daily online news

How I get honor points?

When u invite members under 30 and they arrive lvl 40 they give u a feedback. When u was a good guardian they give u a good feedback :P. When u get a good one u earn more honor points then a bad one.

What I can do with buffs and how I transfer it to my guardian?

You get 80% more Exp and the guardian dont get 20% more Exp.
The cummulated buff is loading with points when a student is grinding. 10 points for 1 monster are added to the POINTS of cumulated buff. the student can transfer these points to his guardianafer 1 hour, or when only 23 hours are left on the cumulated buff.
After this transfer the collected points are splitted.
they transform into accumulated buff and the studen gets 80% of his collected points and the guardian gets 20% from these collected points.

Then both have the accumulated buff and when grinding you get 10% Exp for a monster more!!!

The accumulated buff ends when there are no points left on it. And the points are going down when you grind. 10 points for 1 monster.
What do the junior guardians?

basically the junior guardian gets a percent of honor points when an apprentice graduates...

say you get the best rating possible and the guardian gets 30 points the junior guardian will take 2 points for himself and the guardian will get 28.
thats just saying u have 1 guardian assistant

An Ohio man has pleaded guilty to a federal conspiracy charge for being part of a gang of "swatters" -- one of them blind -- who used Caller ID spoofing to phone the police with fake hostage crises, sending armed cops bursting into the homes of innocent people.

Stuart Rosoff of Cleveland, Ohio (right, in a 2004 mugshot) pleaded guilty to one count of conspiracy last Friday in federal court in the Northern District of Texas.

The case seems to confirm that swatters are using simple Caller ID spoofing to pull these unfunny hoaxes -- and not "hacking into 911" after all. But the court documents indicate that Rosoff was part of a remarkably sophisticated gang of old-school phone phreaks with serious access to at least one phone company's computers, which they used to get information on their targets.

The alleged brain behind of much of the phone hacking was a minor in Boston, identified in three separate guilty pleas from group members as "M.W." M.W. comes across as a master of social engineering, who had enough access to phone company systems to listen in on calls. He is also blind.

According to a stipulation (.pdf) by Rosoff and prosecutors, Rosoff worked with M.W. to obtain "telephone numbers, pass phrases, employee identification numbers, and employee account information used by the conspirators by various means including through 'social engineering' or pretexting of telephone calls to telecommunications company employees, 'war dialing', trafficking in pass phrases and access information with other phone 'phreakers,' etc."

M.W. allegedly made more that 50 telephone calls to the Verizon Provisioning Center in Irving, Texas, "and obtained unauthorized access to the computers located there, and used the access to obtain telecommunications services including Caller I.D. blocking and call forwarding."

The informal swatting conspiracy unfolded in 2004 after Rosoff started hanging out on free telephone chat lines, particularly the "Jackie Donut," the "Seattle Donut" and the "Boston Loach" where people around the world chat by calling in or connecting online.

At some point Rosoff and at least five other chatters, including M.W., started making the swatting calls, largely targeting other people on the party lines, or those people's friends and family members. They used Caller I.D. spoofing services to adopt the phone number of their intended victim, and phoned non-emergency police lines with threats.

For example, in September 2006, co-conspirator Guadalupe Santana Martinez (.pdf) targeted the father of a female party line participant. The swatter called the police in Alvardo, Texas while spoofing the father's number, identified himself as the father and told the police dispatcher that "he had shot and killed members of the … family, that he was holding hostages, that he was using hallucinogenic drugs, and that he was armed with an AK47." He went on to demand $50,000 and transportation across the border to Mexico, "and threatened to kill the remaining hostages if his demands were not met."

It's heartening to learn that blind phone phreaks (and party lines) are still around after all these years. But it's sad to hear how the hackers are misusing their superpowers. According to Rosoff's plea:

As a result of the swatting telephone calls at least two victims received injuries. Rosoff was aware that injuries were received by one victim, an infirm, elderly male who resided in New Port Richey, Florida, and that as a result of the swatting activities by the coconspirators normal municipal activities were disrupted in Yonkers, New York and other locations due to false emergency calls resulting in a SWAT response, i.e. road closings, etc.

