Archive for the ‘E-Commerce’ Category

Experts warn that new top level domains bring with them security risks.

“ICANN is moving a little too fast with these new gTLDs without really giving people time to get ready,” [DigiCert associate general counsel Jeremy] Rowley said in an interview.

Rowley is a member of the CA Security Council (CASC) alongside executives from Symantec, Comodo, Entrust, GMO GlobalSign, Trend Micro and Go Daddy.

Read the rest of this entry »

Just days after the Supreme Court’s decision allowing a purchaser of books abroad to re-sell them in bulk in the U.S., thereby exercising the purchaser’s “right of first sale” of a copyrighted work, which expressly provides such a sale is not a violation of the copyright law, on March 30, 2013, a New York federal judge has ruled that digital products may not be re-sold on the web under the same doctrine.  Specifically, the Court ruled that ReDigi, a web based platform allowing Internet users to upload and re-sell songs they had bought from online retailers like Apple’s iTunes,  had infringed the copyright of a record label, Capitol Records.  The decision is expected to impact the secondary market for sale of all digital products, not only music, but also e-books.  Amazon, among others, has filed for a patent for such a marketplace. However, the decision will impact anyone in the market for digital products, whether buyer or seller.

Read the rest of this entry »

Jeanne Hamburg discusses the need for terms of use and privacy policies on company websites in “Why Does My Company Need Terms of Use and a Privacy Policy for Its Web Site?”  TOU govern the relationship between the user and the site owner.  A Privacy Policy advises users how their personal information will, and will not, be used. In the case of a web site with global users whose country’s laws may differ from those of the U.S., the Privacy Policy will take into account all applicable privacy laws. The TOU and Privacy Policy are important documents that govern the relationship between you, as site owner, and your site’s users and if they are well-crafted, you can avoid misunderstandings as well as liability to the user. Rather than giving these documents short shrift, you should invest some time and money into them. With minor updates, they will serve you well for many years to come.

Click here to read alert.

The Internet Crime Complaint Center (IC3) issued a notice on May 8^th that revealed a recent claim by the FBI and other agencies that cyber criminals are targeting travelers abroad through pop-up windows while they attempt to connect to the Internet in their hotel rooms.

Specifically, as travelers attempt to setup a hotel room Internet connection through their laptop, they are presented with a pop-up window that asks to update a widely-used software product. If the user clicks “accept and install,” malicious software downloads on the travelers’ laptops. The pop-up window appears to offer a routine update to a legitimate software product for which updates are frequently available.

Read the rest of this entry »

In an attempt to improve the planning and security efforts of its clients, Verizon released days ago its annual Data Breach Investigation’s Report 2012. Conducted by the Verizon RISK Team in cooperation with the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and the United States Secret Service, the report carefully breaks down and analyzes global data breach statistics from 2011 in an attempt to recommend effective solutions designed to successfully prevent future breaches in 2012. The statistics cited in the report help illustrate how easy it can be for businesses to thwart possible data breaches, and identify which organizations are most vulnerable.

For suggestions on how to avoid data breaches, read the rest of this post at eLL blog.

The rise of social media has ignited a societal change in how people across the world communicate and “stay in touch.”  These social networking websites allow users to create personal profiles, post comments, join groups, add contacts, and most important, find like-minded people with whom to share ideas, interests, and experiences. They give users the opportunity to link with others, both near and abroad, based on shared personal interests and business or academic affiliations.

However, in the business community, social networking also makes companies more susceptible to corporate espionage, i.e., “clandestine techniques used to steal valuable information from businesses.”  This is caused, in part, by the fact that “[t]he general informality of social media sites like Twitter or Facebook encourages employees to let their guard down and casually share information without thinking twice.”

Read the rest of this entry »

With websites like Wikipedia and Reddit and and major online gaming sites prepared for a 24-hour shut down starting at midnight on Wednesday the 18th in protest of pending SOPA legislation (HR 3261 scheduled for hearing in the House Judiciary Committee), President Obama joined the battle stating that he will not support the legislation. However, a similar bill, the Protect IP Act (a/k/a in long-winded Washington parlance as the “Enforcing and Protecting American Rights against Sites Intent on Theft and Exploitation Act”) continues to wind its way through the Senate and is scheduled for hearing on January 24th.

Which side are you on – Hollywood and the Entertainment Software Association which back the bills or the internet community at large led by Wikipedia who find the legislation chilling to free communication and sharing? Stay tuned as the legislation will likely go back to the drawing board for detuning in an effort to garner acceptance to by Obama administration.

