For most people who spend a lot of time online, impulsively typing queries into a search engine has become second nature.

Got a nasty infection in an embarrassing spot? Look up a treatment on your favorite search site. Obsessing about an ex? Try Googling his or her name. Chances are the queries will unearth some enlightening information.

But while search engines are quite upfront about sharing their knowledge on topics you enter in the query box, it's not so clear what they know about you. As operators of the most popular search engines roll out more services that require user registration, industry observers and privacy advocates say it's become more feasible to associate a particular query with an individual.

"You should think about what you put in that search box, because it may not be as anonymous as you think," said Danny Sullivan, editor of SearchEngineWatch.com.

It has long been standard practice, Sullivan noted, for search sites to employ cookies, which track activity on a computer's internet browser. But cookies don't identify a person by name. If two people access a site on the same browser, the cookie wouldn't distinguish between them.

However, when people provide personal information to register for services offered by search engine companies, such as free e-mail accounts, news alerts or personalized homepages, they're no longer anonymous.

"When they're working off a cookie, all they know is it's some person, at some computer," Sullivan said. "When you register with Yahoo, then they have personally identifiable information about you. You're a person who's at least told them that you live in a certain place, that you're a certain age, et cetera."

Chris Hoofnagle, West Coast director of the Electronic Privacy Information Center, is particularly wary of Google's growing dominance in search and its expansion into other areas, like its free e-mail service, Gmail, and its social-networking website, orkut.com.

"Many people use Google all day, plus Gmail and orkut," he said. "It will supplant Microsoft as the company that has its finger on the infrastructure of our data."

Another worrisome specter for privacy advocates is Google's use of tracking cookies. According to Hoofnagle, Google's privacy policy still reserves the right to use a single cookie across product lines, including web searches, e-mail and other applications.

Google did not deny that cookies can cross product lines but did not specify how it currently employs the tracking mechanisms.

Daniel Brandt, operator of Google Watch, a site that's critical of Google, says people who are concerned with privacy should be particularly cautious about what records are being kept on their online searches. In many ways, search data is even more valuable than other information sought by marketers, such as shopping records.

"I think I'd rather have a list of someone's search terms for the past 30 days than a list of the books they've read for a year," Brandt said. "It tells what someone is thinking at a particular moment in time. That's very valuable information."

Of course, many people concerned with privacy simply opt to give false information. This strategy can work, except when you lose your password and the site won't supply it until you accurately re-enter your now-forgotten fake name and birthday.

For those worried about having their online activities tracked, search engines offer some reassurance in their posted privacy policies.

Google's policy, for example, maintains that its websites "do not rent or sell your personally identifying information to other companies or individuals, unless we have your consent."

Ask Jeeves says it requests registrants for its member services to provide personalized information "so that we can provide personalized service." The company, which recently agreed to be acquired by the internet firm IAC/InterActive, says it does not share information with unrelated third parties not bound by its privacy policy without consent.

But Jeeves said in a written statement that it is "too soon to be able to discuss how Ask Jeeves' privacy policy might be affected in the acquisition by IAC, as the transaction is not yet complete." The search company said it intends to continue using its current policy, which is certified by the TRUSTe Privacy Seal Program.

Yahoo also assures that it does not rent, sell or share personal data with nonaffiliated companies without users' consent (except in a few exceptional cases, such as when it receives a subpoena).

However, Yahoo makes clear that it is keeping close tabs on its users internally.

"Once you register with Yahoo and sign in to our services, you are not anonymous to us," its privacy policy states.

Yahoo says it collects personal information when people register with the site and use its products and services. The company says it may combine this information with data from business partners or other companies. It also displays targeted ads based on personal information.

For active online searchers who want to keep their activities as anonymous as possible, Sullivan and Hoofnagle say a few steps can help.

Setting the browser to not accept cookies, Sullivan said, is one option, although it may result in some sites no longer working. Another possibility is to surf the internet using an anonymous IP address, which makes one's movements difficult to track.

Sullivan also recommends logging off free e-mail accounts and other services that require registration when one is not actively using them.

Hoofnagle advises that Google users periodically delete the search engine's tracking cookie. Or, they can set a rule in their cookie file not to permanently accept the Google cookie in the first place.

But Hoofnagle is most emphatic on one point: Stay away from Gmail. While 2 free GB of storage is a tempting offer, it's not worth the trade-off of having e-mail monitored and scanned.

It's advice Hoofnagle would rather give than take, however. In the 12 months since Google unveiled Gmail, Hoofnagle said he and nearly every other privacy advocate he knows has signed up for an account.

Of course, he said, they joined to monitor for invasive privacy practices, not for the 2 gigs of storage.




WickedZone.com

WASHINGTON (AFP) - Computer virus incidents grew 50 percent in 2004 even in the absence of a major new attack, a security survey showed.

