How 100 mn Facebook users' info got leaked

The man who harvested and published the personal details of 100 million Facebook users has said that he only disclosed what was already public information.

Ron Bowes, a security consultant, used a piece of code to scan Facebook profiles, collecting data not hidden by the user's privacy settings.

The list, which contains the URL of every searchable Facebook user's profile, name and unique ID, has been shared as a downloadable file. Bowes said that he did it as part of his work on a security tool.

"I'm a developer for the Nmap Security Scanner and one of our recent tools is called Ncrack," the BBC quoted him as saying. "It is designed to test password policies of organisations by using brute force attacks; in other words, guessing every username and password combination," he added.

By downloading the data from Facebook, and compiling a user's first initial and surname, he made a list of the most common probable usernames to use in the tool.

In theory, researchers could then combine this list with a catalogue of the most commonly used passwords to test the security of sites. Similar techniques could be used by criminals for more nefarious means.

Bowes said his original plan was to "collect a good list of human names that could be used for these tests.” "Once I had the data, though, I realised that it could be of interest to the community if I released it, so I did," he added.

Bowes confirmed that all the data he harvested was already publicly available but acknowledged that if anyone now changed their privacy settings, their information would still be accessible.

"If 100,000 Facebook users decide that they no longer want to be in Facebook's directory, I would still have their name and URL but it would no longer, technically, be public," he said.

Bowes said that collecting the data was in no way irresponsible and likened it to a telephone directory. "All I've done is compile public information into a nice format for statistical analysis," he said

In a statement, Facebook confirmed that the information in the list was already freely available online. "No private data is available or has been compromised," the statement added.

Bowes supported the view by adding that harvesting this data highlighted the possible risks users put themselves in. "I am of the belief that, if I can do something then there are about 1,000 bad guys that can do it too. For that reason, I believe in open disclosure of issues like this, especially when there's minimal potential for anybody to get hurt.

"Since this is already public information, I see very little harm in disclosing it," he said Facebook has a default setting for privacy that makes some user information publicly available. People have to make a conscious choice to opt-out of the defaults.

Blogged with the Flock Browser

How hackers snoop on private web browsing

Experts have identified how their web browser's 'private mode' setting is also vulnerable to hackers.

Most web browsers offer a private mode, intended to leave no trace of surfing history on the computer.

But Collin Jackson at Carnegie Mellon University in Pittsburgh, Pennsylvania, and colleagues, have found ways to detect which sites were visited with the mode enabled.

Even if private browsing is enabled, details relating to the key remain stored on the computer's hard drive, allowing a hacker to establish that a particular site had been visited.

A hacker could "guess what sites you've been to based on traces left behind," New Scientist quoted Jackson as saying.

These attacks on privacy "do not require a great deal of technical sophistication and could easily be built into forensics tools," he added.

However, Rik Ferguson -- a UK-based security researcher at Trend Micro of Tokyo, Japan -- says that any attacker with the knowledge to exploit the weaknesses would probably look to other attacks first, which may yield more detailed information.

"If someone is capable of tracking your browsing habits in this way, then they are probably also tech-savvy enough to know about commercial spyware which could much more effectively track your computer use," says Ferguson.

Blogged with the Flock Browser

'China tried to hack India's computers'

Chinese hackers have tried to penetrate computers in the offices of National Security Adviser MK Narayanan, a British paper quoted him as saying.

Narayanan said his office and other government departments were targeted on December 15, the same date that US defence, finance and technology companies, including Google, reported cyber attacks from China.

"This was not the first instance of an attempt to hack into our computers," Narayanan told The Times in an interview, adding the would-be hackers sent an e-mail with a PDF attachment containing a Trojan virus.

The virus, which allows hackers to download or delete files, was detected and officials were told not to log on until it was eliminated, Narayanan said.

"People seem to be fairly sure it was the Chinese. It is difficult to find the exact source but this is the main suspicion. It seems well founded," he told The Times, adding that India was cooperating with the US and Britain to bolster its cyber defences.

