Safer Internet Day 2007 Blogathon

Living and learning internationally via the Internet certainly provides the means to learn from one another on educational topics that are vital to ensuring healthy learning environments. One of the most valuable facets of this type of global sharing is the ability for some areas of the world to preview the rise of new technologies, their associated issues, and subsequent solutions, as these technologies are adopted and spread throughout. For example, when it comes to the rapid advancement of cyber communication tools, there is a real need to learn from those who have already experienced the “latest and greatest”, and collaborate on ways to address the negative consequences that arise. Unfortunately growing safety and responsible use issues are sometimes overwhelming, and in our attempt to address each one comprehensively, basic foundational structuring of new policies is often overlooked. As schools in the U.S. deal with growing problems stemming from advancements in cyber technologies, there has been renewed interest among educators in updating the Acceptable Use Policy (AUP) to cover newly emerging issues and to provide each student with a meaningful document to learn from.

What is an AUP? It is a written agreement that outlines the terms and conditions of Internet use at school. It sets the rules of online behavior, privileges, and appropriate uses, and it covers the consequences or penalties when these terms are violated. Students, parents, and teachers usually sign it—and all should know that it will be kept on file and used as a legal and binding document (in the U.S). However, it should be used as more than a legal document to keep students in line online. It should be used as the very basis for teaching safety and responsible use.

Continue reading "USA: Crossing Borders - Acceptable Use Policies around the World" »

Posted by i-Safe at 06:00 PM | Permalink | Comments (1)

This day shows impressively what the nature of the internet is like. The whole wide world one mouse click away. This posting is embedded in news from Greece, Thailand, Taiwan, Lithuania... and many more. The world wide and open character leads to one fact: the net offers all the good things but all the bad things, too. This is why we at AOL put big efforts in internet security.

In 2005 we founded the “AOL Sicherheitsrat” here in Germany. This safety & security council is an autonomous advisory board set up to improve our work on safety & security issues and then share the findings. By this we are a lighthouse in terms of internet safety & security. On Dec 18th 2006 the council made it’s first public report. The board was working on ideas for a safer internet for children, protection against accusable content and matters injuring the human dignity. It also discussed copyright issues, privacy and data protection to name a few.
You can download the whole report (in German) here.

With AOL we are now combining our forces to offer great content and services. But as I said: being the lighthouse in terms of internet safety & security is our mission and we are on a good way!
Last but not least we will give you this two links to an online quiz game, set up by Klicksafe, an initiative in which we are partners, and AOL:
Klicksafe
AOL

Posted by Klicksafe.de at 05:35 PM | Permalink

We want to thanks to the authorities of Insafe, especially to Mrs. Janice Richardson for the opportunity in participating in this Safer Internet Day.

In the same way that we join the oceans and the continents, this time, our Republic has the opportunity to check hands virtually with the entire planet, all , under the same concept, creating a better and safer Internet free of harmful contents that do not contribute to the education and to the knowledge.

Adolescents are capable of using the sophisticated research resources of the Internet, accessing everything from the United States Library of Congress's collection of magazines and newspapers to letters and archives from around the world.

Just as most teenagers are interested in chatting on the phone, many will want to be involved in chatting online. However, these areas are often the playgrounds of paedophiles, criminals, and unscrupulous marketers who may target your child.

We are concerned, we want to help for a better and safer Internet, but without parents help, teachers and government agencies, can be very difficult.

Panama has the political will, for which we understand that together we can, together we can do it

Lic. Martín H. Trabucco
Safer Net Panamá Foundation
President

Official Safer Day 2007

http://www.innovacion.gob.pa/safernet2007/gacetilla.php

Official Activities Program

http://www.innovacion.gob.pa/safernet2007/conferencia.php

WHAT PANAMA HAS TO SAY ABOUT........

1) The infantile pornography in Internet is a phenomenon that affects all of us.

Do you think that the paedophiles should be exhibited publicly?

2) Internet is a constant advance in technologies and provides to us the freedom of being able to interact without borders.

Do you think that the Internet providers should have major control and/or filters to prevent the contents of infantile pornography from gaining access publicly?

3) The prevention begins in each of our homes.

In addition to the actions that the National Government takes forward, Do you supervise your childrens when they are connected to Internet?

4) Actions that the government should take forward.

According to your opinion: what would be the actions that the government should take forward, to attend of the best way to this problem?

5) Principal risks that Internet presents for our children.

To your understanding: what are the principal risks that Internet presents for our children?

Conference

Short news item

Posted by Safer Net Foundation at 05:00 PM | Permalink | Comments (17)

EU Kids Online (see www.eukidsonline.net)

A new project launched today [6th Feb 2007] promises to give a picture of children's internet use across Europe, reporting on all available research on use, risk and safety issues for children, young people and their families.

EU Kids Online is the first systematic European comparison of research on children and young people’s experience of the Internet and online technologies. It is funded by the EC Safer Internet Plus Programme.

Professor Sonia Livingstone, director of EU Kids Online, based at the London School of Economics and Political Science (LSE), said: “There is a growing body of research showing that the internet can be risky for children and teenagers, though it also has lots of benefits. Compared with other European countries, British parents are aware of this, but they still need more guidance, especially as they don’t always know what their children are up to and because the risks themselves are changing all the time.”

Dr Leslie Haddon, co-director of EU Kids Online at LSE, said: “In this project, we are collecting all the research findings across Europe on this important topic in one place, so we can begin to compare findings across countries. But so far, this makes it obvious that a lot more research is needed”.

What does the research show?

By comparing available research in 18 countries, over 200 separate projects have been identified and linked to a publicly searchable repository (see www.eukidsonline.net). This provides a new and valuable resource for researchers, policy makers and the public. Research highlights include:

The 2006 Eurobarometer survey shows large variation across countries:
* 18% European parents/carers believe their child (under 18) has encountered harmful or illegal content on the internet.
* British parents are less likely to believe this than parents in Denmark, the Netherlands or Sweden, or those in Poland or Slovenia – possibly those most advanced in and those newest to the internet have the greatest concerns.
* From comparing three very different countries, it seems British parents claim to regulate their children’s use of Internet more: 62% of UK parents have rules about not giving out personal information online, but only 35% of Polish parents and 14% of Portuguese parents do so.
* Paradoxically, UK parents also seem to have more confidence in their children: 75% thought that their children would know what to do if a situation on the Internet made them feel uncomfortable (figures for Poland and Portugal are 56% and 48%).
* Possibly, safety awareness raising efforts in the UK have been more effective than in some other countries, as these have been coordinated across multiple stakeholders (government, child protection, industry, parenting organisations, etc).

Further, the 2006 Mediappro project found internet use varies greatly across Europe:
* 50% of British children (aged 12-18) claim to use Instant messaging, rising to 73% in Belgium, 82% in Estonia and 88% in Poland.
* In Denmark, 7% of children claim to have a blog, while the figures for the UK and Poland are 14% and 18% respectively, rising to 35% in Belgium.
* School rules also differ: 57% of Danish children claim their schools have rules governing Internet use, compared to 73% of Polish children, and two thirds in the UK.

What don’t we know?
* We still don’t know whether differences in European children’s experiences reflect genuine variations in risk or, instead, differences in how risks are perceived by parents and others.
* There is almost no research on whether children and young people have been exposed to racist, violent or gory material, or to gambling or self-harm sites.
* However, the 2006 Irish Webwise survey of 9-16 year olds found 26% had visited hateful sites, 35% had visited pornographic sites, 23% had received unwanted sexual comments online, and 7% had met an online contact offline.

In the UK, there are grounds for concern:
* Ofcom’s 2006 research shows 16% 8-15 yr olds have come across something ‘nasty, worrying or frightening’ online.
* The UK Children Go Online project found in 2004 that 12-19 year olds who take communication risks online tend to be more likely to be risk-takers who are less satisfied with their lives offline.

