Notebook theft–or mislocation–is becoming a big problem. Although many thieves may be interested only in the hardware, it’s the disk’s contents that are valuable to you and your company.

PGP disk, a security product by PGP Inc., which was recently acquired by Network Associates, solves the problem of data protection. It lets you create encrypted disk volumes on your PC that appear as just another drive. You can store, copy and delete files and folders from these volumes just like you can with any other volume. However, the data within, including all folders and files, are completely inaccessible without PGP disk and your pass phrase. When not being used, the volume is stored in an encrypted file.

Unlike other security products that protect single files or directories, PGP disk operates on encrypted volumes. Although it doesn’t have centralized administration, it can be a great corporate tool because of its extreme ease of installation and use.

Protecting Your Data I tested a beta of PGP disk version 1 for Microsoft Corp. Windows95 version 1 in Network Computing’s University of Wisconsin lab, installing it on an AMD K6 200-MHz computer with 9 GB of Ultra DMA EIDE drives and 64 MB of SDRAM memory.

Article Source (Continued)

My previous post was intended to demonstrate that malicious software could also be affected by security vulnerabilities. The example considered a remote code execution in a PHP page used in a phishing attack. However, the debate is still open concerning the possibility that the security issue had been intentionally introduced as a back door.

I want to now focus my attention on another piece of malicious code used to control and coordinate the systems belonging to a particular botnet. A botnet is a group of infected zombie machines under a common control infrastructure; usually, a Web application is employed to remotely instruct the systems in order to pursue a variety of illicit purposes.

An authentication bypass vulnerability was found to be affecting the command and control Web interface used in this particular botnet, thereby allowing users to bypass the authentication mechanism and take the control of the botnet and its zombies. The code responsible for authenticating the credentials supplied by the users is shown below:

Article Source (Continued)

Intel has recruited the Taiwanese government for its project to put a Linux stack on the Atom processor.

The chip maker announced today that it’s partnering with Taiwan’s Ministery of Economic Affairs (MOEA) to establish a "Moblin Enabling Center" to drum up developer support and interest.

Its investment arm is also sinking 386m New Taiwan dollars (US $11.7m, £ 7.14m) into the WiMax technology carrier VMax, which plans to roll out Taiwan’s first nation-wide 4G WiMax network.

Moblin is a Linux stack designed to be fast and light for low-cost, low-power netbooks and nettops.

The Moblin lab will train and consult device and software vendors, which Intel hopes will mean more Moblin-based devices arriving sooner to market. The company’s main contribution will be stocking the joint full of engineers.

"With a shared vision to accelerate mobility industry momentum, our collaboration with Intel positions Taiwan to further capitalize on opportunities created by the next phase of the Internet," said Yiin Chi-Min, Minister of the Taiwan MOEA.

VMax is the 30th WiMax company to receive funding from Intel worldwide.

"With Intel Capital’s support, VMax intends to become the first-mover in bringing the benefits of high-speed wireless broadband to Taiwan," said C.K. Liu, Vmax chairman. "Vmax intends to be the first to deploy a 2.5GHz WiMax network in Asia Pacific."

Intel said the WiMax service will be available in Taiwan in the first half of 2009.

Article Source (Continued)

Malware writers are leveraging the trusted Google name to launch a new wave of worm attacks against Facebook users, researchers said this week.

The Koobface worm spreads by sending messages to "friends" from previously compromised, but legitimate, Facebook accounts, Guillaume Lovet, senior manager of threat research at Fortinet, told SCMagazineUS.com on Thursday. The messages, which are riddled with spelling errors to evade filters, tell users they were caught in a video on YouTube.

Article Source (Continued)

Several ISPs and Internet companies will meet in San Francisco early next year to adopt a common strategy for combating botnets, the remotely controlled networks that are used to carry out distributed denial-of-service attacks and massive spam campaigns.

During their general meeting next February, members of the Messaging Anti-Abuse Working Group (MAAWG), formed in 2004, will discuss ways to mitigate and neutralize botnets, which increasingly have become a preferred method of attack for spammers and hackers looking to conduct DDoS attacks. Botnets generally comprise thousands of malware-infected zombie computers that are controlled remotely by a host to carry out a wide array of seemingly untraceable attacks. Botnets often are difficult to shut down because users of infected machines many times have no idea their machines are being used as part of a malicious network.

Article Source (Continued)

AW Security Port Scanner was selected the winner in the Network Security Scanner category of the WindowSecurity.com Readers’ Choice Awards. GFI LANguard Network Security Scanner and ManageEngine Security Manager Plus were first runner-up and second runner-up.

The Australian government is set to impose Chinese-style Internet censorship by enforcing a universal national filter that will block websites deemed ?controversial,? as part of a wider agenda to regulate the Internet according to free speech advocates.

