test
tiistai 30. lokakuuta 2012
sunnuntai 4. heinäkuuta 2010
YouTube Hacked, Justin Bieber Videos Targeted...
In the past hour it appears YouTube has become the target of a hacker attack, specifically targeting videos of pop singer Justin Bieber.
Videos relating to the star have been hit with a redirect hack with a number of different payloads. We’ve seen one redirect to an infamous, explicit “One Man One Jar” video while another covers the screen in the words “OMG Faggot”. A Twitter search confirms that the problem is widespread. Some users are reporting seeing a banner claiming that Bieber is dead.
So, what’s causing this? Coder Richard Cunningham writes on his Posterous blog that it relates to video comments.
“It looks like they are deliberately using malformed HTML to get past YouTube’s checks for HTML sanitisation in the comments. The comment I’ve seen is using the long forgotten marquee tag and a javascript alert, though in principle it could be expanded to support XSS type flaws.”
YouTube appears to be deleting or blocking comments on many video pages. The attack comes on the same day as an apparent iTunes App Store hack came to light. We’ll update with more information as we get it.
UPDATE: Discussions on the notorious 4chan bulletin board site point to members of its community being to blame. We won’t link to the site (the link would be unlikely to last long if we did) so here’s a screenshot of one such message.
UPDATE 2:
Reports on 4chan say that YouTube has blocked the script that hackers were using:
UPDATE 3:
“Several hours ago, someone found an HTML injection vulnerability in YouTube’s comment system, and since then sites such as 4chan have had a field day with popular videos. The bug is triggered by placing a
What to do??? That is the question…
Ok, lately i have been looking for a job and i have been in couple of interviews also. The fact is that there are not that many IT jobs available here in the north finland. The interviews that i have been in are basically IT-sales jobs, i do not want to work in the sales, i want to work with computers, programming and networking...
I know that there are some jobs available in south-finland but the fact is that i cant move there, because my wife has one more year left in the university here.
Do you guys have any ideas on how the get a job from the north-finland???
Google is building their datacenter in Finland now, maybe i can get a job from them…
I know that there are some jobs available in south-finland but the fact is that i cant move there, because my wife has one more year left in the university here.
Do you guys have any ideas on how the get a job from the north-finland???
Google is building their datacenter in Finland now, maybe i can get a job from them…
lauantai 3. heinäkuuta 2010
Apple, What the hell are you doing???
Apple has been in the headlines lately, because of iPhone 4. This time the news is not good, it seems to be that there is a problem with the antenna of the phone. Apple is usually known from their very high quality in their devices. A phone this expensive should not have this kind of problem. Apple also gave some guidelines on how to use the new iPhone, " Do not cover the left bottom corner of the phone." I mean what the fuck is this now. My opinion is that if there is this kind of problem, they need to recall all the iPhones and fix the issue. If they can't provide a real working solution for this issue, otherwise this might hurt Apple's reputation…I just know that i'm not getting one before it is 100% functional.
check out the video made while the new iPhone 4G was in finnish operator (sonera) network
check out the video here
check out the video made while the new iPhone 4G was in finnish operator (sonera) network
check out the video here
perjantai 2. heinäkuuta 2010
Finland has become the first country in the world to make broadband a legal right for every citizen
I found an article from BBC concerning this matter and here it is:
Finland has become the first country in the world to make broadband a legal right for every citizen.
From 1 July every Finn will have the right to access to a 1Mbps (megabit per second) broadband connection.
Finland has vowed to connect everyone to a 100Mbps connection by 2015.
In the UK the government has promised a minimum connection of at least 2Mbps to all homes by 2012 but has stopped short of enshrining this as a right in law.
The Finnish deal means that from 1 July all telecommunications companies will be obliged to provide all residents with broadband lines that can run at a minimum 1Mbps speed.
Broadband commitmentSpeaking to the BBC, Finland's communication minister Suvi Linden explained the thinking behind the legislation: "We considered the role of the internet in Finns everyday life. Internet services are no longer just for entertainment.
"Finland has worked hard to develop an information society and a couple of years ago we realised not everyone had access," she said.
It is believed up to 96% of the population are already online and that only about 4,000 homes still need connecting to comply with the law.
In the UK internet penetration stands at 73%.
The British government has agreed to provide everyone with a minimum 2Mbps broadband connection by 2012 but it is a commitment rather than a legally binding ruling.
"The UK has a universal service obligation which means virtually all communit
Making broadband a legal right could have implications for countries that plan tough action on illegal file-sharing.
Both the UK and France have said they may cut off or limit the internet connections of people who persistently download music or films for free.
The Finnish government has adopted a more gentle approach.