In the USA, some risks are increasing:
* The Online Victimization of Youth report found increased exposure to sexual material among 10-17 year olds (34% compared with 25% in 2003) and online harassment (9% vs. 6% in 2003), though they also found reduced unwanted sexual solicitations (13% vs. 19%). In that survey, 4% had been asked for nude/sexually explicit photos of themselves online.

But maybe children are getting more ‘internet literate’:
* The SAFT survey in Norway and Ireland found that in 2006, children were more critical of the internet and gave out less personal information than in 2003.
* Directing more safety awareness at children themselves may be the best way forward, since parents often don’t know just what their children are doing online.

Background information

EU Kids Online is at http://www.eukidsonline/net. Countries included are Austria, Belgium, Bulgaria, Czech Republic, Denmark, Estonia, France, Germany, Greece, Iceland, Norway, Poland, Portugal, Slovenia, Spain, Sweden, The Netherlands and The United Kingdom.

The 2006 Mediappro project (which surveyed 7393 teens aged 12-18 in 9 countries), see http://www.mediappro.org/

The 2006 Eurobarometer survey (which surveyed 29,248 parents/carers in 28 countries), see http://europa.eu.int/information_society/activities/sip/eurobarometer/index_en.htm

Ofcom’s Media Literacy Audit of Children is at http://www.ofcom.org.uk/advice/media_literacy/ml_audit/
The US National Center for Missing and Exploited Children’s Report ‘Online Victimization of Youth, see http://www.missingkids.com/en_US/publications/NC167.pdf

UK Children Go Online, see http://www.children-go-online.net/

SAFT, see http://www.saftonline.org

Webwise, see http://www.webwise.ie/

Posted by EU Kids Online at 04:33 PM | Permalink

El nuevo paradigma de comunicación que comenzó a desarrollarse a partir de la masificación de internet generó una evolución en las relaciones interpersonales que plantearon nuevos desafios a la sociedad moderna.

Sin embargo, la subsiguiente revolución hacia la conexión continua y multimedia produjo un abismo que dejó a la sociedad sin posibilidades de acompañar el ritmo evolutivo de la tecnología, creando al mismo tiempo un acento en las diferencias generacionales. Padres y maestros se ven abrumados por las posibilidades de comunicación que otorga la tecnología, y que los niños aprovechan en su totalidad.

Hoy la tecnología cumple un rol comunicador entre jovenes, niños y adolescentes. Espacios de "social networking" son indispensables para "existir" en la red, así como también para reafirmar la personalidad y el sentimiento de individualidad, o sea, utilizar los espacios de redes sociales como un lugar para "ser" y sobre todo, para "ser diferente".

Sin embargo, la diferencia generacional, obliga a que padres y maestros comprendan este fenómeno y puedan acompañar a los niños durante su proceso de desarrollo personal, intimamente ligado a la red y a sus posibilidades.

Desde ASIRA comprendimos que la forma de alcanzar este objetivo es a través de la capacitación y la concientización de los tres actores principales de esta historia: padres, maestros y niños. En febrero de 2007 comenzó el desarrollo de una campaña de comunicación a través de la cual podremos hacer llegar nuestro mensaje a la sociedad argentina. Para ello se desarrollaron spots televisivos y se encuentra en fase de creación material gráfico.

Deseamos aprovechar las posibilidades que ofrece la tecnología a los más chicos y para lograr esto, debemos mostrarles el camino y enseñarles a detectar que peligros se pueden esconder detrás del anonimato de la red.

El camino es largo. Pero sabemos que no estamos solos y contamos con el apoyo de organizaciones que comparten la misma pasión que nosotros: forjar una Internet mas Segura para los niños.

Javier Isasa
Presidente
ASIRA

Continue reading "Argentina: Crossing Borders" »

Posted by ASIRA at 04:00 PM | Permalink | Comments (2)

New web technologies today allow us to create and share content, communicate with others, participate in online activities and share our knowledge, skills and creativity very easily. These technologies provide unprecedented opportunities for learning and development across all communities. They allow us to truly Cross Borders - personally, locally, nationally and internationally. As Internet access becomes more pervasive across countries, there will be greater communication and sharing, and this can help create better understanding across cultures and people. WISE KIDS believes in the need for Internet access for everyone regardless of their socio-economic background. We also believe very strongly in the need for programmes of education that ensure that Internet literacy, proficiency and safety becomes key skills that every child acquires. Equally importantly, WISE KIDS believes in the need for pro-active programmes of education that show our young people and other communities how to maximise opportunities that new technologies can present. Only then would we have succeeded in truly crossing all our borders, and allowing individuals, communities and businesses to become co-creators in this knowledge ecomony.

Thanks to the InSafe team for excellent work!

Best wishes,
Sangeet Bhullar

Executive Director,
WISE KIDS,
Wales, UK
http://www.wisekids.org.uk
email:info@wisekids.org.uk

Posted by WISE KIDS at 03:00 PM | Permalink

Spam is no longer simply a tool for mass-mailing unsolicited advertising, it is now being used in some cases to drive up certain prices on the stock market. There has been a series of mass-mailings containing stock market information, advising users to buy stocks in certain companies. We have analyzed one of these cases and found that stock prices in one of the companies mentioned increased significantly over a period of a few days -even rising 12 percent in one day-, thanks to this type of spam.

This new use of spam would seem to be quite effective from what we have seen so far. There are two possible sources: either the companies themselves are trying to boost their stock value, or -and this would seem more likely-, individuals that have bought cheap stocks and are looking for a quick profit on selling them. The typical model of this financial spam includes an image in which the user can read the information. Another characteristic is that the subject of the messages has nothing to do with the content. The aim of all this is to try to avoid anti-spam filtering systems.

These attacks are interesting in the sense that they demonstrate how the Internet can manipulate real-world financial situations. Until now we have just seen a few cases, albeit with relatively successful results. It is not too far-fetched then, to imagine attacks of this nature in the future used not just for direct profit but also as a weapon against companies, similar to the way in which companies are blackmailed with threats to crash their IT systems.

Posted by Panda Software at 02:03 PM | Permalink | Comments (1)

Not so long ago, finding information about other countries, their sites of renown and unique life styles or just trying to find where in a town a given street is located, necessitated a trip to libraries, embassies, travel agents and more. In recent years the Internet has changed all that. More precisely it’s the World Wide Web that has brought previously distant places right in to the home.

Continue reading "EuroISPA supporting safe use of a rich and vibrant Internet" »

Posted by EuroISPA at 02:01 PM | Permalink

February 2006. Telefónica crosses borders to UK, Ireland and Germany as O2 becomes part of Telefónica family.

May 2006. Irish Code of Practice published - UK self-regulation model has been crossing borders in Europe since 2004.

June 2006. O2 enters UK broadband market with purchase of Be, one of the most innovative and technically advanced UK broadband providers.

August 2006. Top internet sites cross the border to mobile - eBay launches on O2 Active.

August 2006. O2 Germany unveils integrated mobile and broadband services.

October 2006. TV crosses border to mobile – O2 launched first ever mobile TV trial in Ireland.

October 2006. Crossing borders is now cheaper with O2 – O2 and Movistar offer free incoming calls when travelling in Europe.

November 2006. TV crosses border to Internet technology – Telefónica O2 Czech Republic has 10,000 IPTV subscribers.

November 2006. O2 signs Media Literacy Carter to promote the development of the creative and critical skills needed to get the best from of digital media.

As convergence becomes a reality we all have a role in ensuring the public have the knowledge and confidence to enjoy the digital world.

January 2007. Crossing borders in Europe - O2 enters fifth European market with Slovakia.

Continue reading "UK: Telefónica O2 Europe" »

Posted by O2 at 02:00 PM | Permalink | Comments (1)

La crescente importanza che internet e le nuove tecnologie assumono nelle nostre vite è testimoniata, per esempio, dal crescente utilizzo che facciamo del cellulare, strumento quotidiano considerato indispensabile dalla maggioranza degli italiani e da sempre più giovani e giovanissimi utenti.
Essendo il cellulare ormai parte delle nostre vite, raramente ci fermiamo a pensare alla funzione che questo strumento ha, cioé se integra un bisogno comunicativo più esteso o se è arrivato a sostituire il nostro modo di comunicare con gli altri, anche quelli che ci stanno più vicini.
Siamo noi che utilizziamo le nuove tecnologie per agevolare le nostre comunicazioni o le nuove tecnologie hanno preso il sopravvento sul nostro modo di comunicare e di relazionarci con gli altri?

