France approves Internet piracy bill

France's lower house of parliament has approved a pioneering bill allowing authorities to cut off Internet access to people who download illegally. The bill has garnered attention beyond France, both from music and film industries struggling to keep up official revenue and from privacy advocates who say it threatens civil liberties. The measure passed Tuesday in the National Assembly following approval by the Senate in July. It must clear another hurdle to become law, gaining approval from a small committee from both houses of parliament. Under the bill, pirates who ignore e-mail warnings and a registered letter could see their Internet connections cut for up to a year. They could also face up to EUR 300,000 in fines or jail time.

http://www.ejc.net/media_news/france_approves_internet_piracy_bill/

Websense Security Labs report - State of Internet Security, Q1-Q2 2009

The first half of 2009 saw a number of big exploits and an escalation of attacks using the dynamic elements of popular Web 2.0 sites to infect users’ computers and perpetrate fraud. Additionally, the Websense Security Labs found a massive increase in the number of malicious sites which increased 233 percent over the six month period.

Attackers continued to use blended threats (spam emails with embedded URLs) to lure victims to spam and malicious Web sites with 85.6 percent of all unwanted emails in circulation during this period containing links to spam sites and/or malicious Web sites. The rise of blended threats illustrates that Web security intelligence is a critical component of any email and data security strategy.

Today’s threats are leading to the Web, whether as the vector of the attack or simply the route in which stolen, confidential data is transmitted. Further underscoring the growth of the Web as the primary threat vector, during the first half of 2009 Websense Security Labs discovered:

- 233% growth in the number of malicious sites in the last six months and a 671% growth during the last year.

- 77% of Web sites with malicious code are legitimate sites that have been compromised.

- 95% of comments to blogs, chat rooms and message boards are spam or malicious.

- 57% of data-stealing attacks are conducted over the Web.

- 85.6% of all unwanted emails in circulation contained links to spam sites and/or malicious Web sites.

These discoveries, along with details on other exploits and analysis of Web, email and data security trends during the first half of 2009 are explored in the Websense Security Labs “State of Internet Security” report.

The full report is available here: http://www.websense.com/downloadthreatreport

http://community.websense.com/blogs/websense-features/archive/2009/09/15/websense-security-labs-report-state-of-internet-security-q1-q2-2009.aspx

New Zealand to get country wide filtered internet

Owen Williams

It looks like New Zealand is set to be the next country to get country-wide internet filtering, according to a blog post on Geekzone. The New Zealand department of internal affairs has released a draft proposal that outlines the filtering system.

According to the document, the filtering system is for cases where "A person who views a website containing chid sexual abuse images is in possession of those images, if only for the period they appear on the screen. The Digital Child Exploitation Filtering System therefore will help prevent inadvertent exposure to these images and will also help prevent New Zealanders from committing crimes."

It will also instate a special group to govern which sites are and are not blocked, as pointed out in the document; "The Department will institute an Independent Reference Group (IRG) to maintain oversight of the operation of the Digital Child Exploitation Filtering System to ensure it is operated with integrity and adheres to the principles set down in this Code of Practice."

An example picture is also shown in the document that gives a rough idea of what the filtering system would present if it detected such content. It's good to know that if a page is inadvertently blocked that you are able to notify the team right away - but here's hoping they get some better web design.

http://www.neowin.net/news/main/09/09/14/new-zealand-to-get-country-wide-filtered-internet

Japan to cut off music piracy

By Robin Harding in Tokyo

Every mobile phone in Japan may be installed with software to block illegally copied music if the world's first such system is approved by talks that start in Tokyo next week.

The talks between the Recording Industry Association of Japan , mobile phone companies and music download sites aim to agree on new anti-piracy measures by the end of the year, according to several participants. A system could be in place by 2011.

Building anti-piracy software into the main device on which young Japanese people listen to music could make Japan the first country in the world to find an effective answer to illegal downloads.

Under the system proposed by the RIAJ, whenever a user tried to play a song, software in their mobile phone would ask a security server whether it is covered by copyright. If so, and the phone did not have a code to indicate it was bought legally, the song would not play.

Japan's love affair with high-tech mobile phones extends to music piracy - with songs swapped between users via message boards - rather than the computer file sharing common in the rest of the world. Mobile phones made up almost 90 per cent of the Y90.5bn ($1bn) market for legal music downloads in Japan last year.

The proposed system is possible because Japanese mobile operators control all the software in their handsets, said Yoichiro Hata, technical director of the RIAJ and a member of the working group.

http://www.ft.com/cms/s/0/bc727f48-9f34-11de-8013-00144feabdc0.html?nclick_check=1

Researchers Discover Botnet Commanded by Google Groups

by Sarah Perez

Security researchers at Symantec recently uncovered a backdoor trojan whose spread is being dictated by commands hosted in Google Groups, Google's online discussion forums. The backdoor trojan, named Trojan.Grups, appears to be the first ever malware to use an online newsgroup as the "command and control" center for botnet communications. It's certainly the first time that Google Groups specifically has been compromised in this way. This new discovery points to what appears to be the latest trend in what you could call "Web 2.0 malware," that is, nasty computer programs that don't just spread in social networks, but actually use the infrastructure of the social networks themselves to do the spreading.

http://www.readwriteweb.com/archives/botnet_commanded_by_google_groups.php

Web Censoring Widens Across Southeast Asia

Governments Lacking Technical Means Use Coercion and Intimidation in Efforts to Suppress Criticism Online

By JAMES HOOKWAY

BANGKOK -- Attempts to censor the Internet are spreading to Southeast Asia as governments turn to coercion and intimidation to rein in online criticism.