"We will have a policy where operators will send letters to illegal file-sharers but we are not planning on cutting off access," said Ms Linden.
A poll conducted for the BBC World Service earlier this year found that almost four in five people around the world believed that access to the internet is a fundamental right.
(http://news.bbc.co.uk/2/hi/technology/10461048.stm)
(http://news.bbc.co.uk/2/hi/technology/10461048.stm)
keskiviikko 30. kesäkuuta 2010
tiistai 29. kesäkuuta 2010
Google to compete against Facebook in social media with Google Me…
I found this from the internet and i thought to post it here because i think that many people might be interested to read this…
Yesterday, Digg CEO Kevin Rose tweeted that he’d heard a “huge rumor” that Google was planning to launch a Facebook competitor called “Google Me”, sparking off a wave of speculative reports (Rose has since removed the tweet). NowAdam D’Angelo
, who was Facebook’s CTO for years and is now founder of hot Q&A service Quora, is weighing in with more details. And from what he’s hearing, Google Me is indeed very real, and it’s gunning for Facebook.
, who was Facebook’s CTO for years and is now founder of hot Q&A service Quora, is weighing in with more details. And from what he’s hearing, Google Me is indeed very real, and it’s gunning for Facebook.Here is what I’ve pieced together from some reliable sources:
- This is not a rumor. This is a real project. There are a large number of people working on it. I am completely confident about this.
- They realized that Buzz wasn’t enough and that they need to build out a full, first-class social network. They are modeling it off of Facebook.
- Unlike previous attempts (before Buzz at least), this is a high-priority project within Google.
- They had assumed that Facebook’s growth would slow as it grew, and that Facebook wouldn’t be able to have too much leverage over them, but then it just didn’t stop, and now they are really scared.
This obviously has the potential to be huge, and Facebook needs a strong competitor. But even if Google has an amazing site in the pipeline, creating the next Facebook is going to be easier said than done — nearly 500 million people already have their content stored on Facebook, and despite what Facebook has claimed about being open, I doubt they’ll make it easy for anyone to jump into the arms of a competitor. Not to mention the fact that Google has had shortcomings with its social sites like Buzz, Wave, and Orkut. This could be a very interesting battle.
The new Nokia N9 leaked…
From the video above you can see the assumed new Nokia N9 flagship phone...It is not 100% sure that this really is the actual phone, but this matter has been on finnish media lately. From the video you can also see some of the technical features of the phone, for example that it has 8mp camera and hdmi-port....
maanantai 28. kesäkuuta 2010
NOKIA gives up SYMBIAN on the N-series
Nokia has just announced that they are giving up the symbian operating system on their N-series phones, in the future the N-series will come with Meego. Meego is a joint project that Nokia has been conducting with Intel.
I have to say that this is a good news from Nokia, users of Nokia has for a long time now demanded that Nokia changes their Operating system to something more advanced and stable. Maybe now we can stop pulling the batteries from our Nokia phones to make it work.
Here is some info of Meego for all of you who are interested…
I have to say that this is a good news from Nokia, users of Nokia has for a long time now demanded that Nokia changes their Operating system to something more advanced and stable. Maybe now we can stop pulling the batteries from our Nokia phones to make it work.
Here is some info of Meego for all of you who are interested…
"MeeGo is a Linux-based open source mobile operating system project which was announced at Mobile World Congress in February 2010 by Intel and Nokia in a joint press conference. Its aim is to merge the efforts of Intel on Moblin and of Nokia on Maemo into one project. It is hosted by the Linux Foundation. According to Intel, MeeGo was developed because Microsoft did not offer comprehensive Windows 7 support for the Atom processor.
Harmattan, originally slated to become Maemo 6, is now considered to be a MeeGo instance (though not a MeeGo product), and Nokia is giving up the Maemo branding for Harmattan and beyond (Fremantle and previous will still be referred to as Maemo instances).
MeeGo is intended to run on a variety of hardware platforms including handhelds, in-car devices, netbooks and televisions. All platforms share the MeeGo core, with different UX (User eXperience) layers for each type of device.
MeeGo provides support for both ARM and Intel x86 processors with SSSE3 enabled and uses btrfs as the default file system." (http://en.wikipedia.org/wiki/MeeGo)
(http://www.reuters.com/article/idUSLDE65N14720100624)
(http://www.reuters.com/article/idUSLDE65N14720100624)
sunnuntai 27. kesäkuuta 2010
Apple iPhone 4G or Motorola Droid X???
To be honest i am getting more interested of the Droid X, it has a better camera, bigger screen and it has Android 2.1 with Motoblur.
So technically Droid X is more advanced than iPhone 4 but iPhone is always iPhone.