The Chinese government has denied any role in the attacks, with a foreign ministry spokeswoman saying: "Hacking in whatever form is prohibited by law in China."

Narayanan said that while he expected China to be an increasingly high security priority for India, the main threat still came from militants based in Pakistan.

He said Islamabad had done nothing to dismantle militant groups since the 26/11 Mumbai attacks, and criticised Britain for accepting its excuse that such groups were beyond its control.

"The British are still blinkered on this. We believe Pakistan's policy of using terror as a policy weapon remains," Narayanan said, adding India is anxious to prevent an attack from Pakistan during the Commonwealth Games in October.

"From Pakistan's point of view, it's important to disrupt the Games so you can claim that India is not a safe place," Narayanan said.

Facebook lands women into Dark Net

A mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place - strangers' accounts with full access to troves of private information.

The glitch - the result of a routing problem at the family's wireless carrier, AT&T - revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.

In each case, the Internet lost track of who was who, putting the women into the wrong accounts. It doesn't appear the users could have done anything to stop it.

The problem adds a dimension to researchers' warnings that there are many ways online information - from mundane data to dark secrets - can go awry.

Several security experts said they had not heard of a case like this, in which the wrong person was shown a Web page whose user name and password had been entered by someone else. It's not clear whether such episodes are rare or simply not reported. But experts said such flaws could occur on e-mail services, for instance, and that something similar could happen on a PC, not just a phone.

"The fact that it did happen is proof that it could potentially happen again and with something a lot more important than Facebook," said Nathan Hamiel, founder of the Hexagon Security Group, a research organization.

Candace Sawyer, 26, says she immediately suspected something was wrong when she tried to visit her Facebook page Saturday morning.

After typing Facebook.com into her Nokia smart phone, she was taken into the site without being asked for her user name or password. She was in an account that didn't look like hers. She had fewer friend requests than she remembered. Then she found a picture of the page's owner.

"He's white, I'm not," she said with a laugh. Sawyer logged off and asked her sister, Mari, 31, her partner in a dessert catering company, and their mother, Fran, 57, to see whether they had the same problem on their phones.

Mari landed inside another woman's page. Fran's phone - which had never been used to access Facebook before - took her inside yet another stranger's page, one belonging to a young woman from Indiana. They sent an e-mail to one of their own accounts to prove it.

They were dumbfounded. "I thought it was the phone. Maybe this phone is just weird and does magical, horrible things and I have to get rid of it," said Candace Sawyer.

The women, who live together in East Point, Georgia, outside Atlanta, had recently upgraded to the same model of phone and all used the same carrier, AT&T. The problem wasn't in the phones. It was a flaw in the infrastructure connecting the phones to the Internet.

That illuminates a grave problem. Generally Web sites and computers are compromised from within. A hacker can get a Web page or computers to run programming code that they shouldn't. But in this case, it was a security gap between the phone and the Web site that exposed strangers' Facebook pages to the Sawyers. Misconfigured equipment, poorly written network software or other technical errors could have caused AT&T to fumble the information flowing from the Sawyers' phones to Facebook and back.

AT&T spokesman Michael Coe said its wireless customers have landed in the wrong Facebook pages in "a limited number of instances" and that a network problem behind those episodes is being fixed.

It's unclear how many people were affected by the problem the Sawyers discovered, and whether it was limited to Facebook.

The reason all three women experienced the glitch is a function of the way cellular networks are designed. In some cases, all the mobile Internet traffic for a particular area is routed through the same piece of networking equipment. If that piece of equipment is misbehaving or set up incorrectly, strange things happen when computers down the line receive the data.

Usually that means a Web site simply won't load, said Alberto Solino, director of security consulting services for Core Security Technologies. In the Sawyers' case, ``somehow they got the wrong user but they could keep using that account for a long period of time. That's what's strange,'' he said.

