Thursday, December 17, 2009

poster : cyber crime

Internet Use Raises Privacy Concerns


The Internet brings us great websites full of information and entertainment, and email and chat have revolutionized communication.

But there's a dark side, too, as Internet users are increasingly concerned about how much of their personal information they're giving up in exchange. VOA's Art Chimes reports on the debate over Internet privacy.

As more and more people are realizing, we often reveal a lot of information about ourselves when we go online, information we may not realize we're disclosing, but which advertisers and commercial websites can use to sell us goods and services.

Sometimes the information is openly requested: you register on a website and you fill out a form. Next time you log into the site, you find ads for sporting equipment if you registered as a young man, or maybe cosmetics if you're a woman. Other times, websites and advertisers seem to magically know our interests.

They can do this because of cookies, little text files created on your computer that contain information left there by the websites you visit.

U.S. Internet service provider AOL explains the process with an online animation featuring a penguin who visits a fictional website called AnchovyGourmet. The company's chief privacy officer Jules Polonetsky explains what happens next.

"He's reading about anchovies. You sort-of see him getting this cookie that labels him an anchovy-liker. He then goes to PenguinTimes.com. He wants to know about global warming. He's worried; he's a penguin. Boom! There he gets the anchovy ad. The ad company reads the cookie to display an ad."

The advertiser may not know the penguin's name or address, just that he likes anchovies. The penguin animation invites viewers to check out AOL's privacy site, where visitors can read the company's privacy policy and learn more about how targeted, or behavioral advertising works.

Critics, however, point to surveys that indicate web users don't understand privacy policies, even when they are clearly stated.

One reason for that, says privacy advocate Marc Rotenberg of the Electronic Privacy Information Center, is that so-called privacy policies often aren't about preserving privacy at all.

"I don't think people are wrong to believe that [the existence of] a privacy policy means that their personal information won't be disclosed to others," Rotenberg says. "I think businesses are wrong to post a privacy policy and then believe that it provides a basis for them to disclose the information to others. That's where the problem arises."

The biggest Internet company of them all, Google, has a slogan, "don't be evil," but privacy advocates have criticized some of its policies, such as retaining some identifying information along with your search query. Google recently launched a YouTube channel with short videos explaining privacy policies in plain English.

"To improve our search results, as well as maintain security and prevent fraud, we remember some basic information about searches," explains a Google software engineer in one video. "So what information does Google collect? Let's find out, starting with a simple search...."

Representatives from Google and AOL, plus scholars and critics, gathered in Washington recently for a symposium on Internet privacy. It was sponsored by the communications schools of the University of Pennsylvania and the University of Southern California.

Academic researchers are starting to take an interest in Internet privacy. At Northwestern University in Chicago, Dr. Eszter Hargittai has been surveying students about their understanding of key Internet concepts. You would think if anyone would be knowledgeable about the Internet and some of the pitfalls of surfing the web, it would be university students. But that's not what she found.

"Even among young people, there's a lot of lack of understanding," she said. "And age is a predictor of skills, so if you go into older populations it's only going to get worse. But this is already pretty bad, right?"

This is an issue that government regulators are also studying. The U.S. Federal Trade Commission, whose members are all Bush appointees, has favored industry self-regulation, which is to say requiring disclosure but not banning the collection of personal data from visitors to websites. That's despite the fact that surveys indicate that Internet users don't want their personal information collected, as FTC commissioner Pamela Harbour acknowledged.

"Consumers are concerned about behavioral advertising even if they do not know the practice by name. Implicitly, we can also conclude that present consumer education efforts are lacking. Policies alone can not cure the overall discomfort that consumers express toward the practice," Harbour said.