Getting Droid X in finland will not be easy because this is Nokia land. Well i can always get it from Sweden or from middle europe.
Which one would you buy?
perjantai 15. tammikuuta 2010
FIRST FINN BUYS TICKETS INTO SPACE
The company's commercial spaceflights depart from New Mexico in the United States and Kiruna in Sweden.
During the two-hour flight astronauts get a glimpse of space at 115 kilometres above earth and experience weightlessness for five minutes.
Confidentiality clauses prevent Area from releasing the identity of the Finnish space tourist.
Nasa photographs 'trees' on Mars
The "trees" are really trails of debris caused by landslides as ice melts in Mars's spring Photo: NASA
The images appear to show rows of dark "conifers" sprouting from dunes and hills on the planet surface. But the scene is actually an optical illusion. The photographs actually show sand dunes coated with a thin layer of frozen carbon dioxide, or dry ice, less than 240 miles from the planet's north pole.
The "trees" are really trails of debris caused by landslides as ice melts in Mars's spring. You can even see a cloud of dust, just to the left of centre of the picture, where an avalanche is caught happening.
The photograph was taken from orbit around Mars by HiRISE, the most powerful camera sent to another planet.
NASA's Candy Hansen told The Sun: "The streaks are sand, dislodged as ice evaporates, which slide down the dune. At this time of the Martian year the whole scene is covered by CO2 frost."
Last month Nasa announced a new telescope had detected five planets outside the solar system. The observatory, which was launched last year to find other Earths, made the discoveries in its first few weeks of science operations.
Although the new worlds, called exoplanets, are all bigger than Neptune, Nasa said their discovery showed that the planet hunting telescope was working well.
Welcome to DarkMarket – global one-stop shop for cybercrime and banking fraud • Personal data and tutorials in hacking offered online • Founder of site traced to London internet cafe
Renukanth Subramaniam, 33, is accused of being a key figure in running DarkMarket, a website where criminals exchanged information on stolen credit cards and other data. Photograph: Serious Organised Crime Agency/AP
To the casual observer, there was little to distinguish the Java Bean internet cafe in Wembley from the hundreds of others dotted around the capital. But to surveillance officers staking it out month after month, this unremarkable venue was the key to busting a remarkable and sophisticated network of cyber criminals.From the bank of computers inside, a former pizza bar worker ran an international cyber "supermarket" selling stolen credit card and account details costing the banking industry tens of millions.
Renukanth Subramaniam, 33, was revealed today as the founder and a major "orchestrator" of the secret DarkMarket website, where elite fraudsters bought and sold personal data, after it was infiltrated by the FBI and the US Secret Service.
Membership was strictly by invitation. But once vetted, its 2,000 vendors and buyers traded everything from card details, obtained through hacking, phishing and ATM skimming devices, to viruses with which buyers could extort money by threatening company websites.
The top English language cybercrime site in the world, it offered online tutorials in account takeovers, credit card deception and money laundering. Equipment – including false ATM and pin machines and everything needed to set up a credit card factory – was available.
It even featured breaking-news-style updates on the latest compromised material available, while criminals could buy banner adverts to promote their wares.
So vast was its reach, with members in the UK, Canada, US, Russia, Turkey, Germany and France, the UK's Serious Organised Crime Agency (Soca), which helped bust it, said it was "impossible" to put a figure on how much it cost banks worldwide.
Subramaniam, who used the online soubriquet JiLsi, was remanded in custody at his own request at Blackfriars crown court today after pleading guilty to conspiracy to defraud and five counts of furnishing false information. Judge John Hillen warned it was "inevitable" he faced a "substantial custodial sentence".
A Sri Lankan-born British citizen, Subramaniam was a former member of ShadowCrew, DarkMarket's forerunner, which was uncovered by the US Secret Service in 2004. "JiLsi was one of the highest in cybercrime in this country with what he managed to achieve setting up a forum globally. No JiLsi, no DarkMarket," said one Soca investigator.
Its 2,000 members never met in real life. Quality, not quantity, was the key. DarkMarket was fastidious in banning "rippers" who would cheat other criminals. Honour among thieves was paramount.
It operated an "escrow" service, with payments and goods exchanged through a third party – "like a PayPal for criminals", the judge observed, and an arbitration service resolved disputes. To keep off the radar, the rules were strict: no firearms, drugs or counterfeit currency.
Built on a pyramid structure, administrators decided who joined, moderators ran specific site sections, and reviewers vetted wannabes – each demanding 5% or £250 per transaction as a fixer's fee.
To get on, criminals had to present details of 100 compromised cards free of charge - 50 to one reviewer, 50 to another. Reviewers would test the cards and write an online review of customer satisfaction – just like eBay customers. "If the cards did what they were supposed to … they would be recommended. If not they weren't allowed in," said the investigator.
