As every news outlet is reporting, the author of the Sasser and Netsky worms that dragged the Internet to its knees a couple of years ago is getting without any jail time. The German court (behind closed doors, due to the juvenile defendant laws) held that the defendant will get 21 months of probation for causing billions of dollars in damage across the globe.

I have to agree somehow with the German court that this teenager will be more likely to become rehabilitated if he stays off jail and is given enough opportunity to learn from his mistake and use his (arguably) brilliant IT skills for good purposes. But it somehow bugs me the fact that one can cause so much damage and still do not serve a minute in jail.

"Even a year after his arrest, it is more likely that you will be infected by a worm written by Sven Jaschan than any other virus author," Graham Cluley, Sophos senior technology consultant, said in a statement. "However, in the grand scheme of the virus world, it’s the organised crime gangs, which are increasingly emerging to make stacks of money through targeted attacks, that should be dealt the harsh sentences — over and above the dumb teenagers."

It is interesting to note that he escaped mandatory jail time because he was arrested days before his 18th birthday.

[Via InternetNews.com -]

The hacker who penetrated federal defense systems and who is currently fighting extradition to the US claimed that the US systems were poorly secured. I will finish with just one quote from the article, it says plenty:

"So you don’t even need to become domain administrator," he said.
"That’s 5,000 machines all with a blank system-level administrator
password."

[Via ZDNet -]

Britain is on its way to set an example of how to more effectively deal with cyber criminals - increase the penalties. It is no longer the case that hackers were high-school students who were penetrating NASA computers in their spare time after school from their bedroom computers. The new cyber crime is similar to the organized crime groups with multiple rings, money laundering schemes, etc. The argument, "don’t send him for 20 years to jail, he is just a bored high school kid" would not work as the cyber criminals grow more sophisticated, organized, and daring.

Tom Harris, MP for Glasgow South, introduced a bill on Tuesday to
update the Computer Misuse Act. Harris wants the maximum sentence for
accessing data without authorisation increase from six months to two
years, and the maximum sentence for modifying data without
authorisation lifted to 10 years from five at present.

[Via ZDNet UK, UK -]

McAfee reports that in the first half of 2005 there was a 63% increase in the number of machines that were exploited by bots and spyware/adware programs over the same period in 2004. McAfee’s research also shows that the number of computer vulnerabilities increased by 5% to 1000 in the second quarter in 2005.

Apparently we are not writing any safer code, we are not plugging security holes fast enough, and malicious bots can’t infect enough PCs. No real news there. And to top it off,

McAfee also warned that researchers have discovered a new method for
hacking cell phones using the Bluetooth wireless protocol. The
technique allows an attacker with special equipment to connect to a
Bluetooth handset without authorization.

[Via IT Facts -]

The Anti-Spyware coalition is on its way to accomplishing an important goal - agree on what is the definition of "spyware." It is interesting how this group made effort to publicize that they "almost" reached an agreement leaving us to guess on what the final definition of spyware would be.

The group, made up of makers of anti-spyware software, will release a
proposed definition of spyware and a common lexicon, said Ari Schwartz,
an associate director at the Center for Democracy and Technology, which
has led the work of the group. Various consumer and industry
organisations helped in the effort, he said.

[Via ZDNet UK, UK -]

Interesting piece of statistics,

In the twelve months ending in May 2005, an estimated 73 mln US adults
who use the Internet said they definitely, or think, they received an
average of more than 50 phishing e-mails.

The people who received a phish email, clicked on it, and entered their personal information without even realizing that they identity just got stolen are not accounted in this number. Even without this, the number is staggering/.

[Via IT Facts -]

Hacking becomes a profitable specialty, maybe some colleges should consider offering degrees in computer hacking, considering the potential payouts. News.com writes how yesterday’s hackers were about bragging rights, while today’s hackers are in it for the financial benefit.

Today, they [hackers] use their skills for profit. They hunt for security flaws
and find ways to exploit them, hijack computers and rent those out for
use as spam relays, or participate in targeted attacks that steal
sensitive information from individuals or spy on businesses.

"In the last year, we have seen a dramatic shift to hacking for
financial gain," said Oliver Friedrichs, a senior manager at Symantec
Security Response. "The benefit of creating a widespread worm on the
Internet has really been superseded by the potential of monetary gain."

So, with IT outsourcing at a high level, what are all these jobless programmers to do? Answer is apparently clear to some of them - go underground.

[Via CNET News.com -]

Not like this would stop identity theft, but it is somewhat puzzling how after all the publicity of the high profile data breaches in major banks, one third of all credit card companies still require a SSN for authenticating their customers.

Javelin Strategy & Research sent us some numbers regarding its
survey of credit card issuers and ways to prevent identity theft. 64%
of issuers still require full 9-?digit social security numbers when
accessing online account information or phone support.

[Via IT Facts -]

How many people have "sniffed" for Wi-Fi networks that their neighbors have left open? How many people have connected to these networks, at least once, just to "see if it really works?" And how many people are actually reading this page from somebody else’s Wi-Fi connection? Chances are that if you answered to one of these questions with "Yes" then you might be the next target of a felony prosecution.

The Saint Pete Times has a story about Benjamin Smith III who was arrested for stealing a wi-fi signal in Saint Petersburg, Florida, where apparently wardriving is considered a third degree felony.

[Via Slashdot -]

MessageLabs is pushing the "panic" button on a new outbreak of emails that install trojans on victims’ computers,

MessageLabs said it has blocked 54,000 copies of new Downloader Trojans since 6 p.m. PDT on Wednesday.

[Via ZDNet -]

« Previous entries Next entries »