The survey by Cybertrust's ICSA Labs found that the frequency of attacks, and costs to businesses affected by those attacks, increased again for the 10th consecutive year.

The survey found a rate of 392 "virus encounters" per 1,000 computers per month last year, up 50 percent from 2003. The amount of infections also increased to a rate of 116 per month.

ICSA said the number of "virus disasters," where 25 or more PCs or servers are infected at the same time in an organization, was up 12 percent from the previous year.

Of the 300 companies responding to the survey, 112 reported a virus disaster, compared with 92 reported in 2003.

The survey found that recovery time and costs from virus attacks rose 25 percent from 2003.

"This survey shows that the malicious code problem worsened, even though 2004 was a year where there were no major worm events, such as Blaster, Sobig, Nachi triumvirate in August of 2003," said Peter Tippett, chief technology officer at Cybertrust.

"While we may be making some progress in reducing the number of virus encounters that become virus infections, the sharp increase in the sheer number of attacks means that the affect on businesses continues to escalate."



WickedZone.com

A third mobile phone virus capable of replicating via MMS messages was discovered. The Mabir worm, which targets Symbian Series 60 phones, is not spreading, but its ability to propagate via Multimedia Messaging Service messages (MMS) gives cause for concern.

Mabir is essentially a variant of the Cabir worm, which spreads only over Bluetooth, with added MMS functionality. An analysis of the worm by anti-virus firm F-Secure suggests that Mabir-A is based on the same source code as Cabir and is likely the product of the same coder.

Mabir-A spreads using Bluetooth using the same routine as early variants of Cabir. When Mabir-A activates it will search for the first Bluetooth phone it finds, and start sending copies of itself to that phone.

The MMS spreading function of Mabir-A uses a new social engineering technique. Instead of just reading all phone numbers from the local address book (as with an earlier mobile virus called A virus called Commwarrior-A), Mabir-A replies an infected MMS message in REPLY to any SMS or MMS messages sent to an infected phone.

MMS messages are text messages that include an image, audio or video. They are sent from one phone to another or via email.



WickedZone.com

By Matt Hines
Staff Writer, CNET News.com


update When Jimmy Kuo gave his 13-year-old daughter permission to begin using America Online's AIM Express, he warned her that if she managed to download any viruses, the result would be no IM for a long, long time.

Of course, since Kuo is a research fellow at IT security specialist McAfee, he's significantly better informed about the risks of instant messaging than the average parent. Because teenagers as a group are among the most active regular users of IM, lax habits at the keyboard on their part could result in a serious problem, Kuo said.

At the heart of the matter is the growing number of IM-borne threats, most of which rely for their proliferation on ignorance of their existence among users and IT administrators.
News.context

What's new:
Rapid development in the sophistication and frequency of IM-borne attacks is almost guaranteed, security industry experts say.

Bottom line:
Experts agree that all IM users--whether on a home computer or a corporate network--need more education in how to protect themselves.

"I sat her down and made her read ..........

Continued Here.



WickedZone.com

By Ed Oswald, BetaNews

Microsoft praised Florida Attorney General Charlie Crist on Monday over his work to attempt to stop two Tampa residents from sending spam. According to the lawsuit, Scott J. Filary and Donald E. Townsend are being accused of running a fake e-mail business and sending some 65,000 spam e-mails over the past year.

Microsoft had been working with Florida officials since November of last year to attempt to shut the operations of the two men down.

The spam messages ranged in topics from prescription drug sales to illegal downloads of copyrighted movies. The e-mails pointed to about 75 different Web sites that were part of the scam.

"We're convinced that strong actions like those being taken today by the Florida attorney general will help make illegal spam a thing of the past," said Nancy Anderson, Microsoft Vice President and Deputy General Counsel. "We're happy to help and delighted this strong action is being taken to protect consumers."

The case is not the company's first attempt to combat spam; in recent months, Microsoft has become very aggressive in using legal measures to stop the ever-increasing amount of junk e-mail on the Internet.

Monday's lawsuit, however, is different from many of the suits that Microsoft has been filing against bulk-mailers - most have been "John Doe" lawsuits, where the identity of the defendant is not immediately known. Last Thursday, Microsoft announced it had filed 117 lawsuits against alleged phishers using this method.

Previously, Microsoft had successfully brought legal action against spammers in Washington State, New York and Texas.




WickedZone.com

The flaws could allow attacks to crash systems using the software

Security software company Symantec Corp. acknowledged that software flaws in some of its antivirus products could allow malicious hackers to use denial-of-service (DOS) attacks to crash systems running the software, disrupting automatic protection features.