Malaysia, Thailand and Vietnam lack the kind of technology and financial resources that China and some other large countries use to police the Internet. The Southeast Asian nations are using other methods -- also seen in China -- to tamp down criticism, including arresting some bloggers and individuals posting contentious views online.

That is distressing free-speech advocates who had hoped that Southeast Asia -- until recently a region where Internet use was relatively unfettered -- would become a model of open debate in the developing world as its economies modernize.

Censorship on the March

Malaysia has recently used its colonial-era Internal Security Act, which allows detention for up to two years without trial, to muzzle bloggers. Thailand is ramping up its reliance on a recently introduced Computer Crimes Act to restrict criticism of its royal family and limit the spread of what the government calls seditious material. Vietnam, an authoritarian Communist state, has been arresting people caught posting thoughts that run contrary to government policy, and has detained lawyers who try to defend them.

"A number of governments in the region have discovered they can't use technology alone to block out dissent because people will always find a way around it," says Roby Alampay, executive director of a Bangkok-based media advocacy group, the Southeast Asia Press Alliance. "Instead they are trying to send out the message that the government is watching what their citizens are up to, and many of these arrests are deliberately high-profile."

To be sure, not every government in the region is trying to bolt down the Internet. Singapore, where mainstream media are largely controlled by the government, has taken a relatively hands-off approach to the Internet. The governments of Indonesia and the Philippines don't limit political content on the Internet in their countries.

The case of Raja Petra Kamarudin, Malaysia's best-known blogger, reveals a different approach. The 58-year-old prince, or raja, in one of Malaysia's royal families started his feisty Malaysia Today news Web site a decade ago after the arrest of opposition leader Anwar Ibrahim on sodomy charges, which Mr. Anwar denied. Mr. Anwar was convicted, jailed until the conviction was overturned, and is now being prosecuted again on sodomy charges, which he again is denying.

Since launching his Web site, Raja Petra has been a thorn in the side of Malaysia's ruling National Front coalition, posting a series of articles notable for their criticism of the government. His postings led to his detention for nearly two months under the Internal Security Act in 2008.

Malaysian authorities have accused Raja Petra of suggesting in a letter to prosecutors investigating the murder of a Mongolian model in 2006 that Prime Minister Najib Razak was involved in the killing, which Mr. Najib denies. Raja Petra was charged with sedition and went into hiding. He says the charge is misdirected because he didn't publish the letter, though he admits writing it and stands by its contents.

Malaysian government spokesman Tengku Sharifuddin Tengku Ahmad declined to comment about Raja Petra's allegations, and he didn't respond to questions about the broader issues surrounding Malaysia's approach to censorship.

Malaysia's government is careful not to be seen to be directly censoring the Internet because of a longstanding pledge not to interfere online and potentially scare off foreign technology companies, such as Microsoft Corp., which operate there.

In August, Mr. Najib's government backed off from implementing Web filters similar to those used in China to weed out certain political topics and other contentious discussions. It has also considered requiring that bloggers register with the government, but decided not to implement the rule.

http://online.wsj.com/article/SB125288982580207609.html#mod=WSJ_hpp_LEFTTopStories

ENISA Launches Guide on Mitigating Network Security Vulnerabilities, Threats and Cyber Attacks

EU Agency ENISA presents the first pan European Good Practice Guide on Network Security Information Exchange (NSIE). The main aim of this guide is to assist Member States and private stakeholders in setting up and running NSIEs at national level. The guide could also pave the way for the creation of the first pan European NSIE for critical communication networks and services.

ENISA’s stock taking and analysis[1] on this topic confirmed the importance and strategic value of information sharing. Member States are strongly interested in better understanding and deploying information sharing exchanges. They explicitly requested ENISA to develop a good practice guide based on observed practices of existing NSIEs.

The content of the guide represents the aggregation of good practices from a number of countries having significant expertise in the area and individual discussions with experts.

NSIE is a form of strategic partnership among key public and private stakeholders. The drivers for this information exchange are the benefits of members working together on common problems and gaining access to information which is not available from any other source.

NSIE is an excellent vehicle to: - better understand a changing security and resilience environment - learn in a holistic manner about intrusions, vulnerabilities and threats - develop recommendations for mitigating vulnerabilities, threats, & cyber attacks - jointly develop methods to continuously assess existing measures - provide unique insights and strategic views to policy makers and strategists.

