A substantial report from the International Telecommunications Union on Information Security and legislation development.
This report provides guidelines and case studies to developing countries on legislation for data privacy, e-applications and prevention of cyber crime; with practical examples on how some countries have addressed legislation on the prevention of cyber crime.
Slashdot have an item up for discussion relating to the “explosion” of cybercrime.
This won’t be going away anytime soon but its not all doom and gloom. Security awareness, appropriate software and some common sense will keep you secure.
Yahoo is reporting that global cybercrime overtook global drug trafficking in terms of revenue this past year. In related news, only 4% of Internet users can flag 100% of phishing e-mails as fraudulent, and Americans filed 207,000 reports on cybercrime to FBI.
The idea behind this is pushing the boundaries of the myriad of “live cd” linux distributions. Open Source innovation at its best. Take this bootable cd with you. Where ever you go – boot up and enjoy the beneftis of an encrypted / anonymous internet connection.
Points of note:
* When you are on a public internet terminal (internet cafe’s) there is no way to be sure your key strokes are not being logged. You need to trust the operating system you are working is secure. You can use encryption to foil anyone listening to your network traffic but a key logger will break your security. Booting ELE will give you a massive increase in your level of confidence. Note: You are still vulnerable to a physical keylogger sitting on the computers keyboard or cable.
* Now as with everything there is caveat. You are now trusting ELE and the Tor network is secure. Think about it.
What is ELE?
ELE is a bootable Live CD Linux distribution with focus on privacy related software.
It is based on Damn Small Linux and aims to be (obviously) as small as possible. The first release was 65M, the current one 61M.
Takingitglobal have a well made portal with thousands of members from around the world – using the internet to communicate and work towards building a better world. The latest issue being covered is online security and safety.
The Internet has drastically changed our world. We talk to friends, research topics, buy products and send emails for work and leisure. Unfortunately, all this time we spend on the Web increases our chances of being targeted. Now, every cyber citizen must become “cyber smart” or face the consequences. From protecting your computer to protecting yourself, it’s all here. Do you know what you need to know?
Organisations need to aware of the potential for interest in the activities of the organisation by external parties and hence the need for secure communications and IT practices.
As always your situation and required level of paranoia is dependent on your work and situation. Regular reviews of current security posture and potential risks should be a part of any organisations policy.
Russia has moved to impose greater government control over charities and other non-governmental organisations, including some of the world’s most prominent, in what critics described as the Kremlin’s latest effort to stifle democracy.
Fact or fiction, propaganda or FUD, all that can be confirmed about this is that it makes an interesting read.
Security experts have revealed details about a group of Chinese hackers who are suspected of launching intelligence-gathering attacks against the U.S. government.
The hackers, believed to be based in the Chinese province of Guangdong, are thought to have stolen U.S. military secrets, including aviation specifications and flight-planning software.
Security experts lift lid on Chinese hack attacks | Tech News on ZDNet
The SANS Institute is a world class Security Training and Information resource. The latest Top 20 report has been released and as those familar with it will note the list has expanded and evolved.
If you are not technically minded then you might want to leave this one to your more technically inclined staff.
More coverage of net censorship and staying anonymous when publishing online. Be aware and be careful.
Here is a picture from the workshop on secure communications and anonymous blogging conducted by my colleague Ethan Zuckerman, Dmitri Vitaliev of Frontline Defenders, Wojtek Bogusz of the Tactical Technology Collaborative, and Nart Villeneuve of the Open Net Initiative. These guys are basically the dream geek team for free speech on line. They gave instructions in detail about how non-governmental organizations, human rights groups, and individuals trying to speak the truth under dangerous circumstances can secure their communications and data, and minimize the likelihood that people will get caught or arrested as a result of their work. The second part of the workshop was devoted to anonymous blogging.
Global Voices Online > WSIS: Circumventing censorship and staying safe
Following on from the WSIS in Tunisa there has been some press about net freedom within Tunisa itself. Government censorship of independent blogs and journalists has made it to a number of news sites, including the BBC as linked below.
People should know that in Tunisia, the very place they’re holding this summit, the internet is censored. Cyber-dissidents are tracked down and arrested. You can’t have access to any opposition websites in Tunisia
Julien Pain, Reporters Without Borders
Using tools and services such as anonymous proxies or the tor network it is possible to blog anonymously and read blocked sites – but as pointed out in the article government policy will ensure that self censorship occurs and the audience is restricted.
“Technically, you can bypass internet censorship fairly easily. But when it’s in place, it’s a reminder to the local population that there are consequences for certain types of content.
“Filtering doesn’t have to be 100% effective. It just has to get the message across for people to start self-censoring.”
While this article is about a UK Survey and home users it is very applicable to all users and organisations around the world. Here at ironcove.net we are attempting to bring some awareness of Security Issues and ways to address them. Unlike many in the industry we are not in the game of FUD (Fear, Uncertainity and Doubt) which is often used to sell products and services in the Information Technology Security Field.
Small steps and some basic understanding will eliminate most Security threats. It is not rocket science and it does not have to cost a fortune.
Widespread ignorance about basic computer security in UK is putting millions of people at risk from net-savvy criminals, a survey suggests.
It found 83% of 1,000 people questioned were not doing enough to protect themselves online, with 53% saying they did not know how to improve security.