On Monday, the company posted a notice on its Web page that described two DOS vulnerabilities in the 2004 and 2005 editions of Symantec Norton AntiVirus, Norton Internet Security and Norton System Works. The company has patched the holes and distributed software updates to users of the LiveUpdate automatic update service. However, systems that are not patched could be susceptible to remote attack through e-mail or the Web, Symantec said.

The holes were discovered by security researchers in Japan. In one case, the Information-Technology Promotion Agency, Japan (IPA) discovered a problem on systems running Norton AntiVirus 2005 with the Auto-Protect and SmartScan features enabled. Auto-Protect is a feature that scans files sent from the Internet, removable disks or e-mail attachments and looks for viruses, Trojan horse programs and other malicious code. SmartScan allows Norton AntiVirus to quickly scan specific types of files often associated with malicious code, such as .exe and .doc files.

With SmartScan enabled, researchers at IPA found that renaming a file on a shared network folder can cause the system running Norton AntiVirus to crash.

In a second issue reported by the Japan Computer Emergency Response Team, machines running Norton AntiVirus 2004 and 2005 crashed when Auto-Protect scanned a specific type of file that Symantec declined to identify.

Symantec rated the two holes "low" risks and said the company is unaware of any adverse customer impact from the vulnerabilities. Still, customers were advised to run LiveUpdate for any affected products until all available product updates are downloaded and installed.

The news comes amid numerous reports of flaws in antivirus products, which many Internet users rely on as protection against hackers, worms and viruses.

In February, Symantec issued patches to fix a high-impact hole that affected almost its entire product line. The hole, which was discovered by Internet Security Systems Inc. (ISS), affected the DEC2EXE module in the Symantec AntiVirus Library, a part of the company's virus detection engine. The vulnerability could allow a remote attacker to use vulnerable Symantec products to get unauthorized access to a network or its client PCs, ISS warned.

On March 17, ISS issued another warning about a remotely exploitable hole in antivirus technology from Symantec's chief competitor, McAfee Inc. In that case, ISS said a stack-based buffer overflow affecting nearly all versions of VirusScan could be exploited by remote attackers without requiring them to log in to affected systems to launch an attack.



WickedZone.com

By Team Register

US banking tegulators, the Federal Reserve Board of Governors and so-called "thrift institution" regulators, have instructed banks to develop procedures to promptly advise federal officials and customers of suspected cases of identity theft. This growing type of fraud costs consumers millions, even billions of pounds - the true figure is unknown. In the USA, based on 2002 figures, bank identity theft costs businesses US$50bn and consumers over US$5bn, according to USA official estimates.

The US banking regulators are instructing banks to create procedures to respond to and address security breaches that involve sensitive customer information. These are to include procedures "to notify customers about unauthorised activity that might cause 'substantial harm' to them. If the bank determines that misuse of its information about a customer has occurred or is reasonably possible, it should notify the affected customer as soon as possible ...". The objective is that banks act with vigilance and speed where customer information had been stolen or lost. Banks may delay notification if that would interfere with a criminal investigation but they must still notify their primary federal regulator of suspected identity fraud, even if customers are not advised.

Most identity theft arises from loss or theft of data, not only, or even necessarily, from the banks themselves. Banks have historically shared data with third parties. Banks sell, share and exchange data and data components with a wide range of organisations, including other banks, credit card and credit rating agencies. Some of these transactions are conducted through data brokers. Once the information is legitimately in the hands of third parties, should those third parties advise the banks if loss or theft of data occurs? Unless they are banking or financial institutions, third parties are unlikely to be regulated.

Perhaps there should be greater restrictions on exchange or other third party transactions in data from which identity theft may be fabricated? Should credit agencies licensing terms encapsulate more extensive review of their data security procedures? Should data brokers be subject to licensing that in part has a dependency on external evaluation of their data security competencies? As identity theft grows, and public concern escalates, the answer must be a resounding yes!



WickedZone.com

By Jim Hu
Staff Writer, CNET News.com


Cable kings will hold court this weekend in San Francisco for their annual get-together, discussing the state of the industry in the face of changing technologies and consolidation among their competitors.

Like every year, the National Cable & Telecommunications Association's annual convention will mix geek with glitz. Such tech luminaries as Yahoo co-founder Jerry Yang, Cisco CEO John Chambers and Google co-founder Larry Page will share top billing with DreamWorks co-founder Jeffrey Katzenberg and NBC Universal CEO Bob Wright.

Other leaders, including the CEOs of the nation's top cable companies--Comcast, Time Warner Cable, Cox Communications, Adelphia and Cablevision--will be headlining with keynotes and panel discussions. Panels will be moderated by well-known cable news anchors, including CNBC's Ron Insana and Maria Bartiromo, Fox News' Stuart Varney, and CNN's Anderson Cooper.

