Home > Online Security

• Cyber agency for cyber crime
• NGOs URGE ICANN TO SAFEGUARD PRIVACY
• Romania emerges as new world nexus of cybercrime
• Safer Internet - Deadline for proposals
• Evidian Announces AccessMaster NG
• Top Vulnerabilities
• A European solution to the global software piracy problem
• The Challenge
• Workshop on spam

Reducing smart card information leakage
Security for third generation smart cards is evolving exponentially in response to the ever-increasing battle against card fraud, Smart card designers are currently developing electronic chequebook and authorisation systems with additional benefits being derived from reduced power consumption and reduced power dependant information leakage.

VERISIGN VIOLATES PRIVACY MILLIONS OF INTERNET USERS

Verisign, the US based registrar of the .com and .net top level domain, refuses to stop redirecting internet users to its own search engine Site Finder. Since 15 September everybody who makes a mistake in typing a web address is re-directed to their website, instead of just getting an error message. In spite of massive protests from internet users, technicians, the IAB and ICANN, Verisign doesn't seem willing to change its policy.

In a posting on the collective weblog CircleID privacy-expert Richard M.Smith states that Verisign is using the services of Omniture to set a cookie. Through this, the company is able to watch all future mistakes people are making in typing a domain name, besides analysing their search behaviour and gathering sensitive information like the previously visited web address.

With 4 to 7 million misguided visitors per day, Verisign is violating the privacy of internet users worldwide on an extremely large scale. This type of secretive monitoring is prohibited by the European Directive on privacy in the telecommunications sector (2002/58/EC). Via the Recitals 24 and 25 and Article 5.3 the Directive requires explicit consent of each internet user for cookies and similar monitoring devices. "So-called spyware, web bugs, hidden identifiers and other similar devices can enter the user's terminal without their knowledge in order to gain access to information, to store hidden information or to trace the activities of the user and may seriously intrude upon the privacy of these users. The use of such devices should be allowed only for legitimate purposes, with the knowledge of the users concerned."

Bug Reveals the Snooper in VeriSign's Site Finder (17.09.2003)
http://www.circleid.com/article/260_0_1_0_C/

Stop Verisign DNS Abuse - online petition
http://www.whois.sc/verisign-dns/

20 - 21 October 2003
FUTURE KIDS ONLINE - how to provide Safety Awareness, Facts and Tools
Stockholm, Sweden
Email: karin.larsson@culture.ministry.se

Academic research in information security to be rewarded

  The European Information Security Awards are to be presented at a conference in Amsterdam, the Netherlands, on 3 November, recognising, among other accomplishments, academic research in the field.

The awards will recognise and reward the most significant achievements in information security across Europe.

The three award categories are:
- academic research - recognising future potential and awarded to individuals or organisations having achieved security excellence in the field of academic research;
- European policy - awarded to those responsible for driving and promoting security excellence through the development of public policy;
- implementation - recognising security excellence in end user implementations in business, the public sector, and public-private partnerships.

  Nominations should be submitted before 30 September.

Data Source Provider : RSA Conference Europe
Document Reference : Based on an event announcement
Subject Index Codes : Information Processing, Information Systems, Safety
Contact Person : For further information, please consult the following web address:
http://www.rsaconference.com/europe_awards

Asynchronous design for increased electronic security
Smart cards are widely used, however, they are subject to various types of attack and this imposes new demands on assessing their security, particularly for financial transactions. A newly developed asynchronous circuit technique, namely the dual-rail logic, is expected to provide increased protection of smart cards against attacks.

Computer professionals, individuals pursuing security certifications, and business managers who want to keep up with the computer security field should check out this new book:
Microsoft Encyclopedia of Security (Microsoft Press)
The book covers over a thousand security-related concepts, tools, exploits, organizations, and resources, and is priced only $49 (or $35 on Amazon right now).

OECD - 30 nations target cross-border Internet scams
Thirty nations announced the first multinational pact to fight cross-border fraud, which has grown sharply with the spread of the Internet. The agreement among the industrial nations belonging to the Organization for Economic Cooperation and Development was a year in the making and was spearheaded by the United States, which has the most victims of cross-border fraud. The 30 mostly European and North American member countries of the Organization for Economic Cooperation and Development agreed to work together to fight cross-border fraud, beef up their own consumer-protection laws where necessary, and make it easier for consumers to recover damages.
http://www.oecd.org/sti/crossborderfraud

Workshop on advanced security technologies
  A workshop on advanced security technologies in networking will take place from 15 to 18 September in Bled, Slovenia.
In light of the growing use of the Internet for administration, e-commerce, intra-organisation communication, health care applications and research, the workshop will bring together experts and users from industry, research and administration to discuss the need of promoting and enhancing security technology.
The following areas will be covered:
- basic knowledge about security mechanisms and services;
- security standards;
- secure administration of the network;
- security technology based products and services for secure communication;
- security technology in e-government and e-business applications;
- secure infrastructure;
- privacy aspects and privacy enhancing technologies;
- data protection and legislation.
The workshop is being organised by NATO's security technology competence centre, in association with the European Commission.
Data Source Provider : NATO
Document Reference : Based on an event announcement
Subject Index Codes : Information Processing, Information Systems, Telecommunications
Contact Person : For further information, please consult the following web address:
http://www.setcce.org/natows/

DHS network broadcasts cyberthreat warnings
The Homeland Security Department has fielded a network that lets government and industry groups swap information about cyberattacks and other systems threats. The Cyber Warning and Information Network has about 30 nodes connecting agencies and companies.

Bugbear worm
"A new variation of the Bugbear worm of last September is spreading rapidly across the Internet. Bugbear.b (w32.bugbear.b@mm) is written in Visual C and has been compressed to 72,192 bytes. It is similar to the original Bugbear worm  in that it spreads by e-mail or shared network files, attempts to shut down popular antivirus and firewall apps, and opens a port on infected computers for remote administration. Bugbear.b contains a keystroke-logging Trojan horse that could be used to steal passwords or credit-card information from infected computers. Bugbear infects all versions of Windows, but does not infect Mac, Unix, or Linux systems."

SITE OF THE MONTH:

Privacy Policy | Terms of Service
© 1999 - 2008, MultiMedia SRL
Send articles and materials to be published on this website to: Publishing
If you see unauthorized or illegal materials on this website, please send an e-mail to: Abuse