It's not clear how many people were targeted. Prosecutors count more than 100 victims, but that includes telecom providers and emergency responders, as well as the people spoofed. Financial losses ranged from $120,000 - $250,000.

Jason Trowbridge, another alleged conspirator, used the LexisNexis-owned database service Accurint to get consumer records on the gang's target, prosecutors claim. Martinez pleaded guilty in April, and co-defendant Angela Roberson copped a plea in October. Trowbride and co-defendant Chad Ward are set for trial in December.

Ward is an alleged victim and perpetrator of swatting. According to Roberson's stipulation (.pdf), Martinez swatted Ward in September of last year following a tiff within the group.

Internet users are at an increased risk of web-based crime, despite 88 per cent having some form of internet security software, according to a poll by Get Safe Online.

The results of the survey into public attitudes to internet security were released at the start of the Get Safe Online 2007 road show.

The number of people using security software demonstrates an increased vigilance when it comes to protecting personal computers, but users' actions online put them at increased risk of internet-based crime.

Cabinet Office minister Gillian Merron told the annual Internet Safety Summit in London: "The internet is a fantastic tool, whether you use it at home, at school, at your local library or at work.

"The risks we are highlighting today can be easily fixed and do not mean that people should stop using social networking sites and wireless networks.

"People simply need to take a few basic steps and simple precautions to help keep themselves, their families and their businesses safe online."

Get Safe Online found that over 10.8 million people across the UK are registered with a social networking site, and that one in four have posted information such as phone number, address or email, increasing their vulnerability to identity fraud.

The research also found that 13 per cent of social networkers have posted information or photos of other people online without their consent.

This trend is strongest among younger users, according to the poll. Around 27 per cent of 18 to 24 year-olds have posted information or photos of other people without their consent.

"The popularity of social networking and other sites means that we are much more open about ourselves and our lives online," said Tony Neate, managing director of Get Safe Online.

"Although some of these details may seem harmless, they actually provide rich pickings for criminals. Your date of birth and where you live is enough for someone to set up a credit card in your name, for example.

"So while most people would not give this information to a stranger in real life, they will happily post it online where people they don't know can see it. "

Graham Titterington, a principal analyst at Ovum, commended Get Safe Online on its efforts, but questioned the overall effectiveness of the body.

"It is difficult to separate real security from the perception of security when dealing with the public. Get Safe Online is as much about getting people online as it is about safety," he said.

"It is doing a worthwhile and difficult job in getting the UK online, but its limitations became apparent at the presentation to launch the new campaign.

"It is a user educational organisation, but the problem will never be solved without a holistic approach involving all parties."

Titterington compared Get Safe Online's efforts to similar government campaigns to solve the problems of under-aged smoking and drink-driving.

"It is hard to see how privacy and antivirus will grab their attention in a way that life-saving concerns have failed to do," he said.

"We have to move away from relying on every internet user being a security expert, and put more responsibility onto parties who are in a position to do something about the problem.

"It was also worrying to see that of the seven questions from the floor to the Get Safe Online panel at the end of the presentation only one got a relevant answer.

"This is more a criticism of the industry and of the government's attitude to the internet than a criticism of Get Safe Online itself, but it shows how far we still have to travel."

The worst-case scenario used to be that online ads are pesky, memory-draining distractions. But a new batch of banner ads is much more sinister: They hijack personal computers and bully users until they agree to buy antivirus software.

And the ads do their dirty work even if you don't click on them.

The malware-spiked ads have been spotted on various legitimate websites, ranging from the British magazine The Economist to baseball's MLB.com to the Canada.com news portal. Hackers are using deceptive practices and tricky Flash programming to get their ads onto legitimate sites by way of DoubleClick's DART program. Web publishers use the DoubleClick-hosted platform to manage advertising inventory.

If you've seen any of the ads, you may have experienced something like this: You're on a legitimate site. Your browser window closes down. A new browser window comes up, redirecting you to an antivirus site, while a dialog box comes up telling you that your computer is infected and that your hard drive is being scanned. The malware tries to download software to your computer and scans your hard drive again. (Here's a video demonstration of the rogue ads.)

