Security or Censorship?
Despite universal agreement that cybercrime is becoming a scourge to Internet users, observers looked on with great apprehension when the Philippines introduced a new anti-cybercrime law last month that makes online libel a criminal offense and blocks access to websites the government says are in violation of the statute. After criticism from journalists and civil rights groups who predicted that the law would be used by politicians to prevent dissent, the Philippine Supreme Court on 9 October issued a temporary restraining order stopping the government from enforcing the law for at least 120 days. The order also gave the government 10 days to respond to several petitions seeking to have the law declared unconstitutional. In a petition filed by the National Union of Journalists of the Philippines, the group said the law would "set back decades of struggle against the darkness of 'constitutional dictatorship' and replace it with 'cyber authoritarianism.'"
Internet Users Not Particularly Careful
According to a survey by the National Cyber Security Alliance (NCSA) and Internet security firm McAfee, 17 percent of U.S. residents say they have been victims of some form of crime committed via the Internet. And while nearly half of respondents said that they regularly access the Internet via smartphones, 64 percent admit that they have never installed security software (links to pdfs) or apps on their devices in order to make them more secure from viruses or other malware. Half of those surveyed said they are allowed to use a personal tablet, smartphone, or laptop to carry out their daily job functions. The report also notes that nearly half of respondents said that their companies don’t have an established Internet security policy or formal training. The survey results don’t include any information on how much of an overlap there is between the half of respondents that are allowed to use their personal devices and the half that haven’t been coached on how to keep their (and by extension their companies’) data out of the hands of cyberthieves. Here’s hoping that it’s minuscule. Michael Kaiser, executive director of the NCSA, told the Sacramento Bee that, “This data supports an ever-increasing need for online users to be vigilant in their actions each day. Working together, we can provide Americans with the tools and information they need to practice safe online behaviors during October [which is National Cyber Security Awareness Month] and throughout the year.”
Beware Browsers Blabbing
According to the UK Register, Mozilla alerted Web surfers on 10 October that the latest version of its Firefox Web browser, released a day earlier, contained a vulnerability that allowed a cybercriminal hosting a malicious website to view a user's browsing history. In a security warning posted by Mozilla security chief Michael Coates, he assured Firefox users that there had been no reports of anyone exploiting the flaw in Firefox 16 and that a patch was being made ready as quickly as possible. An updated version that sews up the security hole was released on Oct 11.
Cyberthieves Taking Out “College Loans”
Last week, we reported on this blog that dozens of universities had been the victims of cyber break-ins by a group that posted the personal data of thousands of students, faculty, and administrators online. Now, a Security Week article reports that a group of hackers have breached a server at Northwest Florida State College that contains nearly 300 000 records. They include information about nearly 77 000 current and former students, 3200 school employees, 200 000 Florida students identified as Bright Future scholars. What’s a cyberattack at one school compared with a multipronged one affecting more than 50, you ask? Security Week reports that, according to the school’s president, the information gleaned from this breach has already been used to commit at least 50 acts of identity theft. The school told Security Week that among the exploits pulled off using the data was a scheme to borrow money from two Canadian payday lenders using school employees’ information. The loans were set up so that the proceeds went to the thieves but would be repaid from the employees’ bank accounts.