Now incorporating 112 Review, Community Safety Review & Military Review

How to avoid on-line manipulation: "Nigeria-letters"

EU Agency ENISA launches "Social Engineering"-report with 5 defence advice to counter fraud threat

Heraklion, Crete, October 2008 - The EU Agency ENISA (The European Network and Information Security Agency) launches a white paper on 'Social Engineering', (i.e. on-line manipulation, through social networks, email, also known as 'Nigeria-letters' or 'advance-fee frauds', instant messaging, or Voice Over Internet Protocols (VoIP). The Agency provides 3 case studies portraying how easy users are manipulated, identifies 5 defence measures and issues a check list, 'LIST', for users to counter social engineering. Finally, the Whitepaper includes an exclusive interview with the world famous security author, speaker, and consultant Kevin Mitnick.

What are the risks of on-line manipulation, or "Social Engineering"? Fraudsters frequently manipulate people and exploit human weaknesses through 'social engineering'. That way, people break their normal security procedures. The scale and sophistication of such fraud is increasing, (27.649/month, Jan.'07-Jan '08, according to APWG). Several new ways are used to reach users (e.g. instant messaging, VoIP, and social networking sites apart from emails). Successful social engineering entails:

1. A convincing pretext for contacting the target,
2. Getting the facts right by research,
3. Timing and exploitation of current events, e.g., the Tsunami event, or a Santa Claus mail around Christmas, with a worm included.
4. Exploit human behaviour and psychology.

Three e-mail based case studies portray how easy it is to trick ordinary users:

- Case 1: 179 respondents assessed 20 messages (11 bogus, and 9 legitimate), and only 42% of the users could correctly classify the mails; (32% were classified incorrectly and 26% as 'do not know'.)
- Case 2: Of 152 targeted end-users within an organisation, 23% were tricked into accepting malware infections.
- Case 3: Over 500 undergraduate students followed embedded links, opened attachments, etc. The rate of failure was 38-50%. The good news is that the failure rate was reduced with training.

The Agency identified 5 defence measures against social engineering. However, the key to success lies in improving users' awareness. Users should use a checklist of questions to verify the Legitimacy, Importance of the Information, the Source and Timing (LIST) (for full checklist see p 25-26 of the report.) Mr Mitnick underpins the report with the claim that it is much easier to trick someone into revealing their password, rather than making an elaborate hack. The Executive Director of ENISA, Mr. Andrea Pirotti, comments: "Making staff and users aware of security is of serious concern for Europe. We should all become more aware and 'responsible on-line EU-citizens', in our own interest of being able to benefit of the Internet safely."

The report has been elaborated with the kind support of the ENISA Awareness Raising Community and is available at: http://enisa.europa.eu/doc/pdf/publications/enisa_whitepaper_social_engineering.pdf

<>
No comments:

"Children on Virtual Worlds" - 25 parental safety tips, report launched by the EU Agency ENISA

The EU Agency ENISA, the European Network and Information Security Network Agency, launches a report on virtual worlds with 25 safety tips for parents on how to make their children behave safely in online virtual worlds.

Heraklion, Crete, 06.10.2008 - Club Penguin, Barbie Girl, Moshi Monsters, Webkinz, etc. Is your child spending hours playing online games? Well, you are not alone. Virtual world sites are now hugely popular and have become a compelling activity for many Internet users. The rate of growth in online social networks, including virtual words for children has risen over the last past years. With more than 100 youth-focused virtual worlds, regulators and parents are struggling to keep pace. It has been estimated that 20 Mn children and tweens will visit virtual worlds by 2011.

Parents are naturally concerned about how their children use and behave in virtual worlds. The biggest concerns is the online safety of children (7 years old and under) and tweens (8-12 years old) and how they can be protected from online predators. Awareness of what children can do online and parental involvement is crucial. Parents should be educated, empowered and engaged to ensure truly positive and valuable experiences for their children, while reinforcing safety online habits in these three-dimensional environments.

