

The scallywags at The Pirate Bay have created a new port for all digital pirates to drop anchor. The popular torrent directory recently released a mobile version of its website after years of cramming the PC version onto mobile screens.

The new look is unmistakably The Pirate Bay with its trademark ship logo, options to search, browse, view recent torrents and the top 100.

Along with the refreshed look, the Pirate Bay’s new mobile site has its own URL. Instead of auto-detecting your screen size and delivering the mobile version under the same web address, the mobile Pirate Bay is located at themobilebay.org.piratebaymobile-100361850-medium

In a discussion with Torrent Freak, the team behind The Pirate Bay says they decided to use a new site address to better resist takedown attempts.

Mobile users who visit The Pirate Bay’s main site are supposed to be redirected to the new site. But in my brief tests on a Nexus 4 and 7 that wasn’t the case. Trying to visit The Mobile Bay from a PC, however, did trigger a redirect to the PC-friendly version of the site.

With only a few torrent apps available for Android and none for iOS, most people are still downloading (non-infringing) torrents from their PCs. Nevertheless, the mobile web site is still handy for browsing and may actually become an important tool in the coming months.

Torrent Freak reports that The Pirate Bay team is also at work on a project called the RSSBay. This site would support personalized RSS feeds that would allow you to add a torrent to your feed on the go. Adding new content to your feed could then be used to start an automatic torrent download on your PC at home.

Considering it took The Pirate Bay team quite a while to get their act together to create a mobile site, your can probably count on seeing the RSSBay later rather than sooner.

tv - programer

A Google engineer and a member of the Google Chrome security team has shared on Twitter a new look that is being tested for the phishing and malware warnings seen by Chrome users:

new-malw-14072014

new-phish-14072014

The new alerts have been incorporated in the Canary and Developer channels, and if all goes well they will end up in Beta and, ultimately, in the Stable version.

The fire engine red background, and the simplified and more direct warning text is likely to make users take the warnings more seriously than the current ones:

old-phish-14072014

The warning pages are shown when users try to visit malicious sites, a constantly updated blacklist of which is maintained by the Google Safe Browsing service.

tv - programer

 

1. netflixroulette.net — Find something random to watch on Netflix.
2. pintsinthesun.co.uk — Find somewhere to drink a pint in the sun.
3. gfycat.com — Upload your gifs.
4. youconvertit.com — Convert documents.
5. ninite.com — Download all the free software you want at the same time.
6. squirt.io — Speed read the web one word at a time.
7. shouldiremoveit.com — Find out which applications you should remove from your computer.
8. avoidhumans.com — Find places to go in public that are not crowded.
9. keybr.com — Practice your touch typing.
10. oldversion.com — Get old versions of software.
11. readability-score.com — Find out how readable text is.
12. deadmansswitch.net — Have emails sent when you die.
13. mint.com — Budget your money.
14. roadtrippers.com — Plan your route with the best lodging and attractions.
15. duckduckgo.com — A search engine that is not following you.
16. padmapper.com — Maps out possible apartments/homes that fit your criteria.
17. zillow.com — Another great source for finding your next home.
18. printfriendly.com — Make any webpage print friendly.
19. printwhatyoulike.com — Print precisely what you want from any webpage.
20. privnote.com — Write a note to someone that will self-destruct after they read it.
21. freecycle.org — A network of people giving away free stuff in their towns.
22. couchsurfing.org — Crash on someone’s couch anywhere in the world.
23. recipepuppy.com — Search for recipes based on the ingredients you have.
24. pipl.com — A search engine for finding people.
25. charitynavigator.org — Evaluates various charities.
26. newsmap.jp — Popular news headlines.
27. radioreference.com — Listen to radio channels across the nation.
28. jimmyr.com — Link aggregator.
29. wolframalpha.com — A computational knowledge engine.
30. heavens-above.com — Follow satellites and constellations.
31. whatismyip.com — Figure out you I.P. address.
32. spreeder.com — Improve reading speed and comprehension.
33. simplynoise.com — Listen to white noise.
34. camelcamelcamel.com — Tracks prices for any product.
35. ptable.com — An interactive periodic table.
36. retailmenot.com — Find coupons for just about anything.
37. searchtempest.com — Search all of craigslist with one search.
38. join.me — Peek in on somebody’s computer screen.
39. thistothat.com — Find out the best way to glue this to that.
40. woorank.com — Find out what your website is missing, how you can improve it, and how to make Google recognize it better.
41. scribblemaps.com — Draw on maps then share them with friends.
42. mailvu.com — Video email.
43. rhymer.com — Online rhyming dictionary.
44. homestyler.com — Design your dream home.
45. wetransfer.com — An easy way to send big files.
46. pastebin.com — A place to paste text.
47. idlekeyboard.com — Make it sound like you are hard at work.
48. dropbox.com — Backup your sensitive document online.
49. seatguru.com — Find out where the best seats are on your plane flight.
50. unlistmy.info — Find out which websites store data about you, and tell them to unlist your info.
51. twofoods.com — Compare two foods..
52. gasbuddy.com — Find local gas prices.
53. sleepyti.me — Plan out your sleep schedule better.
54. ripetrack.com — Find out when certain fruits are ripe .
55. compassionpit.com — Talk out your problems with others, or help others yourself.
56. paperbackswap.com — Swap books with others.
57. swole.me — Plan out your meals better.
58. weatherspark.com — A graphical look at the weather.
59. network-tools.com — Various network tools.
60. amazon.com — The best place to buy things online.
61. writecheck.com — Correct grammar and check for plagiarism.
62. wakerupper.com — Send yourself a wake-up call.
63. pcpartpicker.com — Plan out your next PC build.
64. nophonetrees.com — Talk to an actual person instead of a machine when you call customer service.
65. loads.in — Find out how long it takes websites to load.
66. calorieking.com — Find nutrition information on various foods.
67. manualslib.com — A database of PDF manuals for various products.
68. eatthismuch.com — Create meal plans to meet your nutrition targets.
69. keepmeout.com — Lock yourself out of time wasting websites.
70. glassdoor.com — Research what it is like to work with certain companies.