The AP tried to contact two of the people whose Facebook pages were exposed to the Sawyers, but the calls and e-mails were not returned. It's unclear whether they are also AT&T customers, though security experts said that's likely the case.

Indeed, it was the case in a similar incident in November. Stephen Simburg, 25, who works in marketing, was home for Thanksgiving in Vancouver, Washington, when he logged onto Facebook from his cell phone. He didn't recognize the people who had written him messages.

"I thought I had gotten really popular all of a sudden, or something was wrong," he said. Then he saw the picture of the account owner, A young woman.

He got her e-mail address from the site, logged off and wrote the woman a message. He asked whether he had met her at some point and she had borrowed his phone to check her Facebook account. "No," she wrote back, "but I was just telling my family that I ended up in your profile!"

Simburg and the woman figured out they were both using AT&T to access Facebook on their phones.

Facebook to give McAfee security to all users

Facebook, in collaboration with McAfee is going to provide all of its 350 million users with a free six-month security trail pack of McAfee's INternet Security Suite.

The popular social networking site Facebook has taken this step after various cyber attacks such as the 'Koobface virus'.

Facebook said that a scanning tool will also be provided to its users whose computers have fallen prey or show signs of being attacked. This scanning tool is also being offered without any cost as such. The new scanning tool is available immediately for English-language users of Facebook, with versions for other languages coming soon.

After the 6-month trial period, the subscription will be available at a discount for Facebook users.

This will protect users from online threats such as hackers, viruses, trojans, spyware etc.

"We feel like we've done a great job in protecting our network and accounts on Facebook, but we're always looking at ways we can do better," said Facebook spokesman Barry Schnitt.

Facebook users in the United States, Britain, France and eight other countries have immediately access to the free version of McAfee Internet Security Suite, with additional countries to come through the first three months of the year. Those in India might have to wait just a little bit linger.

Google may pull out of China

Google Inc said it may pull out of China because it is no longer willing to accept censorship of search results and after hackers coordinated a sophisticated attack on email accounts of human rights activists using its Gmail service.

Google's surprise announcement on Tuesday came shortly after an adviser to US Secretary of State Hillary Clinton said she will announce a technology policy next week to help citizens in other countries to gain access to an uncensored Internet.

More than 20 other companies were also attacked by the China-based hackers, Google said. Google said the hackers had tried to access the Gmail email accounts of Chinese human rights activists but only managed to access two unidentified accounts, and then only headlines and other data such as when the account was created.

It did not say what information the hackers tried to access from the other corporations, nor which they were. Google said it was now notifying the other affected corporations, adding that it was working with the US authorities.

"These attacks and the surveillance they have uncovered -- combined with attempts over the past year to limit free speech on the Web -- have led us to conclude that we should review the feasibility of our business operations in China," Google said in a statement.

Top 10 riskiest Web domains

Ever wondered which are the most riskiest Web domains? Domains which host (or are rather used to host) maximum malware or codes that can launch a virus, phising or a botnet attack on your PC?

Security agency McAfee has released its annual "Mapping the Mal Web" report that names the riskiest Web domains across the globe. Alarmingly, as many as seven out of the top 20 riskiest domains are from the APAC region.

Here's over to top 10 riskiest Web domains.

Cameroon (.cm)
Topping the list is Africa's Cameroon (.cm) which has overthrown Hong Kong (.hk) as the Web's riskiest domain. Entering for the first time in the list, Cameroon, a small African country that borders Nigeria, jumped to the number one spot this year with 36.7% of the .cm domain posing a security risk.

According to the report, because the domain .cm is a common typo for .com, many cyber criminals set up fake typo-squatting sites that lead to malicious downloads, spyware, adware and other potentially unwanted programmes.

Last year's riskiest domain, Hong Kong (.hk) dropped to 34th place with a risk rating of only 1.1%.