Payment was via accounts on WebMoney, or E-Gold. "It was the QuickTime method of sending money anywhere."
Subramaniam was one of the top administrators. He kept his operating system on memory sticks. But when one was stolen, costing him £100,000 in losses and compromising the site's security, he was downgraded to reviewer. Surveillance officers caught him logging on to the website as JiLsi unaware the fellow criminal MasterSplyntr he was talking to was, in fact, an FBI agent called Keith Mularski.
Considerable money was exchanged, though actual transactions took place away from the site for security reasons. One buyer spent £250,000 on stolen personal information in just six weeks.
Described as "a very quiet man", Subramaniam worked at Pizza Hut and as a dispatch courier. "He owned three houses but was largely itinerant," said Sharon Lemon, Soca deputy director. "The key to investigations of this sort is finding the evidence to connect the online persona with a living, breathing person."
Harendra de Silva QC, defending Subramaniam, said the "evidence was unchallenged" but said the "question of interpretation does arise in certain areas" and there would be submissions on "nuance" of the fraud in so far as it applied to his client. He is charged alongside John McHugh, 66, known as Devilman, also a site reviewer who has pleaded guilty to conspiracy to defraud and at whose Doncaster home officers found a credit card-making factory. The two will be sentenced later.
But the battle against cybercrime continues. "This was one of the top 10 sites in the world, but there are more than 100 we know of globally, and another 100 we don't yet know of," said the investigators.
In the DarkMarket
DarkMarket price listTrusted vendors on DarkMarket offered a smorgasbord of personal data, viruses, and card-cloning kits at knockdown prices. Going rates were:Dumps Data from magnetic stripes on batches of 10 cards. Standard cards: $50. Gold/platinum: $80. Corporate: $180.
Card verification values Information needed for online transactions. $3-$10 depending on quality.
Full information/change of billing Information needed for opening or taking over account details. $150 for account with $10,000 balance. $300 for one with $20,000 balance.
Skimmer Device to read card data. Up to $7,000.
Bank logins 2% of available balance.
Hire of botnet Software robots used in spam attacks. $50 a day.
Credit card images Both sides of card. $30 each.
Embossed card blanks $50 each.
Holograms $5 per 100.
torstai 14. tammikuuta 2010
Google hack hit 33 other companies
The plot thickens. According to iDefense Labs, the recent Internet attack that has so upset Google affected 33 other US tech and defence firms and is directly related to an Adobe Reader-based attack of last July.
The US flaw-hunting specialist said that the attack was an attempt to steal source code on an industrial scale and was, in many cases, probably successful. If correct, this might explain why Google has by its own normally quite restrained standards gone ballistic to the extent of threatening to quit China.
"Two independent, anonymous iDefense sources in the defense contracting and intelligence consulting community confirmed that both the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof," said the iDefense press statement, confirming what the world already knows.
It now turns out that Adobe itself was targeted in the latest alleged Chinese attacks, http://blogs.adobe.com/conversations/2010/01/adobe_investigates_corporat... ">as a statement on its own website explains.
"Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies."
The note goes on to say that in Adobe's case, the attack was not successful in stealing any data.
More embarrassingly, a flaw in Adobe software has been implicated in the new attacks. iDefense has forensically linked these to last July's attacks, which involved exploiting zero-day flaws in Adobe Reader 9.1.2 and Adobe Flash Player 9 and 10 to send specially-crafted PDFs.
As well as using the same emailed PDF technique to drop Trojans, the two attacks used the same HomeLinux DynamicDNS provider, pointed to the same virtual private server host owned by US-based Linode, and had IP addresses on the same subnet within a very similar address range.
"Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July," says iDefense.
In fact, it is also possible that exploits go back further since the flaws used in last summer's attack pre-date the known attack by some months.
Whatever the details, that China is targeting the US technology firms, the government and military is nothing new, as a Northrop Grumman report of last October made clear. It now looks as if the latest cycle of attacks could take US firms, and perhaps even the US government itself, beyond breaking point.
The US flaw-hunting specialist said that the attack was an attempt to steal source code on an industrial scale and was, in many cases, probably successful. If correct, this might explain why Google has by its own normally quite restrained standards gone ballistic to the extent of threatening to quit China.
"Two independent, anonymous iDefense sources in the defense contracting and intelligence consulting community confirmed that both the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof," said the iDefense press statement, confirming what the world already knows.
It now turns out that Adobe itself was targeted in the latest alleged Chinese attacks, http://blogs.adobe.com/conversations/2010/01/adobe_investigates_corporat... ">as a statement on its own website explains.
"Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies."
The note goes on to say that in Adobe's case, the attack was not successful in stealing any data.
More embarrassingly, a flaw in Adobe software has been implicated in the new attacks. iDefense has forensically linked these to last July's attacks, which involved exploiting zero-day flaws in Adobe Reader 9.1.2 and Adobe Flash Player 9 and 10 to send specially-crafted PDFs.
As well as using the same emailed PDF technique to drop Trojans, the two attacks used the same HomeLinux DynamicDNS provider, pointed to the same virtual private server host owned by US-based Linode, and had IP addresses on the same subnet within a very similar address range.
"Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July," says iDefense.
In fact, it is also possible that exploits go back further since the flaws used in last summer's attack pre-date the known attack by some months.
Whatever the details, that China is targeting the US technology firms, the government and military is nothing new, as a Northrop Grumman report of last October made clear. It now looks as if the latest cycle of attacks could take US firms, and perhaps even the US government itself, beyond breaking point.
Alleged China attacks could test U.S. cybersecurity policy…
The attacks on Google and more than 30 other Silicon Valley companies by agents allegedly working for China is focusing renewed attention on the issue of state-sponsored cyber attacks and how the U.S. government should respond to them.
The U.S. has no formal policy for dealing with foreign government-led threats against U.S. interests in cyberspace. With efforts already under way to develop such a policy, the recent attacks could do a lot shape the policy and fuel its passage through Congress.
In a revelation that was surprising for its boldness, Google on Tuesday said that agents possibly working on behalf of the Chinese government had hacked into its computers -- and those of more than 30 other multi-national companies. Also hit: Adobe .
This is not the first time Beijing has been accused of state-sponsored espionage. Over the past five years, China has been implicated in dozens of attacks involving U.S. commercial, government and military targets. The most sensational of these involved a Chinese hacking group called Titan Rain , which in the early 2000s is believed to have stolen U.S. military and nuclear information.
For the most part, the official U.S. response to the attacks amounted to little more than expressions of outrage and protest by lawmakers. On Tuesday, Secretary of State Hilary Clinton released a statement asking the Chinese government for an explanation for the attacks, which raised "very serious concerns and questions." On Wednesday, Sen. Joseph Lieberman (I-Conn.), the chairman of the Senate Homeland Security and Governmental Affairs Committee, said that attacks like the one against Google must be confronted "aggressively and with all available means."
"The official response will be, 'We are highly upset about this and we demand you stop it,'" said Ira Winkler, president of the Internet Security Advisors Group. (Winkler is also the author of Spies Among Us and a Computerworld columnist.) "The reality of the situation is we are screwed. The political reality is that China, in large part, is funding the U.S. deficit. We have no leverage.
"We just can't cut China off," he said.
Articulating a response to government-led cyber attacks isn't easy.
"We have to keep one thing in mind -- it is extremely difficult to attribute a cyber attack to a foreign government," said Greg Nojeim, senior counsel at the Center for Democracy and Technology (CDT), a Washington-based think tank. "There is often a lack of certainty in that regard that makes it really difficult to decide what kind of response to make."
And even if the evidence is there, it's futile to launch any kind of cyber-retaliation, he said. "That's something that should be off the table. You don't want to have a cyberwar where you fight fire with fire. That could burn the whole house down."
Instead, what's needed is a measured diplomatic response, where the issue is raised with China when it wants U.S. cooperation on other matters, he said. "The State Department has to make it clear that these attacks are so serious they warrant a diplomatic response. I am not sure that level of commitment has been demonstrated yet," Nojeim said.
Any victories gained from cyber-retaliation are likely to be temporary, at best, Winkler said. "If you can identify the systems that are attacking us and make sure you are attacking the right systems, theoretically, that might work" to head off another attack, he said. "But that's like throwing sand in the eyes of somebody who is beating you up." It can be effective -- but only for a while, he said.
That doesn't mean, nothing can be done. U.S. organizations that are targets of attacks from China first need to bolster their defenses, said Amit Yoran, former director of the U.S. Department of Homeland Security's National Cyber Security Division. The continuing success Chinese agents have in penetrating U.S. networks points to ineffective security -- and sophisticated attackers, Yoran said.
"Companies such as Google have very, very sharp security teams, but the technologies they rely on are inadequate," said Yoran, who is currently CEO of security vendor NetWitness Corp. "We have developed a technology base in modern computing that is indefensible against modern threats."
What's needed is a security approach that focuses on continuous monitoring of networks and data, not one based solely on prevention.