A provision whereby Internet users could opt out of the filter by contacting their ISP has been stripped from the legislation, meaning the filter will be universal and mandatory.

The System Administrators Guild of Australia and Electronic Frontiers Australia have attacked the proposal, saying it will restrict web access, raise prices and slow internet traffic speeds.

The plan was first created as a way to combat child pornography and adult content, but could be extended to include controversial websites on euthanasia or anorexia,? reports the Australian Herald Sun.

Communications minister Stephen Conroy revealed the mandatory censorship to the Senate estimates committee as the Global Network Initiative, bringing together leading companies, human rights organisations, academics and investors, committed the technology firms to ?protect the freedom of expression and privacy rights of their users?. (Complete black is white, up is down, double talk).

Human Rights Watch has condemned internet censorship, and argued to the US Senate ?there is a real danger of a Virtual Curtain dividing the internet, much as the Iron Curtain did during the Cold War, because some governments fear the potential of the internet, (and) want to control it.?

Speaking from personal experience, not only are ?controversial? websites blocked in China, meaning any website that is critical of the state, but every website the user attempts to visit first has to pass through the ?great firewall,? causing the browser to hang and delay while it is checked against a government blacklist.

This causes excruciating delays, and the user experience is akin to being on a bad dial-up connection in the mid 1990?s. Even in the center of Shanghai with a fixed ethernet connection, the user experience is barely tolerable.

Not only are websites in China blocked, but e mails too are scanned for ?controversial? words and blocked from being sent if they contain phrases related to politics or obscenities.

Googling for information on certain topics is also heavily restricted. While in China I tried to google ?Bush Taiwan,? which resulted in Google.com ceasing to be accessible and my Internet connection was immediately terminated thereafter.

The Australian government will no doubt insist that their filter is in our best interests and is only designed to block child pornography, snuff films and other horrors, yet the system is completely pointless because it will not affect file sharing networks, which is the medium through which the vast majority of such material is distributed.

If we allow Australia to become the first ?free? nation to impose Internet censorship, the snowball effect will only accelerate - the U.S. and the UK are next.

Indeed, Prime Minister Tony Blair called for Internet censorship last year.

In April 2007, Time magazine reported that researchers funded by the federal government want to shut down the internet and start over, citing the fact that at the moment there are loopholes in the system whereby users cannot be tracked and traced all the time. The projects echo moves we have previously reported on to clamp down on internet neutrality and even to designate a new form of the internet known as Internet 2.

Moves to regulate the web have increased over the last two years.

- In a display of bi-partisanship, there have been calls for all out mandatory ISP snooping on all US citizens by both Democrats and Republicans alike.

- In December 2006, Republican Senator John McCain tabled a proposal to introduce legislation that would fine blogs up to $300,000 for offensive statements, photos and videos posted by visitors on comment boards. It is well known that McCain has a distaste for his blogosphere critics, causing a definite conflict of interest where any proposal to restrict blogs on his part is concerned.

- During an appearance with his wife Barbara on Fox News in November 2006, George Bush senior slammed Internet bloggers for creating an ?adversarial and ugly climate.?

- The White House?s own de-classified strategy for ?winning the war on terror? targets Internet conspiracy theories as a recruiting ground for terrorists and threatens to ?diminish? their influence.

- The Pentagon has also announced its effort to infiltrate the Internet and propagandize for the war on terror.

- In an October 2006 speech, Homeland Security director Michael Chertoff identified the web as a ?terror training camp,? through which ?disaffected people living in the United States? are developing ?radical ideologies and potentially violent skills.? His solution is ?intelligence fusion centers,? staffed by Homeland Security personnel which will are already in operation.

- The U.S. Government wants to force bloggers and online grassroots activists to register and regularly report their activities to Congress. Criminal charges including a possible jail term of up to one year could be the punishment for non-compliance.

- A landmark November 2006 legal case on behalf of the Recording Industry Association of America and other global trade organizations sought to criminalize all Internet file sharing of any kind as copyright infringement, effectively shutting down the world wide web - and their argument was supported by the U.S. government.

- A landmark legal ruling in Sydney goes further than ever before in setting the trap door for the destruction of the Internet as we know it and the end of alternative news websites and blogs by creating the precedent that simply linking to other websites is breach of copyright and piracy.

- The European Union, led by former Stalinist John Reid, has also vowed to shut down ?terrorists? who use the Internet to spread propaganda.

- The EU data retention bill, passed after much controversy and implemented in 2007, obliges telephone operators and internet service providers to store information on who called who and who emailed who for at least six months. Under this law, investigators in any EU country, and most bizarrely even in the US, can access EU citizens? data on phone calls, sms?, emails and instant messaging services.

