Posts belonging to Category TJ News



How to protect against Firesheep attacks

Experts suggest defensive measures to ward off Firefox add-on’s hijacking of Facebook, Twitter sessions via Wi-Fi
By Gregg Keizer – October 26, 2010 07:29 PM ET

Computerworld – Security experts today suggested ways users can protect themselves against Firesheep, the new Firefox browser add-on that lets amateurs hijack users’ access to Facebook, Twitter and other popular services.

Firesheep adds a sidebar to Mozilla’s Firefox browser that shows when anyone on an open network — such as a coffee shop’s Wi-Fi network — visits an insecure site.

A simple double-click gives a hacker instant access to logged-on sites ranging from Twitter and Facebook to bit.ly and Flickr.

Since researcher Eric Butler released Firesheep on Sunday, the add-on has been downloaded nearly 220,000 times.

“I was in a Peet’s Coffee today, and someone was using Firesheep,” said Andrew Storms, director of security operations at San Francisco-based nCircle Security. “There were only 10 people in there, and one was using it!”

But users aren’t defenseless, Storms and several other experts maintained.

One way they can protect themselves against rogue Firesheep users, experts said on Tuesday, is to avoid public Wi-Fi networks that aren’t encrypted and available only with a password.

However, Ian Gallagher, a senior security engineer with Security Innovation, argued that tosses out the baby with the bathwater. Gallagher is one of the two researchers who debuted Firesheep last weekend at a San Diego conference.

“While open Wi-Fi is the prime proving ground for Firesheep, it’s not the problem,” Gallagher said in a blog post earlier on Tuesday. “This isn’t a vulnerability in Wi-Fi, it’s the lack of security from the sites you’re using.”

Free, open Wi-Fi is not only taken for granted by many, but it’s not the problem. There are plenty of low-risk activities one can do on the Internet at a public hotspot, including reading news or looking up the address of a nearby eatery.

So if Wi-Fi stays, what’s a user to do?

The best defense, said Chet Wisniewski, a senior security adviser at antivirus vendor Sophos, is to use a VPN (virtual private network) when connecting to public Wi-Fi networks at an airport or coffee shop, for example.

While many business workers use a VPN to connect to their office network while they’re on the road, consumers typically lack that secure “tunnel” to the Internet.

“But there are some VPN services that you can subscribe to for $5 to $10 month that will prevent someone running Firesheep from ‘sidejacking’ your sessions,” Wisniewski said.

For more, visit Computerworld.com

Court orders LimeWire to cease file-sharing business

P2P software maker had been accused by music industry of enabling massive piracy

by Jaikumar Vijayan

Oct 26, 2010 07:15 pm | Computerworld

In a major victory for the music industry, a New York federal judge has ordered embattled P2P software maker LimeWire to immediately and permanently stop distributing and supporting its file-sharing software.

In a 17-page injunction (PDF document) issued on Tuesday, Judge Kimba Wood of the U.S. District Court for the Southern District of New York ordered LimeWire to cease the searching, downloading, uploading, file trading and file distribution functionality of LimeWire’s P2P file-sharing software.

The injunction instructed LimeWire to immediately communicate the court’s decision to all users of the software and to all of the company’s employees, principals and other stakeholders. It gave the company 14 days to report back to the court on the steps LimeWire has taken to comply with the order.

A spokeswoman for the company today stressed that the court’s order does not mean that LimeWire is shutting down and said that it only prevents LimeWire from distributing or supporting its P2P software.

It does not prohibit the company from going ahead with its previously announced plans to launch a subscription based music service and neither does it prohibit the company from operating its online store, the LimeWire spokeswoman said.

“While this is not our ideal path, we hope to work with the music industry in moving forward,” the spokeswoman said by e-mail. “We look forward to embracing necessary changes and collaborating with the entire music industry in the future.”

The court injunction is a huge victory for the Recording Industry Association of America (RIAA), which has been trying to get the court to shut down LimeWire for quite some time.

The RIAA and the music labels it represents have accused LimeWire and its chief executive, Mark Gorton, of willfully enabling widespread copyright infringement.

For more, visit Computerworld.com

Four New Ways to Customize Your LinkedIn Profile

Customization and variety are key to making your LinkedIn profile stand out and get you recognized by recruiters. Check out these four new profile sections that do just that.

