Freedom, GEABSOLUTE POWERS CORRUPT ABSOLUTELY, General Election (GE15), Malaysia, Politics, polling Nov 19: Destroy Umno for the betterment of Malaysia, race, religion, Solidality, support Aliran for Justice

Share This

Friday, 31 December 2010

5 Cyberthreats to Watch For in 2011



By Matt Liebowitz, SecurityNewsDaily Staff Writer
 
Keywords like phishing, hacking and malware have become part of the common cybersecurity discourse, familiar to nearly everyone with a computer and an Internet connection. But as we embark on a new year, and our online connectivity increases, there’s a new batch of terms even the most casual computer user should be aware of.

SecurityNewsDaily looked back at the dangers that shocked and scared in 2010, and spoke with cybersecurity experts to get a grip on what threats will emerge in 2011.

Hacktivism

In the second half of 2010, no single topic dominated cybersecurity news more than WikiLeaks. From the initial document leak to the subsequent denial-of-service attacks launched against PayPal, Amazon, MasterCard and Visa, even the least tech-savvy person seemed to have an opinion about WikiLeaks and its founder, Julian Assange.

In a report titled “Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites,” researchers at Harvard University found that several high-profile media and human rights websites fell victim to DDoS attacks in 2010.

Those attacked included blogging platform WordPress, Twitter, and websites for Australian Parliament, the Motion Picture Association of America and the Recording Industry Association of America. The latter two were all struck by the online forum 4Chan for their connection with shutting down the file-sharing service The Pirate Bay. And PayPal and MasterCard were targeted for DDoS attacks in December because they cut off customers from sending money to WikiLeaks).

Security breaches like these have been labeled “hacktivism” -- they are not carried out for financial gain, but because the hackers disagree with the objectives or practices of the targeted sites. Hacktivism attacks such as these are “the future of cyber protests,” PandaLabs researcher Sean-Paul Correll said.

Gadgets and Smartphones
Smartphones and tablet computers give their owners the freedom to stay connected wherever they go. It’s a feature that cybercriminals couldn’t be happier about.

Mobile devices may offer unsuspected vectors for malicious code,” said Don Jackson, director of threat intelligence for the cybersecurity company SecureWorks.

A vector that poses perhaps the most serious threat is online banking transactions done via phone, especially on the iPhone and its iOS.

Patricia Titus, vice president and chief information security officer at Unisys, an information technology firm, summed up the situation.

“Where the money is, that’s where the criminals are going,” Titus told SecurityNewsDaily.

Unfortunately, the adage of safety in numbers doesn’t ring true in the case of cybersecurity.

The massive popularity of the iPhone and other devices running iOS like the iPad mean “the iPhone and the many services hosted on these devices certainly become a more valuable and sought-after target,” said Kurt Baumgartner, senior malware researcher at Kaspersky Lab.

Even Internet-connected gaming systems such as the Xbox aren’t invulnerable to corruption, Jackson told SecurityNewsDaily. Any device, especially those with USB-storage capabilities, can be employed by criminals to access information or infect systems with corrupted software.

The Cloud
It’s up there, floating above you. It's adding a huge level of convenience to everyday computing, with remote servers handling processing and data storage duties traditionally conducted by personal computers.
But the forecast could turn gloomy.

A piece of malware was recently detected in the cloud-based file-sharing service Rapidshare (www.rapidshare.com). The malware, called Trojan-Dropper.Win32.Drooptroop.jpa worried Kaspersky Lab researcher Vicente Diaz because it didn’t appear in the body of the Rapidshare link, and therefore was able to evade traditional security filters.

As more and more companies move their programming duties to these vast remote servers, analysts believe cybercriminals will adapt to the new landscape and develop methods of compromising data in the cloud.

Social Engineering
In December, a social engineering scam spread virally through Twitter, tricking users into believing they had a computer virus, and then persuading them to download antivirus software. Credit: Sophos.com
It’s not entirely new, but social engineering attacks – scams that use psychological manipulation to persuade people to divulge sensitive information or to purchase fake antivirus software -- will continue to be a threat in 2011. Again, it’s a case of danger in numbers.

Those numbers hover somewhere around 500 million, which is the amount of people who use Facebook. Social engineering attacks thrive on Facebook and Twitter because of the enormous pool of potential victims, many of whom are maintaining a constant Facebook connection on their smartphones.

The Nigerian fraud scam is an example of a social engineering attack – the e-mails promised a large sum of money would be sent to people who wired the scammers a small “advance fee,” usually through Western Union.