- The EU also proposed legislation that would prevent users from uploading any form of video without a license.

- The US government is also funding research into social networking sites and how to gather and store personal data published on them, according to the New Scientist magazine. ?At the same time, US lawmakers are attempting to force the social networking sites themselves to control the amount and kind of information that people, particularly children, can put on the sites.?

Governments are furious that their ceaseless lies are being exposed in real time on the World Wide Web and have resolved to stifle, regulate and control what truly is the last outpost of real free speech in the world. Internet censorship is perhaps the most pertinent issue that freedom advocates should rally to combat over the course of the next few years, lest we allow a cyber-gag to be placed over our mouths and say goodbye to our last medium of free and open communication.

http://www.infowars.com/?p=5619

IBM researchers have developed a new device that connects to USB ports and creates a secure communication channel to online banking servers. The device is designed to prevent man-in-the-middle attacks and malware-infected PCs from compromising online banking transactions.

Researchers at IBM revealed new technology they say can protect online banking transactions from malware and man-in-the-middle attacks.

The company has developed a prototype of a small USB device dubbed the Zone Trusted Information Channel. According to IBM, the product plugs into the USB port of any computer and creates a direct, secure channel to a bank’s online transaction server–the point being to bypass the user’s PC, which could be infected with malware. 

"The various phases of the validation and acceptance of a transaction are moved from the PC over to the ZTIC," said Gunter Ollmann, director of security strategy for IBM’s ISS, in an interview with eWEEK. "It is also encrypted at the ZTIC as a further security precaution, and can use bank-supplied smart-card technologies to further boost this encryption/security."

If a user’s PC is infected with malware that manipulates the information flow in the PC, the user can cancel the transaction while it’s displayed on the ZTIC device. What the user sees on the ZTIC display is identical to what the server sees regardless of what occurs on the PC.

Article Source (Continued)

Cali Micro Global’s Managing Director, Darryl King commented, "The new Honeywell Pocket Size SecuraDrive(tm) RFID changes the rules for portable encrypted hard drives. As the distributor of choice to the Government and Government Contractors for SOYO’s Honeywell product lines, I can honestly say that this is one of the most ground breaking products I’ve ever seen in my 22-plus years in the IT sector."

Designed and manufactured by SOYO Inc., The Honeywell SecuraDrive(tm) RFID is a 2.5 inch external USB 2.0 hard drive, with either 250GB or 500GB of Government grade secure storage. The Honeywell SecuraDrive(tm) RFID utilizes two powerful technologies, Radio-frequency identification (RFID) and Advanced Encryption Standard (AES) 128bit encryption. The RFID is an automatic identification method that stores and remotely retrieves data. The 128bit password uses AES, which is a block cipher that was adopted by the U.S. Government as its encryption standard. It has been analyzed extensively and is now used worldwide.

"We are very impressed with Cali Micro’s success in sales to U.S. Government agencies and contractors," said SOYO’s Chairman and CEO, Ming Chok, "Cali-Micro is very highly respected certified Minority Owned fully compliant IT firm. All of us at SOYO are excited to work with Darryl King and the Cali-Micro team."

Darryl King continued, "I’ve sold countless external hard drives over the years and now all of those hard drives are absolutely obsolete. The information you secure on this hard-drive can be kept from the Operating System unless you want it to be seen. It’s absolutely stealth to other users on the network. If your network is compromised your critically sensitive information isn’t. What I like the most about SecuraDrive RFID is simplicity; you can be protecting your files within moments after opening the box.

"This product is hot and in electronics, hot products are hard to keep in stock. If you want portable encryption then you need to order as soon as possible before we get to the allocation stage. We are the premier choice for internal and external encrypted hard drives since we represent both manufacturers in the space. We have everything from pocket size encrypted hard drives to small book size encrypted hard drives that hold 1.5 TB of information with 256 Bit encryption. We even have hardware driven encryption for internal use. Any questions can be directed to me at my office 949-218-2364, extension 717 or via e-mail to Darryl.King@CaliMicroGlobal.com."

Article Source (Continued)

A new open-source tool called Crapto1 could allow hackers free travel on the London Underground, by decrypting communication data between RFID chips and readers.

The Oyster card system is based around the Mifare chip which uses an encryption algorithm called Crypto1. An attack against this algorithm was recently detailed in an academic paper from the University of Radboud in Holland, and it is this attack which Crapto1 implements.

"I’m not aware of any other public implementations at this time, I decided to write my own. This code implements the cryptography needed, to decrypt captured communications between crypto1 based tags and readers. And even recover the shared secret," says the project homepage on Google Code.

Article Source (Continued)