Share This

Friday, 31 December 2010

5 Cyberthreats to Watch For in 2011



By Matt Liebowitz, SecurityNewsDaily Staff Writer
 
Keywords like phishing, hacking and malware have become part of the common cybersecurity discourse, familiar to nearly everyone with a computer and an Internet connection. But as we embark on a new year, and our online connectivity increases, there’s a new batch of terms even the most casual computer user should be aware of.

SecurityNewsDaily looked back at the dangers that shocked and scared in 2010, and spoke with cybersecurity experts to get a grip on what threats will emerge in 2011.

Hacktivism

In the second half of 2010, no single topic dominated cybersecurity news more than WikiLeaks. From the initial document leak to the subsequent denial-of-service attacks launched against PayPal, Amazon, MasterCard and Visa, even the least tech-savvy person seemed to have an opinion about WikiLeaks and its founder, Julian Assange.

In a report titled “Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites,” researchers at Harvard University found that several high-profile media and human rights websites fell victim to DDoS attacks in 2010.

Those attacked included blogging platform WordPress, Twitter, and websites for Australian Parliament, the Motion Picture Association of America and the Recording Industry Association of America. The latter two were all struck by the online forum 4Chan for their connection with shutting down the file-sharing service The Pirate Bay. And PayPal and MasterCard were targeted for DDoS attacks in December because they cut off customers from sending money to WikiLeaks).

Security breaches like these have been labeled “hacktivism” -- they are not carried out for financial gain, but because the hackers disagree with the objectives or practices of the targeted sites. Hacktivism attacks such as these are “the future of cyber protests,” PandaLabs researcher Sean-Paul Correll said.

Gadgets and Smartphones
Smartphones and tablet computers give their owners the freedom to stay connected wherever they go. It’s a feature that cybercriminals couldn’t be happier about.

Mobile devices may offer unsuspected vectors for malicious code,” said Don Jackson, director of threat intelligence for the cybersecurity company SecureWorks.

A vector that poses perhaps the most serious threat is online banking transactions done via phone, especially on the iPhone and its iOS.

Patricia Titus, vice president and chief information security officer at Unisys, an information technology firm, summed up the situation.

“Where the money is, that’s where the criminals are going,” Titus told SecurityNewsDaily.

Unfortunately, the adage of safety in numbers doesn’t ring true in the case of cybersecurity.

The massive popularity of the iPhone and other devices running iOS like the iPad mean “the iPhone and the many services hosted on these devices certainly become a more valuable and sought-after target,” said Kurt Baumgartner, senior malware researcher at Kaspersky Lab.

Even Internet-connected gaming systems such as the Xbox aren’t invulnerable to corruption, Jackson told SecurityNewsDaily. Any device, especially those with USB-storage capabilities, can be employed by criminals to access information or infect systems with corrupted software.

The Cloud
It’s up there, floating above you. It's adding a huge level of convenience to everyday computing, with remote servers handling processing and data storage duties traditionally conducted by personal computers.
But the forecast could turn gloomy.

A piece of malware was recently detected in the cloud-based file-sharing service Rapidshare (www.rapidshare.com). The malware, called Trojan-Dropper.Win32.Drooptroop.jpa worried Kaspersky Lab researcher Vicente Diaz because it didn’t appear in the body of the Rapidshare link, and therefore was able to evade traditional security filters.

As more and more companies move their programming duties to these vast remote servers, analysts believe cybercriminals will adapt to the new landscape and develop methods of compromising data in the cloud.

Social Engineering
In December, a social engineering scam spread virally through Twitter, tricking users into believing they had a computer virus, and then persuading them to download antivirus software. Credit: Sophos.com
It’s not entirely new, but social engineering attacks – scams that use psychological manipulation to persuade people to divulge sensitive information or to purchase fake antivirus software -- will continue to be a threat in 2011. Again, it’s a case of danger in numbers.

Those numbers hover somewhere around 500 million, which is the amount of people who use Facebook. Social engineering attacks thrive on Facebook and Twitter because of the enormous pool of potential victims, many of whom are maintaining a constant Facebook connection on their smartphones.

The Nigerian fraud scam is an example of a social engineering attack – the e-mails promised a large sum of money would be sent to people who wired the scammers a small “advance fee,” usually through Western Union.

“Variations on the Nigerian scam continue to exist and work, which seems ridiculous to talk about, but they are ongoing,” said Kaspersky Lab's Baumgartner. “Social networking delivery and social networking related threats, like those abusing Twitter trends, Google’s hot topics and using Facebook and MySpace to deliver links and malware will continue.”