“Variations on the Nigerian scam continue to exist and work, which seems ridiculous to talk about, but they are ongoing,” said Kaspersky Lab's Baumgartner. “Social networking delivery and social networking related threats, like those abusing Twitter trends, Google’s hot topics and using Facebook and MySpace to deliver links and malware will continue.”

Looking forward to 2011, Baumgartner added that social engineering attacks have become “more convincing, more anonymous, more international and more professionally done.”

A contributing factor to the dangerous efficiency of social engineering attacks is the URL shortener, a program – there are several, including bit.ly and tinyurl.com – that condense long website addresses to better fit the character limits in Twitter and Facebook messages. URL shorteners are seen as dangerous in the cybersecurity world because attackers can use the shortened address to hide malware.
In late December, a computer science student named Ben Schmidt took the URL-shortener danger a step further, when, as a proof-of-concept experiment, he designed what he called the “Evil URL Shortener,” which not only condensed the Web address, but simultaneously launched a DDoS attack against the website of the user’s choice.

“A malicious shortener could essentially take you anywhere it pleased, and the user would be none the wiser,” Schmidt said.

Stuxnet
First detected in June, the Stuxnet computer worm became a hot topic in 2010 – and will continue to be in 2011 – because it upped the ante of what malware can do on a global level.

Stuxnet, a piece of malware that targets computers running Siemens software used in industrial control systems, was found to be deployed to attack Iran’s Bushehr nuclear power plant.

The fact that this malware was sent, presumable by a nation-state as opposed to an individual criminal, heralded a dangerous new landscape of global cyberwarfare, one that researchers believe will continue into 2011.

Similarly, January’s “Aurora” attack launched by China against Google and 34 other high-profile companies, was of such a sophisticated nature that “it’s totally changing the threat model,” said Dmitri Alperovitch, vice president of threat research for McAfee.

As protesters flex their digital muscles, companies seek to increase their productivity by looking to the clouds, and Facebook continues its reign of social supremacy, 2011 could be a banner year for cybersecurity. Who will be holding the pennant is anyone’s guess.
Newscribe : get free news in real time

    Wednesday, 29 December 2010

    The New Asian Hemisphere



    Kishore Mahbubani was appointed Dean of the Lee Kuan Yew School of Public Policy on August 16, 2004 after having served 33 years in the Singapore Foreign Service.

    His new book, The New Asian Hemisphere: the Irresistible Shift of Global Power to the East, was published in 2008. The premise of this book is simple: If representative democracy is the best known form of governmance for nations, then it's also the best form for the world. His book sends one message to the West: Please give up in dominating the world.



    Moderator: Yang Rui

    Moderator: Yang Rui



    In law, West is not really best

    Reflecting on the law, By Shad Saleem Faruqi



    While most of our law books draw from ‘wisdom’ from the West, there is much about jurisprudence to be learnt from the great Asian civilisations.

    WITH the end of the year drawing nigh, thoughts turn to the state of legal education in this country.

    Many advances have been made since the inception of the first local law programme at the University of Malaya in 1972. However, some debilitating drawbacks remain. Legal education in this country is too profession-oriented and not sufficiently people-oriented.

    It is text-book based rather than experience-based. It is too West-centric. Only the last issue will be addressed in this article.

    Course content: Despite 38 years of experimentation, the structure and content of our courses, the choice of core subjects, the categories of thought, the fundamentals, the methods of analysis and research, the history of each subject, the books and the icons all remain Western.

    Legal education today is as much a colonial construct as it was during the days of the raj.

    Yusef Progler points out that most university courses in Asia follow a similar trajectory. We first identify the great white European or American men of each discipline and then drill their theories and practices as if these were universal.

    Centuries of enlightenment in Japan, China, India, Persia and the Middle East is totally ignored.

    It is as if all things good and wholesome and all great ideas originated in the crucible of Western civilisation and the East was, and is, an intellectual desert.

    > Jurisprudence: In legal philosophy, for example, a book on American or English legal thought is referred to as “jurisprudence”. In contrast, a book on Islamic, Chinese or Hindu legal thought is described with the prefix “Islamic”, “Chinese” or “Hindu” jurisprudence. The assumption is that Western ideas are universal whereas ours are merely parochial.

    A typical course on jurisprudence in a Malaysian university begins with Plato, Aristotle, Locke, Austin, Bentham, Hart, Kelsen, Pound, Weber, Ehrlich, Durkheim, Marx, Olivecrona etc.

