daily online news

German police have complained that the encryption of VoIP traffic has made tracking criminals very difficult.

Jöerg Ziercke, president of Germany's Federal Police Office, told an annual gathering of security and law enforcement officials that Skype is giving the force more problems that traditional telephone tapping.

"The encryption with Skype telephone software creates grave difficulties for us," he told Reuters.

"We cannot decipher it. That is why we are talking about source telecommunication surveillance, i.e. getting to the source before encryption or after it has been decrypted."

Ziercke added that he does not expect Skype to hand over encryption keys or take any action that would harm it as a business, but that there remains a need for police to examine hard drives and break encryption.

Germany has tough laws on the searching of personal data passed after World War 2.

Researchers have uncovered more evidence that the TOR anonymiser network is being misused by hackers, and quite likely government intelligence agencies.

TOR (The Onion Router) is a network of proxy nodes set up to provide some privacy and anonymity to its users. Originally backed by the US Naval Research Laboratory, TOR became an Electronic Frontier Foundation (EFF) project three years ago. The system provides a way for whistleblowers and human rights workers to exchange information with journalists, among other things. The system also provides plenty of scope for mischief.

The presence of rogue nodes on the network was recently highlighted by security researcher Dan Egerstad, who controversially posted details of login credentials of about 1,000 email addresses, including at least 100 accounts belonging to foreign embassies, obtained by listening to traffic passing through five exit nodes under his control. Abuse of the system is far from isolated, other research suggests.

Members of the Teamfurry community discovered TOR exit-nodes that only forwards traffic association with ports used for unencrypted versions of protocols including IMAP and POP email (TCP ports 143 and 110), and IM traffic. Other nodes only relay traffic associated with MySpace or Google searches. The malign purposes behind such a system are fairly easy to guess, while their legitimate use is far trickier to imagine.

"Even though just a suspicious configuration isn’t enough to tag an exit-node evil, I wouldn’t touch these with a ten-foot long toothpick," Teamfurry warns.

Another Tor exit node used fake SSL certificates to run man-in-the-middle phishing attacks. Information on the rogue node was forwarded to German authorities, who moved quickly to take down the node. The node was the only one of 400 nodes tested that was running man-in-the-middle attacks, but as net security firm F-Secure notes, it "only takes one".

TOR is set up such that users have little or no idea who controls the exit nodes their data passes through. For this reason encrypting sensitive traffic sent over the network is the first, but not the only, security precaution for using the network

The UK government's loss of sensitive information compromising 25 million individuals could force British banks to take "enormously expensive" emergency measures, Gartner warned today.

Avivah Litan, vice president and distinguished analyst at Gartner, said: " The type of data lost could be enormously valuable to identity thieves and other criminals who could use stolen account numbers to take over bank accounts.

"This is why bank account numbers typically sell on the US black market for as much as $400 compared with $5 for credit card numbers.

"Even the possibility of such a move would force UK banks to take emergency measures, including closely monitoring all fund transfers out of potentially affected accounts."

This would be especially problematic owing to the UK's implementation of the Faster Payments initiative, which calls for almost immediate fund transfers.

Gartner believes that it is "fortunate", under the circumstances, that the initiative has been delayed until 2008.

The warning comes after HM Revenue & Customs lost computer disks containing large amounts of confidential information, including names, addresses, dates of birth and bank account information.

The missing disks, which were apparently lost while being transported, may include information on as many as 25 million individuals, including recipients of Child Benefit.

"If evidence emerges that the lost data has fallen into criminal hands, UK banks could be forced to close down millions of accounts and reopen new ones at enormous cost," said Litan.

"The banks' customers would also face considerable inconvenience, because automatic payments and transfers would have to be set up again, and debit cards might have to be reissued."

The potential costs to the UK banking system, and to the economy as a whole, could be as high as £244m, according to Gartner, based on a conservative estimate of just under £10 per account.

Litan added that the chances of a true data loss resulting in identity theft are usually extremely low, typically less than one per cent for any given individual.

But the analyst warned that the media attention means that criminals are likely to pursue the lost data as vigorously as the authorities.

Identity profiles are worth far more on the digital underground than credit card details.

Gunter Ollmann, a security researcher in the ISS security division of IBM, discovered that a list of 2,000 credit card details (including CVV2 codes and magstripe data) is worth about the same as 40 standard identities (ie name, address, phone number, social security number, and date of birth).

Complete banking identities - including full contact information, mother's maiden name, bank account number, and account password – can be worth eight times as much as standard identity details, depending on the bank. Although stolen credit card details rapidly go out of date, the same is not true for identities which are, of course, much harder to cancel.