The real discussions during the show will focus on how new technologies will affect the cable industry. Voice over Internet Protocol, or "VoIP," has become a hot topic for cable companies since last year's show. Time Warner Cable and Cablevision have begun selling voice services that are transmitted digitally over the Internet instead of over a conventional circuit-switched phone line. Comcast, the nation's largest cable company, in January began testing VoIP technology in three markets, and plans to offer it to all of its subscribers this summer.

Wireless will also become an important topic. Since cable companies are trying to maintain their lead against the Baby Bell phone companies in broadband and video, wireless has become a hole that many companies are trying to fill. The Bells currently run the nation's top two cell phone companies--Cingular Wireless and Verizon Wireless--while cable remains a nobody in the business.

That could all change. Earlier this week, Time Warner Cable began offering its subscribers in Kansas City, Mo., cell phone service to test how it can run its own wireless service. Time Warner Cable will not build its own towers, but instead offer its cell phone service using Sprint's network. Cable executives have said that figuring out their role in the wireless business will be a challenge.

For now, cable remains in a comfortable lead in two important areas: broadband and video. But that's not a sure thing--over the past year, the Bells have watched subscriptions to their broadband DSL services, which are less expensive than cable modems, surge. Cable companies have responded to this threat by boosting download speeds to about 4mbps in some markets, while maintaining their more expensive prices.

The move seems to be working--cable's market share lead over DSL has not changed--there is still a margin of nearly 2-to-1.

Not to be outdone, the telephone companies are doubling down on their investment in upgrading their decaying copper wire networks with speedier fiber-optic lines. Verizon Communications and SBC Communications in particular plan to spend billions of dollars on their projects, and later this year will begin offering digital video, faster broadband and voice services over one pipe into homes.

The Bells are also becoming bigger, more formidable competitors. Since the beginning of the year, the two largest Bells, Verizon and SBC, have been planning to get even bigger, with their proposed acquisitions of MCI and AT&T, respectively. To address these events, a number of sessions during the convention will cover wireless and wireline convergence.

The convention will begin Saturday afternoon and conclude on Tuesday.



WickedZone.com

Brad Pitt, Angelina Jolie and Britney Spears are the subjects of a virus scam that is attempting to recruit computers for a denial-of-service attack on Microsoft.

Hackers have released a self-spreading worm, called Ahker-F, that promises salacious movie clips of the celebrities. The e-mails contain text such as: "Watch Angelina Jolie and Brad Pitt cought (sic) on TAPE! SEXY CLIP! WATCH IT!"

Attached to the e-mail is a .Zip file that contains the worm. If opened, the worm spreads to the user's e-mail contacts, disables security settings on the PC, and launches a denial-of-service attack against Microsoft's security update Web site.

"People's appetite for salacious gossip is insatiable, and some may be tempted to run what appear to be pornographic movie files distributed across the Internet," Sophos, a security software company, said in a statement. "However, virus writers have a long history of disguising their malicious code as this kind of content. Everyone should be very careful about what they choose to run on their computer."

The worm also spreads via file-sharing networks, using file names such as PORNO.exe, XXX.exe and Naked Britney.exe.

Sophos said Thursday that only a small number of reports of the worm had been received.



WickedZone.com

Sometimes I come across tools that I just have to share. This one has everything in one program and the interface is easy for even novices. Even if you do not know how to use this or what it's about, atleast try to learn because this is so well worth learning.

IP-Tools includes 15 different utilities to test your system.

IP-Tools offers many TCP/IP utilities in one program. This award-winning program can work under Windows 95/98/ME/NT4.0/2000/XP and is indispensable for anyone who uses the Internet or Intranet (but if you are a network administrator, you should try the powerful network monitor: HostMonitor and program for wireless messaging.)

IP-Tools includes 15 utilities:
- Local Info - examine the local host and show info about processor, memory, Winsock data, etc.
- Connection Monitor - displays information about current TCP,UDP network connections.
- NetBIOS Info - get NetBIOS information about network interfaces (local and remote computers).
- NB Scanner - shared resources scanner.
- Name Scanner - scan all hostnames under range of IP addresses.
- Port Scanner - scan host services (support range of addresses, like 193.15.1.1 - 193.15.3.255).
- Ping Scanner - ping a remote hosts over the network (support range of addresses).
- Trace - trace the route to a remote host over the network.
- WhoIs - obtain information on names from the Network Information Center.
- Finger - finger one or more users at a remote host
- LookUp - look up domain names according to its IP address or an IP address from its domain name.
- GetTime - get time from time servers (and setup correct time on local system).
- Telnet - telnet client.
- IP-Monitor - show in real time graphics for TCP,UDP,ICMP In,Out,Error packets.
- Host Monitor - monitoring the up/down status of selected hosts.




WickedZone.com