Indonesian and Australian police officially launched a joint project called the Cyber Crime Investigation Center. The center was officiated by Indonesian National Police chief Gen. Timur Pradopo and Australian Federal Police chief Comr. Tony Negus at the National Police Headquarters in Jakarta on Thursday.
Timur said the center had been planned since six months ago.
"Today, we launch the center, which will be equipped with tools needed to carry out cyber crime investigation," Timur said, adding that its communication technology equipment was being provided by the Australian government."Of course, this [center] will improve our capacity to detect and [investigate cyber] crimes, particularly transnational crimes," he said.
Negus said the center would allow the Indonesian National Police to deal with technology and IT-related crimes. He added that the Australian police force was looking to forge cooperative agreements in its investigation of transnational crimes, not only in region but also across the world.
------------------------------------------------------------------------------
TDSS rootkit infects 1.5 million US computers
Millions of PCs around the world infected by the dangerous TDSS ‘super-malware’ rootkit as part of a campaign to build a giant new botnet. The report is presented by researchers from security firm Kaspersky Lab.
TDSS also known as ‘TDL’ and sometimes by its infamous rootkit component, Alureon. It has grown into a multi-faceted malware nexus spinning out ever more complex and dangerous elements as it evolves.
Kaspersky Lab researchers were able to penetrate three SQL-based command and control (C&C) servers used to control the activities of the malware’s latest version, TDL-4, where they discovered the IP addresses of 4.5 million IP PCs infected by the malware in 2011 alone. Almost 1.5 million of these were in the US.If active, this number of compromised computers could make it one of the largest botnets in the world, with the US portion alone worth an estimated $250,000 (£155,000) to the underground economy.
The researchers noticed a kad.dll component of the infection which appears to allow TDSS/TDL-4 an elaborate C&C channel to control bots using the Kad P2P file exchange network even if the primary encrypted channel has been shut down by rival botnetters or security companies.
“We don’t doubt that the development of TDSS will continue,” said Kaspersky researcher, Sergey Golovanov, who performed the latest analysis of TDSS. “Active reworkings of TDL-4 code, rootkits for 64-bit systems, the use of P2P technologies, proprietary anti-virus and much more make the TDSS malicious program one of the most technologically developed and most difficult to analyse.”
------------------------------------------------------------------------------
Finally, Free Personal Online Protection from Hackers
Every week we seem to be reading about another global business giant being the victim of online security breaches. Millions of Sony accounts were targeted, the IMF has fallen foul of hackers and even Google hasn’t escaped the attack. So where does this leave your average man on the street? If three of the biggest online businesses in the world can’t keep the hackers out, how can we?
Well today internet security expert CertiVox is set to revolutionize secure online information exchange with the launch of its free PrivateSky service – and change the way average Joe protects his online information forever. Currently available for PC users, PrivateSky, the new personal information security solution, will give its users complete peace of mind by allowing them to quickly and easily secure their web-based messaging – including Google Mail, Hotmail and Facebook among others. Despite a flurry of online announcements, urging users to ensure all URL addresses they are using start with ‘HTTPS’, this doesn’t help to secure personal data that is maliciously compromised because of lax security at an online services provider, or when your personal webmail or social network account is compromised. With the PrivateSky Connector installed, anything typed into any web page text entry box – including all blog posts, social networking comments, forum entries, web-based email and more – can be uniquely encrypted with a single click. The PrivateSky platform employs CertiVox’ innovative non-interactive key agreement technology which provides end to end encryption by issuing the user just one key – the Sky Key, which, unlike public / private key based encryption systems, recipients do not have to be pre-registered with PrivateSky to receive protected messages. The Sky Key enables PrivateSky to address privacy, authentication, integrity and non-repudiation without any of the usual complexity, cost or management overhead often found in other public/private key protocol. Offering simplicity and ease of use, there will be no need for usernames, passwords, certificates or complex workflows. CertiVox’s PrivateSky Connectors for Microsoft Silverlight and Internet Explorer deliver all the privacy, authentication, message integrity and benefits of AES encryption – virtually eliminating the threat posed by phishing attacks. Brian Spector, CEO and founder of CertiVox, said their aim was to improve security in an area that has not been served well until now. He added: “The individual’s right to protect their data on the web has been ignored by the security industry and, as a consequence, is now being abused. We are offering the PrivateSky service for free to users to improve their information security.
“Until now, only large enterprises and governments have been able to adopt the complex and expensive techniques required to secure information exchanges. CertiVox’s breakthrough key distribution technology means that individuals now have access to the same sophisticated information security techniques used by governments and the military – direct from their browsers. And the best part is it’s completely free.”
------------------------------------------------------------------------------
Children using iPads at school can be better protected online after UK cloud computing company Westcoastcloud adapted its award-winning esecurity product to work on the Apple tablet.
Westcoastcloud has developed its cloud based security service Netintelligence to give education officials the ability to block harmful content and control what websites pupils are able to access on iPads issued by their school.