The ENISA paper gives 25 safety tips to parents. These tips provide clear and comprehensive tools for parents to decide with their child what is appropriate and safe, to behave responsibly as well as to have fun in virtual worlds. Sample tips range from computer security, to rules, and advice on parents? and children?s education, e.g;

1. Keep the computer in a common room.
2. Set house Internet/mobiles rules if and how to use virtual worlds.
3. When activating a child?s account, always do it using the parent?s email address.
4. Be aware that parental consent should be required to process sensitive personal data, for chat rooms, send unsolicited commercial e-mails, etc.
5. Have children use neutral nicknames, not their real ones.
6. Communicate with your children about their experiences. Encourage them to tell if they feel uncomfortable or threatened online.

For all 25 safety tips, , please read the full report: http://www.enisa.europa.eu/doc/pdf/deliverables/children_on_virtual_worlds.pdf

The Executive Director of ENISA, Mr. Andrea Pirotti remarked: ?It is our responsibility as adults to secure that our children can have both fun and safely enjoy online gaming and virtual worlds?

<>
No comments:
Labels: ,

The identity crisis continues

A government report says the National Identity Scheme will fail if it does not primarily serve the public, including being free to join

by Michael Smith

Sir James Crosby's much delayed review of identity management, commissioned by Gordon Brown when he was still chancellor, was not available at the event in March 2008 where home secretary Jacqui Smith outlined her plans for the National Identity Scheme. That is not surprising: it makes embarrassing reading for the government.

The former HBOS chief executive recommends that the identity scheme should be free to join: it will not be. He thinks it should be run independently, perhaps by Parliament: it is run by a Home Office agency.

Crosby's main point is that the scheme should be so useful and easy that citizens actively want to use it, in the manner of Google. Yet it remains to be seen whether the government is listening. For example, it sounds as if students may have a tough time if they do not enrol, rather than the scheme transforming their lives if they do.

Crosby's report shifts the emphasis of government policy away from identity management and towards identity assurance. It states: "ID assurance meets a clear and growing consumer need, whereas ID management addresses the interests of the owners of any identity database."

He recommends that the scheme should be accountable to Parliament, rather than government; that the amount of centrally held data should be minimised; and that citizens should be able to block reuse of their data except for national security purposes.

The identity scheme's core problem was and is that the government wants it to be two things at once: a security system that stops people from doing things, and a enabling system that helps them.

Crosby believes there is very little common ground, and says that the scheme has to focus on enabling people - even for the purposes of national security, as otherwise citizens will minimise usage as far as possible, providing little data to be trawled.

If the scheme fails, he just got in his "I told you so".

The problem with this hair-brained ID card scheme of this government and that of other EU nations – and forgive if I am wrong but this to me would appear to be in fact a scheme that the European Union is demanding (for better control of all citizens – welcome to 1984) – that the British government and its agencies simply cannot, as is proven day-by-day with the losses of sensitive data, be trusted with the data of the subjects of Her Majesty. Nay, I did not say a wrong thing. Please remember that the British citizen is but a figment of imagination.

However, whichever way, the British government and it agencies and the contractors and sub-contractors used by said agencies has such a dismal record as to data protection that there is just no way, whether the scheme is free to join or compulsory – and I am sure we all remember that we were told in the beginning that it was going to be entirely voluntary (believing this government is not easy) – that no one in their right mind could be prepared to trust his or her data, including and especially biometric information and such, to such agencies.

I also doubt that it would be any different whether the Tories of the Liberal-Democrats would be in charge as to the data problems as the problems do seem to lie with the civil service and the departments rather than with the politicians.

On the other hand, though whether we can believe them or not, both the Tories and the Whigs have promised to get rid of that hair-brained scheme altogether. And pigs might fly, I know, for if this comes from Brussels and the new European Ministry of Security then there is no way that it can be abandoned.