By Kristin Burnham – Wed, October 20, 2010

CIO — With more than 80 million registered users worldwide, making your profile stand out among LinkedIn’s crowd can be difficult. That’s why the professional social network has rolled out a number of features to help you get noticed: LinkedIn Apps give hiring managers a better peek into your work life; reordering your profile sections gives you more control over what you deem is important; and Company Follow gives you an inside look at companies’ business opportunities and job leads.

Now, LinkedIn has added an element to its site with a handful of new profile sections you can selectively add to your profile. Among those in the “Add Sections” part of LinkedIn are Publications, Languages, Skills and Certifications.

“These are most valuable for job seekers, passive candidates open to new opportunities, and consultants,” says Nathan Kievman, owner of the LinkedIn group Linked Strategies and host of weekly LinkedIn webinars. “Variety in a profile provides you the opportunity to stand out and showcase your talents that otherwise may not come up in everyday conversations, business dealings or interviews.”

Kievman also notes that LinkedIn is possibly rolling out these features to benefit recruiters. “It will provide more search results for recruiters to enhance their search for qualified clients. This is LinkedIn’s number-one revenue stream, so it makes sense that they would push these tools out there,” he says.

[Want more LinkedIn tips, tricks and analysis? Check out CIO.com’sLinkedIn Bible.]

To find the new profile sections, choose Profile > Edit Profile. Below your main profile box will be the “Add sections” button. The new profile sections will appear after your work experience. [Click here to learn how to reorder your profile sections.] Read on for a look at four of the new profile sections.

1. Certifications

LinkedIn is including a new section specifically to highlight any certifications you might have earned—ITIL, Six Sigma or PMP certifications, for example. You’ll be required to include the name of the certification in the form; you can also add the certification authority, license number and expiration date, too, if you want.

For the rest of the list, visit CIO Online

When IT is asked to spy

IT managers are being put in the awkward position of monitoring fellow employees.

By Tam Harbert – October 11, 2010 06:00 AM ET

Computerworld – It’s 9:00 in the morning, or 3:00 in the afternoon, or even 10:00 at night. Do you know what your users are up to? More than ever, IT managers can answer, “Oh, yes.”

As corporate functions, including voice and video, converge onto IP-based networks, more employee infractions are happening online. Employees leak intellectual property or trade secrets, either on purpose or inadvertently; violate laws against sexual harassment or child pornography; and waste time while looking like they’re hard at work.

In response — spurred in part by the need to comply with stricter rules and regulations — organizations are not only filtering and blocking Web sites and scanning e-mail. Many are also watching what employees post on social networks and blogs.

They’re collecting and retaining mobile phone calls and text messages. They can even track employees’ physical locations using the GPS feature on smartphones.

More often that not, IT workers are the ones asked to do the digital dirty work, primarily because they’re the people with the technical know-how to get the job done, says Nancy Flynn, executive director of The ePolicy Institute, a Columbus, Ohio-based consultancy that helps companies establish Internet and computer usage policies.

Statistics are hard to come by, but Flynn and other industry observers agree that monitoring and surveillance are becoming a bigger part of IT’s job.

Michael Workman, an associate professor at the Florida Institute of Technology who studies corporate IT security and employee behavior, estimates that monitoring responsibilities take up at least 20% of the average IT manager’s time.

Yet most IT professionals never expected they’d be asked to police their colleagues and co-workers in quite this way. So, how do they feel about this growing responsibility?

For the rest of this article, visit Computerworld.com

Interview with Jet Set Games, the makers of “Highborn” and “Who’s Buying?” on Tuesday Oct. 12, 2010

The Apptastic iGame Review will be interviewing Jet Set Games on Tuesday Oct. 12, 2010! Jet Set Games are the makers of some very popular titles dominating the Apple App store right now!

Come join Amy Elk, Chris Pope, and Justin Laura as we welcome Jet Set on our show! These guys have also graciously agreed to give away some promo codes while on the show with us! Rade Stojsavljevic and Joseph Hewitt will be hanging with the Apptastic crew for the interview.

Rade Stojsavljevic
Co-founder & President

Joseph Hewitt
Creative Director

You fans of awesome mobile games out there might known them as the makes of one of the be turn based games on the market, “Highborn

Highborn is a casual, turn-based strategy game, perfect for gaming on the go, or for anyone looking for an intelligent, tactical experience without the frenetic play of a traditional real-time strategy game.

Another really fun game published by Jet Set is a game called “Whos Buying?