The malware looks like a ordinary Flash file, with its redirect function encrypted, so that when publishers upload it, the malware is not detectable. Once deployed on a site, the Flash file launches the malicious redirects, which appear to be triggered at preset times or at selected Web domains.

John Mark Schofield, a Los Angeles IT director, encountered the ads on Canada.com. He thinks that because he was on a Mac OS computer, the damage wasn't so severe. "My feeling is that it would have caused me a lot more grief if I had been on a Windows computer: It may have installed the malware. Instead, it took over my browser, which I just fixed by exiting Firefox," Schofield says.

DoubleClick acknowledges the malware is out there, and says it has implemented a new security-monitoring system that has thus far captured and disabled a hundred ads.

"This is an industry-wide challenge. Unfortunately, there are bad actors who misrepresent themselves and purchase advertising as an avenue to distribute malware. This has the potential to affect all businesses and consumers in the online environment," says Sean Harvey, senior product manager at DoubleClick DART.

Publishers may be somewhat culpable, too. The distributor of the malware-infected ads is believed to be AdTraff, an online-marketing company with reported ties to the Russian Business Network, a secretive internet service provider that, security firms say, hosts some of the internet's most egregious scams. AdTraff is believed to have posed as a legitimate advertiser, using its partners as references. The ads were almost always paid for with credit cards or wire transfers, according to Alex Eckelberry, CEO of Sunbelt Software, a provider of security software.

"The AdTraff guys probably register at a bunch of sites -- maybe more than 300. They say they're advertisers. They get the sales guys at the end of the quarter when they're anxious to take the deal. (AdTraff) wires the cash, and they buy the inventory on the site," Eckelberry says.

AdTraff could not be reached for comment. The company lists a phone number in Germany which leads to a generic voicemail box.

Information Commissioner Richard Thomas told the House of Lords this week that doctors should be fined up to £5,000 if they lose confidential patient data.

Giving evidence to the House of Lords Constitution Committee, Thomas said: "If a doctor, or hospital [worker] leaves a laptop containing patients' records in his car and it is stolen, it is hard to see that is anything but gross negligence," The Times reports.

Anyone judged guilty of "knowingly or recklessly flouting data protection principles" would face a £5,000 fine in a magistrates court or an unlimited amount in a Crown Court.

Sounds like a good idea to us, but why stop with doctors? Presumably, spooks in Vauxhall who leave laptops in wine bars will face even heftier fines. And other arms of government should not be exempt - figures from 2005 revealed that the Home Office lost an impressive 95 computers between January 2005 and June 2005. The Ministry of Defence lost almost 600 laptops over five years - one of which, complete with sensitive files, turned up in a council tip.

Thomas said the aim was not to create individual victims, but a deterrent was needed. He said anyone with confidential data on a computer should know the basics of encryption.

Encryption firm PGP was one of several vendors licking its lips at this proposal.

Jamie Cowper, director of European Marketing at PGP Corporation, said: "On the one hand, this is great news for patient rights groups. Given the recent spate of data breaches at NHS trusts, perhaps Richard Thomas's approach of hard compulsion is the only way to get the medical establishment to take this problem seriously.

"However, by placing the emphasis on protecting the device - specifically laptops - rather than the confidential data itself, he could be accused of treating the symptoms of this problem, rather than providing a cure.

"What's more, it's not fair to expect doctors to be data security experts."

A BMA spokesman said:“Records kept on a computer should be treated the same way as those kept on paper. If GPs are taking them out of the practice they obviously need to ensure they are protected. But the key thing is that the rules are applied sensibly. It would be completely unreasonable for doctors to be penalised if records were stolen after they had done everything in their power to ensure their safety.”

Hackers worked overtime in October and defaced over 143 Indian websites during the month compared to just 60 sites that were defaced during September.

According to India's Computer Emergency Response Team (CERT-In), that has been closely monitoring all incidents of defacement to know which are the targeted domains and the exact vulnerabilities being exploited by hackers, of the total number of sites that were hacked and defaced in October, an overwhelming majority were in the .com domain (90 cases) followed by 26 in the .in domain.

As many as 11 defacement incidents were also recorded in the .org domain.

