Evolution of the Internet: Security

privacy

Privacy

"You already have zero privacy -- get over it." ~Scott McNealy
"Publicy will replace privacy. Privacy will appear quaint, like wearing gloves and veils in church." ~Stowe Boyd
"Sharing is ... the new normal. There are too many benefits to living with a certain degree of openness for Digital Natives to ‘grow out of it.’ Job opportunities, new personal connections, professional collaboration, learning from others' experiences, etc., are all very powerful benefits to engaging openly with others online, and this is something that Gen Y understands intuitively." ~Matt Gallivan
"Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds." ~John Perry Barlow

security [HSW]; online privacy, consumer privacy; identity management; identify theft [HSW]
proxy server; anonymous browsing [HSW]; Haystack; Tor (anonymity network); obfuscator
Virtual Private Network (VPN) [HSW]
Flash cookie; TRUSTe; Electronic Privacy Information Center

Lawmaker (Rep. Cliff Stearns) promises new online privacy legislation
The Footprints of Web Feet (voluntary sharing of web history: Dscover.me, Sitesimon.com, Voyurl.com )
Judge Lets Sony Unmask Visitors (IP addresses) to PS3-Jailbreaking Site
The Web Means the End of Forgetting
The Web's New Gold Mine: Your Secrets
Web's Hot New Commodity: Privacy (commissions)
Companies Try to Avoid Data Privacy Regs with Voluntary Effort (Better Advertising Project's Open Data Partnership)
Esther Dyson: Privacy Is a Marketing Problem
Microsoft Quashed Effort to Boost Online Privacy
Privacy is Hard Because People Change Their Minds
Online privacy standards for parents and employers should not be the same
Some Data-Miners Ready to Reveal What They Know
Resisting the Online Tracking Programs
The first truly honest privacy policy ;-)
Do You Know Who's Tracking You on the Web? (don't track me feature)
We Fear for Our Online Privacy, But Do Little to Protect It
In Online Privacy Plan, the Opt-Out Question Looms
Targeting Practices: How Can Online Advertising Companies Be Kept from Tracking Web Surfers?
History Sniffing: How YouPorn Checks What Other Porn Sites You’ve Visited and Ad Networks Test The Quality of Their Data
Amazon wins fight to keep customer records private (NC sales tax)
Privacy: How to Avoid the “Third Rail” of Online Services
Shunned Profiling Technology (deep packet inspection) on the Verge of Comeback
Rapleaf’s Web: How You Are Profiled On The Web

Most People Google Themselves Now
Slow-Going for Web-Privacy Software
LH: Secure Your Online Life the Easy Way
LH: Top 10 Privacy Tweaks You Should Know About
HSW: Can the government see what Web sites I visit?
LH: What "Do Not Track" Is and Why It’s Important

dog

Anonymity, Identity, Impersonation

"It's impossible to move, to live, to operate at any level without leaving traces, bits, seemingly meaningless fragments of personal information." ~William Gibson
"On the Internet, nobody knows you're a dog." ~Peter Steiner, New Yorker, 1993. [cartoon]

Facebook Comments: The Death of Online Anonymity (on blogs, etc.)
Star must identify anonymous posters to website, judge rules
Air Force Seeks Fake Online Social Media Identities
The need to protect the internet from 'astroturfing' grows ever more urgent (fake grassroots campaigns; persona management software)
In Europe, a Right to Be Forgotten Trumps the Memory of the Internet
The Internet Should Not Be Anonymous (an Internet with total anonymity is total anarchy)
Where Anonymity Breeds Contempt (trolls)
Online Impersonation Ban Proposed ('e-personation')
Taking the Mystery Out of Web Anonymity
Should Anonymous Comments be a Right?
No anonymity on future web says Google CEO
Chinese Online Game Law Requires Real-name Registration
Ohio Senator Introduces Bill That Would Let Ex-Convicts Try To Erase Online Information About Their Arrest
Online impersonation banned starting in New Year (in CA)
California bans malicious online impersonation
LH: Five Best VPN Service Providers
Ultimate Privacy: How to Disappear, Erase Digital Footprints & Vanish Without a Trace

passwords

Authentication: Passwords

"Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months." ~Clifford Stoll

authentication [HSW]: CAPTCHA [HSW], encryption [HSW] (PGP: privacy technologies)

