ShodanHQ describes itself as “the world’s first computer search engine that lets you search the Internet for computers” and allows you to “find devices based on city, country, latitude/longitude, hostname, operating system and IP [address]“. Data discovered using ShodanHQ was recently quoted in Senate testimony promoting the CyberSecurity Act of 2012. ShodanHQ creator John Matherly (@achillean) shared some time with us to offer a little information to readers of the Cyveillance Blog.

Cyveillance: How did the idea for ShodanHQ come to you?

Matherly: I thought scanning the entire Internet would be an interesting problem to solve – I thought it would be fun! I had just written a basic network scanner and as I started using it I realized that sharing and indexing those results might be interesting to others. Read the rest of this entry »

Cyber crime never quits. Just this week the DEA made the impressive announcement that it had arrested several individuals who it claims were responsible for selling LSD, ecstasy, ketamine, and other hard core illegal drugs using the Tor anonymity network at a destination called “The Farmer’s Market”. Technology-based schemes like these that put others at risk for serious physical and financial harm are a reminder that we can’t rest when it comes to fighting cyber crime. Read the rest of this entry »

This week a web developer blogged about his experience at a Marriott Courtyard near Times Square, where he discovered that the hotel was injecting ads into his web browsing experience. The story touched a nerve with some who object to the notion that the hotel might modify webpages they view especially when they would already be directly charged for using the hotel’s wifi. The popular tech blog TechCrunch featured the story as well, detailing the company used by Marriott Courtyard to insert the ads into its guests’ internet surfing.

While the modification of content we view on the fly at a hotel so the hotel can profit (again!) from our use of their wifi is concerning, a more serious issue faces business and leisure travelers. Read the rest of this entry »

By now you are likely familiar with Google+, also written Google Plus. While some regard the service as Google’s response to Facebook’s seemingly endless reach into our social world online, here is how it’s officially described:

Google+ makes connecting on the web more like connecting in the real world. Share your thoughts, links and photos with the right circles. Use easy, spontaneous video chat to strike up conversations with as many as nine people at once.

Google+ is many things, including another avenue to reach an audience for your company’s marketing team. In this post however, we’re not going to expound on all the ways you can use Google+ for marketing purposes. There are dozens of places to read those online already. We want to share some ways to prevent abuse of your company and its brand in Google+ as it gains in popularity.

We’re going to show you:

1. How to create an official Google+ page for your company so there’s an official, legitimate “stake in the ground” identifying your company on this platform.

Read the rest of this entry »

Image courtesy candiedwomanire.

Let’s say you find a website you like about something you really enjoy, like cupcakes. The cupcakes you see on the site are pink and full of frosting and you absolutely must contact the owner of the website to complement them on how heavenly they look. But no matter where you look, you can’t find a way to contact the site owner using their site. What do you do now?

Your best bet is looking at the site’s WHOIS information.

WHOIS information is established for a website when its domain is registered. If you wanted to register a domain for your new website the business you buy the domain from – called a registrar – will ask you to fill out a form with the contact information for the domain. This will become the WHOIS information for the domain and is visible anytime someone performs a WHOIS search. Read the rest of this entry »

A generic Top Level Domain, or gTLD, is the name that appears to the right of “dot,” such as .com. The Internet Corporation for Assigned Names and Numbers (ICANN) has begun taking applications for new gTLD’s. With the deadline to apply for a gTLD fast approaching on April 12, 2012, many companies are wondering whether they should apply. In light of the many factors that a company must consider before applying, Cyveillance is unable to make a global recommendation to all of our clients. However, the basics about the new gTLDs, the benefits, and the drawbacks are discussed below:

How many gTLD requests is ICANN expecting in this first round of applications?
ICANN is expecting between 200 and 1,000 applications. Some experts are predicting that, based upon the number of applications it receives, ICANN may not hold another application round for several years after this initial offering.

What if someone else applies for the same gTLD that I apply for?
ICANN is encouraging resolution between the parties. If the parties cannot come to an agreement, the last resort will be an auction. See Section 1.1.2.10 gTLD Applicant Guidebook.

Read the rest of this entry »

Background
The Digital Millennium Copyright Act (the “DMCA”) is part of copyright law. The DCMA protects digital works from copyright infringement by making it illegal to circumvent the technical locks and controls that copyright owners use to protect digital works.

