• Investment World
• eWorld
• Brand Line
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest
• The New Manager

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Cross Currency

• Rates
  
  

Shipping

• Ports
  
  

Archives

• Yesterday
• Datewise
• Resources
• In Focus
• In Depth

Group Sites

• The Hindu
• The Hindu ePaper
• Business Line
• Business Line ePaper
• Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K.Raghavan

What the trends foretell in cyberspace.

It was just a fortnight ago that I wrote about the magnitude of child pornography on the Net. As I was reviewing it after publication I wondered whether I had overstated the problem. From what I now hear from Germany, I am more than convinced that this evil is real and its malefic influence on future generations can hardly be exaggerated.

Mikado insight

Recently, the German Police arrested nearly 300 persons after analysing the credit card transactions of 22 million customers. The persons held by the police had each paid $79.99 for a 20-day access to a child porn site hosted in the Philippines. `Mikado', as the operation was styled, was supported voluntarily by 14 credit card companies. Interestingly, the data assembled was collected by the companies themselves, and the police followed up with raids that yielded photographs, videotapes and computers.

It is obvious that this form of human depravity, which craves for vulgar child images, will remain unchecked unless the whole community of law-abiding citizens, especially those who use the Internet, is somehow marshalled to be vigilant and proactive in reporting the smut that they see online.

The year that has just begun is likely, therefore, to be marked by more and more attempts to pollute cyber space with prurient material that would test the ingenuity of all those determined to combat it.

Phishing - topping the list

What else can we see happening in 2007? Jeremy Kerk and Robert McMillan writing for PC World pinpoint a few significant trends of 2006 that had cyber security implications and go on to say that these could engage our attention in the current year too.

Top of this list naturally is Phishing, which is getting more and more daring and frequent. According to an admission by the US Department of Justice, in one month alone, viz., May 2006, there were 20,000 Phishing complaints. Kerk and McMillan are, however, pleased that anti-Phising strategies have improved greatly.

They draw particular attention to the G-8 sponsored Hi-Tech Crime Network in which 45 countries participate to deal with cyber crime, and not surprisingly, Phishing engages the Network most of its time.

Spam, insidious spam

Spam continues to haunt us even as we are determined to keep our mailboxes sleek and slim. Last year was no exception. One estimate puts spam at 90 per cent of all e-mail. Despite all the optimism aired by stalwarts in the field, including Bill Gates, we will still be spending valuable time in 2007 eliminating unsolicited messages.

What should, however, cause us concern for the immediate future is the increasing ability of spammers to innovate. For instance, 2006 saw them employing image-based spam "where individual messages appear to be unique by subtracting or adding pixels."

In the eyes of Kerk and McMillan, even more insidious is the tactic of placing messages inside images. These are difficult to detect unless one has at his command extremely sophisticated recognition techniques. That spam is dangerous and has criminal connotations will be understood from the fact that it has become a reasonably efficient vehicle to deliver malicious software such as key loggers and root kits.

Attacks on Web site

A third trend of last year — one that may be seen frequently in 2007 as well — of sufficient significance was revealed by the nature of attack on MySpace, a site that has become something of a phenomenon among those who are looking for social networking.

In view of its popularity and the host's unconcealed desire to exploit it for commercial reasons, the Web site has hardly distinguished itself for its security features. Not unexpectedly, therefore, last year it was subjected to two worm attacks.

In the first, during October 2006, `Samy', a generally benign worm, quietly added the name of an LA teenager to the profiles of MySpace's visitors. Naturally, the youngster became something of a hero! More recently, the site was attacked by a password-stealing worm that exploited a scripting vulnerability. Experts expect to see this form of a cross-site scripting attack again in the days to come. They feel such worms can hardly be ignored because they have the potential to force PCs to download illegal content or hack other sites.

Zero-day attack

Computer language is often funny and difficult to unravel. One expression that causes me some amusement is `zero-day attack'. Equally so is its cousin `less-than zero-day attack'. The former is a reference to weaknesses of a system that are publicly known and admitted by those responsible but are yet to be protected or `patched' in cyber parlance.

One example is the object tag flaw in the MS Internet Explorer Web browser. Actually, in December last, MS went to town acknowledging that its Word had a memory corruption error. Allied to this are vulnerabilities that are known only to an aggressor who exploits them and proves that he has got the better of one who has devised a system. This `less-than-zero-day attack' is obviously more dangerous. A SANS Institute report for 2006 referred to a spurt in attacks against MS products, with most of the aggression traced back to China.

The report also listed four zero-day attacks against Apple's Safari Web browser and its Mac OS X operating system. Defensive measures worldwide include a Zeroday Emergency Response Team. The member of one such team, Gadi Evron of Israeli firm Beyond Security, places the record straight and advocates extreme caution.

He is not satisfied with companies merely issuing patches when he says: "...patches are not a solution to zero-day vulnerabilities, simply a solution to known ones. We still haven't gotten that right." This categorical statement should keep us on our feet during the year that holds the prospect of being exciting, and dangerous too.

(The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.)

More Stories on : Security | Trends | Internet | Children & Parenting | Security Musings

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Delivering news - and satisfaction

Copyright © 2007, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line