Looking forward to 2011, Baumgartner added that social engineering attacks have become “more convincing, more anonymous, more international and more professionally done.”

A contributing factor to the dangerous efficiency of social engineering attacks is the URL shortener, a program – there are several, including bit.ly and tinyurl.com – that condense long website addresses to better fit the character limits in Twitter and Facebook messages. URL shorteners are seen as dangerous in the cybersecurity world because attackers can use the shortened address to hide malware.
In late December, a computer science student named Ben Schmidt took the URL-shortener danger a step further, when, as a proof-of-concept experiment, he designed what he called the “Evil URL Shortener,” which not only condensed the Web address, but simultaneously launched a DDoS attack against the website of the user’s choice.

“A malicious shortener could essentially take you anywhere it pleased, and the user would be none the wiser,” Schmidt said.

Stuxnet
First detected in June, the Stuxnet computer worm became a hot topic in 2010 – and will continue to be in 2011 – because it upped the ante of what malware can do on a global level.

Stuxnet, a piece of malware that targets computers running Siemens software used in industrial control systems, was found to be deployed to attack Iran’s Bushehr nuclear power plant.

The fact that this malware was sent, presumable by a nation-state as opposed to an individual criminal, heralded a dangerous new landscape of global cyberwarfare, one that researchers believe will continue into 2011.

Similarly, January’s “Aurora” attack launched by China against Google and 34 other high-profile companies, was of such a sophisticated nature that “it’s totally changing the threat model,” said Dmitri Alperovitch, vice president of threat research for McAfee.

As protesters flex their digital muscles, companies seek to increase their productivity by looking to the clouds, and Facebook continues its reign of social supremacy, 2011 could be a banner year for cybersecurity. Who will be holding the pennant is anyone’s guess.
Newscribe : get free news in real time

    Wednesday, 29 December 2010

    The New Asian Hemisphere



    Kishore Mahbubani was appointed Dean of the Lee Kuan Yew School of Public Policy on August 16, 2004 after having served 33 years in the Singapore Foreign Service.

    His new book, The New Asian Hemisphere: the Irresistible Shift of Global Power to the East, was published in 2008. The premise of this book is simple: If representative democracy is the best known form of governmance for nations, then it's also the best form for the world. His book sends one message to the West: Please give up in dominating the world.



    Moderator: Yang Rui

    Moderator: Yang Rui



    In law, West is not really best

    Reflecting on the law, By Shad Saleem Faruqi



    While most of our law books draw from ‘wisdom’ from the West, there is much about jurisprudence to be learnt from the great Asian civilisations.

    WITH the end of the year drawing nigh, thoughts turn to the state of legal education in this country.

    Many advances have been made since the inception of the first local law programme at the University of Malaya in 1972. However, some debilitating drawbacks remain. Legal education in this country is too profession-oriented and not sufficiently people-oriented.

    It is text-book based rather than experience-based. It is too West-centric. Only the last issue will be addressed in this article.

    Course content: Despite 38 years of experimentation, the structure and content of our courses, the choice of core subjects, the categories of thought, the fundamentals, the methods of analysis and research, the history of each subject, the books and the icons all remain Western.

    Legal education today is as much a colonial construct as it was during the days of the raj.

    Yusef Progler points out that most university courses in Asia follow a similar trajectory. We first identify the great white European or American men of each discipline and then drill their theories and practices as if these were universal.

    Centuries of enlightenment in Japan, China, India, Persia and the Middle East is totally ignored.

    It is as if all things good and wholesome and all great ideas originated in the crucible of Western civilisation and the East was, and is, an intellectual desert.

    > Jurisprudence: In legal philosophy, for example, a book on American or English legal thought is referred to as “jurisprudence”. In contrast, a book on Islamic, Chinese or Hindu legal thought is described with the prefix “Islamic”, “Chinese” or “Hindu” jurisprudence. The assumption is that Western ideas are universal whereas ours are merely parochial.

    A typical course on jurisprudence in a Malaysian university begins with Plato, Aristotle, Locke, Austin, Bentham, Hart, Kelsen, Pound, Weber, Ehrlich, Durkheim, Marx, Olivecrona etc.

    Titles written by scholars and thinkers from Asia, South America and Africa are nowhere to be found.
    The Mahabharata, the Arthashastra, the Book of Mencius, Analects of Confucius and the treatises of Ibn Khaldun, Ghazali, Ibn Rushd, Mulla Sadra, Jose Rizal, Benoy Kumar Sarkar, Yanagita Kunio and Naquib al-Attas do not appear in our syllabi.