    Titles written by scholars and thinkers from Asia, South America and Africa are nowhere to be found.
    The Mahabharata, the Arthashastra, the Book of Mencius, Analects of Confucius and the treatises of Ibn Khaldun, Ghazali, Ibn Rushd, Mulla Sadra, Jose Rizal, Benoy Kumar Sarkar, Yanagita Kunio and Naquib al-Attas do not appear in our syllabi.

    In Austinian fashion, the concept of law is tied to the commands of the political sovereign even though most Asians and Africans feel the pull of religion and custom and regard them as part of the majestic network and seamless web of the law.

    > Categories of law: The rigid compartmentalisation of knowledge developed in Europe in the 19th century is preserved. As in the West, we separate law from morality, public law from private law and crime from tort even though such artificial dichotomies are alien to our traditions and are often impediments to justice.

    In most Asian and Middle Eastern systems, morality is legalised and legality is moralised. The law of crime is also the law of tort. Law relating to rights and duties applies equally in public and private spheres. Such a holistic approach has positive implications for human rights.

    > Public law: Generations of students are uncritically led to believe that the seeds of constitutional and administrative law were planted in Europe and North America by such historical documents as the Magna Carta 1215, Declaration of the Rights of Man and the Citizen 1789 and the United States Declaration of Independence 1776.

    What is ignored is that the ideas of limited government and constitutionalism were born in the religious doctrines of the East.

    Taking Islam as an example, we can point to the fact that the denial of state sovereignty in Islamic jurisprudence preceded Locke’s and Rousseau’s idea of the limits on state sovereignty by hundreds of years.

    The idea of government as a trustee is mentioned in the Holy Qur’an (4:58). The citizen’s duty to obey the law is conditional to the duty of the ruler to obey the Creator.

    Locke and Rousseau, Gandhi and Martin Luther King built on this idea to propound the theory of civil disobedience.

    In Islamic theory, political as well as socio-economic rights are given legitimacy.

    Prophet Muhammad’s sermon at Arafat is one of the world’s greatest human rights declarations. More than 1,400 years ago he spoke about liberty and property, racial equality, women’s rights and the ruler’s subjection to the law.

    If his words had been uttered by some Western luminary, they would have adorned the walls of law schools all over the world.

    In the Islamic criminal process there is a legal presumption of innocence. Evidence of agents provocateur cannot be used. Religious tolerance is required and pluralism is permitted (2:256, 109:1-6, 10:99). The concept of shura (3:159) or consultation paves the way for a whole regime of consultative processes.

    Modern principles of administrative law like natural justice and proportionality have their basis in the Holy Qur’an.

    The ombudsman principle attributed to the genius of the Scandinavians was known to Islam through the system of Hisba, the office of the Muhtasib and the existence of Mazalim courts.

    Islam’s concept of the universal ummah is in line with the process of globalisation and the growing movement for international citizenship.

    The subject of alternative dispute resolution parrots a discourse on arbitration, conciliation and mediation and ignores many indigenous or informal institutions and procedures for resolving discord that existed in our history and can be revived.

    The course on Law and Economics studies emerging international protocols but not the clear injunctions in Islam, Christianity, Hinduism and Buddhism on environmental and consumer responsibility.

    > International law: The syllabi of public international law courses fail to mention that long before modern humanitarian law built protection for civilians, non-combatants and prisoners of war, many Eastern systems like Islamic international law had already worked out a set of principles for the conduct of war.

    Some of these principles exceed the standards of the venerated Geneva Conventions.

    Sadly, Malaysian as well as Asian legal education fails to recognise that many of the law’s crowning glories actually originated in the East. Obviously colonialism has left its indelible mark.

    > Call for action: There should, therefore, be a concerted effort to re-educate colonised minds; to revisit our syllabi; to substitute imported mental baggage with our own treasury of thoughts.

    This indigenisation of our syllabi is not meant to shut out the West but to give to our students a bigger picture of knowledge and to increase their choices.

    In the background of pervasive Western intellectual domination, indigenisation would assist a genuine globalisation!

    Academic Boards of Faculties, University Senates and accreditation authorities may wish to go beyond form to the actual content of our syllabi and to insist that our garlands of knowledge must be built with flowers from both Eastern and Western gardens.

    A helpful site for some Third World titles is www.multiworld.org. There is no dearth of scholars from the South who could be co-opted to advise us on how to tackle the problem of educational enslavement.

    The author wishes all readers the blessings of the season and a Happy Gregorian New Year.