Data can be made secure on a small and a large scale but whether the British government agencies would know how to work hardware encryption is questionable.

© M Smith (Veshengro), September 2008
<>
No comments:

LONDON MULTI-TRADE SHOW GETS FULL INDUSTRY SUPPORT

The industry’s leading trade associations and wholesale groups have renewed their support and participation in the London multi-trade show that now consists of Totally Tools, Totally DIY and the recently launched Totally Secure.

The changes proposed for the 2009 shows by organiser Brintex have won the approval of long-term show supporters, the British Home Enhancement Trade Association (BHETA), Decco, the Federation of British Hand Tool Manufacturers, the Garden Industry Manufacturers’ Association (GIMA), Home Hardware Southwest, MICA Hardware and Toolbank who have all confirmed they will be exhibiting next January. In addition, the British Hardware Federation (BHF), which has had its own stand at the show for the past two years, has confirmed it will be back in 2009.

This year, many members and customers of the various organisations will be offered assistance with travel and refreshment costs, to help promote a visit to the show in January.
This activity, alongside a revamped floor plan which puts new products literally centre stage, the provision of free personalised invitation tickets for exhibitors to use, and a fresh approach to the idea of staging a ‘multi-trade’ show, with the introduction of Totally Secure has met with approval.

Paul Woolley, commercial director of the BHF Group, said, “With over 2,000 hardware members we see the show as a great opportunity to meet up with existing members and recruit for new ones! We’ll be offering new members a 25% discount on membership fees if they sign up at the show.

“In addition, our team from BHF Direct will be on the look out for new lines and products to offer our members – the show provides us with a great opportunity to get direct feedback on new products and our own services. We can cover a lot of ground in three days at the show!”
Simon Bicknell, sales director of Toolbank, whose support was important to the successful launch of Totally Tools four years ago, commented:

“Totally Tools continues to be an important part of our marketing programme and we welcome the initiatives being made by Brintex to add energy and impetus to the show.
“The show is a great platform to update customers on our latest initiatives and plans. We look forward to meeting potential new accounts, and spending time with many existing customers and are pleased to confirm Toolbank's participation in Totally Tools 2009.”

New exhibitors to sign up for the 2009 to date include Aisin Europe, AP Lifting Gear, GT 85, Isotronic Mezger, RKW Leisure, RCD and Tarax Technology. In addition, Brother UK, Saint Gobain Abrasives and Spectra Tool Company are returning to the show after a break last year and DK Tools and Tool Connection are both back at the show having doubled the size of their stands.

“More than ever, retail buyers have to be proactive in their search to find new products to sell on to their customers. Our multi-trade show will be a great sourcing platform for buyers – and should help to stimulate interest and retail sales, which the whole market needs,” said show director James Murray. “Now is the time to proactively sell and to get out and see what companies have to offer!”

This year, to mark the show’s 15th year, a high-level industry conference, addressing the key issues of DIY and home retailing, will take place on the morning of Monday, 19 January. Details of the conference theme and speakers are to be announced shortly.

Current exhibitors for Totally Tools include Abingdon King Dick, Arrow Fastener, Evolution Power Tools, Exakt Precision Tools, KS Tools KWB Tools / Ringwood Agencies, Ledco, Monument Tools, Nilfisk Alto, Northern Wholesale, Rolson Tools, SMC and Valley Industries.

In Totally DIY confirmed exhibitors include Agralan, Bulk Hardware, Centurion Europe, Coo-Var, Crown Paints, Draper Tools, Euro Showers, Everbuild Building Products, Fair & Square, Feed ‘n’ Leave, Gorilla Glue, Group 55, IBP Conex, Initial Monogram, King Cole, Liberon, London & Lancashire Rubber, Mueller Primaflow, Oracstar, Polyvine, Procter Brothers, RB UK, Route 1 Group, Sealey Power Products, STV International, Sycamore UK, Tembe DIY, Tor Coatings, Trollul and Unger Germany.