    In Austinian fashion, the concept of law is tied to the commands of the political sovereign even though most Asians and Africans feel the pull of religion and custom and regard them as part of the majestic network and seamless web of the law.

    > Categories of law: The rigid compartmentalisation of knowledge developed in Europe in the 19th century is preserved. As in the West, we separate law from morality, public law from private law and crime from tort even though such artificial dichotomies are alien to our traditions and are often impediments to justice.

    In most Asian and Middle Eastern systems, morality is legalised and legality is moralised. The law of crime is also the law of tort. Law relating to rights and duties applies equally in public and private spheres. Such a holistic approach has positive implications for human rights.

    > Public law: Generations of students are uncritically led to believe that the seeds of constitutional and administrative law were planted in Europe and North America by such historical documents as the Magna Carta 1215, Declaration of the Rights of Man and the Citizen 1789 and the United States Declaration of Independence 1776.

    What is ignored is that the ideas of limited government and constitutionalism were born in the religious doctrines of the East.

    Taking Islam as an example, we can point to the fact that the denial of state sovereignty in Islamic jurisprudence preceded Locke’s and Rousseau’s idea of the limits on state sovereignty by hundreds of years.

    The idea of government as a trustee is mentioned in the Holy Qur’an (4:58). The citizen’s duty to obey the law is conditional to the duty of the ruler to obey the Creator.

    Locke and Rousseau, Gandhi and Martin Luther King built on this idea to propound the theory of civil disobedience.

    In Islamic theory, political as well as socio-economic rights are given legitimacy.

    Prophet Muhammad’s sermon at Arafat is one of the world’s greatest human rights declarations. More than 1,400 years ago he spoke about liberty and property, racial equality, women’s rights and the ruler’s subjection to the law.

    If his words had been uttered by some Western luminary, they would have adorned the walls of law schools all over the world.

    In the Islamic criminal process there is a legal presumption of innocence. Evidence of agents provocateur cannot be used. Religious tolerance is required and pluralism is permitted (2:256, 109:1-6, 10:99). The concept of shura (3:159) or consultation paves the way for a whole regime of consultative processes.

    Modern principles of administrative law like natural justice and proportionality have their basis in the Holy Qur’an.

    The ombudsman principle attributed to the genius of the Scandinavians was known to Islam through the system of Hisba, the office of the Muhtasib and the existence of Mazalim courts.

    Islam’s concept of the universal ummah is in line with the process of globalisation and the growing movement for international citizenship.

    The subject of alternative dispute resolution parrots a discourse on arbitration, conciliation and mediation and ignores many indigenous or informal institutions and procedures for resolving discord that existed in our history and can be revived.

    The course on Law and Economics studies emerging international protocols but not the clear injunctions in Islam, Christianity, Hinduism and Buddhism on environmental and consumer responsibility.

    > International law: The syllabi of public international law courses fail to mention that long before modern humanitarian law built protection for civilians, non-combatants and prisoners of war, many Eastern systems like Islamic international law had already worked out a set of principles for the conduct of war.

    Some of these principles exceed the standards of the venerated Geneva Conventions.

    Sadly, Malaysian as well as Asian legal education fails to recognise that many of the law’s crowning glories actually originated in the East. Obviously colonialism has left its indelible mark.

    > Call for action: There should, therefore, be a concerted effort to re-educate colonised minds; to revisit our syllabi; to substitute imported mental baggage with our own treasury of thoughts.

    This indigenisation of our syllabi is not meant to shut out the West but to give to our students a bigger picture of knowledge and to increase their choices.

    In the background of pervasive Western intellectual domination, indigenisation would assist a genuine globalisation!

    Academic Boards of Faculties, University Senates and accreditation authorities may wish to go beyond form to the actual content of our syllabi and to insist that our garlands of knowledge must be built with flowers from both Eastern and Western gardens.

    A helpful site for some Third World titles is www.multiworld.org. There is no dearth of scholars from the South who could be co-opted to advise us on how to tackle the problem of educational enslavement.

    The author wishes all readers the blessings of the season and a Happy Gregorian New Year.

    Tuesday, 28 December 2010

    A positive surprise from Malaysia?

    M'sia may turn out to be the biggest economic surprise in Asia

    Singular Vision - By Teoh Kok Lin



    MALAYSIA is blessed. We sit on a great location in Asia; in a geographically peaceful, fertile land with abundant natural resources.