"Identity" itself is now a form of currency, according to Ollmann, who reports that it's more common for identity information to be traded rather than sold.

One growing form of trade involves the login credentials to porn sites. Crooks may pay $250 for a batch of 7,000 logins. The logic of the purchases has little to do with porn sites themselves, but rather that people tend to use the same passwords for a range of different sites.

That also means hackers who break into a low-profile site to gain password credentials can use these identities to mount brute force attacks on more useful sites. Or sell login credentials onto third parties interested in attacking ecommerce or banking sites.

"Given the way new sites are springing up and how many passwords we're all expected to remember, I expect this attack vector to become more popular and more successful. Similarly, I'd expect the proliferation of these underground exchanges to increase and the price per password to fall over time," he write

IT security consultancy firm Global Secure Systems has urged UK companies to review IT security procedures before the Thanksgiving weekend in the US.

"US hackers usually take advantage of the long holiday weekend to generate all sorts of attacks on internet-connected computer systems worldwide," said David Hobson, managing director of Global Secure Systems.

The upcoming weekend "hackerfest", now referred to as Black Friday and Cyber Monday, makes it vital for UK organisations to review IT security arrangements and ensure that all security patches are up to date.

"They should also prepare for the worst, and review ongoing business continuity arrangements in the event of an IT disaster," added Hobson.

"Thanksgiving in the US is the time when retailers give out freebies to their customers.

"Companies in the UK should watch out for hacker freebies that take the shape of malware-infected email and other digital mayhem. This is always a bad time of the year for malware."

A Swedish teenager suspected of hacking into the network of Cisco systems has been convicted of cracking into the systems of three local universities.

The unnamed 19-year-old from Uppsala, Sweden, was ordered to pay $25,000 damages to his victims on Monday after a Swedish appeal court overturned a previous acquittal by a district court and found him guilty of seven counts of unauthorised access, AP reports.

The teen, who plans to appeal to the Swedish Supreme Court, was convicted of hacking into the systems of Linköping, Umea, and Uppsala Universities as well as the national supercomputer centre in Linköping during 2004. He was also given a suspended sentence as well as a fine.

He admits creating tools used in the attack, but not perpetrating the assault. "They have destroyed my life before I'm even a grown-up," he told Computer Sweden.

FBI officials questioned the youngster last year over allegations that he broke into Cisco's network and stole source code, allegations he denies. Samples of the code were posted online after the May 2004 breach. US authorities have put the ongoing investigation into the hands of the Swedes, prosecutor Catherine Rudstrom told AP. ®

The browser will finally get a fix for a serious and longstanding security flaw.

The head of HM Revenue and Customs (HMRC) has resigned after it was revealed in parliament that the personal details of 25 million Britons had been "lost in the post".

Chancellor of the Exchequer Alistair Darling said in a statement that two CDs with the details of 25 million families had been sent to the National Audit Office by courier firm TNT but failed to arrive.

The material was apparently put in the post by a junior employee at the HMRC office in Washington, Tyne & Wear.

The disks, which were password protected but not encrypted, contained names, addresses, dates of birth, child benefit numbers, National Insurance numbers and bank or building society account details.

Paul Gray, chairman of HMRC, has already resigned and opposition MPs are calling on Darling to do likewise.

"The lost bank account numbers, names and addresses represents a gold mine for thieves and is much more valuable than credit card numbers or taxpayer ID numbers," said Avivah Litan, vice president at Gartner Research.

"Bank account numbers sell for the highest price on the black market, between $30 and $400, which is significantly more than the 50 cents to $5 that criminals pay for credit cards.

"If evidence emerges that the data fell into criminal hands, the UK banks may be forced to close the 15 million accounts and issue new ones at an enormous cost to them and a major inconvenience for their customers."

This is the third in a series of data breaches at HMRC. The organisation lost the details of a number of high net worth individuals in October, and banking details for 15,000 savers went missing earlier this month when a laptop was stolen.

"Another week and another high profile data breach for the government," said Joseph Hoban, vice president at data protection firm GuardianEdge.

"This is not the first time that public data has been compromised and, if lacklustre security continues to rule, it certainly will not be the last.

"It is time that tougher security measures were taken to protect our most confidential files. Securing two disks with only a password is not sufficient."

Darling has described the incident as "extremely regrettable" but has resisted calls for his resignation.

The loss has also sparked renewed calls for a data breach law that would force the government and companies to inform people if their data had been put at risk.

"California introduced data breach notification legislation some time ago, which compels businesses to inform customers if their personal data may have been compromised," said Richard Turner, vice president of sales at security firm RSA.