The best Web security against hackers and spammers: advanced math! ("Hardest CAPTCHA ever?")
Survey Reveals How Stupid People are With Their Passwords
How Apple and Google Will Kill the Password
2011 Trends: National Strategy for Trusted Identities in Cyberspace highlights key online privacy, security challenges
Say Goodbye to All Those Passwords (Commerce Dept. backing a new online security system that could boost e-commerce by requiring a single sign-on for multiple websites)
Study Reveals 75 Percent of Individuals Use Same Password for Social Networking and Email
A Strong Password Isn’t the Strongest Security
How secure is your e-mail password?
Passwords are the weakest link in online security
Study: Too Many Users Reuse Passwords

Google: Change Your Password Twice a Year to Keep Safe
How often should you change your password?
Set Up Google’s Two-Step Verification Now for Seriously Enhanced Security for Your Google Account
Turning on 2-step verification: Installing Google Authenticator
LH: How to Choose and Remember Great Passwords that Live in Your Head: Video Edition
LH: The Problem with Using the Same Password Everywhere, Illustrated
LH: Five Best Password Managers: KeePass; Roboform; LastPass; SplashID; 1Password
LH: Test Your Password Strength at How Secure Is My Password: howsecureismypassword.net
LH: How to Update Your Insecure Passwords and Make Them Easy to Use
Facebook HTTPS: False sense of security?
How To Protect Your Login Information From Firesheep
How To: Avoid Getting Fleeced By Firesheep (on Facebook, Twitter, Flikr)
LH: How to Keep Your Facebook Secure by Enabling HTTPS

kid safety

Children

Now Parents Can Hire a Hall Monitor for the Web
Young will have to change names to escape 'cyber past' warns Google's Eric Schmidt
On the Web, Children Face Intensive Tracking
Keeping Track of the Kids
Study: 92% of U.S. 2-year-olds have online record
Lower Merion School District settles webcam lawsuits

shopping

Shopping

How to stay safe on Cyber Monday
7 Scams to Avoid from Cyber-Scrooges (iPad; Gift Cards(2); E-Cards; Credit Cards; Links; Charities)
Don't Get Hacked For the Holidays
Ad Group Unveils Plan to Improve Web Privacy
Inside the cookie monster - trading your online data for profits
Online Ads, Privacy Remain in FTC Crosshairs
For E-Data, Tug Grows Over Privacy vs. Security
The Economics of Privacy Pricing
FTC Leaning Toward Do-Not-Track List for Online Ads
It's Modern Trade: Web Users Get as Much as They Give
Retargeting Ads Follow Surfers to Other Sites
The Risks and Rewards of Deal-Hunter Apps

malware

Malware

"By the end of 2007, 75 percent of enterprises will be infected with undetected, financially motivated, targeted malware that evaded their traditional perimeter and host defenses." ~Ken McGee, Gartner Group
"If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked." ~Richard Clarke, White House Cybersecurity Advisor
"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology." ~Bruce Schneier
"The stupid government should just stay out of our affairs. People know the risks, let them lose their money at their own discretion." ~Jennifer Clason, convicted spammer
"Failure is not an option -- it comes bundled with Windows." ~Anonymous
"Spam will soon be a thing of the past." ~Bill Gates, 2004
"In God we trust, all others we virus scan." ~Anonymous

malware [video; 2:32]: adware, botnet, hacker (black hat) [HSW], phishing [HSW], spam [HSW], spyware [HSW], trojan [HSW], virus [HSW], worm [Conflicker], zombie [HSW]
rootkit; firewall [HSW]; buffer overflow; drive-by-download; Denial of Service (DoS) attack; Spamdexing
cookie poisoning; honeypot; penetration test; cross site request forgery
October: National Cyber Security Awareness Month

