Security

SPOTLIGHT ON SECURITY

Spam Boom Prompts Call for Businesses to Ditch Email

Just when we thought the spam scourge was over, it appears it’s making a comeback.

After four straight quarters of decline, spam volumes on the Internet rose 92 percent in February, according to security firm Eleven Research Team.

Nasty forms of spam also showed significant increases. Phishing emails jumped 69.8 percent, malware-bearing messages rose 156.9 percent, and virus outbreaks related to emails climbed 49.8 percent.

Given those numbers, it shouldn’t be surprising that last week the European Network and Information Security Agency, in what is called a “Flash Note,” called for a campaign to stop using email.

Email is insecure, primarily because there’s no way to reliably authenticate the author of a message or its true point of origin, the agency said. That makes is extremely hard for whomever receives the message to evaluate its threat potential.

In the short-term, encryption and user authentication frameworks may act as temporary fixes for the problem, the agency noted. In the long run, industry, businesses and governments should explore alternative methods that offer better protection from spoofing or phishing.

Home Brew Weapons?

Security wasn’t the focus of the South by Southwest Interactive conference in Austin, Texas last week, but it popped up when Cody R. Wilson, a sort of 3D printing anarchist, announced a new Website, Defcad.

The site would be an unfettered home for 3D printer files — whether those files produce patent-protected products or not.

Wilson has gained some notoriety by creating firearm components with a 3D printer. That home brew approach to producing guns isn’t new, according to Michael Weinberg, vice president ofPublic Knowledge in Washington, D.C.

“The 3D printer gun folks are actually building on the work of a group of people who have existed for some time who use computer-controlled lathes to make their own guns,” he told TechNewsWorld.

“Even before 3D printing, there were people downloading files off the Internet and creating guns at home.”

How Likes Can Say More Than You Think

A new study put Facebook in the privacy spotlight last week.

A team of researchers at Cambridge University in the UK discovered they could make accurate assumptions about a person’s personal proclivities by studying their Facebook Likes, such as what kind of food they liked, causes they supported or where they shopped.

For example, they found they could predict a person’s race in 95 percent of the cases; gender in 93 percent of the cases; sexual orientation for males (88 percent) and females (75 percent), political party in 85 percent of the cases and religion in 82 percent of the cases.

The study illustrates how privacy on the Internet is an issue of control, noted Adi Kamdar, an activist with the Electronic Frontier Foundation.

“You need to be aware of how your information and data is being used,” he told TechNewsWorld. “That’s why transparency is so important. We don’t want information put out there for one person to be used or exploited for other purposes.”

The study should be an eye opener for users, observed G.S. Hans, a Plesser Fellow at the Center for Democracy & Technology.

“We hope that this study will help users to think more carefully and more critically about their actions online and what the inadvertent consequences could be of those actions,” he told TechNewsWorld.

Concerns About Federal Banking Data

The U.S. Treasury Department found itself in a tempest when a report from Reuters said the agency was preparing a plan to open up its Financial Crimes Enforcement Network database to the federal intelligence community.

In its response to the Reuters story, Treasury noted that the intelligence community already has access to FinCEN and that it had no intentions of broadening that access.

FinCEN was created during the Nixon years to better investigate drug dealers when they deposited cash in banks.

All cash deposits of $10,000 or more are reported to FinCEN. Nowadays a lot of that activity comes from retailers making cash deposits after a day’s business.

Over the years, the quality of the information in FinCEN has declined, according to J . Bradley Jansen, director of the Center for Financial Privacy and Human Rights. That’s opened up law enforcement agencies to technological hucksters.

“There are private vendors who think they can sell law enforcement on new products that will help them mine that data and come up with statistical profiles that can be used in place of legitimate police work,” he told TechNewsWorld.

Data Breach Diary

  • March 11. Credit reports for a number of public figures, including First Lady Michelle Obama, FBI Director Robert Mueller and Paris Hilton posted to website in Russia. The information was verified as coming from one of the big three credit agencies — Experian, Equifax and TransUnion. According to TransUnion, the data thieves had more than enough personal information to login to an agency and obtain a target’s credit report.
  • March 12. Wired reports that sports apparel retailer Genesco files $13 million lawsuit against Visa and Mastercard for arbitrary and unauthorized levying of penalties on the company for a data breach in which no evidence was found that credit card information had been stolen.
  • March 14. National Institute of Standards and Technology acknowledges that its servers, including one hosting the U.S. government’s catalog of digital vulnerabilities, have been offline since March 8 when suspicious traffic was observed emanating from the servers. Partial service was restored by March 15.
  • March 14. U.S. prosecutors indict Reuters editor Matthew Keys, 26, in California, charging that he fed Tribune Company server logins to the hacktivist collective Anonymous group in 2010, which at least one hacker used to sabotage part of The Los Angeles Times’ website.
  • Matthew Keys, 26, of Secaucus, N.J., faces up to 10 years in prison if convicted on several federal charges related to the security breach of Tribune Company.

Upcoming Security Events

  • March 20. Mobile Technology and Its Impact on Analysis and Dissemination of Intelligence. 7-9 a.m. Lockheed Martin Corporation, 13560 Dulles Technology Dr., Herndon, Va.
  • March 20. Mitigating the Top Human Risks. 1 p.m. ET. Webinar sponsored by RSA and SANS Institute. Free.
  • March 20. Cyberthreats from China, Russia and Iran: Protecting American Critical Infrastructure. 311 Cannon House Office Building, Washington, D.C. 2 p.m. U.S. House Homeland Security Committee. Public Hearing.
  • March 28. Trends in Government Security – Risk Management, Compliance and Technology. 1 p.m. Webinar. Free.
  • April 9. Mobile Devices and Identity and Access Control Applications. Sands Expo & Convention Center, Las Vegas, Nev. Sponsored by Smart Card Alliance. Registration: US$470-$590.
  • April 23-24. Black Hat Embedded Security Summit. McEnery Convention Center in San Jose, Calif. Registration: Before Feb. 9, $999; Feb. 9-Apr. 18, $1,099; Apr. 19-25, $1,199.
  • April 23-25. Infosecurity Europe. Earls Court, London, UK. Registration: By Apr. 19, free; After Apr. 19, Pounds 20.
  • June 11. Cybersecurity Brainstorm. 8 a.m.-2:30 p.m.ET. Newseum, Washington, D.C. Registration for non-government attendees: Before March 3, $395; Mar. 3-Jun. 10, $495; Onsite, $595.

John Mello is a freelance technology writer and former special correspondent for Government Security News.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by John P. Mello Jr.
More in Security

Technewsworld Channels