"The introduction of similar legislation would not only be a significant step in combating fraud, but constitutes a basic human entitlement.

"Public awareness of security breaches would serve to focus organisations on ensuring that confidential information is adequately protected, and enable the public to take appropriate safeguards in the event of a compromise."

The German government has reportedly started hiring coders to develop "white hat" malware capable of covertly hacking into terrorists' PCs.

The recruitment push signals that the German government is going ahead with controversial plans, yet to be legally approved, to develop "remote forensic software" (AKA a law enforcement Trojan). BKA federal police have been directed by the Interior Ministry to resume the initiative and hire two "specialists"*, AAP reports.

Proposals to give explicit permission for law enforcement officials to plant malware stem from a Federal Court ruling earlier this year declaring clandestine searches of suspects' computers to be inadmissible as evidence, pending a law regulating the practice. Germany's Federal Court of Justice said the practice was not covered by existing surveillance legislation.

The former East Germany, and the country as a whole before the war, has a dark history of official surveillance. The idea of a law enforcement Trojan has sparked a fierce civil liberties debate, as well as objections from the IT security community.

Geoff Sweeney, CTO with security firm Tier-3, said since the Trojans will almost certainly be launched against suspects disguised as a harmless email, they pose a serious IT security threat if they fall into the wrong hands.

"Reworking of malware goes on all the time. If these Trojans are developed specifically for German anti-terrorist usage, it's almost certain that conventional IT security software will have no protection against their usage on civilian PCs," he said.

Law enforcement Trojans, under active consideration in Austria as well as Germany, are a thoroughly bad idea.

Would-be terrorists need only use Ubuntu Linux to avoid the ploy. And even if they stuck with Windows their anti-virus software might detect the malware. Anti-virus firms that accede to law enforcement demands to turn a blind eye to state-sanctioned malware risk undermining trust in their software, as evidenced by the fuss created when similar plans for a "Magic Lantern" Trojan for law enforcement surfaced some years ago.

Even if, for arguments sake, security firms ignore state-sanctions from the US and Germany, would they also ignore Trojans from the Chinese People's Liberation Army or Nigeria? ®

* Germany has no shortage of convicted VXers potentially up to the job of writing malware. Most notable is Sven Jaschan, self-confessed author of the infamous Sasser worm. Jan de Wit, infamous author of the Anna Kournikova worm, comes from the Netherlands, just over the border with Germany. Thanks to EU rules on free movement of labour, he might also be eligible to apply.

A future net meltdown could bring the return of waiting for downloads

Consumer demand for bandwidth could see the internet running out of capacity as early as 2010, a new study warns.

US analyst firm Nemertes Research predicted a drastic slowdown as the network struggles to cope with the amount of data being carried on it.

Such gridlock would drastically affect how people use the web and could mean the next Google or YouTube simply doesn't get off the ground, it said.

The report said billions needed to be spent upgrading broadband networks.

It put the figure at around $137bn (£66bn) globally.

For users, the slowdown could see a return to the bad old days of dial-up, the report predicts.

Stifling innovation

"It may take more than one attempt to confirm an online purchase or it may take longer to download the latest video from YouTube," the report cited.

But it is the knock-on effect for new services that could be the real problem, report authors think.

"The next Amazon, Google or YouTube might not arise, not from a lack of user demand but because of insufficient infrastructure preventing applications and companies emerging," the report warned.

The demand for bandwidth-intensive applications shows no sign of abating.

Nearly 75% of US internet users watched an average of 158 minutes of online video and viewed more than 8.3bn video streams during May, according to research by measurement firm comScore.

The financial invested required to "bridge the gap" between demand and capacity would range from $42bn (£20bn) to $55bn (£27bn) in the US, Nemertes estimates.

The report is part-funded by the Internet Innovation Alliance (IIA) which campaigns for universal broadband in the US.

"We must take the necessary steps to build out network capacity or potentially face internet gridlock that could wreak havoc on internet services," said Larry Irving, co-chairman of the IIA.

Security experts warned this week of two separate e-mail attacks launched Monday that take aim at specific individuals within corporations.

The first attack, detected by MessageLabs at 4:55 p.m. GMT Monday, was sent to more than 400 individuals at financial institutions, with the e-mail addressed specifically to that individual and purporting to be a complaint from the U.S. Department of Justice. A second attack, spotted three and a half hours later, was similar, but claimed to be from the Better Business Bureau. In both cases, the e-mails contained malicious attachments that could lead to the recipient's system being taken over.

The Trojan horse that gets installed on a computer allows an attacker to have remote access to the machine, but MessageLabs security analyst Paul Wood said the attacker's exact purpose was not clear. "Once they get access to the machine remotely, they can use that machine for anything," Wood said.

