Cyber Smart India: Internet Law Articles – Technology News

October 30, 2009

Privacy Policy Social Networking Sites

Filed under: Advice, Articles and News,Cyber Culture Computer Security,Online Advertising,Online Legal Issues,Web 2.0 — Tags: , , — info @ 2:22 am

Social networking site Facebook outlined changes to its privacy policy recently and is now asking for feedback from its strong user base on the changes.

The company wrote in an official blog post that members will have until November 5 to send in their comments about the proposed changes.

According to a Canadian report Facebook was violating the privacy of  users without permission by allowing their data to be included in third-party applications used on the site.

According to latest info, Facebook will now save profile information such as friend lists and photos from a deactivated account in case a member decides to reactivate it later but the material will not be viewable by other users.

Facebook has also said that personal data is not provided to advertisers.

If you have any query or you require consultation relating to technology and law, simply email us at info@cybersmart.in and we will get straight back to you.

, ,

October 23, 2009

Music and Virtual Products – Google and Facebook

Filed under: Cyber Culture Computer Security,Google,Web 2.0 — Tags: , , , — info @ 12:33 am

Facebook plans to let users buy music and other virtual products on its Web site, the company has said.
Songs and official sports icons are among the new virtual gifts Facebook will add to its store.

Also, Google will let users sample and buy songs directly from its search results page with a service it plans to announce soon, according to reports.

Google will let users stream songs from Lala and iLike.com, which is owned by MySpace, according to a report. A Lala link will let users stream a full song once for free and pay about $1 to download a copy, the report said.

If you have any query or you require consultation relating to technology and law, simply email us at info@cybersmart.in and we will get straight back to you.

, , ,

October 18, 2009

Search Engine Optimisation(SEO) and malicious websites

Filed under: Advice, Articles and News,Countries,Cyber Culture Computer Security,Google,India,Online Advertising,Phishing,Tips — Tags: , , , — info @ 10:26 pm

Rouge antivirus/ scareware propagation through Search Engine Optimisation(SEO) techniques

It has been observed that rouge antivirus software is being delivered to users system by enticing them to click malicious URL ‘s announced through search engine optimisation poisoning (SEO poisoning). As a result of SEO, while searching for current events terms in major online search engines (Google, MSN) etc., the top search engine results
point to websites that have been compromised to host malware and/or redirect the user to malicious websites.

The malware creators take advantage of modern SEO optimization techniques to get a higher rank on searches (SEO Poisoning) as well as use SQL injection techniques to compromise legitimate websites.

Some of the common search terms that returns poisoned web pages recently includes “Microsoft security Essentials”, “Tania Head”, “samoa-tsunami”, “Google wave invitation”, etc.

Screenshots regarding the fake-websites and pop-ups are detailed in the aforementioned link.

If a user clicks through these links they are redirected, viajava_script code, to a Web site advising the user that their machine is infected and requires the user to immediately go for an anti-virus scan. The page providing the pop-up however has been written in such a way that it is difficult to stop the process at this point.  Closing the pop-up messages
will only bring more and more until the user proceeds with the suggested scan.

Apart from the latest news , terms that contained virus, trojan, rogue, and bulletin all lead to poisoned top search results. Some even lead to pages and pages of bogus links, which redirect to rogue anti-virus malware.

In contrast with the previous techniques of registering new domains and then filled with malicious contents, cross linking them and use other tricks to get their page indexed and ranked high on relevant search engine results, attackers now exploiting the vulnerabilities in the website and upload malicious contents to compromised sites, either directly by injected
exploit code, or indirectly by injecting an iframe or script that brings in exploit code from a remote site .

Usually, users (site administrators) directly landing on the pages are not infected until they are redirected from the Goole-search results page.

Maliciousjava_script on the WebPages and the windows executable it tries to download are detected as Mal/FakeAvJs-A and Troj/FakeAv-AAQ.(Sophos) respectively.

Countermeasures

Exercise caution while visiting unknown websites returned by searched results.
Exercise caution when clicks links on e-mail and social networking sites and even while visiting trusted websites.
Keep up-to-date on patches and fixes on the OS and Web application software.
Install and maintain updated anti-virus software at desktop level and perform routine scans.
Secure the web applications against SQL injection and XSS attacks.
Use NoScript extension with Firefox browser.

Courtesy: Cert- In

If you have any query or you require consultation relating to technology and law, simply email us at info@cybersmart.in and we will get straight back to you.

, , ,

October 15, 2009

Social Networking Sites and Emotionally Distressed

Filed under: Advice, Articles and News,Cyber Culture Computer Security,Web 2.0 — Tags: , — info @ 9:15 pm

Monitoring posts on social networking sites such as Facebook, Twitter and MySpace could help to prevent suicide, according to a research.