Posted by EASY at 02:00 PM | Permalink

By Carrie Bogner, Senior Director of Citizenship, Online Services Group, Microsoft

I’ve been working in the IT business for more than 25 years now. It’s been a time of massive expansion in the availability and capability of technology for personal use. In the last 7 years my focus has been the online world and I’ve been lucky enough to witness and participate in some amazing uses of internet technologies to cross borders. I’d like to share a couple of ways I’ve been doing just that recently.

I grew up in Dodge City Kansas in the USA. My work takes me all around the world and I currently live in London. Much of my family remain in Kansas, but I’m not missing out on seeing my nieces and nephews grow up. Weekly web cam calls mean we’re in regular contact, sharing news and experiences and I get to play my part in our small family community no matter where in the world I find myself.

I’m also involved in a much much bigger global community that crosses borders to help child refugees – ninemillion (http://nine-million.spaces.live.com/). Through web sites, blogs, social networks, internet searches, online events and more, a global community of supporters are bringing the issue to the attention of the world and raising funds to provide education and sport opportunities for kids in refugee camps.

My job provides me opportunities to learn about and experience different cultures all around the world. When you cross borders, you get the chance to really appreciate the similarities and differences – and I get to see how they translate into the online world. We had some fascinating results from research last year that looked at uses of social networking around the world. Here are some highlights...

- In Brazil they are the most flirtatious, creating a very highly charged environment for social networking, and the most popular site there is called “All Cut”

- In China consumers are very etiquette driven, so if you update your site all your viewers must actually send a reply and if they don’t it’s considered rude

- In Canada it is heavily friend driven and migration has a big impact in that they’re staying in touch with their friends and family across the world

- In France it was quite distinctive in that it was much more about personal expression and blogging than about networking with people

- In the US they are beginning to see the emergence of Spaces and social networks as another form of entertainment

- In the UK consumers are seeing this emergence as a new form of social currency. Instead of handing out your mobile phone number to new friends, you would hand out your Windows Live Spaces address

Continue reading "EMEA: Crossing Borders at Microsoft" »

Posted by Microsoft at 02:00 PM | Permalink | Comments (2)

Minister launches new internet safety campaign - WATCH YOUR SPACE

The Minister for Education and Science, Mary Hanafin, T.D., launched WATCH YOUR SPACE - a new campaign to raise awareness and promote safe, responsible practice by young people when online. The key messages of the campaign are:
- be creative !
- be yourself !
- be in control !

The campaign has a strong peer-to-peer perspective and centres on an interactive online service, www.watchyourspace.ie developed by the National Centre Technology in Education (NCTE).This site offers practical tips and advice and supports teenagers who use the web. A key feature is the advice given from teenagers to teenagers on how to cope with the fall-out from abuses and misuse of social networking and picture -sharing websites.

Webwise has developed a short video that will give you an insight into what teenagers are doing online, what they think the risks are, and what advice they share with each other about getting the most out of the new online interactive service.

<<< Click here to watch the video >>>

<<< Click here to watch the video >>>

Launching the new safety campaign Minister Hanafin said "we are now seeing an explosion of creativity. When online young people should ensure that they are creative, be themselves but above all be in control. Disclosing too much personal information can put young people at increased risks of commercial exploitation, bullying and harassment.  Some of the content on these sites ranges from careless to shocking and can include obscenity and bullying.

Continue reading "Ireland - WATCH_YOUR_SPACE" »

Posted by Webwise at 02:00 PM | Permalink | Comments (1) | TrackBacks (0)

The Internet hosts millions of pages created by people of all cultures, beliefs and customs. For this reason, just as you can find information about the latest subatomic particle discovered, there is also content -leaving aside the argument about whether it should be on the Internet or not- that clearly should not be accessed by people in their formative years. Web pages about violence, pornography, terrorism war, murder; sites inciting racism, anorexia and even suicide… it’s all out there on the Net and accessible to anyone that can use a browser or punch in a web address.

Given how new the Internet is, it is still early to determine exactly what the consequences are of young people being exposed to this type of content, but news stories that have already emerged pointing to a link between the Internet and certain murders or suicides suggest the need for rigorous control over the contents that can be freely accessed. The way in which children access unsuitable material on the Internet is one of the most important parts of the problem, as it is not simply an issue that depends exclusively on the intentions of the user. Countless web pages on a whole range of topics display pop-ups or contain links to pages that are plainly unsuitable for youngsters. Web pages about characters such as Pokemon, My Little Pony or Action Man contained hundreds of links to porn sites.

While it is quite normal for parents to regulate, to some extent or another, the time that children spend watching TV, the same doesn’t apply to the Internet. It seems necessary therefore, to make those who should supervise children using the Internet aware that the danger of accessing inappropriate content is a real one and that it is not just a question of instructing children and adolescents in how to use the Internet correctly, but also how to behave and the tools to use

Posted by Panda Software at 01:59 PM | Permalink

53.6 percent of the new malware samples in 2006 were Trojans. The number of new variants of Trojans appearing increased throughout 2006, especially during the last quarter.

Trojans are a type of malicious code used to obtain confidential data such as bank account passwords. The large number of new variants in 2006 is due to the fact that this type of malware is ideally suited to the current trend of using malware for fraud. Spyware, however, gathers information about the target user, such as web pages visited, searches made, etc, allowing companies that use it to generate more personalized and profitable advertising. Despite their differences, Trojans and spyware have a common objective: to aid criminals to obtain money.

Bots are the second malware category with most variants in circulation (14%), whereas backdoor Trojans come third with 13.6 percent. Bots are programs that go resident on computers, awaiting ‘commands’ from their creators, who can then take control of the affected system to carry out activities such as spamming. Backdoor Trojans are programs that let attackers access computers remotely.

Both bots and backdoor Trojans have proved to be very useful for those looking for financial gain, and that’s the reason for their proliferation. On occasions, they have served as platforms for cyber-criminals to spread other types of malware, through so-called botnets, which allow attackers to command all computers infected by a bot to download certain spyware or Trojan from a web page.

Posted by Panda Software at 01:52 PM | Permalink

Según los datos de PandaLabs, entre enero de 2005 y enero de 2007 han aparecido más de 7.0006 troyanos bancarios nuevos y únicos. Existen troyanos específicos para casi todas las entidades financieras que ofrecen servicios online en el mundo, por lo que no se trata de un problema aislado que afecte únicamente a unos pocos usuarios de determinados servicios financieros online.

Los troyanos bancarios están específicamente diseñados para interceptar los accesos que los usuarios hacen a servicios de banca online y robar así datos relativos a los mismos: logins, passwords, PINS, números de cuenta y de tarjetas de crédito, etc., con los que luego realizar todo tipo de delitos, como fraudes online o robos de identidad. Por lo tanto, la gran cantidad de troyanos en circulación conforman un panorama especialmente peligroso para todos los usuarios que realizan sus operaciones financieras a través de Internet.

Los creadores de troyanos bancarios aplican nuevas funcionalidades a sus creaciones para conseguir que tengan mayor eficacia. Por ejemplo, hace unos meses se detectó la aparición del troyano Banbra.DCY que realiza capturas en video de los datos introducidos por los usuarios a través de ”teclados virtuales” (el usuario no pulsa teclas para introducir sus claves, sino que pulsa con el ratón sobre un teclado gráfico que aparece en pantalla).

Los troyanos bancarios tienen otro peligro añadido, que es su forma de distribución, casi siempre realizada de forma oculta para los usuarios. Entre las técnicas que los autores de estas amenazas emplean pueden mencionarse los ataques dirigidos contra un usuario o grupos de usuarios concretos utilizando ingeniería social personalizada, o el aprovechamiento de vulnerabilidades de software que permitan la descarga oculta de códigos maliciosos -por ejemplo- al visitar páginas web.