Hackers Target France, South Korea, WordPress
Malware-laden sites double from a year ago (=1M @ 2010 Q4)
WordPress DDoS Attacks Primarily From China, Possibly Politically Motivated
ChronoPay’s Scareware Diaries (fake AV via Russian online payment processor)
A letter on behalf of the world’s PC fixers ;-)
Cyber criminals strike at ad networks -- again ('malvertising' via London Stock Exchange)
Top 10 Web Hacking Techniques of 2010 Revealed
As PC Virus Turns 25, New Worry Emerges: Attack Toolkits
25 Years of Digital Vandalism (virus writers; DRM gone bad?)
Five 2010 (Security) Stories That Nobody Predicted
5 New Online Security Threats to Avoid: Clickjacking; Fake surveys; Rogue applications; Amazon vulnerability; Spearphishing
Hacker warning over internet-connected HDTVs
Study: Fifth of Facebook users exposed to malware
Web-Users Fall For Fake AV
Inside Google's Anti-Malware Operation
Buffer overflows: Reasons to apply mundane-sounding software fixes
Microsoft sees "unprecedented wave" of Java malware exploits
A Silent Attack, but Not a Subtle One
Drive-By Malware Blocked By New Tool (BLADE)
Goodbye Internet, We Hardly Knew Ye? (The Internet, as we once knew it, will be under renewed attack next year)
Urban model for cybersecurity educ: San Diego

Report Reveals the Riskiest Web Domains to Visit
LH: The Computer Attacks You've Never Heard Of: Smishing ("SMS phishing"); Botnet (Zombie PCs); BlueBugging; Pod Slurping; Ransomware; Scareware; Sidejacking; Black Hat; White Hat; Worm; Trojan Horse; Phishing; Script Kiddies; Keylogging; Social Engineering; Crapware
LH: Enhance Your Security This Weekend
32 Ways to Protect and Defend Your Digital Life
LH: Why We Hack: The Benefits of Disobedience
EFF to Verizon: Etisalat Certificate Authority Threatens Web Security
Most Hacking Victims Blame Themselves
1 in 10 Americans prefer colonoscopies to PC security
New Class of Malware Will Steal Behavioral Patterns (from social networks)
'Scrapers' Dig Deep for Data on Web
Help! My PC is infected with malware (FAQ)
Security doesn't have to be complicated
LH: What’s the Difference Between Viruses, Trojans, Worms, and Other Malware?
LH: How to Block Abusive or Unfriendly Email
LH: Is Hiding Your Wireless SSID Really More Secure?
HSW: 10 Worst Computer Viruses of All Time
HSW: How do viruses and worms spread in e-mail?
HSW: How does a logic bomb work?
HSW: How eFencing Works
HSW: How to Avoid Spyware
HSW: How to Detect Online Scams
HSW: Top 5 Internet Security Videos: spam, 2:12; scams, 3:45; MySpace, 2:55; fraud&virus, 6:08; hack this!, 2:00
HSW: How to Fix Your Zombie Computer
HSW: How to Scan for and Remove Spyware
HSW: computer security quiz (10)
HSW: How to Know if Your Computer is Infected with a Virus
A Badge That Tells Consumers, ‘Trust This App’ (TRUSTe)
IdM Policy Audit System (Trust and Identity)
LH: How to Stay Safe on Public Wi-Fi Networks
A flood of phishing sites and how to avoid them
LH: Why You Should Use Ad Block Extensions, Even if You Don't Block Ads
Is your PC a sitting duck for hackers?
HSW: Is it against the law to violate a Web site's terms of service?

cybercrime

Crime

"Cybercrime More Lucrative Than Drug Trade" ~(fake factoid)
"Want to Make $$$$ with your Computer? No Risk! Simply press shift-4 four times in a row" ~Anonymous

cybercrime, cyberlaw
advance fee fraud, 419 fraud, Nigerian bank scam (2005 Ig Nobel prize in Literature)
pornography; spamdexing; (ad) click fraud [HSW]