Commercial (.com)
World's most common domain has just got more dangerous. From being the ninth most riskiest domain last year, .Com domain has become the second most dangerous domain this year. Falling in the generic category, Commercial (.com) domain has a weighted risk of 32.2%.

According to the report, .com is also the most risky generic top level domain (TLD).



China (.cn)
At No. 3 is People's Republic of China (.cn) which poses a risk level of 23.4%, as compared to 11.8% in 2008.

According to McAfee, the risky or malicious activity associated with sites registered with the .cn (China) overwhelmingly relates to spam sites as opposed to malicious downloads.

Samoa (.ws)
Fourth most riskiest Web domain is Samoa (.ws) with an overall risk percentage of 17.8%. Last year the domain posed a security risk of 3.8%.

The report rates Samoan-registered domains risky primarily for their phishing and malicious download activity. Among country domains, the People's Republic of China (.cn) and Samoa (.ws) have remained in the top 5 riskiest domains since last year.

Information (.info)
The information (.info) domain is the most "spammy," domain with 17.2% of its sites generating junk mail.

The domain has an overall risk of 15.8%, as compared to 11.7% in 2008. The risk associated with .info registered domains is largely spam related.



Philippines (.ph)
At No. 6 on the riskiest Web domains list is Philippines (.ph). The domain has an overall risk level of 13.1%, compared to 7.7% last year.

Philippines (.ph) registered sites are more similar to China than Samoa, with risk weighted towards spam and phishing than related to downloads.

Network (.net)
Seventh riskiest web domain is Network (.net) with the overall risk percentage of 5.8%. As compared to this year's figure, the domain recorded a higher security risk of 6.3% last year.





Former Soviet Union (.su)
Entering for the first time in the top 10 list is Former Soviet Union (.su) domain. Ranked at no. 8, the domain poses a security risk of 5.2%.

The report says risky registrations using the former Soviet Union (.SU) domain are evenly distributed between phishing and risky download activity.

Russia (.ru)
Ninth riskiest Web domain is Russia (.ru) with an overall risk percentage of 4.6%. Last year, the domain posed a security risk of 6%.

Russian (.RU) registered site risk is distributed in a roughly 3:2:1 ratio for malicious downloads, phishing and spam.

Singapore (.sg)
Next APAC country on the list is Singapore (.sg) at No 10. The .sg domain has an overall risk of 4.6%, compared to 0.3% last year.

According to the report, Singapore (.sg) registered sites were evenly distributed between spam and download activity.

Windows 7 users hit by glitch

Microsoft's Windows 7, the hottest operating system packed with several new features and which is selling like hotcakes, is now making millions of users worldwide frustrated with an unique problem called 'black screen of death'.

The error appears to occur after logging on to the affected systems, rendering the computer unresponsive, the software giant has acknowledged.

The black screen of death is a play on the 'blue screen of death' colloquialism used for the error screen that has plagued Windows users over the years, The Daily Mail reported.

The company said it was investigating a disabling glitch that seems to particularly affect its latest operating system.

However, it denied reports that its latest monthly security update has caused the serious system problems.

"We have conducted a comprehensive review of the November Security Updates, the Windows Malicious Software Removal Tool, and the non-security updates we released through Windows Update in November," Microsoft said in a blog posting.

"That investigation has shown that none of these updates make any changes to the permissions in the registry. Thus, we don't believe the updates are related to the 'black screen' behaviour described in these reports."

Software firm Prevx had earlier suggested that the blank screen problem was caused by Microsoft's latest security patch. However, it retracted from its claim later.

What's new in Windows 7

Microsoft's Windows 7 is finally here. The new perating system (OS) is the the company's most important release after the disappointing performance of Vista, its earlier release. With Windows 7 Microsoft aims to once again strengthen its grip on the PC market.

Here's looking into all that's new in Windows 7.






File folders can now be organized into "libraries."