Posted by Panda Software at 01:50 PM | Permalink

El la edad media, una orden cristiana, los templarios, fueron los inventores de un sistema para poder desplazarse a tierra santa sin dinero en efectivo, un concepto similar a lo que hoy sería el de una tarjeta bancaria. No es que desarrollaran la banda magnética, ni que inventaran los polímeros plásticos, pero sí un documento mediante el que se puede recuperar dinero en un sitio distinto al que se depositó. Fue un importante avance en su tiempo.

Hoy en día la filosofía de las tarjetas de crédito sigue siendo muy similar. Podemos desplazarnos a distintos sitios sin necesidad de llevar dinero, aunque el desplazamiento sea hasta la tienda más cercana. Ese documento, la tarjeta, acredita que el comerciante podrá cobrar a la persona que lo porta, tiene una determinada cantidad de dinero que le respalda.

Tal y como los templarios exigían, es necesario que el portador se identifique de alguna manera. Hoy en día la identificación telemática es compleja (por lo menos más que un simple anillo, que les bastaba a los templarios), y este es el principal problema que tienen los usuarios de las tarjetas: no existe conciencia de la importancia de la validación personal a la hora de utilizar la tarjeta de crédito.

En una tarjeta de crédito existen varios sistemas de seguridad, que en muchos casos pasan desapercibidos por los usuarios. Los más utilizados son tres conjuntos de números que deben mantenerse en secreto (sobre todo el PIN, o número de identificación del usuario).

La seguridad 100%, como siempre, es imposible de alcanzar. Por muchos sistemas de seguridad que se empleen, siempre existirá la posibilidad de que nos “copien” la tarjeta mediante un lector de bandas magnéticas, o muchas otras amenazas cada vez más complejas. Dentro de estas amenazas, sin duda las que están produciendo cada vez más perjuicios para los usuarios sol las relacionadas con es el uso masivo de tarjetas de crédito para compras por Internet.

Cada vez que tecleamos nuestros códigos de identificación para comprar algo en Internet, esos códigos viajan por la Red y pueden ser interceptados por usuarios maliciosos. Para ello, existen varias maneras de capturar electrónicamente los datos:

- Man-in-the-middle (hombre en el medio). Mediante esta técnica, el ladrón de los datos intercepta la comunicación entre el usuario y el sitio web real, actuando a modo de proxy. De esta manera, es capaz de escuchar toda la comunicación entre ambos. Para que tenga éxito, debe ser capaz de redirigir al cliente hacia su proxy en vez de hacia el servidor real. Existen diversas técnicas para conseguirlo, como por ejemplo los proxies transparentes, el DNS Cache Poisoning o envenenamiento de Caché DNS (Domain Name Server, Servidor de Nombres de Dominio) y la ofuscación del URL.

- Aprovechamiento de vulnerabilidades de tipo Cross-Site Scripting en un sitio web, que permiten simular una página web segura de una entidad bancaria, sin que el usuario pueda detectar anomalías en la dirección ni en el certificado de seguridad que aparece en el navegador.

- Aprovechamiento de vulnerabilidades del navegador en el cliente, que permiten mediante el uso de exploits falsear la dirección que aparece en el navegador. De esta manera, se podría redirigir el navegador a un sitio fraudulento, mientras que en la barra de direcciones del navegador se mostraría la URL del sitio de confianza. Mediante esta técnica, también es posible falsear las ventanas pop-up abiertas desde una página web auténtica.

- Algunos ataques de este tipo también hacen uso de exploits en sitios web fraudulentos que, aprovechando alguna vulnerabilidad, permiten descargar troyanos de tipo keylogger que robarán información confidencial del usuario.

- Otra técnica más sofisticada es la denominada Pharming. Se trata de una táctica fraudulenta que consiste en cambiar los contenidos del DNS ya sea a través de la configuración del protocolo TCP/IP o del archivo lmhost (que actúa como una caché local de nombres de servidores), para redirigir los navegadores a páginas falsas en lugar de las auténticas cuando el usuario accede a las mismas a través de su navegador. Además, en caso de que el usuario afectado por el pharming navegue a través de un proxy para garantizar su anonimato, la resolución de nombres del DNS del proxy puede verse afectada de forma que todos los usuarios que lo utilicen sean conducidos al servidor falso en lugar del legítimo.

Pero cualquiera de estos sistemas de robo de datos necesitan de una capacidad técnica de programación y de conocimientos que no siempre están al alcance de todo el mundo. Así que lo más sencillo para conseguir los datos de una tarjeta de crédito es engañar directamente al usuario, mediante la técnica llamada “phishing” Esta técnica consiste en el envío de correos electrónicos que, aparentando provenir de fuentes fiables (por ejemplo, entidades bancarias), intentan obtener datos confidenciales del usuario. Para ello, suelen incluir un enlace que, al ser pulsado, lleva a páginas web falsificadas. De esta manera, el usuario, creyendo estar en un sitio de toda confianza, introduce la información solicitada que, en realidad, va a parar a manos del estafador.

A pesar de este desolador panorama, las tecnologías actuales han evolucionado lo suficiente como para evitar la salida de un ordenador de determinados datos. Al igual que se puede prevenir la entrada de virus en un sistema analizando la información entrante, se puede vigilar la información saliente para evitar que los usuarios, en un descuido, puedan equivocarse.

El robo de información personal en un ordenador, tan peligroso cuando son datos sobre bancos, puede ser evitado. Si los usuarios instalan suites de seguridad completas, efectivas e inteligentes, ningún número secreto caerá en manos de usuarios remotos. Ahora solamente queda guardar la tarjeta en un lugar seguro: como alguien dijo, “No busques en la tecnología soluciones a la seguridad física”.

Posted by Panda Software at 01:45 PM | Permalink

Han surgido noticias acerca de códigos maliciosos que afectan a numerosos dispositivos, más allá del concepto que se tiene del típico “virus para ordenador”. Podemos pasar revista a estas amenazas y encontraríamos los primeros en teléfonos móviles, a los que siguieron enseguida los coches con bluetooth. A continuación, apareció un virus para la consola de videojuegos Sony PSP, y a semana siguiente, para la Nintendo DS.

No creo que haya nada de extraño en esta proliferación de códigos, era lógico que tarde o temprano aparecieran. Como norma básica en el mundo de la seguridad, allá donde haya un sistema programable, pueden crearse códigos maliciosos. Y mucho más en un sistema tan complejo como una consola de videojuegos, en el que no solamente hay un sistema operativo completo, sino documentación para desarrolladores.

Esta situación no debe sorprender a nadie. Sí, era previsible, y no cabe la más mínima duda de que en poco tiempo surjan más códigos de este tipo. Pero siempre queda la tranquilidad de que es muy poco probable que puedan propagarse.

En principio, las consolas de videojuegos no son sistemas abiertos en los que cualquiera pueda introducir nuevo software tal y como se puede hacer en un ordenador personal. Los PC están pensados para adaptar su funcionamiento a las necesidades del usuario mediante la instalación de programas con diferentes fines, son lo que se llama sistemas de propósito general. Así, el mismo hardware que se utiliza para escribir una carta puede utilizarse para la catalogación de especies botánicas o para la contabilidad empresarial, mientras que una consola de videojuegos se ha diseñado desde el origen para una única función: jugar.

Además, en un sistema personal existen numerosos dispositivos a través de los cuales introducir información, que no son tan accesibles en una consola de videojuegos. Cierto es que las consolas de última generación utilizan dispositivos de comunicación muy comunes, como es el memory stick o las conexiones USB, IrDA y WiFi, pero no es tan sencillo como puede parece a primera vista poder llegar a “hurgar” en ellos tal y como se hace en un PC.

El software desarrollado para las consolas (los juegos) lo está de manera que cause la menor cantidad posible de problemas. En ningún caso van a intentar explotar una vulnerabilidad, intentar escribir en zonas no permitidas, y ni mucho menos están pensados para multiplicarse como haría un código malicioso.