Although it is likely the two attacks are related, Wood said, their attachments and delivery mechanisms varied somewhat. The attack spoofing the Justice Department contained an executable program within a zipped file with the extension .scr, typically used by screen savers. In the attack spoofing the Better Business Bureau, the attachment was a Rich Text Format document that contained an executable program disguised as a PDF file.

The rise in specifically targeted e-mail attacks has been of significant concern to security experts. Such attacks are both harder to detect than mass phishing attacks, and more likely to be acted on given the fact they are customized to their recipients, including things such as their name and official title.

In its annual "Security Intelligence Report," issued last month, Microsoft reported a steep rise in such attacks. Wood said that his company started seeing attacks aimed at specific individuals back in 2005, but at the time it saw maybe two such attacks a week. By last year, it was seeing one per day; this year, that number has risen to an average of 10 per day.

One of the big reasons behind the increase is the availability of toolkits that enable criminals to essentially have a template for the attacks, wherein they need to fill in only the targeted information.

"A year or two ago you would have to be fairly technically sophisticated in order to create these attacks," Wood said.

Wood added that the rise of social networks like Facebook and professional networks such as Plaxo and LinkedIn are making it easier for attackers to do their homework on potential victims.

"You can certainly build up a profile and make those attacks much more convincing," Wood said.

This week's attacks are similar to ones that took place in June and September. In the September attack, more than 1,000 senior executives were sent messages with an apparent Word attachment that contained an embedded executable file. The June attack, which also targeted senior executives, purported to be an invoice.

The latest attack spoofing the Better Business Bureau is still ongoing, said MessageLabs. The Better Business Bureau has also been spoofed before in a number of phishing attacks.

credits:

Google for the translation, blogspot for host, Domain tools for the flags and me for making this *,..,*

Linux:

1. nmap - Nmap ("Network Mapper") is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available.

2. Nikto - Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3200 potentially dangerous files/CGIs, versions on over 625 servers, and version specific problems on over 230 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

3. THC-Amap - Amap is a next-generation tool for assistingnetwork penetration testing. It performs fast and reliable application protocol detection, independant on the TCP/UDP port they are being bound to.

4. Ethereal - Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.

5. THC-Hydra - Number one of the biggest security holes are passwords, as every password security study shows. Hydra is a parallized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, it is flexible and very fast.

6. Metasploit Framework - The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. This project initially started off as a portable network game and has evolved into a powerful tool for penetration testing, exploit development, and vulnerability research.

7. John the Ripper - John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

8. Nessus - Nessus is the world's most popular vulnerability scanner used in over 75,000 organisations world-wide. Many of the world's largest organisations are realising significant cost savings by using Nessus to audit business-critical enterprise devices and applications.

9. IRPAS - Internetwork Routing Protocol Attack Suite - Routing protocols are by definition protocols, which are used by routers to communicate with each other about ways to deliver routed protocols, such as IP. While many improvements have been done to the host security since the early days of the Internet, the core of this network still uses unauthenticated services for critical communication.

10. Rainbowcrack - RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique. In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table".


Windows:

1. Cain & Abel - Cain & Abel is a password recovery tool for the Microsoft Windows Operating System. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

2. SuperScan - SuperScan is a powerful TCP port scanner, pinger, resolver. SuperScan 4 (Current Version) is a completely-rewritten update of the highly popular Windows port scanning tool, SuperScan.

3. GFI LANguard Network Security Scanner - GFI LANguard N.S.S. is a network vulnerability management solution that scans your network and performs over 15,000 vulnerability assessments. It identifies all possible security threats and provides you with tools to patch and secure your network. GFI LANguard N.S.S. was voted Favorite Commercial Security Tool by NMAP users for 2 years running and has been sold over 200,000 times!

4. Retina - Retina Network Security Scanner, recognised as the industry standard for vulnerability assessment, identifies known security vulnerabilities and assists in prioritising threats for remediation. Featuring fast, accurate, and non-intrusive scanning, users are able to secure their networks against even the most recent of discovered vulnerabilities.

5. SamSpade - SamSpade provides a consistent GUI and implementation for many handy network query tasks. It was designed with tracking down spammers in mind, but can be useful for many other network exploration, administration, and security tasks. It includes tools such as ping, nslookup, whois, dig, traceroute, finger, raw HTTP web browser, DNS zone transfer, SMTP relay check, website search, and more.

6. N-Stealth - N-Stealth is a commercial web server security scanner. It is generally updated more frequently than free web scanners such as whisker and nikto, but you have to pay for the privilege.