Who’s Buying™ features three multiplayer games of skill and chance that determine who coughs up the cash to pay for your swingin’ lifestyle.

With a style and soundtrack straight from the South Pacific, Who’s Buying may even inspire a round of Mai Tais or Piña Coladas.


12 iPad apps that mean business

Serious software to make a business run more smoothly

By Brian Nadel – October 4, 2010 06:00 AM ET

Computerworld – So far, Apple has sold more than 3 million of its iconic iPads, making it the best-selling tablet on the market. A runaway success? Absolutely.

But an out-of-the-box iPad can be a disappointment for business tasks. Its rudimentary word processor, e-mail client, contacts directory and calendar are slim pickings, especially for those who want to use the device for work on the road.

Thankfully, Apple’s App Store has a good variety of software designed to help business people get through the day.

I looked at 12 different apps that can make your workday easier and more efficient. Some of these apps do one thing well, like Network Utility, which quickly checks out a company’s networking infrastructure. Others are multifaceted, like Office² HD, which is a one-stop shop for creating and modifying business documents. And then there are those that are indispensable for road warriors, like FlightTrack Pro, which lets you keep an eye on your travel plans and react quickly to cancellations.

In short, these apps can transform an iPad into a Swiss Army knife for cutting through a workday.

PagesNumbers and Keynote

Apple’s iWork suite for the Mac includes applications for word processing (Pages), spreadsheets (Numbers) and presentations (Keynote).

All three apps work well and offer a number of features in common — for example, they can all accommodate eight different languages and let you undo the last 200 changes. They can import the latest Word, Excel and PowerPoint file formats (although you can only save files in the Office 97 format).

However, these programs are available only individually for the iPad. Because of this, the suite has lost the integration that made each of these applications more than the sum of their parts on Mac laptops and other Apple systems. To add prewritten text to a presentation, for instance, you have to click the iPad’s Home button, open Pages and copy the text. Only after hitting the Home button again and opening Keynote can you paste it in place.

Still, anybody who works on the road needs this trio of apps for reading, creating and working with all manner of documents. Despite the hassle of individually paying for, downloading and installing the three programs, it’s worth the effort.

Pages

Pages ($9.99) creates documents of surprising sophistication — documents look great, and there’s a lot of flexibility in how you can present them.

Click to view larger

The app can change formatting options like margins, type and indents, as well as adjust word wrapping around images. There’s a good variety of formatting options, including 16 premade templates, and to make a simple chart or graph, you just tap in your numbers. Pages will automatically fit the document to the width of the iPad display, regardless of whether it’s being held horizontally or vertically. This makes complicated documents easier to work with.

If you’re working with a sophisticated document, be prepared to be patient — it took several seconds for documents to appear when I pulled them up in Pages. Other apps, like Office² HD, don’t have that problem.

Pages works with Word files and does an excellent job of font substitution when necessary. On the other hand, it lacks the ability to use Microsoft Word’s Track Changes feature for facilitating group work. Documents brought into Pages include comments and notes, but only as plain text without highlighting or any indication of who made them. Pages automatically saves the document every time a change is made (as do Numbers and Keynote).

It’s a snap to import an image, as well as to resize or rotate an image. And don’t worry about using the app with external keyboards; Pages worked well with my wireless Matias Folding Keyboard.

The documents can be shared on Apple’s iWork.com site. The site was still under development at the time of this writing but was stable enough for use. Apple recently added support for its MobileMe synchronization system.

For the rest of the apps, visit Computerworld.com

Half of critical private networks hit by political cyber attacks

By Gautham Nagesh – 10/06/10 09:47 AM ET

Half of the companies that provide critical infrastructure such as utilities or communication services have experienced politically motivated cyber attacks, according to a new report from Symantec.

survey of critical infrastructure providers found 53 percent suspected they had experienced an attack with a specific political goal in mind. The companies affected reported being attacked an average of 10 times over the past five years. Half said they expect another attack in the next year and 80 percent believe the attacks are becoming more frequent. The respondents said the majority of the attacks were somewhat to extremely effective and cost firms an average of $850,000 each.

“Critical infrastructure protection is not just a government issue. In countries where the majority of a nation’s critical infrastructure is owned by private corporations, in addition to large enterprises, there is also the presence of small and medium-sized businesses,” said Symantec chief information security officer Justin Somaini.

