Fred Palma | Computer Scientist

BBC News

Software used to control thousands of home computers has been acquired online by the BBC as part of an investigation into global cyber crime.

The technology programme Click has demonstrated just how at risk PCs are of being taken over by hackers.

Almost 22,000 computers made up Click’s network of hijacked machines, which has now been disabled.

The BBC has now warned users that their PCs are infected, and advised them on how to make their systems more secure.

Concerted attack

Click managed to acquire its own low-value botnet – the name given to a network of hijacked computers – after visiting chatrooms on the internet.

The programme did not access any personal information on the infected PCs.

If this exercise had been done with criminal intent it would be breaking the law.

But our purpose was to demonstrate botnets’ collective power when in the hands of criminals.

Click ordered its PCs to send out spam to two specific test e-mail addresses set up by the programme.

Cyber gangs use botnets to support crimes such as fraud and theft

Within hours, the inboxes started to fill up with thousands of junk messages.

But a botnet can also be used to launch a concerted attack on commercial websites to take them out of action.

Hefty ransom

By prior agreement, Click launched a Distributed Denial of Service (DDoS) attack on a backup site owned by security company Prevx.

Click then ordered its slave PCs to bombard its target site with requests for access to make it inaccessible.

Amazingly, it took only 60 machines to overload the site’s bandwidth.

DDoS attacks are used by extortionists who threaten to knock a site offline unless a hefty ransom is paid.

Jacques Erasmus from Prevx said that high-traffic websites with big revenues are a “massive target” for this kind of attack.

“Cyber criminals are getting into contact with websites and threatening them with DDoS attacks.

“The loss of trade is very substantial so a lot of these websites just pay-up to avoid it,” he explained.

Evolving threat

Click has now destroyed its botnet, and no longer controls any hijacked machines.

However, the owners of unprotected PCs have been made aware that they are vulnerable to future attacks.

How a botnet works In graphics

In addition, Click advised them on what steps to take to make their systems more secure. Most computers have protection systems that need to be switched on and kept updated to protect them against the evolving threat from hackers.

Machines can be compromised simply by visiting an infected web page or opening an e-mail containing a virus as an attachment.

‘Very professional’

Hackers exploit unprotected computers for valuable data such as banking and credit card details.

Criminals use botnets to send out thousands of spam messages, store stolen data, and fraud.

For instance, “phishing” e-mails which attempt to trick people into revealing their bank details are often routed through a botnet.

Users are normally unaware that their PCs are being controlled remotely by cyber criminals because there are almost no symptoms.

Greg Day from security firm McAfee explained that the people who control botnets are “very skilled professionals.”

“We’ve seen this move from what used to be a hobbyist bit of fun into something now that is very professional,” he said.

Hackers are keen to recruit new PCs to a botnet to create a resource that they sell or hire out to other cyber criminals.

But some networks of hijacked computers are of “much more value” than others, according to Mr Erasmus.

“Computers from the US and the UK go for about $350 to $400 (£254-£290) for 1,000 because they’ve got much more financial details, like online banking passwords and credit cards details,” he said.

Tags: security by Fred
No Comments »

From ZDNet by Tom Spiner
Web pioneer Sir Tim Berners-Lee has said that the Semantic Web will make the privacy of online communcations stronger, and will allow people to control who can use their data.

The Semantic Web, a project overseen by the World Wide Web Consortium (W3C), seeks to make the World Wide Web intelligently interpret what people are looking for when they are searching the internet. For example, computers would data-tag photographs and combine those tags with information from a desktop calendar, so people would be able to ask the web what the people in the photograph were doing on a particular day.

However, researchers have warned that the combination of personal information could lead to privacy compromises, including increased data mining.

Berners-Lee, who is director of W3C, told ZDNet UK on Wednesday that the teams working on the Semantic Web project are making sure privacy principles are included in its architecture.

“Certainly, Semantic Web technology will [enhance privacy],” said Berners-Lee. “The Semantic Web project is developing systems which will answer where data came from and where it’s going to — the system will be architectured for a set of appropriate uses.”