Of all hacking incidents in the month, about 61% related to phishing, 27% unauthorized scanning and 8% to virus/worm under the malicious code category. "As compared to the previous month, the number of phishing incidents have decreased while scanning incidents have increased," it said.

Like the West, India too has been witnessing a massive rise in phishing attacks. Such incidents in 2006 were 180% higher than 2005, and that trend has carried through into 2007.

According to experts, even though India over the years has been recording the maximum of defacements during August, to coincide with the country's Independence Day, this year saw February and March record the highest such cases with 858 and 738 websites defaced respectively.

August saw 345 websites defaced. While January saw 332 cases of defacement and April 306. the numbers dipped in the months of May, June, July with 110, 33, and 48 cases of defacement recorded respectively.

Website defacement is when a hacker breaks into a web server and alters the hosted website or creates one of his own. A message is often left on the webpage stating his or her pseudonym. Sometimes the defacer makes fun of the system administrator for failing to maintain server security.

In most case, the defacement is harmless. However, it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware.

An expert told TOI "Hackers in India are defacing websites for four reasons -- post politically motivated messages, prove technical skill, have fun and do it for the sake of it without realizing the consequences.

Most of the websites defaced are in the .com category because they are less secure and have multiple hosting in a single server. The months of February and March saw mass defacement which occurs when multiple websites are hosted on a single server."

The top hacker groups involved in defacement activities in India have been found to be Lord, CyberLord, yusufislam, Devil-X, ardeshackerlar and crackers child.

A security researcher who revealed how the email accounts of embassies were exposed through the misuse of the Tor anonymiser network has been taken in for questioning by Swedish intelligence agencies.

Dan Egerstad used Tor to obtain the login credentials of about 1,000 email addresses, including at least 100 accounts belonging to foreign embassies, as well as those of large corporations and human rights organisations. Egerstad posted the login details of embassies belonging to Iran, India, Japan, and Russia, among others, in late August. The information, posted on derangedsecurity.com, has since been taken offline. Egerstad disclosed details of how he pulled off the hack in September.

Tor provides a distributed, anonymous network when used properly. Egerstad discovered that by setting up exit nodes he could sniff traffic that wasn't properly encrypted, contrary to Tor's recommendations.

It seems more likely that Egerstad had stumbled on a means by which unknown intelligence agencies were disguising their surveillance activities on hacked accounts rather than widespread misuse of Tor in diplomatic circles. Egerstad's action may have exposed a security problem that would otherwise have lain undiscovered. Nonetheless, his decision to publish login credentials was widely criticised.

On Monday, Egerstad was leaving his Malmo apartment when he was arrested by four plainclothes agents of the Swedish National Police (a domestic intelligence agency) and an agent of the Swedish Security Police (Sweden's CIA). He was taken to the local police station for questioning while two of the agents seized computers, CDs and papers from his house. "It was like out of a bad movie," Egerstad told the Sydney Morning Herald.

During questioning at the station, the police "played every trick in the book, good cop, bad cop, and crazy mysterious guy in the corner not wanting to tell his name and just staring at me."

The discovery of eight PlayStation 2 consoles in his apartment led to accusations of theft against Egerstad.

Egerstad was released without charge but remains under suspicion for computer hacking offences, which he denies. He maintains he simply observed traffic flowing across the internet before drawing attention to an obvious security breach.

Egerstad told Wired that his arrest was sparked by complaints to Sweden by foreign countries. Investigators reportedly confirmed to him that China was one of two countries that complained. ®

Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.

Generating random numbers isn't easy, and researchers have discovered lots of problems and attacks over the years. A recent paper found a flaw in the Windows 2000 random-number generator. Another paper found flaws in the Linux random-number generator. Back in 1996, an early version of SSL was broken because of flaws in its random-number generator. With John Kelsey and Niels Ferguson in 1999, I co-authored Yarrow, a random-number generator based on our own cryptanalysis work. I improved this design four years later -- and renamed it Fortuna -- in the book Practical Cryptography, which I co-authored with Ferguson.