Examples of technical locks and controls are mechanisms on DVDs and video games that prevent people from copying the content. Additionally, sections of web sites that are protected by passwords are also considered controls under the DMCA. The DMCA prohibits people from working around any of these protections in order to copy the content without authorization from the copyright owner.

Just as the Copyright Act has “fair use” exceptions, the DMCA has exceptions too. Fair use exceptions provide for instances in which a copyrighted work can be copied or reproduced without violating a copyright holder’s rights. For example, a news reporter quoting a speech in a news report would probably be deemed a fair use of that copyrighted speech.

Currently, the seven exceptions where the DMCA does not apply are:

• Libraries, archives, and educational institutions for acquisition purposes;
• Law enforcement and intelligence gathering activities;
• Reverse engineering in order to develop inter-operable programs;
• Encryption Research;
• Protecting minors from material on the Internet;
• Protecting the privacy of personally identifying information; and
• Security testing.
Read the rest of this entry »

At the 2012 International Conference on Cyber Security held at Fordham University in New York last month, ICANN’s Dr. Richard Lamb gave an important presentation before the all event’s attendees titled DNSSEC: A Game Changer. Cyveillance caught up with Dr. Lamb afterward and asked if he could share information about DNSSEC with our cyveillanceblog.com audience.

Cyveillance: Can you explain briefly what DNSSEC is using non-technical terms, and why it’s so important?

Richard Lamb: DNSSEC (DNS Security Extensions) secures the Internet’s global “phone book” (the DNS or Domain Name System). Every time you enter a web site (www.google.com) or email (foo@bar.com), your computer uses the DNS to convert the domain name (www.google.com or bar.com) into a number (IP address) which is what is actually used to connect to and communicate (just like a phone number) with web or email server on the Internet. The protocols behind DNS were designed back in 1983 and have little in the way of security built into them. Increased network and computer performance have made it easy to falsify DNS responses to return the wrong “phone number” and possibly send you to an impersonator. Dan Kaminsky, in 2008, demonstrated the ease to which this can be done and recent attacks on 4M computers have driven the point home. DNSSEC adds digital signatures to existing records that allow machines to validate DNS responses so that this sort of attack can’t happen.

Cyveillance: This sounds like a fundamental change in the way the Internet operates. Is that accurate?
Read the rest of this entry »

While new technology and increased Internet access brings with it lots of positive aspects, you can’t overlook the threat of cyber attacks – as evidenced by a very headline rich 2011. The repercussions alone can be devastating to an organization lacking the infrastructure to detect and counter such attacks. To put this into perspective, take Algeria for example. Internet access in Algeria has grown exponentially during the past decade, reaching over four million households, cybercafés, as well as many different public and private institutions. This phenomenon has undoubtedly benefited the indigenous population by exposing them to vast amounts of information and the ability to communicate worldwide, but it has also brought with it the dangers of cyber attacks. Let’s reacquaint ourselves with the reasons we need to be more vigilant in increasing awareness of cyber attacks by looking at what is going on in Algeria.

Despite laws enacted in 2001 to combat digital-related incidents, cyber crime is still pervasive in Algeria. This is due not only to a lack of detection tools, awareness and training courses, but also to the negligence of private and public institutions in protecting their intellectual properties online. In 2010, the Center for Judicial and Judiciary Research (a branch of the Algerian Department of Justice) began developing and implementing cyber security laws. Until then, the field went mostly unregulated. Since 2010, 12 cases have been reported and to-date there has been eighty-eight cases brought to Justice.

Read the rest of this entry »

Background
The proliferation of counterfeit and pirated goods poses considerable challenges for legitimate trade and the sustainable development of the world economy. Trade in these counterfeit and pirated goods causes significant financial losses for right holders and legitimate businesses. It also hinders sustainable economic development in both developed and developing countries and, in some cases, represents a health or safety risk to consumers.

As a result, in October 2007, the United States, the European Community, Switzerland and Japan simultaneously announced that they would negotiate a new intellectual property enforcement treaty, the Anti-Counterfeiting Trade Agreement, or ACTA. ACTA represents a significant achievement in the fight against the infringement of intellectual property rights, particularly against the proliferation of counterfeiting and piracy on a global scale, and provides a mechanism for the parties to work together in a more collaborative manner to achieve the common goal of effective Intellectual Property Rights (IPR) enforcement. When it enters into force with all participants, ACTA will formalize the legal foundation for a first-of-its-kind alliance of trading partners, representing more than half of world trade.

Read the rest of this entry »