7. Solarwinds - Solarwinds contains many network monitoring, discovery and attack tools. The advanced security tools not only test internet security with the SNMP Brute Force Attack and Dictionary Attack utilities but also validate the security on Cisco Routers with the Router Security Check. The Remote TCP Reset remotely display all active sessions on a device and the Password Decryption can decrypt Type 7 Cisco Passwords. The Port Scanner allows testing for open TCP ports across IP Address and port ranges or selection of specific machines and ports.

8. Achilles - The first publicly released general-purpose web application security assessment tool. Achilles acts as a HTTP/HTTPS proxy that allows a user to intercept, log, and modify web traffic on the fly. Due to a cyber squatter, Achilles is no longer online at its original home of www.Digizen-Security.com...OOPS!

9. CookieDigger - CookieDigger helps identify weak cookie generation and insecure implementations of session management by web applications. The tool works by collecting and analyzing cookies issued by a web application for multiple users. The tool reports on the predictability and entropy of the cookie and whether critical information, such as user name and password, are included in the cookie values.

10. Netcat (The Network SwissArmy Knife) - Netcat was originally a Unix utility which reads and writes data across network connections, using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

The police want to get at encrypted files

Animal rights activists are thought to be the first Britons to be asked to hand over to the police keys to data encrypted on their computers.

The request for the keys is being made under the controversial Regulation of Investigatory Powers Act (RIPA).

Police analysing machines seized during raids on activists' homes carried out in May have asked for the keys.

The activists could face jail if they do not comply and snub a further formal request to hand over the keys.

Case law

In early November about 30 animal rights activists are understood to have received letters from the Crown Prosecution Service in Hampshire inviting them to provide passwords that will decrypt material held on seized computers.

The letter is the first stage of a process set out under RIPA which governs how the authorities handle requests to examine encrypted material.

Once a request has been issued the authorities can then issue what is known as a Section 49 notice demanding that a person turn the data into an "intelligible" form or, under Section 51 hand over keys.

Although much of RIPA came into force many years ago, the part governing the handing over of keys only passed in to law on 1 October 2007. This is why the CPS is only now asking for access to files on the seized machines.

Alongside a S49 notice, the authorities can also issue a Section 54 notice that prevents a person revealing that they are subject to this part of RIPA.

The PCs were seized in raids carried out in May 2007

The BBC news website talked to one animal rights activist who had their computer seized in May and has received a letter from the CPS.

The activist, who wished to remain anonymous, said that even if others disagreed with animal rights activists the use of the law had grave implications for personal privacy.

"Even if they hate our guts my personal view is that this is a matter where there's great issues of public interest that should be being talked about," they said.

The CPS declined to comment on the issuing of the letters and a spokesman said it could not comment on ongoing cases.

If those receiving the letters do not comply with the request or a formal S49 notice they can be imprisoned for up to two years.

Legal row

The section of RIPA that deals with decryption requests was controversial when it was drawn up and debated. Peers, academics and cryptographers called the proposals "flawed" when invited to comment on them by the Home Office.

Commentators pointed out that sSection III, which is aimed at serious criminals, such as paedophiles and terrorists, is flawed because those involved would much rather serve a few years for refusing to hand over keys than provide them and potentially incriminate themselves.

Others were simply likely to say that they had forgotten the complicated passphrase they used when encrypting material. Under certain circumstances RIPA allows this to be a plausible defence.

It is very likely, said David Harris, a barrister and technology lawyer, that activists will devise systems that legally circumvented the law.

Mr Harris foresees a time when activist groups prepared encrypted files that people could download to let them plausibly deny they have a key to unlock such data if it is found on their PC.

"These may become prevalent as a result of this case," he said.

Mr Harris said many people know of products readily available on the web, such as Truecrypt, that hid data and supplied a key to some of it while leaving the rest undetectable to the police.

In the event that there was doubt that a suspect did not possess a key, he said, it was up to the prosecution to demonstrate beyond a reasonable doubt that they could know the passphrase.

Miscreants are trying to convince email users that their telephone conversations are being recorded in a ruse designed to scare prospective marks into buying bogus security software. Emails promoting the campaign are laced with a new Trojan horse malware.

The Dorf-AH Trojan horse appears as an attachment in emails claiming that the sender is a private detective listening into a recipient's phone calls. This "detective" claims he's prepared to switch sides and reveal who has paid for the surveillance at a later date.

In the meantime, prospective marks are asked to listen to the supposed recording of one of their recent phone calls that comes attached to the email in the form of a password-protected RAR-archived MP3 file. In reality, however, the MP3 file is not an audio file of a telephone conversation or anything else but a malicious executable program that installs malware onto victim's computer.