The U.S. government released a new official standard for random-number generators this year, and it will likely be followed by software and hardware developers around the world. Called NIST Special Publication 800-90 (.pdf), the 130-page document contains four different approved techniques, called DRBGs, or "Deterministic Random Bit Generators." All four are based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. It's smart cryptographic design to use only a few well-trusted cryptographic primitives, so building a random-number generator out of existing parts is a good thing.

But one of those generators -- the one based on elliptic curves -- is not like the others. Called Dual_EC_DRBG, not only is it a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute.

The NSA has always been intimately involved in U.S. cryptography standards -- it is, after all, expert in making and breaking secret codes. So the agency's participation in the NIST (the U.S. Commerce Department's National Institute of Standards and Technology) standard is not sinister in itself. It's only when you look under the hood at the NSA's contribution that questions arise.

Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. The problem isn't large enough to make the algorithm unusable -- and Appendix E of the NIST standard describes an optional work-around to avoid the issue -- but it's cause for concern. Cryptographers are a conservative bunch: We don't like to use algorithms that have even a whiff of a problem.

But today there's an even bigger stink brewing around Dual_EC_DRBG. In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described a backdoor.

This is how it works: There are a bunch of constants -- fixed numbers -- in the standard used to define the algorithm's elliptic curve. These constants are listed in Appendix A of the NIST publication, but nowhere is it explained where they came from.

What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG.

The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.

Of course, we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG. We have no way of knowing whether an NSA employee working on his own came up with the constants -- and has the secret numbers. We don't know if someone from NIST, or someone in the ANSI working group, has them. Maybe nobody does.

We don't know where the constants came from in the first place. We only know that whoever came up with them could have the key to this backdoor. And we know there's no way for NIST -- or anyone else -- to prove otherwise.

This is scary stuff indeed.

Even if no one knows the secret numbers, the fact that the backdoor is present makes Dual_EC_DRBG very fragile. If someone were to solve just one instance of the algorithm's elliptic-curve problem, he would effectively have the keys to the kingdom. He could then use it for whatever nefarious purpose he wanted. Or he could publish his result, and render every implementation of the random-number generator completely insecure.

It's possible to implement Dual_EC_DRBG in such a way as to protect it against this backdoor, by generating new constants with another secure random-number generator and then publishing the seed. This method is even in the NIST document, in Appendix A. But the procedure is optional, and my guess is that most implementations of the Dual_EC_DRBG won't bother.

If this story leaves you confused, join the club. I don't understand why the NSA was so insistent about including Dual_EC_DRBG in the standard. It makes no sense as a trap door: It's public, and rather obvious. It makes no sense from an engineering perspective: It's too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy.

My recommendation, if you're in need of a random-number generator, is not to use Dual_EC_DRBG under any circumstances. If you have to use something in SP 800-90, use CTR_DRBG or Hash_DRBG.

In the meantime, both NIST and the NSA have some explaining to do.

Chinese spying in America represents the greatest threat to U.S. technology, according to a congressional advisory panel report Thursday that recommended lawmakers consider financing counterintelligence efforts meant to stop China from stealing U.S. manufacturing expertise.

The U.S.-China Economic and Security Review Commission also said in its annual report to Congress that small- and medium-sized U.S. manufacturers, which represent more than half the manufacturing jobs in America, "face the full brunt of China's unfair trade practices, including currency manipulation and illegal subsidies for Chinese exports."

China's economic policies create a trade relationship that is "severely out of balance" in China's favor, said the commission, which Congress set up in 2000 to investigate and report on U.S.-China issues.

Carolyn Bartholomew, the commission's chairwoman, told reporters that "China's interest in moving toward a free market economy is not just stalling but is actually now reversing course."

China denied any spying activities, stressing the importance of healthy economic ties with the U.S. "China never does anything undermining the interests of other countries," Chinese Foreign Ministry spokesman Liu Jianchao said at a regular briefing Thursday in Beijing. "China and the U.S. have a fundamental common interest in promoting sound and rapid development."

The report comes about a year before U.S. presidential and congressional elections, and candidates have been critical of what they see as China's failure to live up to its responsibilities as an emerging superpower. China often is singled out for its flood of goods into the United States; for building a massive, secretive military; for abusing its citizens' rights, and for befriending rogue nations to secure sources of energy.

