Redes sociales

En México, nueve de cada 10 internautas mayores de 15 años utilizan redes sociales, con un promedio de uso de 6.8 horas al mes por persona, lo que coloca al país dentro de los primeros lugares en el manejo de social media a nivel mundial, aseguró Ivan Marchant, líder de Country Manager México de comScore.

Nigerian email scams

Nigerian email scams have become nearly as commonplace as the Internet itself. But one Australian woman wound up in jail after turning the tables–to the tune of $30,000–on a group of con artists.
The Courier-Mail reports that Sarah Jane Cochrane-Ramsey, 23, was employed as an “agent” in March 2010 by the Nigerians, but didn’t know they were scam artists. Her “job” was to provide access to an Australian bank account opened in her name where the Nigerians could then transfer money they had received from a phony car sales website. Cochrane-Ramsey was told she could keep eight percent of the transfers.
But, then she decided to steal from the thieves themselves. According to the Courier-Mail, she received two payments, totaling $33,350, but spent most of it on herself.
If you’re not familiar with the so-called Nigerian Scam, also known as the (419) scam, or Advanced Fee Fraud, here’s a brief explainer: the fraud works by convincing an individual to give money and/or bank account access to a third-party in exchange for future financial rewards.
Most commonly, the scam artist will claim to be a wealthy Nigerian individual looking to move his vast financial resources to another country. He then promises the fraud victim a hefty payment in exchange for a temporary loan or bank account access in order to facilitate the move. Of course, the fraud victim never receives the promised payout and instead usually ends up losing thousands of dollars in the process. According to Scam Busters, the Advance Fee Fraud scams often target small businesses and charities. And while the scam has been around for years, the U.S. Financial Crimes Division of the Secret Service still receives a reported 100 calls a day from people claiming to be victims of a (419) crime.
But, back to the Cochrane-Ramsey case. The real victims who thought they were buying cars online reported the scam to the police, who traced the account back to Cochrane-Ramsey. She was ordered to appear in Brisbane District Court and plead guilty to one count of aggravated fraud.

For now, the court judge is allowing Cochrane-Ramsey time to come up with the money to pay off the fraud victims while she awaits sentencing in March.
Interestingly, Cochrane-Ramsey is not the first person to turn the tables on Nigerian scammers. In 2008, the radio program This American Life ran a story on some anonymous pranksters who sent a Nigerian scam artist on a wild goose chase that spanned 1,400-miles into war-torn Chad for a promised cash payout at a local Western Union branch.
And they convinced him to do this while carrying an anti-Muslim/pro-George W. Bush note, which stated his intention to rob the Western Union. Their entire plan was spelled out on this website, dedicated to turning the tables on Internet con artists (Warning: contains Not Safe for Work language).
You can listen to the episode of This American Life here.

costing plans by mobile networks

Analysis firm Ovum studied global use of popular services like Whatsapp, Blackberry Messenger and Facebook chat.

It concluded that mobile operators must “work together to face the challenge from major internet players”.

Industry experts say operators can offset any losses through effective costing plans by mobile networks.

The report gathered usage statistics from the leading social messaging applications typically used on smartphones across the world.

As well as well-known names from popular social networks in the Western world, the study also included apps such as MXit – a massively popular program used mainly in South Africa.

Social messaging apps make use of a smartphone’s internet connection to send messages rather than the usually far costlier SMS – short message service – system.

1 in 100 free mobile applications visibly contained malware

You might want to think twice the next time you download a free app to your smartphone. That app could be riddled with malware able to steal information stored on your phone, according to IEEE Fellow Jeffrey Voas. It pays to be extra cautious now, Voas says, because mobile hacking is on the rise, with free apps possibly the most popular tool for gaining access.
Recent research by Voas, a computer scientist at the National Institute of Standards and Technology in Gaithersburg, Md., and his team of researchers found malware in more than 2000 free smartphone apps. The malware can infiltrate your phone’s operating system and cause all kinds of trouble, including stealing personal data.
“Of all the free mobile applications we researched, about 1 in 100 visibly contained malware—and that doesn’t even account for the ones where the malware is so hidden it’s impossible to spot,” Voas says. “The number of malware-contaminated apps is growing by the day, and with most of the apps offering good functionality for free, it’s easy to be victimized.”
Voas used a variety of detection tools—some commercial and others home-grown—which scan an app’s source code and binaries for malware. He and his coresearchers scanned about 280 000 free Android apps. Voas says he was not surprised by what they found. “I expected we would find malware in around 1 percent of the apps.” he says. “But we might have missed a lot because the detection tools we have access to need more work.”
So what can you do to protect yourself against malware? Unfortunately, very little, Voas says. But he does recommend caution.
First, download free apps only from sources you trust. “The person who wrote your app could wind up acting as your new, unauthorized system administrator of your phone,” he says. He or she can “take total control of your phone, including your GPS location, wireless connection, microphone, camera, and address lists. All your e-mail could be accessible.”
Another way to protect yourself is to pay careful attention to the access rights being requested by an app. When users download apps, they often must agree to give the app access to various features, such as GPS location. That can be helpful—and necessary—for legitimate apps such as Yelp, Google Maps, and other location-based services. But ask yourself if the access being requested makes sense.
“We looked at a variety of ways in which apps behave strangely in the context of their advertised functionality,” he says. “Most of our focus was on apps that ask for permissions that are unnecessary. For example, why would a simple game, like tic-tac-toe, need Internet access or access to the camera, and why would it also wish to send e-mail? Clearly, there is more going on here than just a fun game.”
Smartphone users, in particular, should remain vigilant. “Wherever the ‘action’ is, that’s where the hackers will be,” he says. And right now, the action is in smartphones.
So the next time you see a free app, heed Voas’s warning: “Remember that ‘free’ isn’t necessarily free. All it takes is two or three seconds for malicious apps to access the information stored on your phone and transmit it anywhere.”