An extract from a typical email reads like the dialogue from a decidedly inferior pulp fiction novel:

I am working in a private detective agency. I can't say my name now. I want to warn you that i'm going to overhear your telephone line. Do you want to know who is the payer? Wait for my next message.

P.S. I'm sure, you don't believe me. But i think the record of your yesterday's conversation will assure you that everything is real.

Net security firm Sophos reports that among the malware types downloaded onto infected PCs is an item of scareware which displays a fake Windows Security Centre alert in a bid to trick victims into purchasing bogus security software.

Sophos said the gang distributing the scareware had been unsuccessfully trying to punt it for weeks before hitting on the private eye scare tactic.

"This attack has gone from defective to detective - these private dicks failed first time round because they made fundamental mistakes in their malware code. Now, in this latest case, the authors' emails are more than capable of infecting the unwary," said Graham Cluley, senior technology consultant at Sophos.

"It may seem hard to believe that anyone would fall for a trick like this, but it wouldn't be a surprise if people tried to run the attachment just out of curiosity," he added.

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing.

The Child Benefit data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25m people.

Chancellor Alistair Darling said there was no evidence the data had gone to criminals - but urged people to monitor bank accounts "for unusual activity".

The Conservatives described the incident as a "catastrophic" failure.

In an emergency statement to MPs, Mr Darling apologised for what he described as an "extremely serious failure on the part of HMRC to protect sensitive personal data entrusted to it in breach of its own guidelines".

MPs gasped as Mr Darling told them: "The missing information contains details of all Child Benefit recipients: records for 25 million individuals and 7.25 million families. "

The police are not aware of any evidence that it has been used for fraudulent purposes or criminal activity Alistair Darling Chancellor Point-by-point: Darling Q&A: Records lost

The chancellor blamed mistakes by junior officials at HMRC, who he said had ignored security procedures when they sent information to the National Audit Office (NAO) for auditing.

Mr Darling told MPs: "Two password protected discs containing a full copy of HMRC's entire data in relation to the payment of child benefit was sent to the NAO, by HMRC's internal post system operated by the courier TNT.

The package was not recorded or registered. It appears the data has failed to reach the addressee in the NAO."

He added: "The police tell me that they have no reason to believe that this data has found its way into the wrong hands.

"The police are not aware of any evidence that it has been used for fraudulent purposes or criminal activity."

Fraud protection

The HMRC has set up a Child Benefit Helpline on 0845 302 1444 for customers who want more details.

The data was sent on 18 October and senior management at HMRC were told it was missing on 8 November and the chancellor on 10 November.

MISSING DATA INCLUDES... National insurance number Name, address and birth date Partner's details Names, sex and age of children Bank/savings account details

Mr Darling said banks were adamant that they wanted as much time to prepare for his announcement as possible.

He added: "If someone is the innocent victim of fraud as a result of this incident, people can be assured they have protection under the Banking Code so they will not suffer any financial loss as a result."

Mr Darling said people should monitor their accounts "for any unusual activity".

Chairman resigns

The Metropolitan Police are investigating the disappearance of the two discs and the Independent Police Complaints Commission (IPCC), which monitors HMRC, is investigating the security breach.

Uniformed officers were earlier checking HMRC's offices in Washington, Tyne and Wear.

It is the latest and by far the most serious of a string of missing data incidents at HM Revenue and Customs.

WHAT CAN YOU DO? Check your bank statements for odd transactions Monitor your account if you bank online Change your account password if it is a date of birth or name Source: Apacs How worried should you be?

HMRC chairman Paul Gray resigned earlier after the latest incident came to light.

Shadow Chancellor George Osborne said: "Let us be clear about the scale of this catastrophic mistake - the names, the addresses and the dates of birth of every child in the country are sitting on two computer discs that are apparently lost in the post, and the bank account details and National Insurance numbers of 10 million parents, guardians and carers have gone missing.

"Half the country will be very anxious about the safety of their family and the security and the whole country will be wondering how on earth the government allowed this to happen."

'Ancient' computers

He urged the government to "get a grip" and said it was the "final blow for the ambitions of this government to create a national ID database" as "they simply can not be trusted with people's personal information".

Liberal Democrat Acting Leader Vince Cable said it was now the Treasury and not the Home Office that was "not fit for purpose".

CHILD BENEFIT Available to the parents, normally mother, of every child in UK under 16 Older children in full-time education still eligible Taken up by almost 100% It amounts to £18.10 a week for a first-born child For subsequent children - it amounts to £12.10 a week Timeline: Benefit records loss

"Why does HMRC still use CDs for data transmission in this day and age? The ancient museum pieces it is currently using for computing must be replaced.