Brad Muller explain what cybercrimes are, profile the cybercriminal, provide a discussion of some of the most common forms of cybercrimes affecting businesses today, and identify some basic, low-cost tips that companies can implement to avoid falling victim to this evolving breed of criminal in “Cyber Anarchy? The Brave New World of Crimes Against Businesses,” which appeared in the September issue of Commerce Magazine.

In a recent Anonymous hacking mission dubbed #OpMonsanto, the hacker group attacked Monsanto, an international agricultural corporation by hacking into Monsanto’s system and releasing data concerning over 2,500 employees and connections.  Anonymous also took down Monsanto’s mail server and web assets and says it plans to create a Wikipedia page to store and organize the stolen information.

Anonymous has also released a statement proclaiming the soon-to-be targets for an operation called “Project Tarmeggedon.”  Anonymous is using this mission to victimize the companies involved in theAlberta,Canadaoil sands development because of concerns that extracting oil from sand particles can be extremely damaging to the environment. Some of these targets include: Royal Bank ofScotland, Imperial Oil, Exxon Mobil, ConocoPhillips, and Canadian Oil Sands Ltd.

Read the rest of this entry »

• A survey of IT practitioners conducted by the Ponemon Institute and Juniper Networks suggests that cyber attacks have recently become more harsh and recurrent. At least 90% of the IT practitioners surveyed claimed that they had experienced one or more cyber breaches within the last year, and 89% of these respondents could not identify the source of these breaches. Interestingly, employee mobile devices and laptop computers have been recognized as the top devices used in the unleashing of cyber attacks against a company. This survey suggests that ordinary network security methods are inadequate and companies need to make enhancements in order to prevent such cyber crimes.
• According to nextgov.com, Tuesday’s Senate Banking Committee hearing on cybersecurity in the financial sector, showed the senate’s critical attitude toward institution’s negligence in informing its customers of security breaches they experience in a timely manner. Although waiting to release sensitive information regarding security breaches may prove to be beneficial to the federal agents involved in these investigations, customers should be notified as soon as possible so they can take action to safeguard themselves from future attacks.  In response to the increased number of attacks, the White House has presented legislative language that would require national notification of a security breach to the government and affected customers within 60 days of discovering a cyber attack. The seriousness of these cyber threats has forced government officials to set forth a new legislative race on cybersecurity related laws.
• The government itself is also not immune from these cyber attacks, as suggested by the recent attacks on the IMF, Senate, and CIA. The group responsible for many of these attacks, Lulz Security, has teamed up with Anonymous, another team of computer hackers, to begin a cyber war against governments and companies around the world, which they call “Operation Anti-Security.”  According to a New York Times article, both groups have been interacting frequently via Twitter. Also via Twitter, Lulzsec has offered to help Sega in tracking down the hackers responsible for its recent cyber security breach. Although the group was deemed responsible for cyber attacks against Sony and Nintendo, its Twitter post showcased their loyalty to Sega’s Dreamcast system. The Sega breach compromised personal information of 1.3 million customers, including email addresses, passwords and birth dates. While financial information was safe, Sega Pass has been shutdown since the breach for security and investigation purposes and customers were promptly notified. The use of social networks, like Twitter, as a means of communication between hackers raises many questions surrounding the role of social media in security breaches. The unexpected shutdown of Netflix this Father’s Day left many believing that it was another cyber attack (see article on ibtimes.com). However, Netflix has not officially indicated the cause of the temporary outage. The frequency and severity of recent cyber crimes has left the world in a frenzy and upon the occurrence of any technological failure, people are not hesitant to suspect yet another cyber attack.
• Lulz Security also successfully attacked an Arizona police website, releasing about a half a gigabyte of data, including dozens of internal documents it alleges are related to border control and other law enforcement activities, over the Internet.  The computer hackers oppose a tough anti-immigration law in Arizona.  Its headline was “Chinga La Migra,” Spanish for a more profane way of saying “Screw the Immigration Service.”

^{Priya S. Amin contributed to this post.}

^{For sources, read:}

^{http://bits.blogs.nytimes.com/2011/06/20/hackers-declare-war-on-government-agencies/?pagemode=print}

^{http://www.nytimes.com/2011/06/20/technology/20iht-sega20.html}

^{http://www.ibtimes.com/articles/165731/20110620/netflix-streaming-cyber-attack-hack-lulzsec-sega-anonymous-twitter-netflicks-net-flix-netflex-netfli.htm}

^{http://www.nextgov.com/nextgov/ng_20110621_7982.php?oref=topstory}

^{http://www.infosecurity-us.com/view/18850/cyber-attacks-grow-more-severe-frequent-say-it-practitioners/}

^{http://www.reuters.com/article/2011/06/24/us-cybersecurity-arizona-idUSTRE75N05L20110624}