A KINDE OF SPOOFING PROBLEM

A new attack is threatening to increase the potential for attackers to compromise enterprise servers and the critical data on them. Solutions are available, and they will require action by company officers .

“SSLStrip” and related attacks1 were among the highlights of the July 2009 Black Hat show in Las Vegas. Researcher Moxie Marlinspike3 combined a number of separate problems, not all related to SSL, to create a convincing scenario in which users attempting to work with secure web sites were instead sent to malicious fake sites. One of the core problems described by Marlinspike is the ability to embed null characters in the common name field of a certificate, designating a domain name. This can be used to trick software, web browsers.SSLStrip attack could be used against server-server communications with the potential for mass-compromise of confidential data.

This spoofing problem is solved by correct use of Extended Validation (EV) SSL certificates for authentication. Moving certificate-based enterprise authentication to EV SSL would therefore protect an organization against this form of attack.

Posted by Leila Pishro at 9:01 PM 0 comments

KNOWLEDGE OF TRADEMARK

If you are a writer, publisher, web site designer, site owner and if you own, claim to own, use or want to use intellectual property on the Internet, then you must have at least a short but functional knowledge of how the United States trademark, copyright and other laws, as well as various state laws, may apply to you.  There is an intimate relationship among your rights and the rights of others.  At any moment, you may be both a user of other’s protected materials and a creator of your own.  Both they and you deserve to have your intellectual property rights protected.
        In addition to the more traditional logos and designs that are the subject of trademark law, domain names are now also subject to being trademarked if they otherwise qualify as marks.  Indeed, the rules for what may and may not qualify for trademark status are not all that different except that the Internet presents additional issues.

SPOOFING DIMENSIONS

Spoofing is a engage in a profession whereby the user on the internet attempts to hide its IP address to conceal its true identity. Many crackers steal databases of credit cards or other sensitive information.

The concept of IP spoofing, was initially discussed in academic circles in the 1980’s.While the popularity of such cracks has decreased due to the coming to the end of the services they exploited, spoofing can still be used and needs to be addressed by all security administrators.
For example Buffalo Spammer is an infamous spammer who was accused of sending more than 800 million unrequested emails from illegal earth link accounts.
He also stole credit cards and identities to fraudulently by 343 earth link accounts to send shady and unsolicited mails to different people. On long investigation the identity of this spammer was found to be that of Mr. Howard Carmack who sent out millions of emails that included advertisements for computer virus scripts, software for bulk mailing and list of addresses to be used by other spammers. He was arrested in New York.

PRIVACY IN BANK WEBSITE DESIGN

WILD WEST FEEL TO THE INTERNET

Cybersquatting was born by internet.If you aim to type post-gazzette.com,you will find yourself in a site with ticket,hotel and different classification of ads.If you go to this site:whois.com,you can see t is registered to a guy named Brad in Surrey, British Columbia.Brad earn a great amount of money by linkage to ad sites.His web popularity was got by post-gazette.com ,and by those persons such as Techman which is Fumble-fingered .it is is a typosquatting.Domain name was a sort of the wild west,any registration can be accomplished by any one.this kind of activity was announced  illegal under the Anticybersquatting Consumer Protection Act passed by Congress in 1999.

 

CYBERSTORM III

By: Abbas Saghali

Previous cyberstorm  was related to attacks to networks in internet or spread malicious software on different systems in government area.Cyberstorm III is expected to aim attacks against  the underlying control systems of The US  and  their critical infrastructure , dams and systems that protect energy facilities.Philip Reitinger, director of the National Cybersecurity Center at the Department of Homeland Security in the US believed that risk of community and community nations is growing regarding these attacks and global economy seriously address this problem.

PROBLEMATIC ISSUE OF DATA

As the new portable devices such as Mobile phones, Flash memories and Mp3 players are getting more and more popular, a new security threat is showing up in the networks where the employees are bringing such the things to their workplace for their personal use.
Recently two computer scientists from University of Strathclyde, in Glasgow published an article in “International Journal of Electronic Security and Digital Forensics” which shows the illegal usage of these new portable devices in the workplace computing systems. These two researchers are introducing two methods in their article to decrease the numbers of data theft and malwares distribution via these devices into the computer networks.

The main problem with these devices is because of their large capacity and web connectivity capabilities which let even the normal users to carry huge amounts of data in a very small portable device and also can transfer them to internet or send them as email with Wi-Fi.Their suggestion to the organizations is that they should ban these portable devices to be brought to the workplace which contains valuable and confidential information by their employees. But as we know there is no possible way to remove the data leakage in the workplace completely.
sciencedaily