A Look Inside the Bustling Cybercrime Marketplace (Underground Forums; Internet Relay Chat (IRC) channels; Instant Messaging (IM); Social Networks)
Should we cheer or fear cyber vigilantes like Anonymous?
Cybercrime: A Recession-Proof Growth Industry
Time To Stop Being So Fascinated With The Cyber- Part Of Cybercrime (it's just crime)
Tons of Computers Still Infected With Conficker Worm, Apparently
The Great Cyberheist (online accounts)
New type of financial malware (Oddjob Trojan) hijacks online banking sessions (even after victims log out)
Attackers' Subtle Markets Manipulation Could Tilt Global Economies
Chinese Hackers Called Sloppy but Persistent ('Night Dragon')
Organized Crime: The World's Largest Social Network
Your Guide to Crimeware Apps (ZeuS Builder; Bugat; SpyEye; Low Orbit Ion Cannon)
Oil Firms Hit by Hackers From China, Report Says
How Much Does Identity Theft Cost? [INFOGRAPHIC]
Attacker (Koobface worm) That Sharpened Facebook’s Defenses
Virus Leads to $20 Million Scam (by repairman)
NSA chief envisions 'secure zone' on Internet to guard against attacks
Compromise turns Kaspersky site into malware hub
The Internet and the death of ethics
Microsoft confirms Russian pill-pusher attack on its network
The Anthropology of Hackers
Politically motivated cyber attacks
Google's CEO: 'The Laws Are Written by Lobbyists'
Twitter worms spread quickly thanks to blatant security flaw
Don’t Click The WTF Link On Twitter Unless You DO Like Sex With Goats
LinkedIn Users Targeted with Fake "Contact Requests" to Spread Malware
Malware Targeting Top News Sites, Message Boards
Mail Tribune: High-tech task force lifts veil off online criminals
Cybercriminals Creating 57,000 Fake Web Sites Every Week
Globalization and higher Internet adoption in emerging economies help foster spam growth
Apple's Ping a Scammer's Haven?
Interpol Turns to Internet for Info on Most-wanted Suspects
Blog Platform Shut Down as FBI Probes al-Qaida Posts
Attacking the edges of secure Internet traffic
Hacker’s Arrest Offers Glimpse Into Crime in Russia
Iranian Government Running A Warez Server?
Trojan Monitors Your Porn Surfing Habits, Threatens to Blackmail You
More Than 1 Million Web Sites Serving Malware in Q2 (2010)
Commission proposes new EU cybercrime law
Your guide to the seven types of malicious hackers: 1. Cyber criminals; 2. Spammers and adware spreaders; 3. Advanced persistent threat (APT) agents; 4. Corporate spies; 5. Hacktivists; 6. Cyber warriors; 7. Rogue hackers

Platforms: Windows, Mac, Phones

20 years of innovative Windows malware
Windows to suffer fewer attacks as it loses ground to mobile (at least in non-biz world)
Cybercriminals shifting focus to non-Windows systems
Hacker Writes Easy-to-use Mac Trojan; Black Hole RAT (emote administration tool) is Really No Big Deal
Closing backdoor threats in OS X
Apple’s Security Past Defines Its Future
Cars: The next hacking frontier?
Security to Ward Off Crime on Phones