Somaini cited the Stuxnet virus, which has disabled physical security features at factories around the globe in recent months, as evidence that the threat to private networks is evolving. The survey also showed the energy industry is most ready for an attack, while the communications industry was least prepared.

“Security alone is not enough for critical infrastructure providers of all sizes to withstand today’s cyber attacks,” Somaini said. “The Stuxnet worm that is targeting energy companies around the world represents the advanced kind of threats that require security, storage and backup solutions, along with authentication and access-control processes to be in place for true network resiliency.”

Protecting the nation’s critical infrastructure from cyber attacks is an increasing priority for the Obama administration, which asserts it already has the right to act to protect private-sector networks in the event of a catastrophic cyber attack that could cost significant loss of life or financial damage under a little-used clause in the Communications Act passed in the wake of the Japanese bombing of Pearl Harbor in December 1941.

For more, visit TheHill.com

6 useful Wi-Fi tools for Windows

Free or cheap apps can help troubleshoot your wireless network, turn your laptop into a hot spot and more

By Preston Gralla – September 1, 2010 06:00 AM ET

Computerworld – We live in a mobile world; if you have a laptop (and who doesn’t?), that means constantly connecting to the Internet via Wi-Fi. You most likely use Wi-Fi not just when you’re on the road at cafés, airports or hotels, but to connect to your home network too. You might even connect to a wireless network at the office.

Here’s the problem: Windows doesn’t do a particularly good job of providing Wi-Fi tools. Yes, it will let you search for and connect to nearby networks, but that’s about the extent of it. What if you want to get detailed information about every Wi-Fi network within range, troubleshoot your network, turn your laptop into a portable Wi-Fi hot spot or keep yourself safe at public hot spots? Windows is no help.

That’s why we’ve rounded up these six downloads. They’ll do all these things and more. Five out of the six are free; the other is inexpensive and lets you try it out first.

InSSIDer

MetaGeek’s InSSIDer is a great tool for finding Wi-Fi networks within range of your computer and gathering a great deal of information about each. It’s also useful for troubleshooting problems with your own Wi-Fi network.

For every Wi-Fi network InSSIDer finds, it shows you the MAC address of the router, the router manufacturer (if it can detect it — it usually does), the channel it’s using, the service set identifier (SSID) or public name of the network, what kind of security is in place, the speed of the network and more. In addition, it displays the current signal strength of the network, as well as its signal strength over time.

How would you use the software to troubleshoot your wireless network? If you see that your network uses the same channel as nearby networks with strong signals, you’ll know that you should change the channel your network transmits over and thereby cut down on potential conflicts. (Most routers have a settings screen that lets you do this.)

You can also use the software to detect “dead zones” that don’t get a strong Wi-Fi connection. Walk around your home or office with InSSIDer installed on your laptop to see where signal strength drops. You can either avoid using a computer in those spots or else try repositioning the wireless router to see if it helps with coverage.

Whether you need to troubleshoot a network or find Wi-Fi hot spots to which you want to connect — or you’re just plain curious — this is one app you’ll want to download and try.

Price: Free
Compatible with: Windows XP, Vista and 7 (32- and 64-bit)
Download InSSIDer

For the rest of the apps, visit Computerworld.com

Nigerian advance-fee scammer gets 12 years

By Robert McMillan – September 3, 2010 02:12 PM ET

IDG News Service – A Nigerian man has been sentenced to 12 years in prison for sending out fraudulent e-mails offering victims big bucks in exchange for moving cash to the United States.

Okpako Mike Diamreyan, 31, was sentenced to 151 months of prison Wednesday by United States District Judge Janet Hall in Bridgeport, Connecticut.

Diamreyan made more than US$1.3 million in a scam that suckered 67 victims between 2004 to 2009, prosecutors said. This type of fraud, called an advance-fee scam, was the number-one type of Internet fraud in 2009, according to the U.S. Federal Bureau of Investigation. Last year, advance-fee fraud accounted for nearly 17 percent of the Internet fraud logged by the FBI.

Diamreyan pretended to be different people — Prince Nana Kamokai of Sierra Leone or an airport director from Ghana, for example. He said he needed to move between $11.5 million and $23.4 million out of the country and offered victims 20 percent of the funds, if they would help him out.

After using fake documentation to convince his victims that he was legitimate, Diamreyan would get them to wire him different types of fees such as “PIN code fees” or courier services charges with the understanding that they would then get the money. These fees would pile up, but the promised money never arrived.

For this and more, visit Computerworld.com