Para que un usuario resultara infectado, debe se víctima de algún engaño, es decir, que le hagan instalar un software de manera malintencionada y sin decirle qué es lo que va a hacer ese software. Y aunque eso pueda hacerse fácilmente (¿Quién se negaría a introducir un cartucho o un memory stick que un amigo le deja para probar una demo o un juego nuevo?), lo único que serviría es para perder definitivamente a ese amigo.

Podemos, si acaso, pensar en una posibilidad más teórica: la descarga de un software a través del vínculo inalámbrico que ofrecen las nuevas consolas. Una descarga involuntaria de software a través de esa conexión puede suponer una infección. Pero, en este caso, nos encontramos con la misma situación de seguridad que en un ordenador normal, en el que descargar de software puede hacer que el equipo sufra las consecuencias de programas malintencionados o de errores inesperados.

Afortunadamente, la solución es muy sencilla: no fiarnos. Todo el software que incorporemos a nuestra consola debe ser siempre original, y certificado por el desarrollador. Tanto Activision, como Game Freak, Blade Interactive o SOE, de entre los muchísimos desarrolladores de juegos, tienen un especialísimo cuidado en que su software sea el mejor entre todos, el más rápido, el más espectacular y por supuesto, el que menos problemas cree a sus usuarios.

En definitiva, que nuestra consola, en el fondo, no es un juguete. Ni por precio ni por capacidad debemos olvidarnos de que es un ordenador y que hay que tener cuidado con el software que instalamos. Si lo hacemos así, podremos seguir disfrutando de ella y nos durará mucho tiempo, casi tanto como me ha durado a mí la Atari.

Posted by Panda Software at 01:43 PM | Permalink

In the Middle Ages, the Knights Templar invented a system to enable pilgrims to travel to the Holy Land without having to carry ‘real’ money with them. This system would perhaps be an equivalent to the bank cards we carry with us today. Obviously we're not saying they invented magnetic strips or synthetic polymers, but rather a document that enabled the pilgrim to withdraw money in a different location to where it had been deposited. This was a major innovation at the time.

Today, the philosophy behind credit cards is very much the same. We can move from place to place without having to carry cash, even if we're only talking about going down to the local store. This document, the card, certifies that the vendor can charge the bearer of the card in the knowledge that it has a guarantee (of the bank, for example) up to a certain amount.

And as was the case with the Templar system, the bearer of the card needs to prove their identity. Today, such identification is a complex task (unlike the simple ring used by the Knights Templar) and this represents the main problem for bank card users: there is insufficient awareness of the importance of ID verification when using these types of cards.

There are several security systems for credit cards which users are often unaware of. The most widely used are three sets of numbers that need to be kept secret (in particular the PIN).

One hundred percent security is, as always, impossible to achieve. Regardless of the security system used, there is always a possibility of somebody cloning your card by using a magnetic strip reader or other even more complex dangers. Of these, threats related with the massive use of credit cards over the Internet are now the most costly to users.

Every time you enter your identification code to buy something on the Internet, this code travels across the Net and could be intercepted by malicious users. There are several techniques that enable them to do this:

- Man-in-the-middle. This technique allows data thieves to intercept the communication between the user and the real website, acting as if they were a proxy, and potentially listening to all communication between the two. In order for such an attack to be successful, the victim must be redirected to the attacker’s proxy instead of the real server. There are several techniques for doing this, such as using transparent proxies, DNS cache poisoning and URL obscuring.

- Exploits of Cross-Site Scripting vulnerabilities on a website, enabling the spoofing of the bank’s secure web page, in such a way that users will not be able to detect anomalies in the address nor the security certificate that appears on the browser.

- Exploiting browser vulnerabilities that allow the address that appears in the browser to be spoofed. This means the browser can be redirected to a spoofed website, while the address in the address bar will be the URL of the trusted site. This technique also allows spoofing of pop-ups opened from an authentic website.

- Some attacks of this type also use exploits on fraudulent websites, taking advantage of a vulnerability to download keylogger Trojans that steal confidential user information.

- Another more sophisticated technique is called Pharming. This involves changing the DNS content either through the TCP/IP protocol settings or the lmhost file (which acts as a local cache of server names), to redirect browsers to spoofed pages instead of the genuine ones when users access them through the browser. Moreover, if the victim of pharming is using a proxy connection to guarantee anonymity, the DNS name resolution of the proxy can be affected so that all users are directed to the false server instead of the legitimate one.

But any of these data theft systems require a level of programming ability and knowledge that is not within everyone's reach. So the simplest way of stealing credit card details is to trick the user directly using a technique called phishing. This technique involves sending emails which apparently come from reliable sources (such as banks, etc) and are designed to obtain confidential user information. To achieve this, they often include a link to spoofed web pages. Users then, believing they are in a reliable site, enter any information requested which actually falls into the hands of the fraudster.

Despite this rather depressing panorama, security technology has evolved sufficiently to prevent confidential information from being extracted from a computer. Just as viruses can be prevented from infecting a system, by the scanning of all inbound information, outbound information can also be scanned to prevent users, in a moment of carelessness, from making a costly mistake.

Theft of personal information from a computer, so potentially dangerous when this involves bank details, can be avoided. If users install complete, effective and intelligent security solutions, no secret numbers will fall into the hands of remote users. Then all you need to do is make sure you keep the card in a safe place -after all, surely you can’t expect technology to do that for you.

Posted by Panda Software at 01:41 PM | Permalink

A la hora de navegar por Internet, los usuarios se encuentran con el problema de seleccionar qué contenidos son seguros y cuáles no. Aunque en muchos casos estas tareas se dejan en manos de los antivirus y los firewall personales, debemos tener en cuenta que no siempre se está alcanzando los niveles de seguridad que realmente deseamos. Hoy en día hay tantos tipos de archivos que pueden resultar peligrosos que no es posible conocerlos todos.

El problema se agrava a la hora de seleccionar qué los archivos adjuntos que lleguen por correo electrónico. Aunque muchos ficheros lleguen de remitentes en los cuales confiamos, siempre queda la duda de qué hacer con ese fichero de extensión extraña que nos han mandado: ¿Será un documento de texto? ¿Es un fichero de vídeo? ¿Es código ejecutable por alguna aplicación extraña?

Para aclarar un poco este panorama, veamos cuáles son los tipos de archivo que deben ser bloqueados, analizados o, por lo menos, tenidos en cuenta a la hora de utilizarlos.

En primer lugar, hay que ser especialmente precavido con los ficheros ejecutables, en cualquiera de sus formas clásicas, sean EXE, COM o BAT. Todos ellos pueden tener cualquier tipo de código dentro, son los formatos directamente ejecutables. Están definidos así desde los primeros tiempos de la informática personal, antes de que IBM lanzara su modelo “PC” en 1981, cuando CP/M era el sistema operativo para los ordenadores personales. CP/M utilizaba siempre como ejecutables ficheros COM, y posteriormente, ya con DOS, se incluyeron los ficheros EXE y los BAT.

Con el avance de los sistemas operativos fueron incluyéndose nuevos tipos de ficheros con capacidad de lanzar código ejecutable, aunque por sí mismos no tuvieran capacidad de ejecutarse. Son, por ejemplo, los ficheros PIF (Program Information File) desarrollados para Windows (ya desde sus primeras versiones), que describían la manera de ejecutar un fichero. En ellos iban parámetros especiales, tales como la cantidad de memoria a emplear, el directorio a utilizar, cómo manejar la pantalla, etc.

El posterior desarrollo de los sistemas operativos y de las técnicas de programación llevaron consigo la aparición de ficheros con código ejecutable en otros formatos, como los ficheros OVR, OVL y, en la actualidad, DLL. Aunque no son ejecutables directamente, los módulos principales de los programas (los ficheros EXE) los cargan en memoria y acuden a ellos en determinados momentos.