Email, Spam, Phishing

China Cleans up Spam Problem
Spam Volume Recovers After Holiday Break
Why Have Spam Levels Suddenly Fallen? (Time.com)
scam baiting; Scam Baiter Haven; 419eater
Quiz: phishing
A Day With an E-mail Scammer
1 in 10 Websites Spews Spam
FBI Claims A Third Of World’s Spam Is From One Russian Man
E-Mail Spam Falls After Russian Crackdown
Ransomware returns: 'If you ever want to see your data again...'
Shortened URL Spam Increases
Quebec spammer must pay Facebook $1 billion
Google Warning Gmail users on China Spying Attempts
Malicious HTML in E-Mail Increases

zombiepc

Botnets

Burning Question: Why Can't We Stop the Botnets?
Grumpy old botnets survive and thrive (Rustock; TDL)
Waledac Botnet Poised for a Rebound With Stolen Credentials
US eyes ways to make computer use safer online: alert customers, limit online access
Keeping the masses safe on the Internet (Stop. Think. Connect.)
Microsoft: Ban 'sick' PCs from the Internet
Should ISPs cut off bot-infected users?
Two million US PCs recruited to botnets
U.S. Reigns As Most Bot-Infected Country
The Zombie Network: Beware 'Free Public WiFi' (Windows XP feature)
Researchers Tracking Emerging 'Darkness' Botnet (successor to Black Energy and Illusion)
Raising a Botnet in Captivity
Bling Botnets Sell Gangster Lifestyle
Iranian Cyber Army Moves Into Botnets
The Rise of the Small Botnet: Smaller botnets are cheaper and easier to build out and operate, and criminals have already realized that large-scale botnets attract unwanted attention
Attackers Now Using Honeypots to Trap Researchers
What it takes to shut down a botnet

DDoS (Distributed Denial of Service)

The cyberweapon that could take down the internet (border gateway protocol) (DDoS = 'hammer'; "ZMW" = 'scalpel')
Has progress been made in fighting DDoS attacks?
Anonymous DDoS Takes Down The United States Copyright Office
Three Hackers Arrested in Wake of DDOS Attacks
Akamai says it can defend against Anon attacks

zeus

Zeus (trojan)

Summary: Zeus (&Kneber) steal login info for online social networks, e-mail accounts and online financial services by keystroke logging.
Windows-only trojan horse spread mainly through drive-by downloads and phishing schemes (e.g., from Facebook, Verizon Wireless).
Botnet of 3.6 million infected computers in US alone; 5 most infected/affected countries: Egypt, US, Mexico, Saudi Arabia, and Turkey

Global Cyber Scheme (Zeus) Hits Bank Accounts
Zeus botnet thriving despite recent arrests
Zeus Trojan Bust Reveals Sophisticated 'Money Mules' Operation in U.S.
UK-based (East Eur.) gang arrested for stealing millions using Zeus
Two years late, Microsoft finally zaps Zeus (Malicious Software Removal Tool (MRT))
ZeuS baddies copy Conficker tactics
Next Generation Banking Malware Emerges After Zeus (merging w/ SpyEye)
Zeus Botnet Targets Holiday Shoppers