 

 

tv crime2Internet users have need to protect themselves against the GameOver Zeus and CryptoLocker viruses being used by criminal gangs to extort millions of pounds, US and UK security agencies announced on Monday.

The warning came after the FBI successfully disrupted a major cybercriminal network in the US from using the viruses to infect computers and steal data.

GameOver Zeus, also known as P2PZeuS, was designed by Russia and Ukrainian gangs to find and harness computer files that give access to banking and financial information, while Cryptolocker encrypts all files on a target’s computer and demands the user pays around £300 to unlock the file.

Almost 250,000 computers worldwide have been infected with CryptoLocker since it emerged in April and it has so far been used to extort payments of more than $27m (£16m), according to the FBI.

Industry experts have been quick to back up the stern message from the National Crime Agency, whose advice to visit internet awareness group Get Safe Online’s‘s website led to the site going down for 15 hours.

Below are some methods experts recommend to protect yourself from GameOver Zeus and CryptoLocker, and remove it if you suspect your computer is infected.

Protect your passwords
Unencrypted passwords should not be stored on your computer in case they are found by GameOver Zeus or another similarly aggressive malware programme, recommends Hugh Boyes, the head of the cyber security team at the Institution of Engineering and Technology’s (IET).

“If there is a need to store passwords, then use a good password manager application, which backs up and shares with your smartphone or tablet computer.”

Beware of suspicious emails
Do not open email attachments unless you are certain they are authentic. Potentially harmful emails generally have some or all of the following characteristics according the Get Safe Online:

- You don’t know the sender.
– The message contains misspellings (for example using a zero instead of an ‘o’) designed to fool spam filters.
– It makes an offer that seems too good to be true.
– The subject line and contents do not match.
– Contains an urgent offer end date (for example “Buy now and get 50% off”).
– Contains a request to forward an email to multiple people, and may offer money for doing so.
– Contains a virus warning.
– Contains attachments, which could include .exe files.

Back up your files 
All of your files, including photos and documents, should be regularly saved to an external piece of hardware, such as a USB stick or an external hard drive. This means it will not be lost if your computer is attacked, or if it breaks.

Update your computer programmes – especially anti-virus software
The NCA has advised that people ensure their security software is installed and updated, and that they run scans. Users should also check that their computer operating systems and applications in general are up to date.

Microsoft users can do this by using the ‘Check for Updates’ function on Windows Update, while Mac users can choose go to ‘Software Update’ on the System Preferences menu.

We have found that the Trojan seems to be using ports TCP 22222 and UDP 11111 to propagate through your network. As such for the less technical people I have created an executable that will close the ports in/out

DOWNLOAD: ZeusGameOverBlocker.exe  

For those who wish to do this manually copy the below text into a command prompt:

netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=TCP dir=out remoteport=22222 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=UDP dir=out remoteport=11111 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=TCP dir=in remoteport=22222 action=block
netsh advfirewall firewall add rule name=”ZeusGameOver” protocol=UDP dir=in remoteport=11111 action=block

This will create four rules called ZeusGameOver. If you wish to remove the rule for any reason paste the below line on text in the command line.

netsh advfirewall firewall delete rule name=”ZeusGameOver”

Current Status and Infection Rate

http://www.us-cert.gov/ncas/alerts/TA14-150A

zeus

 

The History Of The Internet

Posted: 01/06/2014 in Uncategorized
Tags: ,

 

The History Of The Internet
[Source: OnlineMBA.com

tv-300x2241
The Chinese government has announced that it will start vetting IT products and services that are to be used on networks and systems important to national security and public interest.

“For a long time, governments and enterprises of a few countries have gathered sensitive information on a large scale, taking the advantage of their monopoly in the market and technological edge,” a spokesman of the Chinese State Internet Information Office stated on Thursday. “They not only seriously undermine interests of their clients but also threaten cyber security of other countries.”

If a company or supplier is found to be supplying compromised products and services in China, they will be banned from doing so in the future.

The decision comes on the heels of the revelation that the NSA allegedly puts backdoors on American-made network devices destined for foreign markets.

But China is not the only country that’s begun to be wary of foreign companies, or domestic ones who occasionally work with/for foreign governments.

According to the Suddeutsche Zeitung, the German government has decided to change the rules when it comes to awarding sensitive public IT contracts.

“In cases of doubt, suspicious companies will now be excluded from such contracts. And companies now have to sign documents to the effect that no contracts or laws oblige them — nor can they be coerced — to pass on confidential data to foreign secret services or security authorities,” report Frederik Obermaier and Benedikt Strunz.

“The new rule would seem to be aimed primarily at American companies. These companies, as numerous Snowden documents reveal, regularly pass on information to the U.S. spy agencies,” they noted. “But since April, any company that cannot guarantee that foreign services or authorities will not obtain any of their data is being excluded from federal contracts in Germany. A spokesperson for the Ministry of the Interior said that the aim of the new rule is to prevent ‘the flow of data worth protecting to foreign security authorities.'”