The advance of technology is making the collection and analysis of personal information easier for advertisers and commercial websites. The process continues, even though consumers may not know their information is being collected, or that their web activities are being tracked by advertisers.

sources: http://www1.voanews.com/english/news/science-technology/a-13-2008-04-29-voa44.html

Wednesday, December 16, 2009

tutorial

QA. Andrew is a computer science student attached with Microhard Corporation in Cyberjaya as a practical trainee. One day he managed to crack the company’s information system but did not do anything afterwards. The following day he also managed to intrude into Microhard’s Corporation’s website system and then posted his picture in the front page of the website and left his mobile number below his picture hoping that someone will call him and make friends. Subsequently his phone rang, but unfortunately it was his training manager who called and later warned him that actions will be taken. Upon investigation, it wad also revealed that Andrew had previously leaked the company’s system access code to his friends at University, to who he also sent emails telling bad things about his manager. Advise Microhard Corporation on various potential liabilities of Andrew from the above incidents, with reference to various cybercrimes laws applicable in Malaysia.

answer A.

Andrew manage to cracks the company’s information system but did not do anything afterwards.
- this case falls under unauthorized access to computer materials. even though he doesnt do anything on the company's information, but still accessing without authorized are consider criminal. Andrew are against the Computer Crimes Act 1997 (section 3(1) and can be punish as maximum RM 50,000.00 fine or to 5 years imprisonment or to both.

Andrew managed to intrude into Microhard’s Corporation’s website system and then posted his picture in the front page of the website and left his mobile number
- this case falls under unauthorized modification of the content of any computer. The applicable law would be CCA s.5 (1) which the punishment will be fined up to RM 100000 or up to 7 years imprisonment or both.

Andrew had previously leaked the company’s system access code to his friends at University, to who he also sent emails telling bad things about his manager
- falls under wrongful communication, leaking private data to third party CCA s.6(1) which the punishment will be fined up to RM 25000 or up to 3 years imprisonment or both.

QB. Meera has been receiving emails from travel companies that keep offering her holiday packages to various places in the world She replied to the senders to stop emailing her, but only to find that the emails keep coming and flooding her inbox. She came to you to on the legal aspects that may arise out of this practise by the travel company. Advise her on both criminal and data protection aspects.

Answer B.

spamming or misuse customer data is one of the crime that falls under Communications & Multimedia Act 1998. If found guilty, the travel companies would face fine up to RM50000 or imprisonment up to 1 year or both.

cybertracker: is it legal?

almost every MMU students know about cybertracker, and almost every hostel resident and even MMU staff use cybertracker as a medium to share file, info/news, advertisement and many more.
I can say that cybertracker is the only way for hostel resident in MMU to get some entertainment. A lot of stuff uploaded such as software, games, movies, mp3 songs, tv series and many more. however, is it legal to share all those stuff in one server for free or there is an exceptional for MMU student?

image below shows some of file uploaded to be share on cybertracker..

plenty of softwares available to be download

latest movies

mp3 songs. full album in highest quality.

latest games

cybertracker already serves and entertain MMU students for many years. almost everything you want are available on cybertracker. wheather cybertracker is actually legal or not, we just dont care, but please dont shutdown the server if not we(hostel resident) will bored to death~


Tuesday, December 15, 2009

copyright on flickr

Flickr is one of the largest photo sharing web resource. It hosts millions of images taken my amateur and professional photographers.
currently i am a flickr user. So some of my favourite photos will be uploded and share through the site. When dealing with photos or artwork through flickr, several rules you need to follow and take it serious especially the copyright issue.

Understanding different License conditions as per Creative Commons:

Attribution

Means you can copy, distribute and display the images(or any other piece of work). Also you can create derivative of the image. You can alter and modify the image at your will.. All you need to do is provide proper credit to original owner (Like linking back to the profile of uploader or direct flickr image page).

Noncommercial

Means you can copy, display and distribute the work but only for non commercial purpose.

No Derivative Works

Means you can copy, display and distribute the work as it is. You can not modify the work in any form.

Share Alike

Means you can use the image or work and distribute or display it under the same license to this one.

Flickr and CC License:
Images on flickr are either strictly copyrighted or fall under six CC license. Images marked as copyrighted (All Rights Reserved) are not meant to be copied or used in any any form. You cannot display or use these images until and unless you have prior permission from original author. Rest, other images are uploaded under following sic license.