When young people are emotionally distressed for instance, instead of the traditional channel of consulting friends, parents or specialists, social networking blogs may provide a channel to share and release their emotions and intentions.

If you have any query or you require consultation relating to technology and law, simply email us at info@cybersmart.in and we will get straight back to you.

,

October 9, 2009

Wireless Networks – Tips

Filed under: Advice, Articles and News,Tips — Tags: — info @ 10:16 pm

Securing Wireless Networks

   Wireless networks are becoming increasingly popular, but they
   introduce additional security risks. If you have a wireless network,
   make sure to take appropriate precautions to protect your information.

How do wireless networks work?

   As  the name suggests, wireless networks, sometimes called WiFi, allow
   you to connect to the internet without relying on wires. If your home,
   office,  airport, or even local coffee shop has a wireless connection,
   you  can access the network from anywhere that is within that wireless
   area.

   Wireless  networks  rely  on  radio waves rather than wires to connect
   computers  to  the internet. A transmitter, known as a wireless access
   point  or gateway, is wired into an internet connection. This provides
   a “hotspot” that transmits the connectivity over radio waves. Hotspots
   have  identifying  information,  including  an  item  called  an  SSID
   (service  set  identifier),  that  allow  computers  to  locate  them.
   Computers  that have a wireless card and have permission to access the
   wireless  frequency can take advantage of the network connection. Some
   computers may automatically identify open wireless networks in a given
   area,  while  others  may  require  that you locate and manually enter
   information such as the SSID.

What security threats are associated with wireless networks?

   Because wireless networks do not require a wire between a computer and
   the  internet  connection, it is possible for attackers who are within
   range  to  hijack  or  intercept an unprotected connection. A practice
   known  as  wardriving involves individuals equipped with a computer, a
   wireless  card,  and  a  GPS device driving through areas in search of
   wireless  networks  and  identifying  the  specific  coordinates  of a
   network location. This information is then usually posted online. Some
   individuals  who  participate  in or take advantage of wardriving have
   malicious  intent  and  could use this information to hijack your home
   wireless network or intercept the connection between your computer and
   a particular hotspot.

What can you do to minimize the risks to your wireless network?

     * Change   default  passwords  -  Most  network  devices,  including
       wireless   access   points,   are   pre-configured   with  default
       administrator passwords to simplify setup. These default passwords
       are  easily  found  online,  so they don’t provide any protection.
       Changing  default  passwords makes it harder for attackers to take
       control  of  the device (see Choosing and Protecting Passwords for
       more information).
     * Restrict  access  -  Only  allow  authorized  users to access your
       network.  Each  piece of hardware connected to a network has a MAC
       (media  access  control) address. You can restrict or allow access
       to  your  network  by  filtering  MAC addresses. Consult your user
       documentation  to  get  specific  information about enabling these
       features.  There  are  also  several  technologies  available that
       require  wireless  users  to  authenticate  before  accessing  the
       network.
     * Encrypt  the data on your network – WEP (Wired Equivalent Privacy)
       and  WPA  (Wi-Fi  Protected  Access)  both  encrypt information on
       wireless  devices.  However,  WEP  has a number of security issues
       that  make  it less effective than WPA, so you should specifically
       look  for  gear  that  supports encryption via WPA. Encrypting the
       data would prevent anyone who might be able to access your network
       from  viewing  your  data  (see  Understanding Encryption for more
       information).
     * Protect  your  SSID  -  To  avoid  outsiders easily accessing your
       network,   avoid   publicizing   your   SSID.  Consult  your  user
       documentation to see if you can change the default SSID to make it
       more difficult to guess.
     * Install  a  firewall  -  While  it  is a good security practice to
       install  a  firewall  on  your  network, you should also install a
       firewall   directly   on   your  wireless  devices  (a  host-based
       firewall).  Attackers  who  can  directly  tap  into your wireless
       network  may  be  able  to  circumvent  your  network  firewall–a
       host-based  firewall will add a layer of protection to the data on
       your computer (see Understanding Firewalls for more information).
     * Maintain anti-virus software – You can reduce the damage attackers
       may  be  able  to inflict on your network and wireless computer by
       installing  anti-virus software and keeping your virus definitions
       up  to  date  (see  Understanding  Anti-Virus  Software  for  more
       information). Many of these programs also have additional features
       that  may protect against or detect spyware and Trojan horses (see
       Recognizing  and  Avoiding  Spyware  and  Why  is Cyber Security a
       Problem? for more information).
    
Courtesy US-CERT, a government organization.

Powered by WordPress