Tech News
Reading the news of Egypt\'s Internet crackdown, CIOs around the world may be wondering how their companies would fare if such a situation happened in their home countries. Especially with the increased adoption of cloud-hosted applications and IT computing services, the notion of a countrywide Internet access blackout is bound to rattle IT executives. And it should, according to Eric Paulak, a Gartner analyst. \"This scenario isn\'t so far-fetched. It\'s just that you don\'t necessarily hear about it,\" he said in a phone interview. Virtually every country\'s government reserves the right to temporarily nationalize and control what\'s considered critical infrastructure, which usually includes mobile networks, fixed-line telecommunications and Internet backbone systems, Paulak said. Governments can invoke that right during national emergencies, whether they be natural disasters, terrorist attacks or any other incident that qualifies as such under a country\'s legal code. \"Theoretically this can happen anywhere, although the likelihood is pretty low,\" Paulak said. \"However, because of that legal authority most countries have, the Internet, the mobile networks and the fixed-line phone networks could be cut off.\" \"Do you [as a CIO] need a contingency plan? Absolutely,\" he added. A first step for CIOs and business managers should be to do an honest, realistic assessment of the possibilities that their company could find itself, through no fault of its own, in a nationwide Internet blackout.
Microsoft today warned Windows users of a new unpatched vulnerability that attackers could exploit to steal information and dupe people into installing malware. In a security advisory issued Friday, Microsoft acknowledged that a bug in Windows\' MHTML (MIME HTML) protocol handler can be used by attackers to run malicious scripts within Internet Explorer (IE). \"The best way to think of this is to call it a variant of a cross-side scripting vulnerability,\" said Andrew Storms, director of security operations at nCircle Security. Cross-site scripting bugs, often shortened to XSS, can be used to insert malicious script into a Web page that can then take control of the session. \"An attacker could pretend to be the user, and act if as he was you on that specific site,\" said Storms. \"If you were at Gmail.com or Hotmail.com, he could send e-mail as you.\" Microsoft elaborated on the threat. \"Such a script might collect user information, for example e-mail, spoof content displayed in the browser or otherwise interfere with the user\'s experience,\" said Angela Gunn, a Microsoft security spokeswoman, in a post to the Microsoft Security Response Center (MSRC) blog. The vulnerability went public last week when the Chinese Web site WooYun.org published proof-of-concept code. MHTML is a Web page protocol that combines resources of several different formats -- images, Java applets, Flash animations and the like -- into a single file. Only Microsoft\'s IE and Opera Software\'s Opera support MHTML natively: Google\'s Chrome and Apple\'s Safari do not, and while Mozilla\'s Firefox can, it requires an add-on to read and write MHTML files.
Vodafone has confirmed it believes its secure customer database has been breached by an employee or dealer who has shared the access password, revealing the personal details of millions of customers. Vodafone chief executive, Nigel Dews, says he became aware the password to the online portal had been shared when the company was tipped-off on Saturday by a newspaper reporter. He says an internal investigation is underway to work out who breached the system and how. Passwords will also be reset. Mr Dews says a full report will be delivered to him on Monday, but at this stage, he does not believe it is a widespread problem. \"It appears to have been a one-off incident, but we are investigating that thoroughly now and we will have a much better picture of that in the next 24 to 48 hours,\" he said. \"We take this data security issue very seriously. \"It\'s very important that we uphold the highest standards of data integrity for our customers.\" Mr Dews says he is not concerned about the future of the brand despite the company also facing a class action over reception and service issues.
Members of RevSpace, a hacker collective in The Hague want to teach \"Jeroenz0r,\" currently in custody for cyberattacks against Mastercard and Visa, a lesson or two to make him a real hacker. That is, an ethical hacker. The High Tech Crime Unit of the Dutch National police arrested the 16-year-old boy and confiscated his computer equipment on Wednesday night. He is accused of being a driving force behind the distributed DDoS (denial-of-service) attacks against the websites of Mastercard and Visa earlier this week. The suspect, who sports the online nickname \"Jeroenz0r,\" is a regular on the IRC chat channels of the local hacker club in The Hague called Revelation Space. Some of its members know the boy. \"What he has done is of course out of the question,\" says Koen Martens, head of Revspace in an interview with Webwereld, a Dutch IDG publication.
LimeWire, one of the world\'s most popular peer-to-peer file sharing websites, has been shut down after a four-year legal battle with the US music industry. A federal court in New York issued a \"permanent injunction\" against LimeWire late on Tuesday, ruling that the platform intentionally caused a \"massive scale of infringement\" by permitting the sharing of thousands of copyrighted works by its 50 million monthly users. Founded in 2000 by Mark Gorton, a former Wall Street trader, LimeWire is now restricted from allowing the searching and sharing of copyrighted material. The website will continue \"working with the music industry to move forward\", a LimeWire spokeswoman confirmed. US judge Kimba Wood ruled that record companies \"have suffered – and will continue to suffer – irreparable harm from LimeWire\'s inducement of widespread infringement of their works\", adding that the potential damages were \"staggering\". The court also ruled that LimeWire should \"use all reasonable technological means to immediately cease and desist\" copyright infringements still taking place through applications already downloaded.
Cyber security experts say they have identified the world\'s first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant. The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet\'s arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something. At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran\'s Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.