You can have a photo library, for instance, that gives you quick access to pictures in folders spread out over your hard drive, or even several hard drives. This is great because many applications don't automatically put files into Microsoft's My Documents and My Photos folders, and tend to deposit content in their own folders. The new arrangement also makes for easy backups.

Multitouch sensing

Windows 7 can sense if you use more than one finger on your touch pad or touch screen, allowing for neat tricks such as spreading your fingers to zoom into a picture, just like on the iPhone. This isn't revolutionary per se - computer manufacturers have bolted multitouch sensing on previous versions of Windows. But it does make it easier for them to include advanced touch capabilities, and many of them are planning to do so. That is what could really revolutionize how we use computers.

64-bit operating system

For a lot of users, the step up to Windows 7 will also mark a transition to a 64-bit operating system. That means computers will now be able to use a lot more Random Access Memory, or RAM, for better performance in demanding applications such as video editing. Vista and XP came in 64-bit versions in addition to the regular 32-bit versions, but the XP version was never popular, and the Vista version became mainstream only last year. But 64 bits will be standard on Windows 7, installed on nearly all new computers.

Faster search

Windows XP users have a lot more to gain by going to Windows 7. Vista introduced some great features, such as fast searches of the entire hard drive that of course are present in 7 as well. Windows 7 addresses Vista's problem of resource hungriness. The boot time was fast, and so was the time taken to come out of the hibernation mode. Reviewer Benny Har-Even in IT PRO found that "Windows 7 brings a more responsive and sprightly feel."
It also seems to work with the smaller and cheaper netbooks that’s fast getting popular. Reviewer Adrian Kingsley-Hughes writes in ZDNet, "Windows 7 works on netbooks, but if you push the system the same way as you push a desktop system then you might need to add more RAM. On top of that, remember that Windows 7 takes some 7.5 GB of disk space, so you need to factor this in. My advice would be not to bother upgrading an existing netbook unless you really feel you want a particular Windows 7 feature. Wait for Windows 7 netbooks to arrive on the scene as some of these will hopefully come with 2GB of RAM fitted."

Better desktop organization 

For those who use a number of applications and files at the same time, there's a new facility that helps to reduce desktop clutter. You can now drag them and stack them in groups on the taskbar.

And what's more, if you hover the mouse over, say, the Windows Explorer stack, each window in it will appear horizontally as thumbnails, and you can click on the one you need to start using it. Right clicking on a stack gives a 'jump menu' that lets you see your most recent files. You can also 'pin' files that you use regularly on to a stack, so that they are always there on top of a stack.

Removing clutter with a shake 

If you have a number of windows open and you want to focus on one and avoid the clutter around it, just take the mouse to that window's titlebar and shake it. Everything else disappears. Shake the same way again, and all others reappear.





Remote media streaming 

This one wasn't there in the beta version but was available on the RC. It allows users to access all the files on their home computer remotely, somewhat like how Slingbox allows users to remotely access the TV channels they get on their home TV.


Windows XP mode  

Users who like to keep their old stuff longer will like this. It allows you to run a XP application on Windows 7. But Preston Gralla of ComputerWorld who tested the feature says home users are not likely to have a great experience with it.

"Sharing files between the two environments (XP and 7) will be a challenge... (and) it's not designed for games," he says. However, he finds it a great tool for businesses that have already sunk money into XP applications. Microsoft says small businesses using, say, Tally accounting solutions on XP will be able to continue using those on Windows 7.

Less security irritants 

Like Vista, Windows 7 will ask you twice if you really want to make changes to your settings or install programmes, for the sake of security. But Windows 7 does it less often, and the prompts can be turned off.

One big trouble with Vista was that each time a change was made to the system, a dialogue box would pop up asking you if you were ok with the change being made. It was designed as a security measure, to keep you aware of hackers trying to write on to your system. But it proved a huge annoyance for users installing new applications frequently. Windows 7 now allows you to set the level of information you desire.