U.S. officials also recognize that the United States needs China, a veto-holding member of the U.N. Security Council, to secure punishment for Iran's nuclear program and to persuade North Korea to give up its nuclear weapons.

The commission's Democratic and Republican appointees have begun meeting with congressional staff and lawmakers to discuss the report's 42 recommendations.

In the report, the commission said China's spies allow Chinese companies to get new technology "without the necessity of investing time or money to perform research." Chinese espionage was said to be straining U.S. counterintelligence agencies and helping China's military modernization.

While the report praised China for some economic progress this year, improvements were undertaken "with great hesitancy and, even then, only with the prodding of other nations and the World Trade Organization."

China, it said, "maintains a preference for authoritarian controls over its economy" and has done too little to police widespread copyright piracy of foreign goods sold in China.

The commission also faulted China for keeping the value of its currency artificially low against the dollar. American manufacturers long have complained that Beijing's low currency makes Chinese goods cheaper in the United States and American products more expensive in China.

China's dependence on coal, lack of energy efficiency and poor enforcement of environmental regulations, the report said, "are creating devastating environmental effects that extend throughout the region and beyond to the United States."

The commission said tensions between Taiwan and China have created an "emotionally charged standoff that risks armed conflict if not carefully managed by both sides. Such a conflict could involve the United States."

The United States has hinted it would go to war to protect Taiwan if nuclear-armed China were to attack. China claims Taiwan as its own and vows to attack any declaration of independence by the island's leaders.

The report also described what it said was China's tight control over information distribution, which allows Beijing "to manage and manipulate the perceptions of the Chinese people, often promoting nationalism and xenophobia."

Beijing, the report said, uses its control of the media to influence its perception in the United States; that could endanger U.S. citizens if reports on food and product safety and disease outbreaks are manipulated.

Online security firm ESET has warned of a new Trojan targeting online gamers in Asia.

Win32/PSW.Agent.NDP accounted for 5.73 per cent of the detections made by ESET's ThreatSense.Net tool, which reports detection statistics from millions of client computers around the world.

The program steals information from several sources, before sending the data back to a remote attacker.

"Agent.NDP is an interesting threat as it does not exploit any security vulnerability and does not contain its own mailing engine," said Pierre Marc Bureau, a researcher at ESET.

"Trojans are commonly used to perform identity theft and other malicious actions. Agent.NDP seems to target Chinese online gamers in an attempt to steal information such as usernames and passwords."

ESET explained that the Trojan is probably installed after being downloaded from a website, almost certainly under the guise of another application.

Agent.NDP then copies itself into the victim's temporary folder and writes a DLL in the same folder. It then injects the DLL code into explorer.exe to monitor system execution and find vulnerable information.

ESET's second highest ranking threat for October was INF/Autorun, accounting for 3.45 per cent of all detections.

INF/Autorun describes a variety of malware that uses the autorun.inf file which contains information to run programs automatically when removable media are inserted into a computer.

More than half of computer users have illegally stolen Wi-Fi connections, according to The Times - but only 11 alleged offenders have been arrested in the UK, as the police seem to think those deploying Wi-Fi should be more careful about securing their connections.

The data was collected from a "Have Your Say" survey on the website of security-specialist Sophos: apparently 54 per cent of the 560 people who responded admitted nicking bandwidth from insecure Wi-Fi routers.

This might say more about Sophos customers than the general population, and extrapolating the results to every computer user in the country is probably a crime against statistics: so that's exactly what The Times has done.

It reports being told by the Serious Organised Crime Agency that "...there is a certain responsibility that the individual has to assume in the fight against this", and goes on to note that hijacked connections can be used to download pornography and "...if the hacker has used your broadband to log on to an illegal site, this will be traced back to your wireless router. Then it is your job to persuade the police that you are innocent."

And there was us thinking that it was up to the CPS to prove guilt, rather than the other way round.

Anyone caught stealing a Wi-Fi connection can be fined up to a grand, even if it's left unsecured, so make sure you ask nicely next time you're looking to log on, and if the person next to you has never stolen a Wi-Fi connection then we have to assume that you have. ®