    We are a multi-cultural, multi-lingual and multi-talented nation. We have a well-trained workforce and also modern infrastructure in place. We also know there is an urgent need to quickly improve existing infrastructure; such as with better mass rapid transit in Kuala Lumpur, faster Internet broadband across the country and an improving education system for the population, among others.

    Malaysia's good economic prospect was never in question; it is how Malaysia goes about fulfilling its good potential that has been in doubt.

    Today, in general, expectations for Malaysia to outperform economically are not that high however, I personally feel Malaysia could potentially spring the biggest economic surprise in Asia.

    Here are four reasons why:

    First and second are closely linked. I believe the country's governance and economy could potentially improve substantially with both the Government Transformation Plan (GTP) and Economic Transformation Programme (ETP) now off the ground and running. While their successful implementation depends critically on political will and the determination of all Malaysians to work together, there has been gathering momentum and some early signs of success.

    In the GTP for example, efforts to improve urban transportation quickly transformed into decisions to invest an estimated RM36bil in the mass rapid transit (MRT) system for “Greater KL” which is scheduled to start work by July 2011.

    If completed successfully with an open tender system and full transparency as proposed, it will also speak volumes for good governance.

    Similarly, reducing crimes and fighting corruption are two areas of GTP showing early results. Pemandu and the Home Ministry said in December that street crimes in the country were down by almost 40%, with certain parts of KL experiencing 47% reduction. The Government plans to continue rolling out new initiatives for crime prevention next year.

    And in fighting corruption, we see many more prominent corruption cases being bought up to the courts this year.

    Second, under ETP, both the New Economic Model and National Key Economic Areas crucially focus on lifting working Malaysians to a higher income level by attracting best-of-the best industries to operate in Malaysia creating high quality employment and income.

    This model is to help get us out of the “middle income trap”. Malaysia needs to move up the value chain as China, India, Indonesia and Vietnam have been out-competing us in our traditional areas of expertise in labour intensive and other export and contract manufacturing industries.

    Wages and employment income of a nation's working population is the real measure of a nation's wealth. It is therefore more critical to create higher income jobs, professions and enterprises as a means to address any social inequality.

    To quote the New Economic Model concluding part (Dec 3, 2010) executive summary chapter six, “After all, before wealth is to be distributed it must first be sustainably generated”. It is hoped that the focus will be on expanding the economic pie rather than how to split an existing pie.

    Third, while liberalisation increases competition domestically, it also encourages Malaysian companies to venture out and become regional champions. Khazanah, for example, has been fairly successful at transforming Malaysia's government-linked companies into regional champions such as with CIMB and Axiata.

    There are many factors to Khazanah's success but one key secret I believe is that for many years, Khazanah has been hiring and paying for top talents from the financial, consulting and banking industries both locally and from abroad.

    I personally have visited successful Khazanah-owned companies such as CIMB Niaga, the Indonesian subsidiaries of CIMB and XL, the Indonesian subsidiary of Axiata. A common thread I noticed is they are well integrated with local culture, they hire the best talents and they are meritocracy-based.

    Meritocracy is also part of the foundation for a civil society where talents can come from any nation and be any race, all working to attain high level of accomplishments.

    Finally, Malaysia is again fortunate to be a trading nation sitting in the middle of an economically-vibrant Asia. To our right is India, a market with one billion population and an economy that is just starting to take off after more than 10 years of reforms; to the far north of us sits China, the second-largest economy in the world with 1.3 billion people and the new economic engine of the world; and to the south of us lies Indonesia, 300 million strong of increasingly vibrant and wealthier consumers.

    Malaysia enjoys good relations with all these major economies and should take full advantage of many economic opportunities in these coming years.

    With China for example, Malaysia is not only one of China's largest trading partners (total trade was about US$52bil in 2009) but China is now increasingly funding Malaysian infrastructure projects such as for the Second Penang Bridge (US$800mil) and likely more projects in the future.

    The potential inflows of large direct investments from China and other Asian countries can also be a very important component to boost our economic growth.

    What we do with our advantages and opportunities will determine if we are a successful nation or not. I personally think Malaysia's government today is getting some of our priorities right in theory with these transformation programmes, I hope we put these plans into good practice.

    Some direct or portfolio investors may still be sceptical but the increasing contributions by these programmes to Malaysia's economic growth are quite clear to me. In addition, good governance will attract more talents and investors to our shores, and will likely give an added boost to Malaysia's capital and equity markets.
    I, for one, am certainly more optimistic and hopeful than before.

    Teoh Kok Lin is the founder and chief investment officer of Singular Asset Management Sdn Bhd