According to the Associated Press, Germany’s top criminal court has said that internet users need to secure their private wireless connections by password to prevent unauthorised people from using their web access to illegally download data.

However the court stopped short of holding the users responsible for the illegal content the third party downloads themselves.

Patrick Runald, security research manager at Websense, doubted that the laws will have any effect. He said: “Downloading copyrighted material is already illegal in Germany so as far as I know this new law (or actually Supreme Court ruling which sets a precedent) means that an owner of an open WiFi is seen as an accessory to the crime and can therefore be fined.

“That’s how I interpret the ruling but as said, it won’t deter people. If anything it will, hopefully, make people set a WEP/WPA/WPA2 password on their routers. So the new law doesn’t target the people who download the pirated software, it’s going after those who possibly help facilitate the crime, most likely totally unknowingly.

“This is because they didn’t have the technical skills to understand the need for enabling WEP/WPA/WPA2 on their router. I wonder if it’s already illegal for a device manufacturer to sell a WiFi router that doesn’t come with encryption enabled by default?”

Asked whether a law such as this could ever transfer to the UK, Stuart Okin, managing director of Comsec Consulting, said: “I don’t ever see that coming over here as I don’t see how it could be policed in the UK.

“In Germany there is a different culture, and when rules come into play they are obeyed without question. In the UK I am not saying that no one will do it, but it is not advisable and realistic to work.”

source: www.scmagazineuk.com

“There are many other methods that [launch] a variety of denial-of-service attacks, and even some that could allow an attack to eavesdrop on private conversations,” Ooi Szu-Khiam, senior security consultant at Symantec Singapore, said in an email interview. Ooi noted that “numerous instances of mobile viruses, worms and Trojan horses” have emerged in the past year.

“While none has done damage like some of the major PC malware, their rapid evolution presents an obvious cause for concern,” Ooi cautioned.

Bluejacking, also known as “bluespamming”, is a technique used to send anonymous text messages to mobile users via Bluetooth, Ooi explained. “Phones that are Bluetooth-enabled can be tweaked to search for other handsets that will accept messages sent via Bluetooth.”

“Despite the name, it doesn’t hijack the phone or suck off the information. It simply presents a message, similar to email spam. The recipient can ignore the unsolicited message, read it, respond or delete it,” Ooi said. “While bluejacking can be an extremely annoying onslaught of unsolicited messages, it is generally a minimal security risk.”

Bluesnarfing, however, is a more dangerous technique that can allow a malicious hacker to access information stored on a mobile device without its user’s knowledge, said Ooi.

“This technique takes advantage of a security flaw, [inherent] in some older versions of Bluetooth-enabled handsets, that could allow an attacker to access and copy data stored on the device without the user’s knowledge,” Ooi said. The Symantec executive noted that it is still possible to connect to such devices even if the users have configured their devices to be in “non-discovery” mode, where the device remains hidden when someone searches the vicinity for Bluetooth devices.

“Any potentially valuable information stored on a phone, such as address books, calendars, email and text messages, are at risk in a bluesnarfing attack,” Ooi said.

A third threat, and possibly the most serious of the three risks, is bluebugging. This technique allows attackers to access mobile-phone commands using Bluetooth technology, without notifying or alerting the device owner, Ooi noted.

“This vulnerability allows the hacker to initiate phone calls, send and receive text messages, read and write phonebook contacts, eavesdrop on phone conversations and connect to the internet,” Ooi explained. “As with all the attacks, the hacker must be within a 10-metre range of the [targeted] phone.” Unlike bluesnarfing which simply provides attackers access to personal information on the device, bluebugging allows the attacker to take control of a device, he said.

To ensure their wireless devices are well-protected, Ooi noted, users can equip their gadgets with mobile security products, which include antivirus, firewall, anti-SMS spam and data-encryption technologies, that are easy to deploy, manage and maintain.

“This kind of layered security can not only mitigate the unique security risks of mobile devices, but can also enable companies to more easily and cost effectively comply with internal security policies and external regulations,” Ooi said.

Ooi highlighted four tips on how mobile users can protect their Bluetooth-enabled devices:

Stay offline
Turn off features that you are not using. If you have a Bluetooth-equipped device and do not need the function, then don’t turn it on.

Stay invisible
If you are using the Bluetooth function and don’t require your device ID to be visible to others, make sure the device’s visibility setting is set to “hidden” so malicious hackers will not be able to scan and search for it.

Verify incoming transmission
Do not accept and run attachments from unknown sources unless you are expecting them. For example, if you receive a message to install an application and you don’t know its origin, don’t run it.

Use passwords
Ideally, use passwords with a large number of digits. A four-digit PIN or password can be broken in less than a second, and a six-digit PIN in about 10 seconds, while a 10-digit PIN would is likely to take weeks to crack.

Here is how this new airport Internet scheme works: When searching for connections at large hub airports, consumers may see a network connection available that could be simply named “Free Wi-Fi.” Thinking it’s the free connection offered by the establishment, they’ll log on. Unfortunately, the network may actually be an “ad-hoc” network, or a peer-to-peer connection. The user will be able to surf the Internet, but they’re doing it through the hacker’s computer. And the whole time, the hacker is stealing information like passwords, credit card and bank account numbers, and Social Security numbers. Beyond simply stealing keystroke information as the user enters various types of data, if the PC is set to share files, the hacker could even steal whole documents from the computer.

Airports across the nation continue to report on Wi-Fi security issues. Officials in Atlanta, New York LaGuardia and Los Angeles airports have all reported the existence of ad-hoc networks advertised as free Wi-Fi connections.

An investigation revealed that Chicago’s O’Hare Airport had 20 ad-hoc networks present that were potentially designed with the intent of hacking into unsuspecting user’s computers and networks.

To protect your information:

• Never connect to an unfamiliar ad-hoc network — even if the name sounds genuine. For more information on how to distinguish between an ad-hoc network and a normal Wi-Fi network with Windows Vista or XP visit http://support.microsoft.com.

• Make sure that your computer is not set up to automatically connect to nonpreferred networks. Otherwise your computer could automatically connect to the hacker’s network without your knowledge.

• Turn off file sharing when you’re on the road to prevent hackers from stealing entire documents, files and unencrypted e-mail from your computer.

• Create a Virtual Private Network (VPN) for your business. A VPN establishes a private network across the public network by creating a tunnel between the two endpoints so that nobody in between can intercept the data. Many companies allow remote users to connect to corporate networks as long as they use VPN. This keeps the users’ communications just as secure as if they were sitting at a desk in the building.

The BBB is here to help with advice you can trust. For more information on identity theft, fraud prevention and keeping your company secure online, visit www.bbb.org.

Nora J. Carpenter is executive director of the Better Business Bureau. For questions or comments about this weekly feature, go to www.askbbb.org or call the BBB at 342-4649 or (800)-218-1001

Viver, once downloaded by the user, immediately starts sending SMS messages to premium-rate numbers. The messages are sent with international area codes, so they can reach the correct destination even outside Russia, according to F-Secure. For each SMS sent, 177 roubles (approximately ÂŁ3.50) is deducted from the account of the infected user.

The Trojan is no longer available for download from the site, but 200 people were affected, according to Kaspersky.

Viver uses an approach that was pioneered by the RedBrowser and Wesber Trojans that first appeared last year, according to Kaspersky Labs. RedBrowser and Wesber are Java Trojans that try to send messages to Russian premium-rate numbers. These Trojans require user acceptance for each message and are only able to send messages within Russia, according to F-Secure.