"Whining about this won't stop it," said Alan Paller director of research for the SANS Institute, a Bethesda, Md.-based security institute. "Cyber-based military espionage and economic espionage are radically effective programs for the Chinese government," and it's unlikely that policy statements are going to do any good, he said. "There are simply too many attackers with too many motives to think that a policy of deterrence would be more than minimally effective."
At the federal government level, at least, "it is [security] skills with good tools that allow organizations to defend themselves," Paller said. "Sadly, these skills are in radically short supply."
The U.S government has fewer than 1,000 people with the advanced skills needed to fight in cyber space at "world-class levels," he said. What's needed are between 20,000 and 30,000 cybersecurity warriors. "Our competitors have even more."
Companies outsourcing work to China, or doing business there or in other developing nations such as India, also need to be aware of the heightened risks to their intellectual property, Winkler said. "Companies need to look at things much more strategically," he said. While it may be cheaper to outsource manufacturing in countries such as China and India, the long term costs could be high if they're not careful.
"Many are not looking at the strategic risks of a rival stealing their technology and selling counterfeit goods," he said.
As for official government cyber policies, just because the U.S doesn't have an official policy for handling attacks doesn't mean it's sitting on its hands, said one analyst who asked not to be named. "One reason why the U.S might not have come up with any rules of the road is because the NSA and other intelligence agencies are involved in the same kind of activity," he said.
The U.S. has no formal policy for dealing with foreign government-led threats against U.S. interests in cyberspace. With efforts already under way to develop such a policy, the recent attacks could do a lot shape the policy and fuel its passage through Congress.
In a revelation that was surprising for its boldness, Google on Tuesday said that agents possibly working on behalf of the Chinese government had hacked into its computers -- and those of more than 30 other multi-national companies. Also hit: Adobe .
This is not the first time Beijing has been accused of state-sponsored espionage. Over the past five years, China has been implicated in dozens of attacks involving U.S. commercial, government and military targets. The most sensational of these involved a Chinese hacking group called Titan Rain , which in the early 2000s is believed to have stolen U.S. military and nuclear information.
For the most part, the official U.S. response to the attacks amounted to little more than expressions of outrage and protest by lawmakers. On Tuesday, Secretary of State Hilary Clinton released a statement asking the Chinese government for an explanation for the attacks, which raised "very serious concerns and questions." On Wednesday, Sen. Joseph Lieberman (I-Conn.), the chairman of the Senate Homeland Security and Governmental Affairs Committee, said that attacks like the one against Google must be confronted "aggressively and with all available means."
"The official response will be, 'We are highly upset about this and we demand you stop it,'" said Ira Winkler, president of the Internet Security Advisors Group. (Winkler is also the author of Spies Among Us and a Computerworld columnist.) "The reality of the situation is we are screwed. The political reality is that China, in large part, is funding the U.S. deficit. We have no leverage.
"We just can't cut China off," he said.
Articulating a response to government-led cyber attacks isn't easy.
"We have to keep one thing in mind -- it is extremely difficult to attribute a cyber attack to a foreign government," said Greg Nojeim, senior counsel at the Center for Democracy and Technology (CDT), a Washington-based think tank. "There is often a lack of certainty in that regard that makes it really difficult to decide what kind of response to make."
And even if the evidence is there, it's futile to launch any kind of cyber-retaliation, he said. "That's something that should be off the table. You don't want to have a cyberwar where you fight fire with fire. That could burn the whole house down."
Instead, what's needed is a measured diplomatic response, where the issue is raised with China when it wants U.S. cooperation on other matters, he said. "The State Department has to make it clear that these attacks are so serious they warrant a diplomatic response. I am not sure that level of commitment has been demonstrated yet," Nojeim said.
Any victories gained from cyber-retaliation are likely to be temporary, at best, Winkler said. "If you can identify the systems that are attacking us and make sure you are attacking the right systems, theoretically, that might work" to head off another attack, he said. "But that's like throwing sand in the eyes of somebody who is beating you up." It can be effective -- but only for a while, he said.
That doesn't mean, nothing can be done. U.S. organizations that are targets of attacks from China first need to bolster their defenses, said Amit Yoran, former director of the U.S. Department of Homeland Security's National Cyber Security Division. The continuing success Chinese agents have in penetrating U.S. networks points to ineffective security -- and sophisticated attackers, Yoran said.
"Companies such as Google have very, very sharp security teams, but the technologies they rely on are inadequate," said Yoran, who is currently CEO of security vendor NetWitness Corp. "We have developed a technology base in modern computing that is indefensible against modern threats."
What's needed is a security approach that focuses on continuous monitoring of networks and data, not one based solely on prevention.