Attribution License

Images uploaded under this license are best to use for your blog or site. You can modify these images and use it in any form you like. All you need to do is provide a proper credit and linkback to original owner.
Click here to search Images under Attribution License

Attribution-NoDerivs License

You can use these images as long as you credit the photographer and do not modimy the image. Images under this license are also a fair good deal for your blog or site.
Click here to search Images under Attribution-NoDerivs License

Attribution-NonCommercial License

You are free to modify and use these images by providing proper credit to photographer (or uploader). These images cannot be used for any commercial purpose. So if your blog or site is monetized by any paid advertising like Google Adsense, better not to use these type of images.
Also while using these type of images, its necessary to look into future possibilities of monetizing your blog/site. Your site/blog may not be displaying any paid advertisements right now, but in future you may change your mind and start monetizing the ad spaces. So better avoid these type of images on your webpage.
Click here to search Images under Attribution-NonCommercial License

Attribution-NonCommercial-NoDerivs License

Same as above one. But you are restricted to modify the images in any form and use them as it is.
Click here to search Images under Attribution-NonCommercial-NoDerivs License

Attribution-ShareAlike License

You are free to use and modify the images until you credit the photographer release the work under same license.
Click here to search Images under Attribution-ShareAlike License

Attribution-NonCommercial-ShareAlike License

Same as above. But the images cannot be used for any commercial purpose. You cannot use these type of images if your webpage as any paid ad space (like banners, text links or Contextual ads like Google adsense).

one of the cases involving plagiarism on flickr:

Photographer Gets Plagiarized then Censored

Rebekka Guðleifsdóttir is heralded as one of the top photographers on the photo-sharing site Flickr. Guðleifsdóttir, a native of Iceland, is well known for her self-portraits as well as her surreal landscapes.

However, she recently discovered that a photo printing site had not only posted several of her works under a false name (Yahoo! Cache Version), but was selling prints of those photos in their store. A search through their Ebay store turned up approximately £2,500 (about $5,000) in sold prints, all with her work.

Seeking repayment, Guðleifsdóttir turned to a local attorney who sent the company a stern letter. The company removed the works from their site and then fell quiet. No future correspondence was returned and Guðleifsdóttir, a single mother and a college student, was left footing the bill for the lawyer.

Understandably upset at this outcome, Guðleifsdóttir vented her frustration in her Flickr account.

The story struck a chord with the Flickr community. It quickly reached the front page of Digg (earning over 4000 Diggs) and the entry generated well over 400 comments.

However, the original entry was to be short lived. Only hours after it hit the front page of Digg, Yahoo!, who owns Flickr, removed the post. According to Guðleifsdóttir, Yahoo! cited alleged terms of service violations.

That, in turn, has kicked off another storm of controversy with many criticizing Yahoo!’s move as censorship.

But in addition to being an interesting case of plagiarism gone awry, the story also serves to illustrate many of the challenges that arise when trying to protect your works on the Web.

for full article click here

reference:
http://www.meetarpit.com/understanding-copyright-on-flickr/
http://www.plagiarismtoday.com/2007/05/16/photographer-gets-plagiarized-then-censored/

Indonesian Hackers Claim Web Attack on Malaysian Sites

A ring of Indonesian hackers on Monday claimed to have attacked scores of Malaysian Web sites, one more in a series of flashpoints threatening tenuous ties between neighbors.

The two countries have been embroiled in a string of spats over alleged misappropriation of cultural icons, reports of migrant worker abuse and territorial disputes.

A statement posted on a blog titled “Terselubung” says that a number of Malaysian Web sites had been hacked and defaced to “celebrate” Malaysia’s Independence Day, which was celebrated on Monday.