Device compatibility

Microsoft's Nash says almost all devices will work with Windows 7. "The customer will not have to enqure whether a device he is buying (printer, fax machine, smart card reader, network controller, in fact, anything) will work with the OS," he says. The OS also identifies the device being installed and offers appropriate follow-on options. 

 

"Access is Denied" error message when you try to open a folder

Symptoms:
When you try to open a folder in Microsoft Windows XP, you may receive the following error message, where Folder is the name of the folder that you cannot open:

Folder is not accessible. Access is denied.

Cause:
This issue may occur if the folder that you cannot open was created on an NTFS file system volume by using a previous installation of Windows, and then installing Windows XP. This issue may occur although you enter the correct user name and password. This issue occurs because the security ID for the user has changed. Although you use the same user name and password, your security ID no longer matches the security ID of the owner of the folder that you cannot open.

For example, although you use the same user name and password, you may no longer have permission to open the folder after you complete the following steps:

1. Before you install Windows XP Professional, you change the actual location, or target location, of the My Documents folder to another volume.
2. You format the primary partition.
3. You install Windows XP Professional.

Resolution:
To resolve this issue, you must turn off Simple File Sharing, and then take ownership of the folder:

1. Turn off Simple File Sharing:
   1. Click Start, and then click My Computer.
   2. On the Tools menu, click Folder Options, and then click the View tab.
   3. Under Advanced Settings, click to clear the Use simple file sharing (Recommended) check box, and then click OK.
2. Right-click the folder that you want to take ownership of, and then click Properties.
3. Click the Security tab, and then click OK on the Security message, if one appears.
4. Click Advanced, and then click the Owner tab.
5. In the Name list, click your user name, Administrator if you are logged in as Administrator, or click the Administrators group.
   
   If you want to take ownership of the contents of that folder, click to select the Replace owner on subcontainers and objects check box.
6. Click OK.
   
   You may receive the following error message, where Folder is the name of the folder that you want to take ownership of:
   You do not have permission to read the contents of directory Folder. Do you want to replace the directory permissions with permissions granting you Full Control? All permissions will be replaced if you press Yes.
7. Click Yes.
8. Click OK, and then reapply the permissions and security settings that you want for the folder and the folder contents.

iPhone vulnerable to hacking

Security experts have uncovered flaws in Apple Inc's iPhone that they said hackers can exploit to take control of the popular device, using the tactic for identity theft and other crimes.

Users need to be warned that their iPhones are not entirely secure and Apple should try to repair the vulnerability as soon as possible, they said at the Black Hat conference in Las Vegas, one of the world's top forums for exchanging information on computer security threats.

"It's scary. I don't want people taking over my iPhone," Charlie Miller, a security analyst with consulting firm Independent Security Evaluators, said in an interview.

Miller and Collin Mulliner, a Ph D student at the Technical University of Berlin, also discovered a method that allows hackers to easily knock a victim's iPhone off a carrier's network.

It prevents users from making calls, accessing the Internet and exchanging text messages, they added. They said the information they presented at Black Hat will give criminals enough information to develop software to break into iPhones within about two weeks.

They said they warned Apple of the flaw in the middle of July, but that the company has yet to fix it. "Apple's credibility and reputation could get hurt if they don't respond. Positive buzz is good; negative buzz is much more harmful," said Trip Chowdhry, an analyst with Global Equities Research.

About 4,000 security professionals were in attendance, including some who are really hackers. While experts ferret out software flaws to fix them and protect users, hackers use the same information to devise pranks or commit crimes.

The researchers showed the audience how to break into iPhones by sending computer code via the phone's SMS system. Mobile phones use SMS to send and receive text messages along with software upgrades. They said that the phone's users cannot detect that it is receiving the malicious code.

It is not illegal to disclose ways to hack into computer systems, though it is against the law to use it to break into them. When asked why they would hand over such information to criminals, security experts said they felt it was necessary to alert the public that iPhones were just as vulnerable to attack as personal computers.