The Executive Director of ENISA, Mr. Andrea Pirotti remarked:

“Information sharing is a crucial element in EU efforts to enhance the resilience and security of critical communication networks and services. Hopefully this guide will pave the way for an accelerated deployment of national NSIEs and consequently of pan European one”

This good practice guide is part of ENISA’s Resilience Program. It contributes to European Commission (or EU) strategy of Critical Information Infrastructure Protection (CIIP)[2]. This strategy calls for wide deployment of national NSIEs and the creation of a pan European Public Private Partnership for Resilience.

http://news.hostexploit.com/index.php?option=com_content&view=article&id=1906:enisa-launches-guide-on-mitigating-network-security-vulnerabilities-threats-and-cyber-attacks&catid=1:cyber-warfare&Itemid=28/

FCC may seek broader authority over ISPs

The FCC may ask Congress to allow the agency to collect data on outages of network Internet connections from cable companies and other ISPs in times of emergency, according to Jamie Barnett, chief of the FCC's Public Safety and Homeland Security Bureau. Under current rules, the FCC can review landline and cellular Internet networks, but has less ability to regulate Internet services provided by "information services" like cable.

http://online.wsj.com/article/SB125242431886592667.html

China Web sites seeking users’ names

News Web sites in China, complying with secret government orders, are requiring that new users log on under their true identities to post comments, a shift in policy that the country’s Internet users and media have fiercely opposed in the past. Until recently, users could weigh in on news items on many of the affected sites more anonymously, often without registering at all, though the sites were obligated to screen all posts, and the posts could still be traced via Internet protocol addresses. But in early August, without notification of a change, news portals like Sina, Netease, Sohu and scores of other sites began asking unregistered users to sign in under their real names and identification numbers, said top editors at two of the major portals affected. A Sina staff member also confirmed the change. The editors said the sites were putting into effect a confidential directive issued in late July by the State Council Information Office, one of the main government bodies responsible for supervising the Internet in China. The new step is not foolproof, the editors acknowledged. It was possible for a reporter to register successfully on several major sites under falsified names and ID and cellphone numbers. But the requirement adds a critical new layer of surveillance to mainstream sites in China, which were already heavily policed. Further regulations of the same nature also appeared to be in the pipeline.

http://www.ejc.net/media_news/china_web_sites_seeking_users_names/

World War 3.0: 10 Critical Trends for Cybersecurity

The Internet, private networks, VPNs, and a host of other technologies are quickly weaving the planet into a single, massively complex "infosphere." These connections cannot be severed without overwhelming damage to companies and even economies. Yet, they represent unprecedented vulnerabilities to espionage and covert attack.

"Cybersecurity is the soft underbelly of this country," outgoing U.S. National Intelligence Director Mike McConnell declared in a valedictory address to reporters in mid-January. He rated this problem equal in significance to the potential development of atomic weapons by Iran.

McConnell does not worry so much that hackers or spies will steal classified information from computers owned by government or the military, or by contractors working for them on secret projects. He is afraid they will erase it and thereby deprive the United States of critical data. "It could have a debilitating effect on the country," he said.

With this concern in mind, Forecasting International undertook a study of factors likely to influence the future development of information warfare.

Real-world attacks over the Internet also are possible. In March 2007, the Department of Energy's Idaho National Laboratory conducted an experiment to determine whether a power plant could be compromised by hacking alone. The result was a diesel generator smoking and on fire due to some malicious data that could easily have been sent to it over the Internet from anywhere in the world. In January 2008, a CIA analyst told American utilities that hackers had infiltrated electric companies in several locations outside the United States. In at least one case, they had managed to shut off power to multiple cities.

We conclude that information warfare will be a significant component in most future conflicts. This position is in line with both U.S. military doctrine and white papers published by the Chinese People's Army. One study affirms that as many as 120 governments already are pursuing information warfare programs.

Repeated reports Relevant Products/Services that Chinese computer specialists have hacked into government networks in Germany, the United States, and other countries show that the threat is not limited to relatively unsophisticated lands. A 2007 estimate suggested that hackers sponsored by the Chinese government had downloaded more than 3.5 terabytes of information from NIPRNet, a U.S. government network that handles mostly unclassified material. More disturbingly, The Joint Operating Environment 2008: Challenges and Implications for the Future Joint Force (the JOE) comments that "our adversaries have often taken advantage of computer networks and the power of information technology not only to directly influence the perceptions and will of the United States, its decision-makers, and population, but also to plan and execute savage acts of terrorism."

Many factors guarantee that the role of information warfare in military planning and operations will expand greatly in the next two to three decades. These include the spread of new information technologies such as Internet telephony Relevant Products/Services, wireless broadband, and radio-frequency identification (RFID); the cost and negative publicity of real-world warfare; and the possibility that many information operations can be carried out in secret, allowing successful hackers to stage repeated intrusions into adversaries' computer networks.

http://news.hostexploit.com/index.php?option=com_content&view=article&id=1830:world-war-30-10-critical-trends-for-cybersecurity&catid=1:cyber-warfare&Itemid=28/