"After this disaster how can the public possibly have confidence in the vast centralised databases needed for the compulsory ID card scheme.

"Where does the buck stop after this catalogue of disasters?"

Giving his reaction, the Information Commissioner, Richard Thomas, said: "This is an extremely serious and disturbing security breach."

Mr Thomas welcomed the Chancellor's announcement of an independent review of the incident by Kieran Poynter of PricewaterhouseCoopers and said he would decide on further action once he has received the report.

"Searching questions need to be answered about systems, procedures and human error inside both HMRC and NAO," said Mr Thomas.

The prime minister's official spokeswoman said Gordon Brown has "full confidence" in Mr Darling. She added that Mr Darling has not offered to resign.

First look at Firefox 3.0 Beta 1

noticed that the Beta 1 for Firefox 3.0 was made available sometime yesterday. I’ve been curious as to whether the Firefox dev team would do a serious revamp for this release or just concentrate on bug fixes and performance improvements. Early indications seem to suggest that it is indeed a major revamp of both the core and the UI, and that Firefox will be a much better browser for it.

Check out the Firefox 3.0 beta 1 gallery.

I’m not a big Firefox user because I find the memory management to be very poor most of the time and the spiraling memory consumption affects both Firefox’s performance and the overall performance of my systems. I like Firefox but Firefox just doesn’t like me, so, while I have it installed on most systems, I mostly use Internet Explorer 7 and Opera for day to day browsing. Every time I say this I’m faced by a chorus of users telling me that there’s no problem with the way that Firefox handles memory, but this isn’t what I’m seeing. When a browser starts to edge near to consuming 500MB of RAM on a regular basis, something is wrong. Sure, I hammer the browser and have dozens of pages open at a time, but since both IE and Opera can handle this load, I expect Firefox to do so too. So far, it can’t, and because of that the icon doesn’t get clicked on that often.

Over the past few years I’ve felt that Firefox has lost its way and moved too far away from its roots. Firefox used to be about security and performance, but lately I’ve felt that add-ons and junking up the interface with eye-candy has taken priority over security and core stability.

Is Firefox 3.0 going to be better? Given what I’m seeing so far, I think so. Why? Because it looks like Mozilla have gone back to basics and worked on what really matters to users - security, speed and ease of use.

Everything about Firefox 3.0 beta 1 is fast. The download package is small which means that it comes in fast, the installation is fast, the browser fires up fast, pages and tabs open fast, the browser shuts down fast, and the uninstall process is fast and painless (I always like to test the uninstall process on applications because there’s nothing worse than having a bad house guest on your system that you can’t get rid of). This is all good stuff.

Without a doubt the Firefox 3.0 UI has been dramatically improved. Compare version 3 to version 2 and you instantly see the difference. Everything is brighter, clearer, and easier to access. Things that should be simple, such as bookmarking, saving passwords, and finding words and phrases in the text of a web page are now simple. Page zooming is brilliant, as is the feature that resumes interrupted downloads.

Security is also greatly improved. Only time will tell if the core of Firefox 3.0 will be any more secure than previous versions, but without a doubt version 3 makes it harder for hackers to get a foothold into systems. Not only have the SSL error pages been redesigned, but there’s also malware and web forgery protection available. Add-on and plugin security has also been beefed up considerably. To top that off, Firefox integrates with your anti-virus app and with the Parental Controls feature in Windows Vista.

Firefox 3.0 is so far looking good!

If you’re interested in taking Firefox 3.0 beta 1 for a spin, be sure to read the disclaimer:

Please note: We do not recommend that anyone other than developers and testers download the Firefox 3 Beta 1 milestone release. It is intended for testing purposes only.

I didn’t have any problems but your mileage may vary considerably.

Check out the Firefox 3.0 beta 1 gallery.

Hushmail has updated its terms of service to clarify that encrypted emails sent through the service can still be turned over to law enforcement officials, providing they obtain a court order in Canada.

September court documents (pdf) from a US federal prosecution of alleged steroid dealers reveals that Hush Communications turned over 12 CDs involving emails on three targeted Hushmail accounts, in compliance of court orders made through the mutual assistance treaty between the US and Canada. Hushmail is widely used by privacy advocates and the security-conscious to send confidential emails.

Hush Communications, the firm behind Hushmail, previously claimed "not even a Hushmail employee with access to our servers can read your encrypted email".