Another principle of the Semantic Web is that people who make a web request for personal information being held by third parties, such as companies and government agencies, will be able to see all the data those organisations hold on them, according to Berners-Lee.

“W3C wants to help make sure data use is appropriate,” he said. “Sometimes, it’s a serious question who should have what access [to information].”

In addition, the project will include accountable data-mining components, which let people know who is mining the data, and its teams are looking at making the web adhere to privacy preferences set by users. The whole project was geared towards privacy enhancement, Berners-Lee said. The teams “are building systems to be aware of different data uses”, he said.

ZDNet UK spoke to Berners-Lee at an event at the House of Lords designed to draw attention to the use of deep packet inspection by internet service providers and third parties. The technique intercepts data packets sent over the internet to analyse their content, which Berners-Lee likened to the postal service opening the mail it is charged with delivering.

“When people built the internet, it was designed to be a cloud,” said Berners-Lee. “When routing packets, the system only looks at the envelope — it’s an important design principle. Now people find out what you write in your letters.”

Tags: Internet by Fred
No Comments »

Super-fast quantum computers are now a step closer to becoming a reality, thanks to a breakthrough by scientists.

Edinburgh and Manchester University researchers have created a molecular device which could act as a building block for super-fast computers.

They have created components that could be used to develop quantum computers, which can make intricate calculations faster than conventional machines.

The academics used molecular scale technology instead of silicon chips.

They achieved the breakthrough by combining tiny magnets with molecular machines that can shuttle between two locations without the use of external force.

The manoeuvrable magnets could one day be used as the basic component in quantum computers.

‘Major challenges’

Conventional computers work by storing information in the form of bits, which can represent information in binary code – either as zero or one.

Quantum computers will use quantum binary digits, or qubits, which are far more sophisticated as they are capable of representing not only zero and one, but a range of values simultaneously.

Their complexity will enable quantum computers to perform more quickly than conventional machines.

Professor David Leigh, of Edinburgh University’s school of chemistry, said: “This development brings super-fast, non-silicon based computing a step closer.

“The major challenges we face now are to bring many of these qubits together to build a device that could perform calculations, and to discover how to communicate between them.”

The study, by Edinburgh and Manchester university scientists and published in the journal Nature, was funded by the European Commission.

Tags: Quantum by Fred
No Comments »

From: http://hadoop.apache.org

What Is Hadoop?

HDFS

Who uses Hadoop?

Apache Hadoop Core is a software platform that lets one easily write and run applications that process vast amounts of data.

Here’s what makes Hadoop especially useful:

• Scalable: Hadoop can reliably store and process petabytes.
• Economical: It distributes the data and processing across clusters of commonly available computers. These clusters can number into the thousands of nodes.
• Efficient: By distributing the data, Hadoop can process it in parallel on the nodes where the data is located. This makes it extremely rapid.
• Reliable: Hadoop automatically maintains multiple copies of data and automatically redeploys computing tasks based on failures.

Hadoop implements MapReduce, using the Hadoop Distributed File System (HDFS) (see figure below.) MapReduce divides applications into many small blocks of work. HDFS creates multiple replicas of data blocks for reliability, placing them on compute nodes around the cluster. MapReduce can then process the data where it is located.

Hadoop has been demonstrated on clusters with 2000 nodes. The current design target is 10,000 node clusters.

For more information about Hadoop, please see the Hadoop wiki.

Getting Started

Getting Involved

Tags: Cloud Computing by Fred
No Comments »

By William Jackson from GCN.com
Computer security is a difficult thing to quantify because, if done right, nothing happens. How, then, do you measure what didn’t happen?

Nevertheless, meaningful metrics are necessary so security can become a reliable, repeatable process with the necessary levels of assurance. The National Institute of Standards and Technology (NIST) doesn’t have the answer for this, but scientists in its Computer Security Division have identified some areas for further research they hope might yield results.