"Whining about this won't stop it," said Alan Paller director of research for the SANS Institute, a Bethesda, Md.-based security institute. "Cyber-based military espionage and economic espionage are radically effective programs for the Chinese government," and it's unlikely that policy statements are going to do any good, he said. "There are simply too many attackers with too many motives to think that a policy of deterrence would be more than minimally effective."
At the federal government level, at least, "it is [security] skills with good tools that allow organizations to defend themselves," Paller said. "Sadly, these skills are in radically short supply."
The U.S government has fewer than 1,000 people with the advanced skills needed to fight in cyber space at "world-class levels," he said. What's needed are between 20,000 and 30,000 cybersecurity warriors. "Our competitors have even more."
Companies outsourcing work to China, or doing business there or in other developing nations such as India, also need to be aware of the heightened risks to their intellectual property, Winkler said. "Companies need to look at things much more strategically," he said. While it may be cheaper to outsource manufacturing in countries such as China and India, the long term costs could be high if they're not careful.
"Many are not looking at the strategic risks of a rival stealing their technology and selling counterfeit goods," he said.
As for official government cyber policies, just because the U.S doesn't have an official policy for handling attacks doesn't mean it's sitting on its hands, said one analyst who asked not to be named. "One reason why the U.S might not have come up with any rules of the road is because the NSA and other intelligence agencies are involved in the same kind of activity," he said.
Security experts say Google cyber-attack was routine
Google revealed its move following attempts to hack Gmail accounts of human rights activists.
The search giant said analysis showed that the series of attacks originated from inside China.
"This wasn't in my opinion ground-breaking as an attack. We see this fairly regularly. said Mikko Hypponen, of security firm F-Secure.
"Most companies just never go public," he added.
"Human-rights activists are the biggest target," said Mr Hypponen. "Everyone from Freedom for Tibet to Falun Gong supporters and those involved in Liberation of Taiwan are hit."
F-Secure has been monitoring such attacks against Chinese human-rights activists since 2005.
Google has operated in China since 2006 and has now said it was no longer willing to censor results on its Chinese search engine as the government required.
China has responded to Google and said that foreign firms were welcome to trade in the nation "according to the law". The spokesman added that the net was "open" in China.
Other victims
Of the attacks, Google said only two Gmail accounts were accessed and that hackers got very limited information. This included when the account was set up and the subject line rather than content of e-mail messages.
The company said that the accounts of dozens of US, China and Europe-based users who are advocates of human rights in China had been routinely accessed by third parties.
The cyber-criminals broke in using a tactic known as "phishing" where a legitimate e-mail is sent claiming to come from someone the user knows and trusts.
Typically these e-mail messages have a booby-trapped attachment that, once opened, places malware on a computer.
Once an e-mail account is compromised, attackers can piggyback on it to get access to confidential files and systems throughout an organisation.
"The attacker really did their homework finding out first who to attack, who the key people were in the organisation and how to attack them," said Mr Hypponen.
Google has said publicly that another 20 companies were hit. Adobe is the only other company to go public with this information.
But many security experts say the figure is much higher.
"This goes on all the time. Of the Fortune 100 companies, all 100 are under some sort of attack all the time."
Mr Day told the BBC a host of those targeted were technology and software companies based in Silicon Valley.
Google has revealed that finance, chemical and media firms were hit.
Blame game
Questions are now being asked about who orchestrated the attacks.
"We are not saying one way or another these attacks were state sponsored or done with the approval of the state," said David Drummond, Google's chief legal officer.
"We do know they were highly organised and we believe the attacker came from China."
The inference being drawn across the security community is that the Google attack and those on other US companies were sanctioned by government.
"Sources indicate that they believe the attack is the work of actors operating on behalf of or in the direct employ of official intelligence entities of the People's Republic of China," said iDefense Labs in an e-mail to the BBC.
iDefense also revealed that this incident resembles one that took place in July 2009 against nearly 100 IT-focused companies.
"A nation state getting into the business of hacking companies is a really big shift," said Dan Kaminsky, director of penetration at security firm IOActive.
"The question now is are we going to see a significant increase or decrease in these kinds of attacks?"
Safe and secure
Google has stressed that users have nothing to fear about the security of the information it holds.
"The fact that they have come out and are transparent about what has happened is good for user trust," said Terremark's Mr Day.
General security advice for all users is have a strong password that is changed regularly and includes letters, numbers and symbols.
All security patches should be up-to-date and users should never open attachments unless they know the person they are being sent by and are expecting them.
Haiti earthquake survivors await global aid effort
BBC correspondents say the situation is increasingly desperate, with no coordinated rescue plan so far and aid only trickling in.
The search for survivors continues but rescuers have little lifting equipment and are often using their bare hands.
Tens of thousands are feared dead and up to three million affected.