Para facilitar el uso de los ordenadores personales, los ficheros con datos que no son ejecutables pasaron a tener un comportamiento especial. Se les asocia con una determinada aplicación de manera que a la hora de consultar esos datos se abra automáticamente la aplicación que los generó. Así, por ejemplo, si en Windows hacemos doble clic sobre un fichero que no es ejecutable, como puede ser un fichero BMP, Windows reconoce su extensión como asociada a un programa, normalmente Paint, y lo abre junto con los datos cargados.

En el ejemplo anterior, un fichero BMP no contiene más que información, por lo que no puede llegar a ser peligroso, pero hay otros ficheros con datos que sí pueden ser peligrosos al abrirlos junto con el programa asociado. Es el caso de los ficheros con macros, como los DOC de Word, XLS de Excel, etc.

Filtrado de páginas web

Otro importante aspecto de los filtros reside no ya en los ficheros que recibimos o descargamos, sino en el contenido de la página web que estamos visitando. En Internet existe tal cantidad de tipos de páginas distintas que es completamente imposible para un usuario implementar algún tipo de filtro en la navegación.

En este momento, muchos lectores se preguntarán por la necesidad de implementar limitaciones a la navegación. Las razones son muchas, fundamentalmente para evitar que otras personas no vean desde nuestro ordenador páginas web que no queremos que vean. Este filtrado es especialmente necesario a la hora de dejar que niños y jóvenes estén conectados sin una vigilancia constante.

Aunque lo parezca, no estoy abogando por la censura, sino simplemente por un control de las páginas que pueda ver un niño. Por ejemplo, no creo que a ningún padre en su sano juicio le interese que su hijo pequeño pueda recrearse con fotos sobre atentados terroristas en las que pueden aparecer cadáveres destrozados, o que un adolescente entre en páginas con ideologías nazis o que hagan apología de la violencia.

Para evitar estos peligros, hay muchas páginas web que ya se encuentran catalogadas, y antes de acceder a ellas es posible verificar si su contenido es adecuado o no según unos criterios establecidos. Por ejemplo, podemos evitar la entrada a páginas web que tengan muertes, violencia extrema o sexo explícito. Para ello, evidentemente, es necesario contar con un programa que lleve a cabo el control de las páginas y evite el acceso a las no autorizadas.

Posted by Panda Software at 01:40 PM | Permalink

The new malware dynamic, which has seen a shift toward financial returns as the principal drive for malware creators, is increasingly targeting online games. Specifically, cyber-crooks are now after the login details for installing and accessing online games. Similarly, these criminals are trying to rob players of the ‘virtual assets’ obtained in the games, such as virtual money that can be used in the game to buy weapons, powers, etc. Given the effort required by players to obtain these items, there are many people prepared to pay for them as an easy way of reaching higher levels and increasing their reputation. In this way, the virtual economy of the game translates into real profits for the cyber-crook.

With the increasing number of games available online, there is a corresponding increase in the options for those willing to exploit this lucrative by-product of online games. There is now the risk that a whole new business model could be operated by cyber-mafias, stealing virtual assets, of apparently no real value, and selling them for real money to the highest bidder.

The malware that most frequently affects games are Trojans. The Lineage virus steals the login details of a player, allowing another player to relieve him of the virtual money used to buy weapons, privileges or abilities within the game. The different variations of the Legmir virus target players of “Legend of Mir”, stealing their passwords. Gaobot and its variants, although more widely known for their bot characteristics, also try to get in on the act, stealing the Cd-Keys of several games, and spreading to new potential victims. Similarly, they open a backdoor on infected computers making them vulnerable to future attack. Users of “World of Warcraft” could be affected by Trj/WoW.

Posted by Panda Software at 01:35 PM | Permalink

En Internet hay muchos tipos de contenidos que circulan libremente, generalmente buenos, pero hay que tener en cuenta que también circula otra serie de elementos malignos. Una de las cosas desagradables con la que podemos encontrarnos con mucha frecuencia son los hoaxes.

Un hoax es un e-mail que recibimos con un mensaje supuestamente muy importante, que pide que se reenvíe a todas las personas a las que se pueda para advertirles de un supuesto peligro sobre el que informa el mensaje. Sin embargo, el mensaje es falso y reenviarlo únicamente va a conseguir un tráfico de mensajes completamente innecesario, parecido a las cartas en cadena. El único propósito de los hoaxes es hacer perder tiempo e incrementar el tráfico de red hasta saturarla.

Los hoaxes son malware, al igual que los virus. De hecho, incluso podríamos establecer varias similitudes:

- Un virus es un código malicioso camuflado en un programa inofensivo; un hoax es un mensaje falso camuflado bajo el aspecto de un mensaje importante, basado en una historia real.

- Un virus se propaga por correo electrónico; los hoaxes también

- Un virus interrumpe la productividad al afectar al ordenador; un hoax también, al hacer que el usuario lo lea y lo reenvíe, además de sobrecargar servidores de correo por todo el mundo.

Hay una gran diferencia entre un hoax y un virus. Los virus suelen propagarse de manera que el usuario no lo perciba, pero como el hoax no es un programa, no puede hacerlo. Debe ser más astuto: la técnica es engañar al usuario para conseguir que lo reenvíe.

Para identificar un hoax basta con seguir las siguientes pistas:

- Cualquier correo que te inste a reenviarlo a cuanta gente puedas, es un hoax.

- Los hoaxes solo funcionan si pueden convencer al usuario de que son fiables. Suelen hacerlo citando a alguna fuente de confianza, bien conocida o al menos con nombre reconocido.

- Un hoax se propaga a base de reenvíos de correo, y la mayoría de correos añaden el símbolo “>” al texto reenviado, así que los hoaxes suelen estar llenos de “>>>>>”.

- Pueden incorpora firmas falsas, pero generalmente vienen sin firmar.

- Suelen anunciar grandes catástrofes, que generalmente ocurrirán por culpa de un virus increíble (del que no se tienen noticias en ninguna empresa desarrolladora de antivirus).

- Por si acaso no es bastante con amenazar con destruir el ordenador, en muchos casos añaden características de cartas en cadena, diciendo que si lo reenvías vas a conseguir inmensos favores del destino y, si no lo haces, la más negra de las miserias se cernirá sobre ti.

- Los hoaxes suelen tener una redacción muy mala, sin respetar la Gramática, ni la Ortografía. Quizá se hace así para que llamen más la atención. Se nota en muchos casos que han sido traducidos del inglés, pero por personas que ni saben inglés ni su idioma.

Posted by Panda Software at 01:33 PM | Permalink

The European Confiance project is an opportunity to valorize and coordinate existing awareness actions.
Few examples:

In France, thanks to B2i (Brevet Informatique et Internet), The French students learn to use ICT at School. One of the skills learning is “the Net responsibility” and the Confiance awareness tools “Vinz et lou sur l’Internet” help the teachers to teach the good behaviour on the Net.

Thanks to « le Tour de France » operation funded by the Ministry of Education, 300 primary schools and colleges participate to awareness training seminars. During its training activities, each teachers and students get posters, postcards and leaflets promoting the Confiance awareness messages.

During the next “Fête de l’Internet” (the 18th to the 24th of March), the theme is “Internet sans crainte”. All Net public access point will participate to this national campaign and will receive posters, postcards and leaflets promoting the Confiance awareness messages. Its awareness tools will dispatched to the public.

For more details, please contact :
Floriane NAUDIN
Confiance project
e-mail : floriane.naudin@ens.fr
www.internetsanscrainte.fr

Posted by Internetsanscrainte.fr at 01:29 PM | Permalink | Comments (1)

Internet ha revolucionado el mundo. El uso de la red ha abierto a los usuarios infinitas posibilidades de comunicación e información además de acelerar el desarrollo personal y económico de las sociedades que utilizan este potente medio. Sin embargo, a la vez que han aumentado los beneficios de Internet han aparecido nuevos riesgos que preocupan a los internautas y amenazan su seguridad.