However an updated explanation states that it is obliged to do everything in its power to comply with court orders against specified, targeted accounts. Unlocking targeted accounts involves sending a rogue Java applet to targeted users that captures a user's passphrase and sends it back to Hush Communications. This information, when passed onto law enforcement officials, allows access to stored emails and subsequent correspondence sent through the service.

The possibility that law enforcement officials can tap targeted accounts exists whether or not Hushmail users use the supposedly more secure Java applet option or a simpler web server encryption set-up. The updated terms of service explain:

Hushmail is a web-based service, the software that performs the encryption either resides on or is delivered by our servers. That means that there is no guarantee that we will not be compelled, under a court order issued by the Supreme Court of British Columbia, Canada, to treat a user named in a court order differently, and compromise that user's privacy.

International criminals and terrorists ought to look elsewhere for their encrypted email needs, Hush Communications explains.

"If you expect to engage in activity that might result in a court order issued by the Supreme Court of British Columbia, Canada, Hushmail is not the right choice for you," it said, adding that stand-alone desktop encryption packages such as PGP Desktop provide higher levels of security than web-based services.

PGP creator Phil Zimmermann has long fought to keep the software free of backdoors. Even after the September 11 attacks his convictions about privacy and civil liberties were strong enough to withstand pressure to tamper with the software, despite evidence it was been used by terrorists as well as its intended audience of human rights activists.

However, Zimmermann has defended Hushmail compliance with court orders, arguing that users who pick web-based products for their ease of use can't expect absolute security. Zimmermann, who sits on Hushmail's advisory board and helped found the service, told Wired: "Just because encryption is involved, that doesn't give you a talisman against a prosecutor. They can compel a service provider to cooperate."

Zimmermann explained that Hushmail has little option but to comply with Canadian court orders, adding that the service remained far more secure than other webmail services. ®

Click here to watch Video

Notes:
-If you have tbot installed just like with 1.131, ONLY replace the noDCclient with you're original one(it saves lots of time)
-Do you have a problem? Read this guide well (including problems and solutions) before posting it!
-Say thanks by clicking the thanks button not by posting it!!

Download Links:

http://imbakan.com/814BOTv1.32.7z ( bot files )

http://imbakan.com/992sro1.132.rar ( Client )

Steps you have to do the first time
- Replace this sro_client with the one in you're silkroad directory
- Place the crack in your Tbot 1107 directory.
- you need Loopback Enabled: 60.169.2.206 | 255.0.0.0, guide for setting up loopback
-If it's you're first time follow these steps:, start TServer1107b.exe > click load game > select sro_client.exe(its in you're silkroad folder) and confirm > close the crack.


The steps you have to follow each time to start botting:
1- Open TServer1106.exe.
2- Enter your Silkroad Login ID.
3- Press Run Tbot.
4- Press F6 when you are at the Character Select screen.



other helpful links
-How to set up tbot
-anti dc topic
-to get f5-7 working.


Known Problems and Solutions<---
P - A￠¼O ½CÆÐ9 error
S - Try to load tbot again some times, it'll mostly work after some tries

P - Unable to initialize socket.
S - Make sure you have loopback installed and enabled
and have the connect IP and Subnet mask.

P - My character just keeps walking around and not attacking
just selecting monsters, what do I do?
S - Make sure you have inputted all your skills correctly.
Eg: Buff Tab, Buff Skill inputted there.
Make sure you refresh the skills a couple of times
and also make sure that you put all required
information into the bot.

P - Error: "Selected collating sequnce not supported by the operating system"
S - Download and install the East Asian Language Pack.
It usually does come from the Windows XP/Vista install pack.
Then go:
--> Control Panel
----> Regional Options
------> Language Options

note: if you dont have a xp cd, just press ok on the error it should work fine.

P - Particuler Filtrate Error.
S - Before you start Tbot, open up file in your TbotSroBot0919\Data Folder with notepad.
Then once that is completed, change your 'pet mode=0' to 'pet mode=1'.

P - My Tbot Icon doesn't show up once I start everything.
S - Install the East Asian Language Pack and don't click on any of the errors.
It should work by then. Only for mandark's crack [Server.exe/Tserver0919].

P - Tbot NetError.
S - Solution #1: Restart SRO and then Tbot.
Solution #2: Reinstall .NET Framework 2
Solution #3: Start up normal sro_client, if the Start screen comes
up for Silkroad, that means it's working then you can start
Tbot, if not, reinstall SRO.

P - Patching unsuccesfull
S - Go to you're control panel "add delete programs" and uninstalla windows update KB925902

P - unknown game version because of Two
A - Means TBot aint compatible with ur sro_client.exe,
download the client from this thread and replace it.


compatible antivirus for tbot here