Bill Strain, director of Westcoastcloud, said: “For several years our child safety software has been used to protect children from harmful and inappropriate content when using standard laptops and desktop PCs in schools. With a growing number of schools now issuing iPads to their pupils, we realised there was a need for education authorities to be able to filter and block content centrally on these devices as well.” The new Netintelligence safety product for iPads was unveiled by Westcoastcloud on the day the UK Council for Child Internet Safety holds its second annual summit in London. The summit comes a week after the Government published a review by Reg Bailey, chief executive of the Mothers’ Union, on the sexualisation and commercialisation of children. Entitled ‘Children 2.0 – Safe, Sociable, Connected!’ the summit is being held to discuss ground-breaking new practice and technologies to protect children online and is being addressed by Children and Families Minister Tim Loughton and psychologist and broadcaster Professor Tanya Byron. Children’s Minister Tim Loughton said: “New technology has an amazing ability to educate and entertain, but it also has the ability to expose children to danger. Industry and retailers have a part to play in helping to keep children safe online.
“That is why I welcome Reg Bailey’s recommendations, to make it easier for parents to block adult material on the internet, in his review into the Commercialisation and Sexualisation of Childhood. This review is a real opportunity for the IT industry to act decisively to develop effective parental controls, so that they are simple enough for the average busy parent to use.
“Through UKCCIS industry have already started to act. I commend the responsible actions of all UKCCIS members to promote online safety and I look forward to continuing to work with industry to support parents and protect children.”
Westcoastcloud’s Bill Strain, who is also speaking at the conference, added: “Children’s safety online is a critical issue for everyone involved in education and also for us as leaders in this field within the IT industry. The growing use of tablets in schools means authorities are once again being challenged by technology to find new ways of preventing pupils gaining access to inappropriate material over the internet. We have worked with a number of local councils and education authorities to help protect children online through their laptops and desktops and we hope that we can now help them manage the new security issues raised by the introduction of iPads.” Westcoastcloud’s new Netintelligence solution will give education officials the ability to manage user activity on all internet-connected iPads, laptops and desktops used in a school through one central control panel. Easy to install and use, it collects URLs and categorises them according to the harmful or inappropriate nature of their content. This then allows a school or education authority to set up filtering and blocking policies to control which websites can be accessed through the iPad. If a pupil tries to access a website that is blocked a message will appear on the screen of the tablet saying that the website is blocked and that they should speak to their Netintelligence operator within the school. The Netintelligence product for iPads will also be available for iPhones. It works with iOS, Apples’ mobile operating system. It is nearing the end of its development stage and is due to be submitted to Apple for approval this summer. Earlier this year Children and Families Minister Tim Loughton presented Netintelligence with the UK’s first Kitemark certificate for Child Safety Online (PAS 74:2008 Internet Safety). The Kitemark, awarded by the British Standards Institution (BSI), aims to give parents and carers confidence in the internet filtering products available to help them limit the amount of harmful content seen by their children. Last year Netintelligence was named Security Project of the Year at the inaugural UK Computing Security Awards for its role in protecting the 270,000 laptops issued to low income families under the Government’s Home Access Scheme. Westcoastcloud is part of AIM-listed iomart Group plc, one of the UK’s leading managed hosting and cloud computing companies, which recently announced a rise in pre-tax profits of 618% to £25.3m.
------------------------------------------------------------------------------
Old security holes increasingly popular among online criminals
When infecting PCs, online criminals are increasingly benefiting from uninstalled updates for browsers and their components.
Research carried out by G Data Security Labsindicates that unclosed security holes in browser plug-ins are very much in fashion with bands of cyber criminals. This distribution concept means that current security holes are far from being the only ones exploited by the perpetrators, as evidenced in the current malware analysis for the month of May 2011. In the previous month alone, four of the Top 10 computer malware programs had been targeting Java security holes for which Oracle had been offering an update since March 2010. The German IT security provider has noted another increase in malware that installs adware or tries to lure users to install bogus antivirus programs. According to estimates by G Data experts, the malware industry has been focusing on Java security holes since the end of last year. This kind of computer malware is already dominating the malware landscape and has recently ousted PDF security holes from the Top 10. “Even though an enormous number of program updates are being provided, users should not be fooled into deactivating automatic update functions. Not only does this apply to Java, but it should also apply in general to all browser plug-ins used and all applications installed on the PC,” recommends Ralf Benzmüller, head of G Data SecurityLabs. Users can go to the websitewww.java.com to carry out a quick check as to whether they have installed the most up-to-date Java version and all corresponding updates on their computer. Potentially Unwanted Programs (PUP) Experts at G Data SecurityLabs have noted another increase, this time among malware that installs unwanted software, called PUPs, on PCs. In recent months two kinds of malware from this category have made it into the G Data malware Top 10 – Variant.Adware.Hotbar.1 and Trojan.FakeAlert.CJM. The programs function in different ways to one another, ranging from unwanted advertising displays or installing spyware to marketing bogus antivirus programs (scareware). For example, Trojan.FakeAlert.CJM tricks browser users into believing that the computer is infected. They can only disinfect their system by purchasing the “antivirus program” being advertised. Victims who fall for this scam purchase a completely useless and often dangerous software program which, instead of offering protection, only downloads and installs more malware, in order to steal personal data.