¿Cuáles son los peligros?
La pornografía infantil, el engaño a menores, apología del terrorismo, el phising, la usurpación de marcas comerciales, los ataques a la propiedad intelectual, los correos electrónicos que contienen insultos, fraudes o chantajes, los virus y el spam son algunas de las principales amenazas a combatir. Y los niños y adolescentes son el primer colectivo que la sociedad debe proteger: ellos son los más vulnerables ante los peligros de la red.

¿Cómo proteger a los menores?
Es preciso alejarles de los contenidos violentos, racistas, xenófobos o pornográficos, del tráfico de estupefacientes, de las sectas, defenderles de los pederastas que pretenden contactar con ellos a través de Internet, del acoso o las amenazas que puedan recibir a través de los chats o emails además de los malware (virus y caballos de troya).
Para conseguir que los niños y adolescentes naveguen por la red de forma segura es necesario utilizar las herramientas de control que los proveedores y los navegadores proporcionan para este fin, pero estos medios no bastan por sí solos: profesores y padres deben conocer su existencia, su utilidad y aprender a utilizarlos para blindar a los menores.
Además de impulsar continuamente medidas de seguridad, Telefónica colabora con la Línea de Denuncia contra la Pornografía Infantil en Internet Protégeles (www.protegeles.com) y promueve, con el programa EducaRed de Fundación Telefónica, el uso educativo de Internet entre profesores, padres y alumnos.

Mecanismos de protección.
Al margen de la labor que desempeña para proteger a los menores, Telefónica dispone de otros mecanismos para defender a los usuarios de las intrusiones, diseña software avanzado, alerta a sus clientes de posibles fraudes, fomenta la seguridad en los accesos y colabora con la administración pública y con la Policía de los diferentes países en los que opera.
Casi todos los incidentes de spam registrados en Telefónica de España se deben a la existencia de equipos vulnerables que tienen agujeros de seguridad que no bloquean el envío de correos no autorizados, por lo que cada vez más es necesario que los usuarios de Internet protejan sus equipos y sigan ciertas recomendaciones.

Consejos
A la hora de utilizar Internet no se deben responder correos electrónicos de las entidades bancarias facilitando datos ni claves personales. No es aconsejable dar a conocer en foros, chats ni medios públicos la dirección de correo electrónico. Se debe sospechar de correos con faltas gramaticales u ortográficas –suelen ser malas traducciones de spammers. Observar qué páginas son seguras –las que tienen un candado o las que aparecen en la barra del navegador con https:// en lugar de http://.
Por último, ante eventuales problemas es preciso que los usuarios denuncien los ataques (Telefónica dispone de más de 20 direcciones de correo electrónico como abuse@telefonica.net).

Posted by Asociación Protégeles at 01:20 PM | Permalink

We have seen a succession of news stories about malicious code affecting numerous devices, going beyond the concept of the typical ‘computer virus’. We have had the first viruses for cell phones, followed by malicious code for cars with Bluetooth technology, then along came a virus for the Sony PSP videogame console, and a week later, one for Nintendo DS.

There is nothing unusual about the appearance of these viruses, sooner or later they were bound to appear. Basically, in the IT security world, wherever there is a programmable system, malicious code can also be created. All the more so in the case of complex systems such as video game consoles, which don’t just include a complete operating system, but also documentation for developers.

This situation should come as no surprise, and no doubt more threats of this type will emerge in the not too distant future. At least there is the consolation that it is unlikely they will be able to spread under their own steam.

In theory, videogame consoles are not open systems and new software cannot be entered into them in the same way as with a personal computer. PCs have been designed as general purpose tools, adapting functionality to the needs of the user by means of the installation of purpose-built programs. The same hardware can be used for, say, writing a letter as for cataloguing botanical species or for corporate accountancy; while a video game console has been designed for a sole purpose: playing games.

Similarly, unlike a game console, a personal computer also includes numerous devices through which information can be entered. It is true that latest generation consoles use common communication devices such as memory sticks or USB, IrDA and WiFi connections, but it is still not as simple as it seems to infiltrate these systems, and substantially more difficult than it is with a PC.

Software developed for videogame consoles (games) is designed to cause as few problems as possible. Under no circumstances will it try to exploit vulnerabilities, overwrite prohibited zones or multiply itself in the same way as malicious code.

For a user to become infected they would need to be the victim of some kind of deceit, i.e. being duped into installing software without knowing what it will really do. Although this in itself is easy enough to someone (who wouldn’t enter a cartridge or memory stick lent by a friend to try out a new game or demo?), what’s the point? The only thing it would serve to do is lose a friend.

Imagine another, perhaps more theoretical scenario: downloading software through the wireless link offered by the new consoles. Involuntarily downloading software through this connection could lead to infection. But in this case, the security situation is the same as in a normal computer, where downloading software could lead to the effects of malicious programs or unexpected errors.

Fortunately, the solution is simple: don’t be taken in. All software you run on the console should be original and certified by the developer. Activision, Game Freak, Blade Interactive and SOE are among the many game developers that take extreme care in ensuring that their software is the best, the fastest, the most spectacular and, of course, causes the fewest problems possible.

In short, the console itself is not a game. Regardless of price or capacity, it is still a computer and you have to take care with the software you install. If you do it will surely last for many years to come, maybe even as many as my Atari.

Posted by Panda Software at 01:05 PM | Permalink

Le tecnologie di comunicazione e informazione raggiungono ogni giorno nuovi traguardi, superando confini e barriere di ogni tipo e offrendoci un potenziale enorme soprattutto sul fronte delle opportunità.
Il nostro rapporto con le nuove tecnologie online è in continua evoluzione, divenendo sempre più complesso e coinvolgente, costituendo parte integrante della nostra quotidianità: nel gioco, nelle attività creative, nelle relazioni sociali e nei modi di comunicare. Siamo immersi in una cultura digitale, che ci affascina enormemente e in cui possiamo essere protagonisti attivi...ma quali sono i confini che possiamo o meno oltrepassare?! Qual'è il limite tra legale ed illegale, tra diritto e dovere, tra libertà e prevaricazione, tra informazione e diffamazione?!

Posted by EASY at 01:00 PM | Permalink

The IWF is the only authorised organisation in the UK operating an internet ‘Hotline’ for the public and IT professionals to report their exposure to potentially illegal content online.

Our aim is to minimise the availability of potentially illegal internet content, specifically:
• child abuse images hosted anywhere in the world
• criminally obscene content hosted in the UK
• incitement to racial hatred content hosted in the UK.

Through the hotline reporting system, we help ISPs to combat abuse of their services through a ‘notice and take-down’ service by alerting them to any potentially illegal content on their systems and simultaneously inviting the police to investigate the publisher.

We work in partnership with government departments, the police, the online industry and the public. As a result, less than 1% of potentially illegal content has apparently been hosted in the UK since 2003.

The internet provides a wealth of opportunity for all of us. However, such global technologies and innovative services can also be abused to facilitate the exploitation of children and the perpetuation of their sexual abuse.

Recent developments, for example, in social networking and online picture and video services enable a wide range of positive communications. These websites can allow easy, free, unlimited and anonymous posting of photographs which, sadly, provides an online medium for some internet users to abuse. Most of these sites are hosted overseas so the IWF passes details of those reports which breach UK law to the Hotline in that country, where such a service exists, and in every case, to Interpol via the UK Child Exploitation and Online Protection Centre partners. If the sites are hosted within the UK the IWF works with the police and the content service providers to have the content removed and, if possible, the publisher prosecuted.

Young people should also be reminded that it is an offence to post online an indecent photograph of anyone under 18, including yourself. These photographs constitute child abuse images and, once on the internet, are accessible indefinitely.

The global nature of network abuse and child exploitation as well as the knowledge that child abuse websites regularly ‘hop’ server and host country, underlines the need for unified international efforts, transcending borders and legal jurisdictions. This would ensure action is taken quickly and effectively to have websites hosting child abuse content removed and those who publish illegal material traced and investigated.

The IWF continues its commitment to share experience, knowledge and practices with Hotlines around the world. We also look forward to helping to develop a European database of potentially illegal child abuse websites which will facilitate Europe-wide improvements in effectiveness and information sharing amongst hotlines.