New show Totally Secure has attracted bookings from Yale Security Products, part of the Assa Abloy Group, Borg Locks, Codringtons, Davenport Burgess, Guardian Lock & Engineering, Henry Squire & Sons, Keyprint, M.A.C Solutions, Master Lock, Sentry Safes, Sterling Locks and Total Product Sales, with more names waiting to be confirmed.

Totally Tools, Totally DIY and Totally Secure will take place 18-20 January 2009 at Earls Court in London. For further details and a full list of current exhibitors please contact show organiser Brintex on 020 7973 6401.

<>
No comments:

Another serious case of data loss in Britain

by Michael Smith (Veshengro)

Home Office loses USB memory stick with data of about 100,000 criminals

The continuing data security breaches and loss of data and laptops containing secret information must, by now, become an embarrassment to the British government, or so at least it should. It is rather time that heads rolled but, alas, that is hardly going to happen.

How, pray, does anyone put data such as that which has just been lost – due to the fact the USB memory stick has been lost – onto a small little USB memory stick unencrypted.

Apparently the private sector contractor working for the British Home Office – the the British Ministry of the Interior – took the data which was, so we are told, encrypted originally, decrypted it and then simply stuck it onto an unsecured memory stick. This is not just being stupid or incompetent, though both attributes certainly also apply, but this is criminal negligence.

As Keith Vaz, Labour MP and chairman of the home affairs select committee, said: “f you hand out memory sticks almost like confetti to companies and ask them to do research for you, then you have to be absolutely certain that the company concerned has put in practice procedures which will be just as robust as the procedures that I hope the government has followed.”

But it is not just private sector contractors to the government that have such a lackadaisical attitude to data security; the government's own departments are, normally, directly, the culprits.

If one does need and want to use portable devices, such as USB memory sticks, then they should at least be hardware encrypted – please note: I said hardware encrypted – and this with very strong credentials. There is no excuse not to use such devices. They are also no longer costing the earth and it certainly should not have anything to do with cost.

If the information can be believed that was given to me then the reason, for instance, that the data from the HMRC office that was sent by courier to London a while back now which was unencrypted on CDs and which were subsequently lost, then it was because the two departments do not have the same encryption program. While we were being told that a junior clerk had simply copied the data onto the disks and send them out, apparently, the reasons are different.

Already, the data should have been encrypted, period, when it was downloaded onto the CDs in that instance. Why is open data held in the first place on computers? The data that is held on the computers systems of whichever government department should already be encrypted and would, hence, when copied to CD or whatever, still be in code. But, apparently, this is not the case.

A spokeswoman for the Home Office said in a public statement that the reason as to why the data was in the hands of a private contractor and why it was downloaded onto a USB memory stick was that the outside company was to conduct a study as to how to provide an improved prosecution of offenders. Further information as to how it happened that this stick was lost, however, was not given.

It might be better if the British government began conducting a proper study as to how to avoid loss of data from government departments, for presently there seems to be a sieve here in operation and no safeguards in place whatsoever. This is not only scandalous; it is criminal.

Shadow Home Secretary Dominic Grieve said that there had been a "massive failure of duty" and I do not think that one can add any more to that. With the exception, perhaps, that it is time that the minister responsible for the Home Office tendered his or her resignation. I say here his or her as I cannot remember whether presently it is a man or a woman that is in charge there. People come and go there too often, in general, and that culture too, probably, has a lot to do with things going missing.

© M Smith (Veshengro), August 2008
<>
No comments:
Labels: , , ,

Legal & General offers Brits ten top security and safety tips in support of National Home Security Week

Legal & General is encouraging Brits, in support of this year’s National Home Security Week, which runs from 23rd to 29th August 2008, to ensure they check their home security and safety. This would appear to be particularly important as a previous Legal & General online survey, ‘Safe as Houses', revealed that although we’re very good at putting home security features in place we’re not so good at checking that they are still working.