cyberwar

Government: Cybersecurity, Cyberwar, Cyberterrorism

cyberterrorism, cyberwarfare
National Cyber Security Center

South Korea Says Government Websites Attacked (DDoS), Issues Alert
Iranian cyber army strikes again -- hitting Voice of America
Cyber War Mass Hysteria Is Hindering Security
Pentagon Seeks $500 Million for Cyber Technologies
Foreign hackers attack Canadian government
Obama seeks big boost in cybersecurity spending
A Civil Perspective on Cybersecurity
U.S. Has Secret Tools to Force Internet on Dictators
The Internet Goes to War (DDoS)
The Dogs of Cyber War Visualized
We need ‘cyberwar hotlines’ to match nuclear hotlines; governments should sign cyber security ‘treaties’ to tame online threats
It will soon be too late to stop the cyberwars
How The Defense Department And NSA Is Hyping Cyberwar To Better Spy On You
Inside DHS' Classified Cyber Coordination Headquarters
U.S. mounting first test of cyber-blitz response plan
DHS Launches Cyber Attack Exercise (Cyber Storm III)
Iran announces launch of new cyber police units
Experts Weigh in on Cyber War Report
Q&A: Threat of cyberwar is "over-hyped"
The Cold War: Then and now
US Cyber Command achieves 'full operational capability,' international cyberbullies be warned
Pentagon's Cyber Command seeks authority to expand its battlefield
Researchers Predict More State-Sponsored Cyber Attacks and Mobile Data Breaches in 2011
Korea attacks force DDoS bunker creation
NSA considers its networks compromised
Got $500? You can buy a hacked U.S. military website
Is retaliation the answer to cyber attacks?
"Cyber" Warfare, Hot Coffee, and How to Earn Millions by Making China Scary
?? Scholars Say (ACTA) International Property Accord Needs Senate Approval
(NewYorker) The Online Threat: Should we be worried about a cyber war? (vs. cyber espionage)
Cybersecurity: Our Shared Responsibility (DHS)
Pentagon Will Help Homeland Security Department Fight Domestic Cyberattacks
Chertoff advocates cyber Cold War
U.S. Cyber Command slips behind schedule
Military’s Cyber Commander Swears: “No Role” in Civilian Networks
Special report: The Pentagon's new cyber warriors
Cyberwarrior Shortage Threatens U.S. Security
Cyber Command chief details threats to U.S.
Closing The Cybersecurity Gap In Government
Former NSA Director: Countries Spewing Cyber Attacks Should Be Held Responsible
NSA Director Says U.S. Has a Duty to Secure the Internet
Military Computer Attack Confirmed
Cyberwar Chief Calls for Secure Network
Seeing The Internet As An 'Information Weapon'
Cyber warfare already here, UK spy agency chief says
House bill would give DHS authority over private sector networks (Homeland Security Cyber and Physical Infrastructure Protection Act of 2010)
HSW: What does the U.S. cybersecurity czar do?

stuxnet

Stuxnet (worm)

Target: Siemens industrial control systems connected to Windows PCs (worm spread via USB sticks); Iran (nuclear centrifuges, facilities?), Indonesia, India, ...
Origin: likely nation-level; Israel, US, NATO, ??
Clues/Distractions: MYRTUS (Hadassh vs. My RTUs)? 19790509 (date? Habib Elghanian execution in Iran; Unabomber killing)?

A Declaration of Cyber-War (Stuxnet)
If Stuxnet Was Act of Cyberwar, Is US Ready for a Response? ("no")
Iran Reports a Major Setback at a Nuclear Power Plant
The Lesson of Stuxnet and Aurora: Get Back to Basics or Get Owned (SQL injection, phishing, malicious attachments, social engineering)
Malware Aimed at Iran Hit Five Sites, Report Says
'Anonymous' Claims Possession Of Insidious Stuxnet Virus
Stuxnet Questions and Answers
Stuxnet: Fact vs. theory
Stuxnet: the story
Report Fuels Suspicion That Stuxnet Harmed Iran's Nuke Plant
From Bullets to Megabytes (Stuxnet)
Stuxnet Authors Made Several Basic Errors
Israel Tests on Worm Called Crucial in Iran Nuclear Delay
Stuxnet’s Finnish-Chinese Connection
Stuxnet virus set back Iran’s nuclear program by 2 years
Ahmadinejad Publicly Acknowledges Stuxnet Disrupted Iranian Centrifuges
Clues Suggest Stuxnet Virus Was Built for Subtle Nuclear Sabotage
Worm Can Deal Double Blow to Nuclear Program
Worm Was Perfect for Sabotaging Centrifuges
Rethinking Stuxnet
EU calls Stuxnet 'paradigm shift' as U.S. responds more mildly
Ars Technica: banned in Iran! (Stuxnet story)
Microsoft fixes record 49 holes, including Stuxnet flaw
Stuxnet Analysis Supports Iran-Israel Connections
Iran Says It Arrested Computer Worm Suspects
Iran Denies Malware Connection to Nuclear Delay
Dutch multinationals under attack from Stuxnet worm
An alarmed Iran asks for outside help to stop rampaging Stuxnet malworm
In a Computer Worm, a Possible Biblical Clue
Malware Hits Computerized Industrial Equipment
Who's Behind Stuxnet? The Americans? The Israelis?
Conflicker, the enemy within
Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?