“Security metrics is an area of computer security that has been receiving a good deal of attention lately,” the agency said in the draft of the new interagency report, titled “Directions in Security Metrics Research.” “It is not a new topic, but one which receives focused interest sporadically.”

So far, this interest has not produced many actual metrics that have proven useful in practice. “Advancing the state of scientifically sound, security measures and metrics would greatly aid the design, implementation, and operation of secure information systems,” the report states.

The scientists identified several factors that complicate the field of security metrics, some of which are merely difficult so solve, others of which might not be resolvable. Several of these factors are:

• The lack of good estimators of system security.
• The entrenched reliance on subjective, human, qualitative input.
• The protracted and delusive means commonly used to obtain measurements.
• The dearth of understanding and insight into the composition of security mechanisms.

The areas suggested for further research include:

Formal Models of Security Measurement and Metrics: “The absence of formal security models and other formalisms needed to improve the relevance of security metrics to deployed systems have hampered progress. Having formal models that depict security properties of operational IT systems and incorporate relevant objects of significance to system security measurement would be a useful contribution.”

Historical Data Collection and Analysis: “Predictive estimates of the security of software components and applications under consideration should be able to be drawn from historical data collected about the characteristics of other similar types of software and the vulnerabilities they experienced. At the very least, insight into security measurements would likely be gained by applying analytical techniques to such historical collections to identify trends and correlations, to discover unexpected relationships and to reveal other predictive interactions that may exist.”

Artificial Intelligence Assessment Techniques: “While the use of AI has met with both successes and defeats, its application in aspects of security metrics might prove beneficial, particularly as a means for reducing subjectivity and human involvement in performing security assessments.”

Practicable Concrete Measurement Methods: “The current practice of security assessment, best illustrated by lower level evaluations under the Common Criteria, emphasizes the soundness of the evaluation evidence of the design and the process used in developing a product over the soundness of the product implementation. The rationale is that without a correct and effective design and development process, a correct and effective implementation is not possible. While this is true, the emphasis on design and process evidence versus actual product software largely overshadows practical security concerns involving the implementation and deployment of operational systems.”

Intrinsically Measurable Components: “Development of computing components that are inherently attuned to measurement would be a significant improvement in the state of the art of security metrics.”

Comments on the report should be sent by March 27 to IR7564comments@nist.gov.

NIST also has released an online version of the annual report for the Computer Security Division (CSD) for fiscal 2008. Under the Federal Information Security Management Act, the CSD is responsible for providing agencies with standards, specifications and guidance in implementing requirements of the act. Toward that end, NIST issued 18 special publications offering management, operational and technical security guidance, and has updated several Federal Information Processing Standard publications covering hash algorithms and digital signatures.

NIST also has been collaborating with the Defense Department and the Office of the Director of National Intelligence to harmonize security requirements and programs for civilian agencies with national security systems, which to date have not fallen into NIST’s purview.

A final printed version of the report, with brighter colors, is expected to be published late this month or early next month.

Tags: security by Fred
No Comments »

From BBC News

The integrity of the internet is under threat if online “snooping” goes unchecked, one of the web’s most respected figures has told Parliament.

Sir Tim Berners-Lee, inventor of the World Wide Web, said browsing habits could now be monitored as if someone had put a “TV camera in one’s room”.

Laws must be better enforced to ensure such “sensitive” data was not misused for commercial gain, he added.

Tory MP David Davis said privacy must be upheld without “crippling” the web.

‘Sensitive’

Sir Tim’s warning came at a meeting of MPs, peers and technology professionals, organised by the All Parliamentary Group on Communications, to address online privacy concerns.

Parliamentarians are worried about technology allowing firms to track which websites people visit and to share the information with companies for the purpose of sending what is known as “behavioural advertising”.

Google has become the latest firm to launch a system to send advertisements to web users based on their online activities.
Privacy campaigners have said the trend is dangerous and warned a new code of practice governing how consent is given is insufficient.

Sir Tim, now a professor at the Massachusetts Institute of Technology, said people revealed “very sensitive” details through their web use and their privacy should be not be infringed

“We must not snoop on the internet,” he said.

