watching you watching us . .

Posts tagged “IT Security

Some Current Law addressing the Distribution and Creation of Malware and Viruses

“.. In the UK, the introduction of malware is covered by section 3 of the Computer Misuse Act [2]. The Act states that a crime is committed if a person “does any act which causes an unauthorized modification of the contents of any computer” and the perpetrator intends to “cause a modification of the contents of any computer” which may “impair the operation of any computer”, “prevent or hinder access to any program or data held in any computer” or “impair the operation of any such program or the reliability of any such data” ..

Malware is generally distributed unintentionally subsequent to its initial creation. Thus an ICP or an ISP would not be found criminally liable under either the Computer Fraud and Abuse Act or the Computer Misuse Act for most cases of dissemination ..”

What the Law Says about Distributing a Virus or Malware
Craig S Wright, InfoSec Island, 20 September 2011
https://www.infosecisland.com/blogview/16567-What-the-Law-Says-about-Distributing-a-Virus-or-Malware.html – last access 22 September 2011 – (Full article)

~

“.. The Japanese parliament has quietly passed legislation to make the creation or distribution of a virus or similar malware a criminal offense ..

the distribution of a virus created, for example, in the US, in Japan by a Japanese citizen, would come within the scope of the criminal law ..

what happens if the malware distribution takes place without the knowledge of the user of the computer, such as when a botnet is involved..

Legislators in Japan are less concerned about the semantics, however, as they say this is the country’s response to support the International Convention on Cybercrime, a treaty ratified by more than 30 countries and which mandates international co-operation in investigating crimes in cyberspace ..”

Creating or distributing malware in Japan is now a crime
InfoSecurity Magazine, 20 June 2011
http://www.infosecurity-magazine.com/view/18782/creating-or-distributing-malware-in-japan-is-now-a-crime/ – last access 22 September 2011 – (Full article)

/cobramark3

Advertisements

Hacked Dutch security firm, DigiNotar has filed for voluntary bankruptcy and the SSL certificate debacle

Hacked Dutch security firm, DigiNotar has filed for voluntary bankruptcy..

“Hacked security firm closes its doors”
BBC News UK, 20 September 2011
http://www.bbc.co.uk/news/technology-14989334 – last access 21 September 2011 – ( Full Article )

Related:
“SSL certificate debacle includes CIA, MI6, Mossad and Tor”
Chester Wisniewski, NakedSecurity, 5 September 2011
http://nakedsecurity.sophos.com/2011/09/05/ssl-certificate-debacle-includes-cia-mi6-mossad-and-tor/ – last access 21 September 2011 – ( Full Article )

/cobramark3


Skype for iPhone and iPod Touch: iOS Vulnerability allows comprimising the device address on reciveing a text message, just add JavaScript

Exploit in Skype on an iPhone or iPod touch, allows comprimise of your device’s address book simply by the attacker sending you a chat message. When the exploit code in the message is run, the victim’s iPhone will automatically make a new connection to a server, grabbing a larger payload, to execute and upload the iPhones entire address book file to the server.

“.. Type some JavaScript commands into the user name of a Skype account, use it to send a chat message to someone using the latest version of Skype on an iPhone or iPod touch, and load a small program onto a webserver. Within minutes, you’ll have a fully-searchable copy of the victim’s address book.

.. failure by Skype to sanitize potentially dangerous JavaScript commands from the text that gets sent in chat messages ..

It’s already been 48 hours since this vulnerability was first documented, and the vulnerable app is still available in the iTunes Store. It will be interesting to see how long it takes Apple and Skype to close the gaping hole ..”

“Skype for iPhone makes stealing address books a snap”
Dan Goodin, Malware, The Register UK, 20 September 2011
http://www.theregister.co.uk/2011/09/20/skype_for_iphone_contact_theft/ – last access 21 September 2011 – ( Full Article )

/cobramark3