For more information about the Internet Watch Foundation visit www.iwf.org.uk

Posted by Internet Watch Foundation at 01:00 PM | Permalink

- Un antivirus actualizado. Antes de salir de viaje, actualice su antivirus. Y cada vez que pueda disfrutar de una conexión a Internet, aproveche para actualizarlo. Un ataque por virus cuando estamos lejos de los responsables de informática de la empresa puede dejar KO a un ordenador portátil y, como consecuencia, los planes de su propietario.

- Un sistema de protección contra intrusiones. Tanto por redes físicas como por redes inalámbricas, los intrusos pueden aprovechar un momento de despiste o una vulnerabilidad para introducirse en nuestro ordenador y hacer de él su cuartel general.

- Un sistema de protección contra estafas. Podemos encontrarnos con que recibamos un correo intentando estafarnos, y estando en un viaje puede que respondamos con preocupación ante un problema en nuestro banco que no podemos resolver directamente, o ante situaciones extrañas con nuestras tarjetas de crédito.

- Un sistema anti spam. A la hora de descargar correo electrónico fuera de la red, evitar que el correo no deseado entre en el sistema es necesario para evitar pérdidas de tiempo innecesarias.

- Protección contra spyware. Nada más peligroso que un espía mientras llevamos a cabo gestiones remotas. Evitar estos intrusos hará que nuestras conexiones y nuestro trabajo no sean espiados por desconocidos.

- Un firewall personal. Bien configurado y sin concesiones a los extraños evitará que muchos hackers consigan entrar en el sistema.

- Sistema de filtrado a páginas web. Existen muchas páginas web con contenidos maliciosos que pueden desembocar en una catástrofe en el ordenador. Es imposible conocerlas todas, por lo que un sistema de filtrado de páginas evitará que sin darnos cuenta podamos acceder a algún sitio peligroso.

- Un sistema de protección contra intrusiones a través de la red inalámbrica. De esta manera, podremos conectarnos a las redes abiertas sin miedo a que alguien utilice este canal para inmiscuirse en la información almacenada en el portátil.

Posted by Panda Software at 01:00 PM | Permalink

We have published a list of those malicious codes which have stood out in one way or another in 2006:

- The most moralistic. This award goes to the spyware Zcodec which, among other actions, monitors whether users access certain web pages with pornographic content. This may simply be a way of determining whether the user is a frequent visitor to these types of pages in order to send personalized advertising. On the other hand, perhaps the author of the spyware just has voyeuristic tendencies.

- The worst job applicant. The Eliles.A worm sends out CVs all over the place. It even sends them out to users’ cell phones. It would seem that it has little confidence in its own job prospects.

- The most sensationalist. Sensational headlines have always made an impact, now they are even being used by viruses. Of all those that appeared in 2006, Nuwar.A wins hands down with its declaration of the start of the Third World War.

- The most tenacious. They say that all good things come to an end. It's a shame that the creators of the Spamta worms haven’t heard the saying. Otherwise, they might have stopped sending wave after wave of almost identical variants of this malicious code.

- The biggest snooper. In this case, it was not a difficult choice. WebMic.A is a malicious code that can record sounds and images, using a microphone and WebCam connected to the computer. Of course this is not the sort of uninvited guest you would like to have on your PC.

Continue reading "Spain: The virus yearbook 2006" »

Posted by Panda Software at 12:57 PM | Permalink

Nowadays, the Internet is a key reference for many aspects of daily life. It is one of the best ways of staying abreast of the latest news; it can be used for business transactions or even shopping, with web stores becoming increasingly popular.

However, as with all good things in life, the Internet is also a point of reference for illegal activities, such as child pornography, a problem that has been around for quite a while, but which has grown with intensity and speed with the advent of the Internet; or software and music piracy, which uses the Net to spread itself widely and rapidly.

Continue reading "Spain: Phishing and 21st century tales" »

Posted by Panda Software at 12:47 PM | Permalink

El phishing se basa en mensajes de correo electrónico que conducen a sitios Web maliciosos diseñados para robar los datos bancarios de los usuarios confiados. Roban contraseñas y claves para suplantar la identidad del usuario y los utilizan de forma fraudulenta. Utilizan el nombre y la imagen corporativa de compañías ya existentes, para así obtener la completa confianza del usuario para realizar el fraude. Por ello, es necesario cerciorarse de que realizamos las transacciones en Internet en entornos seguros y reales.

Continue reading "Spain: Consejos para evitar el phishing" »

Posted by Panda Software at 12:47 PM | Permalink

Internet es, hoy en día, la referencia a la hora de tratar numerosos aspectos de la vida diaria. Cuando surge una noticia, Internet es uno de los grandes medios para informarse. Si hay que hacer un trámite, se busca la manera de hacerlo por Internet; a la hora de comprar algo, la opción de la tienda web se contempla cada vez más.

Continue reading "Spain: El phishing y los cuentos del s. XXI" »

Posted by Panda Software at 12:45 PM | Permalink

Instant messaging (IM) services like MSN Messenger, Yahoo!Messenger, AIM, etc. are becoming more widely used both at home and in the workplace, and their popularity provides an excellent means of propagation for malware.

The inherent risk to these services lies in the fact that they are not only used to exchange messages, but also files, folders, and even entire disk drives. This makes IM services an increasingly exploited open door for attackers. Instant messaging services make things extremely easy for attackers, since users are not authenticated through an IP address, but an email address linked to a password. This means that even if the victim has a mobile IP address, the server that links the people connected will send each user the contents assigned to their names. As a result, the attacker does not need to know the victim’s IP address, it is enough for their name to be included in a contact list to infect them.

The fact that logging into an instant messaging service does not require IP authentication can also lead to identity theft problems. If an attacker accesses the server using the password of one of the contacts, there will be nothing to warn the targeted user that the person they are speaking to is not who they are supposed to be. If you share files with that contact, the attacker will be able to access them freely. What’s more, in corporate environments where IM is used, confidential data could be shared with an attacker in the belief that they are someone else. Identity theft is not as difficult as it might seem. It is enough for the target user’s password to be common or easy to remember to access their account. Even if that is not the case, given that the majority of protocols used by these services transmit unencrypted information, it is very simple to spoof an established connection between two users and obtain certain data.

We are giving you a series of instant messaging tips worth following. First, use safe passwords: passwords that are not too short, mix uppercase and lowercase letters as well as numbers, and which are not related to biographical information (dates of birth, anniversaries, names, etc.). Secondly, in this kind of communication, you should never disclose personal or confidential information, such as passwords, account numbers, etc. Don’t chat to people who are not on your contact list. Similarly, don’t download files or click on links that come from unknown senders, and, even if they do come from known senders, take precautionary measures before taking any actions. If you are using a public computer, do not use the automatic sign-in feature, as any other user of the computer could access your messaging account. Finally, in the case of home users, be particularly careful when children use instant messaging services; not only because they are more prone to opening files that might be infected or clicking on dangerous links, but also because they can establish contact with inappropriate or dangerous people. To protect themselves, home users and companies must use latest-generation antimalware solutions and keep them up-to-date.

Posted by Panda Software at 12:42 PM | Permalink | Comments (1)

Criminals send email messages offering exceptionally well-paid jobs, working only a few hours a day. This messages also include links that when clicked, accesses to spoofed website. What these criminals are really looking for is a “mule”, that is, someone to launder stolen money in exchange for a commission. To do this, the fraudsters deposit money in the “mule’s” bank account and the “mule" must send it to certain addresses specified by the fraudsters.

By doing this, the “mule" not only launders the stolen money but also acts as a scapegoat, who the authorities will go after when the theft is discovered. As a rule of thumb, users should never take any notice of messages that offer jobs or extremely simple and lucrative business opportunities, whatever they might be. It is clear that cyber-criminals will stop at nothing, and therefore, users should take all precautions possible. We recommend all users to delete any messages of this type that reach their inboxes. What’s more, they advise users not to provide any personal details that could be used for criminal activities.

Posted by Panda Software at 12:40 PM | Permalink