Aid groups say there is a race against time to find survivors under the rubble of the collapsed buildings - the first priority of the rescue effort.
Heavy lifting gear and sniffer dogs are desperately needed to seek out trapped victims, with medicine, food and water also in short supply.
Elisabeth Byrs of the UN's Office for the Coordination of Humanitarian Affairs, said: "The priority is to find survivors. We are working against the clock."
The head of Medecins du Monde, Olivier Bernard, told AFP news agency that aid had to arrive by Thursday evening.
"To save lives, surgery must be available ideally within the first 48 hours."
A few US aid planes and a 50-strong Chinese rescue team with sniffer dogs have landed at the airport serving the capital, Port-au-Prince.
Other plane-loads of rescuers and relief supplies are said to be on the way from the EU, Canada, Russia and Latin American nations.
A British rescue team with heavy lifting gear and dogs has landed in the Dominican Republic and will be in Haiti later on Thursday.
International Development Secretary Douglas Alexander said: "This is a tragedy on a massive scale. Britain is playing its part in the huge international response."
US President Barack Obama said the "people of Haiti will have the full support of the United States" in an "aggressive" aid campaign.
Secretary of State Hillary Clinton has cancelled a trip to Asia to deal with the crisis. Her husband, Bill Clinton, the UN special envoy for Haiti, told the Washington Post the quake was "one of the great humanitarian emergencies in the history of the Americas".
The USS Carl Vinson aircraft carrier will arrive on Thursday. The USS Bataan, carrying a Marine expeditionary unit, is also on its way. The Pentagon said it was "seriously considering" sending thousands of marines.
The World Bank is funding $100m of emergency aid.
The World Food Programme is working on supplying 15,000 tonnes of food and the Red Cross has begun a $10m appeal.
The help is desperately needed as there is no coordinated rescue at present.
Doctor's assistant Jimitre Coquillon told Associated Press: "This is much worse than a hurricane. There's no water. There's nothing. Thirsty people are going to die."
Haitian President Rene Preval could not give an official estimate of the dead, saying: "I don't know... up to now, I heard 50,000... 30,000."
He spoke of how he stepped over dead bodies and heard cries of those trapped in the parliament building.
Singing hymns
Haiti is the poorest country in the western hemisphere and correspondents say it simply does not have the infrastructure to manage a rescue operation.
One Chilean UN peacekeeper told Reuters: "We just don't know what to do. You can see how terrible the damage is. We have not been able to get into all the areas."
The UN peacekeepers, who played a key role in maintaining public order in Haiti even before the quake, have been deployed to control any outbreaks of unrest as reports come in of looting.
The UN says 16 personnel are confirmed dead and more than 100 staff are still unaccounted for. They include UN mission head Hedi Annabi.
Medical aid agency Medecins sans Frontieres reported a "massive influx" of casualties at its makeshift clinics, many of them with severe injuries.
Patients with "severe traumas, head wounds, crushed limbs" have been streaming into MSF's temporary structures but the agency is only able to offer them basic medical care, spokesman Paul McPhun told reporters.
Thousands of Haitians spent a second night in the open on Wednesday, too scared to sleep inside damaged buildings. Many sang hymns to keep up their spirits.
The BBC's Matthew Price visited the grounds of one hospital and spoke of seeing about 100 bodies - but there were many people bedding down for the night to sleep among the dead.
The 7.0-magnitude quake, Haiti's worst in two centuries, struck at 1653 local time (2153 GMT) on Tuesday, just 15km (10 miles) south-west of Port-au-Prince and close to the surface.
Meanwhile, the Red Cross has set up a web site at www.icrc.org/familylinks on which people in Haiti and overseas can register the names of missing relatives.
keskiviikko 13. tammikuuta 2010
Finnish Organisations Plead for Haiti Aid
A team of health care professionals in Tampere is awaiting the green light from the International Red Cross. The IRC will take a few days to make a full assessment and whether it is useful to send teams and equipment all the way from Finland. SPR communications officer Taina Keinänen notes that it's much cheaper to send help from units closer to the disaster area.
Government and Church to Send Aid
Meanwhile, the Foreign Ministry says it's prepared to donate aid as well, but is waiting for official requests from aid organisations.
Finn Church Aid, the charitable unit of the Evangelical Lutheran Church, has also earmarked 150-thousand euros for emergency relief. Thousands of people are feared dead in Haiti, and thousands more are still trapped in the rubble.
The Finnish Foreign ministry says that no Finns were injured in the quake. Only one Finn was known to be in Haiti at the moment. Both he and the 200-or-so Finns in the neighbouring Dominican Republic are all alive and well.
Tilaa:
Blogitekstit (Atom)