"If we don't talk about it, somebody is going to do it silently. The bad guys are going to do it no matter what," Mulliner said.

They have successfully tested the hacks on iPhones running on networks of four carriers in Germany along with AT&T Inc in the United States. They said they believed the methods will work with iPhone carriers around the world.

The two said they used a similar method to break into phones running on Google Inc's Android operating system. Google patched the flaw after they notified the company of the vulnerability.

What makes your email hackable

What's the name of the school you attended? What is the first name of your favourite cousin? Well, email services often protect accounts with these kind of security questions in case holders forget their password. Now, a new study in the US has revealed just how easy the answers of such security questions are for other people to guess - in fact these facts make life simple for hackers, the 'New Scientist' reported.

Researchers at Microsoft have based their findings on an analysis of an experiment, involving 32 email users. Acquaintances of the email users - people with whom they wouldn't normally share their login details - were asked to try and guess the answers users assigned to protect their accounts. The volunteers managed to guess correctly a fifth of the time, raising questions over how secure the commonly used system is, the study found. However, a second study by software giant Microsoft has suggested a more secure alternative -- relying on trusted friends to vouch for you if an account becomes locked.

"Securing webmail is important because email accounts typically allow an attacker access to other accounts, for example, eBay and Amazon. If I can recover these passwords via your email account then I can spend the balance of your credit card on flat-screen TVs," Ross Anderson of Cambridge University was quoted as saying. Under the new system proposed by Stuart Schechter and Rob Reeder at Microsoft, users select several "trustees". If a user becomes locked out of their account their trustees receive a message asking them to download a "recovery code". The user must collect codes from multiple trustees to unlock their account.

A group of 19 Hotmail users trialed the system and 17 successfully regained access to their Hotmail account. That 90-per-cent success rate compares favourably to 80-per-cent success rate of the secret question system, say Reeder. In the trial, most users recovered their accounts within two days. However, when the researchers got users' acquaintances to ask the trustees to give up the codes, many of them did so. Reeder said this attack could be avoided by getting account holders to advise trustees of their role in advance. In the trial, trustees simply received an email containing the code out of the blue.

Rather than replacing the standard secret questions approach, the new method should be an optional choice for users, according to Anderson, who agrees that it is important to train trustees to be appropriately security conscious. But the idea has promise, said Reeder, pointing out that it is not a new idea to have people use third parties to back up their identity.

Top tech threats of 2009

It’s been a maelstrom of a year. Besides some of the fiercest financial and personal storms during 2008, we have also seen hackers making their way into our systems through browser and OS glitches -- and sometimes just by the foolhardy way we click on links and attachments.

While most of the holes have been plugged, there are still a few bad eggs out there that are looking forward to making 2009 harder for us. The tech-threat landscape looks bleak, but nothing that can’t be changed if we take a few well-timed precautions...



Portable threats
Portable storage devices, such as flash drives and standalone hard disks, will be one of the biggest risk factors of 2009. These devices are easily shared amongst a group of users; so, if one such device is infected, it could end up compromising entire networks and groups. End Point Security is going to be a major concern area for both networks and home users.

And then, of course, there are PDA phones. These devices provide a new gateway to hackers through malicious codes in spam emails and websites around the Internet.

Social networking
Sites such as Facebook, MySpace and Orkut are sitting ducks for cyber criminals. Their goal: To collect information from user profiles that can later be used in other targeted attacks.

Using the information, scammers could send messages that resemble legitimate correspondence from trusted sources, such as friends and relatives.

Pod slurping
The term describes the act of using a portable data storage device such as an iPod to illicitly download confidential data by directly plugging it into a computer where the data is held.

As MP3 players become smaller -- coupled with an increase in their storage capacity -- they become an increasing security risk to companies, wherein employees could use them to copy classified information.

Most companies in 2009 would find it prudent to have rules in place with regards to cellphones, MP3 players and personal flash drives.