“What is at stake is the integrity of the internet as a communications medium.”

The meeting, chaired by Lib Dem home affairs spokesman Baroness Miller, heard concerns from MPs and peers that existing laws on the interception of communications were either not being enforced or were ill-equipped to deal with the fast-moving online marketplace.

Lib Dem MP Susan Kramer said people were “really quite frightened at the ability to lose privacy through mechanisms we don’t understand”.

Mr Davis – a former shadow home secretary – said a solution was needed which was “protective of privacy but not crippling of the usefulness of the internet”.

He said “simple encryption” of web information could make a difference, a move that web experts have said would be hugely expensive and significantly reduce internet speeds.

It emerged in 2007 that BT had trialled certain “behavioural targeting” technology – to be used directly by internet service providers (ISPs) – without the agreement of its customers.

The practice led to complaints and resulted in a police investigation – which concluded no offence had been committed.

Since then, BT has continued with further trials.
The Home Office has said it is happy such technology conformed to EU data laws although Brussels is still considering whether to take any further action.

Phorm, which is working with BT on the service, said it had made strenuous efforts to inform web users about their rights.

Advertisers could not find out people’s identity because all information gathered was anonymous and could not be traced back to individuals, said chief executive Kent Ertugrul.

‘Misrepresented’

He said the purpose of its service had been “misrepresented”.

“We recognise the need for privacy,” he told Wednesday’s meeting. “We believe in it absolutely.”

Crossbench peer Lord Erroll said behavioural advertising could make many people’s lives easier and therefore should not be “rubbished” out of hand.

Campaigners insist such advertising should operate on an “opt-in” rather than an opt-out basis, a stance backed by the Information Commissioner last year.

This would mean that people only receive certain adverts if they have consciously signed up for them.

Richard Clayton, from the Foundation for Information Policy Research, said companies which breached such rules should be “made an example of”.

Tags: Internet by Fred
No Comments »

The resignation of the federal government’s cybersecurity coordinator highlights a power struggle underway over how best to defend the government’s civilian computer networks against digital attacks.

Rod A. Beckstrom resigned the post Friday after less than a year on the job, citing a lack of funding and the National Security Agency’s tightening grip on government cybersecurity matters.

Beckstrom is director of the National Cyber Security Center — an organization created last March to help coordinate such security efforts across the intelligence community. But recently, Beckstrom said, efforts have been underway to fold his group into a facility at the NSA.

Beckstrom said in an interview over the weekend that his group was formed to coordinate the various agencies’ efforts but not to be controlled by the NSA.

“This is a coordination body and it resides alongside or above the other centers, but certainly not below them,” Beckstrom said. “In my view, it is very important that there be independence for the [center], and that it be able to carry out its role.”

The Obama administration is in the midst of a 60-day review of the government’s cybersecurity initiative, with recommendations on next steps expected sometime next month.

Tags: security by Fred
No Comments »

Type following command to install packages:
sudo apt-get install portmap nfs-common


Create a folder:
mkdir wwwroot

Mount:

mount server.mydomain.com:/network/wwwroot to /home/fred/wwwroot

example:
fred@mds028281:~$ pwd
/home/fred
fred@mds028281:~$ mkdir 223
fred@mds028281:~$ mkdir 243
fred@mds028281:~$ mkdir 130
fred@mds028281:~$ sudo mount 10.68.12.223:/dados/wwwroot /home/fred/223
fred@mds028281:~$ sudo mount 10.68.12.243:/dados/wwwroot /home/fred/243
fred@mds028281:~$ sudo mount 10.68.12.130:/dados/wwwroot /home/fred/130
fred@mds028281:~$ cd 223
fred@mds028281:~/223$ ls
email       moodle         moodledata     moodleInterno  teste
index.html  moodle.backup  moodledata193  smtp

you may need to restart above services:
sudo /etc/init.d/portmap restart
sudo /etc/init.d/nfs-common restart

Tags: Linux by Fred
No Comments »