Research highlighted that although more than eight in ten, 84%, have smoke alarms in their homes and that almost one in three, 30%, have installed a security alarm, worryingly over 50% admitted that they have never checked their security alarm.

Elaine Parkes, Head of technical services, at Legal & General’s general insurance business commented: “Our research showed that while many Brits have installed security and safety devices to protect their homes, many are not as vigilant as they should be in carrying out regular checks that they actually work.

So, to help prompt people to carry out these important checks we have prepared the following security tips to hopefully encourage more people to make a conscious effort to ensure their homes are safe and secure.

Top ten home security and safety tips
  • Check your burglar alarm works or consider installing one if you don’t have one already. These should be regularly checked in accordance with the installer’s or manufacturer’s recommendations, which normally suggest annually.
  • At least every month check that smoke alarms are clear of any dust and that the batteries are working.
  • Check locks fitted to all accessible windows are in working order, particularly those that may not have been opened for a while.
  • Make sure your shed and any other outbuildings are secure. This may mean replacing any locks that have rusted and repairing or replacing any rotten or damaged window frames.
  • Check trees and shrubs for storm and wind damage so they are not likely to fall on the house and cause any damage.
  • Clean out your kitchen oven extractor hood to remove any oil build up to reduce the risk of fire.
  • Clean tumble dryer filters and exhaust duct and the area under the dryer to reduce risk of fire and flood.
  • Check the roof for any missing tiles or cracks in roofing felt and that the guttering and* drains are undamaged and clear of any debris.
  • Check brickwork for any cracks.
  • Check gutters for any debris collections or animal or wasp nests.
Legal & General has also prepared a special guide, Safeguarding Your Home which outlines in more detail how people may protect and safeguard their home and possessions. The guide is available to download at www.legalandgeneral.com/safeguard

More details on the National Home Security Week are available at http://www.homesecurityweek.co.uk

Source: FD Consumer Dynamics
<>
No comments:

NEW SECURITY SHOW LAUNCHED FOR 2009



Totally Secure, a specialist show for locksmiths and security product resellers, is being launched by Brintex, organisers of the Totally Tools and Totally DIY trade shows.

Totally Secure has been created in partnership with Simon Griffiths, Gary Eckersall and Chris Taylor who are the organisers of the very successful ‘Security Live’ and MLA Manchester Central exhibitions that have previously taken place in the north of England.

Totally Secure will take place alongside Totally Tools and Totally DIY at Earls Court in London next January 18-20th.

Simon Griffiths of Security Live said, “We are very excited at the prospect of working with Brintex to create an interesting and vibrant show at Earls Court, which will encompass a wealth of new and existing products from the market leaders.”

Paul Grinsell, show sales director at Brintex responded: “Simon, Gary and Chris, who are all Master Locksmiths in their own right, have developed a successful show, which we believe will do equally as well in the south, and give a whole new audience of security product resellers the opportunity to catch up with this growing industry sector. In addition, Totally Secure will deliver an in depth security product offer to current visitors to Totally Tools and Totally DIY.”

In its first year, the show aims to have a full range of security product suppliers taking part, covering all types of physical security products, and will encourage them to use the event as a new product launch pad.

Nagib Jiwa is managing director of Keyprint, one of the leading suppliers of keys, locks and related security products in the UK. He is already interested in taking part in the new show, and commented:

“We have exhibited at Totally DIY now for a number of years; it's given us a chance to meet buyers we would not usually be able to call on or meet face to face, as well as a platform to meet some of our southeast-based customers. Now with Totally Secure we can bring a fuller and wider range of our products and services and get in front of the London and southeast locksmiths and resellers. It definitely meets a need.”

Further information on Totally Secure will be available shortly via www.totally-secure.net or from Brintex sales director Paul Grinsell on 020 7973 4734.

Source: The Press Office Ltd
No comments:
Subscribe to: Posts (Atom)