Symantec told a hacker group that it would pay $50,000

As part of a sting operation, Symantec told a hacker group that it would pay $50,000 to keep the source code for some of the its flagship security products off the Internet, the company confirmed to CNET this evening.

An e-mail exchange revealing the extortion attempt posted to Pastebin (see below) today shows a purported Symantec employee named Sam Thomas negotiating payment with an individual named “Yamatough” to prevent the release of PCAnywhere and Norton Antivirus code. Yamatough is the Twitter identity of an individual or group that had previously threatened to release the source code for Norton Antivirus.

“We will pay you $50,000.00 USD total,” Thomas said in an e-mail dated last Thursday. “However, we need assurances that you are not going to release the code after payment. We will pay you $2,500 a month for the first three months. Payments start next week. After the first three months you have to convince us you have destroyed the code before we pay the balance. We are trusting you to keep your end of the bargain.”
A Symantec representative confirmed for CNET the extortion attempt in this statement:

In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

However, after weeks of discussions regarding proof of code and how to transfer payment, talks broke down and the deal was never completed. A group called AnonymousIRC tweeted this evening that it would soon release the data. “#Symantec software source codes to be released soon. stay tuned folks!!! #Anonymous #AntiSec #CockCrashed #NortonAV.”
Apparently after weeks of discussions, Yamatough’s patience was wearing thin, leading to an ultimatum:

“If we dont hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont f*** with us.”

The exchange gets contentious at times, with Yamatough suggesting that Symantec was trying to track the source of the e-mails:

“If you are trying to trace with the ftp trick it’s just worthless. If we detect any malevolent tracing action we cancel the deal. Is that clear? You’ve got the doc files and pathes [sic] to the files. what’s the problem? Explain.”

Another e-mail, with the subject line “say hi to FBI,” accuses the company of being in contact with the federal law enforcement agency, a charge Thomas denied. “We are not in contact with the FBI,” he wrote, falsely. “We are using this email account to protect our network from you. Protecting our company and property are our top priorities.”
Yamatough demanded that Symantec transfer the money via Liberty Reserve, a payment processor based in San Jose, Costa Rica. But Thomas appears reluctant, calling it “more complicated than we expected.” Thomas instead suggests using PayPal to transmit a $1,000 test as “a sign of good faith.” Yamatough rejects that offer, saying, “Do not send us any money (we do not use paypal period) do not send us any 1k etc. We can wait till we agree on final amount.”
Liberty Reserve did not immediately respond to a request for comment.
The posted thread ends with an exchange today with the subject line “10 minutes” that threatens to release the code immediately if Symantec doesn’t agree to use the payment processor to transfer the funds:

“Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we’ve made mirrors so it will be hard for you to get rid of it.”

Thomas’ response, apparently the last of the discussion, is brief: “We can’t make a decision in ten minutes. We need more time.”
Symantec admitted in mid-January that a 2006 security breach of its networks led to the theft of the source code, backtracking on earlier statements that its network had not been hacked. The security software maker initially said a third party was responsible for allowing the theft of 2006-era source code for Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack), and PCAnywhere.

Symantec said that most of it customers were not in any increased danger of cyberattacks as a result of the code’s theft but that users of its remote-access suite PCAnywhere may face a “slightly increased security risk.”
Symantec instructed its PCAnywhere users in late January to disable the product until the company could issue a software update to protect them against attacks that could result from the theft of the product’s source code.
The theft came to light in early January when hackers claimed that they had accessed the source code for certain Symantec products, which Symantec identified as Symantec Endpoint Protection (SEP) 11.0 and Symantec Antivirus 10.2. Evidence at the time suggested that hackers found the code after breaking into servers run by Indian military intelligence.
A hacker group calling itself Yama Tough and employing the mask of hacktivist group Anonymous in its Twitter avatar said in a tweet last month that it would release 1.7GB of source code for Norton Antivirus, but the group said in a later tweet that that it had decided to delay the release.

Update at 9:15 p.m.: A 1.2GB file labeled “Symantec’s pcAnywhere Leaked Source Code” has been posted to The Pirate Bay. CNET has asked Symantec whether the code is authentic. The story will be updated when Symantec responds.