“Today, Aug. 31, 2009, an uncreative country, a country who likes to steal Indonesian culture, a country whose citizen is the mastermind of bombings in Indonesia, a country who has tortured many of our sisters — the migrant workers who worked there, a country who abused our national anthem, a country who harassed Indonesia on the Internet, a country that has stolen Sipadan and Ligitan islands, a country which has trespassed our water illegally, a country which received their independence from Britain, is celebrating its anniversary,” the Web site statement read.

“As good Indonesian citizens, we will celebrate their independence in our own way. We are celebrating by undertaking a mass attack on the country’s Web sites,” the statement continued.

The site then listed more than 120 Internet addresses, including domains for Malaysian education and tourism pages. But checks on a sample of the mentioned sites revealed only a few of them remained defaced, or that many had recovered from the attacks.

Official Malaysian sites were back to normal, and only a few private Web sites, including that of Leafyard, an Internet marketing company, still displayed the hacker’s message while others could not be opened for various reasons.

With the Indonesian national anthem playing in the background, the hacked Leafyard Web site was signed by M364tron and said: “One by one you take our culture, but we will not be silent. You will always be my main target.”

Teuku Faizasyah, spokesman of the Indonesian Foreign Ministry, expressed “regret” over the move by local hackers and called on both sides to keep cool.

“I think they have responded in an inappropriate manner that will only harm both sides,” Faizasyah said. “We don’t believe that the attacks on Malaysian Web sites will to a larger extent disturb bilateral relations, but they could somehow lead to the psychological state of being irritated, so everyone must cool down.”

Musni Umar, an Indonesian member of the Eminent Persons Group, an organization of experts and former leaders from the two countries, said the hackers were overreacting and the incident involved only young people who tended to act emotionally instead of rationally.

“I’m not worried about today, I’m worried about when this younger generation takes their turn to lead this country with a bad impression toward their neighbor,” said Umar, who is also a spokesman for the EPG.

“Yes, we must do something about it. Bilateral communications must involve youths to help them understand the importance of maintaining good relations with our neighbor.”

Irritation with Malaysia boiled over again last week after allegations that a Balinese dance had been used to promote a television show about Malaysia, though it was revealed soon afterward that no Malaysian government agency had a role in making the advertisement.

A screenshot of one of the Malaysian sites attacked by a ring of Indonesian hackers.

A screenshot of one of the Malaysian sites attacked by a ring of Indonesian hackers.



source: Kinanti Pinta Karana & Heru Andriyanto

Phishing attacks: No one is safe

Users of most of the top email services were targeted in a large-scale phishing attack. First to be hit was Microsoft's Live Hotmail. Microsoft also confirmed that a phishing attack was to blame for the 10,000 Hotmail passwords posted online.

Hotmail, Google and Yahoo! have joined a growing number of email service providers whose users have been duped by hackers into giving over their passwords in phishing attacks.

The British network said it has seen a list of some 20,000 hijacked e-mail accounts that included accounts from Gmail, Yahoo! Mail, AOL, Comcast and EarthLink. The latter two are major US Internet service providers.

The intrusions, which fool users into giving their details to a dummy website, come amid a sharp rise in the number of phishing attacks. According to the Anti-Phishing Working Group some 50,000 mass attacks took place in June 2009, almost double the number recorded in January.

Cyber criminals obtained the passwords by setting up fake websites identical to the main amail services and tricking users into giving their username and password information on the site.

It is widely feared that the stolen information will be used by to access email accounts and steal personal information.

What is Phishing?

Phishing is a criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

How can internet users avoid falling prey to Phishing scams?

a) A user should not have the same username and password for multiple accounts as once a cyber thief has access to one account, it will be easy for him to access the other accounts.

b) Avoid clicking on weird requests to click on URLs or download software links

c) Get an antivirus software installed for your PC and keep your operating system up-to-date

d) Be on the guard and look out for URLs that divert you to other websites

e) Never follow links in an email claiming to be from your bank. Ignore these types of emails.

f) Adjust you browser settings to tighten up security especially if you use web based email. (Inputs from Agencies)

source: http://in.news.yahoo.com/242/20091008/1360/ttc-phishing-attacks-no-one-is-safe.html