“The greatest tragedy would be to accept the refrain that no one could have seen this coming and thus nothing could have been done,” the report says. “If we accept this notion, it will happen again.”

Financial firms caused the problems by allowing risky loans, then selling the loans to investors. The firms also bet too much of their money on securities that were backed by loans.

The companies, such as Lehman Brothers, made quick profits but later were hit by the full impact of the stock market’s collapse.

The Federal Reserve should have stepped in to stop the risk-taking with investors’ money before the market made one of its worst plunges in history in September 2008, according to the Financial Crisis Inquiry Commission.

The 576-page report says government regulators “lacked the political will” to hold the financial institutions accountable for their actions.

It also noted that financial firms spent $2.7 billion in lobbying between 1999 and 2008. Committees and individuals in the financial industry contributed another $1 billion to political campaigns.

The government commission’s report is based on hearings, interviews with witnesses and financial documents.

It criticizes Federal Reserve chairmen Alan Greenspan and Ben S. Bernanke for failing to foresee the economic collapse.

Greenspan endured some of the harshest criticism for his policy of trying to deregulate the financial industry.

His deregulatory policies led to a “pivotal failure to stem the flow of toxic mortgages,” the report said.

It also said the administration of former President George W. Bush showed an “inconsistent response” that “added to the uncertainty and panic in the financial markets.”

The inconsistencies included a financial bailout for the financial firm Bear Stearns but none for Lehman Brothers, which went bankrupt in September 2008, the report said.

Source: http://www.allheadlinenews.com/briefs/articles/90032209?Government%20commission%20says%20regulators%20failed%20in%202008%20stock%20market%20crash

Researchers at Lancaster University have showcased an app that enables young people to find out if their online peers are really adults masquerading as children.

The Child Defense app has been developed by a team of scientists working at Isis Forensics – a Lancaster University spin out company – with the help of children and parents from the north west of the UK.

Child Defense meticulously scans the language used by online peers, examining discrepancies and inconsistencies in the text based on current user age-group trends. The software also allows users to link into Facebook and Twitter.

James Walkerdine, one of the researchers working on the app, emphasised: “Nothing can take the place of education and parental supervision when it comes to keeping children safe online. But with more and more young people accessing the web on mobile devices away from home or in the privacy of their rooms we think it is important to give children as many tools as possible to protect them from harm.”

“Our research shows that children find it very difficult to spot adults posing as children on social networks. This software improves children’s chances of working out that something isn’t right. Using state of the art language analysis software it gives children a powerful tool which can help them work out who they are really talking to online,” he said.

The software still needs to undergo final testing, but at release it will be available across iPhone, Android and Nokia mobile platforms.

A video of the software in action can be found here.

http://www.itproportal.com/2011/01/24/researchers-unveil-anti-child-grooming-app/

The new guidelines will clarify the FFIEC’s existing guidelines on the subject and more explicitly inform banks about what they need to do to bolster online authentication, said Avivah Litan, an analyst at Gartner.

Litan recently met with the FFIEC’s IT subcommittee to discuss the updates. “They have been talking about it and debating it for a while,” Litan said. “My understanding is that [the subcommittee meeting] was the last step in the process before they issue the new guidance.”

The FFIEC is an interagency council that develops standards for the federal auditing of financial institutions by bodies such as the Federal Reserve System and the Federal Deposit Insurance Corp. (FDIC).

In 2005, it issued a set of guidelines , titled “Authentication in an Internet Banking Environment.” They called on banks to upgrade their single-factor authentication processes — typically based on user name and passwords — with a stronger, second form of authentication by the end of 2006.

The guidance left it largely up to the banks to choose whatever second form of authentication that they felt was the most appropriate for their needs. The FFIEC listed several available authentication technologies that banks could choose from, including biometrics, one-time passwords and token-based authentication.

Since the guidelines were issued, many banks have added a second authentication layer for users when conducting certain kinds of online transactions. However, in many cases, the added measures have been largely cosmetic in nature and have done little to bolster authentication in the way the FFIEC had originally intended, Litan said.

“Obviously, some of the banks thought that it was enough if they simply added cookies or challenge/response-based authentication,” Litan said. “What has happened is that the FFIEC has realized that some banks need to be told in black and white what they need to do.”

The FFIEC did not immediately respond to Computerworld’s requests for clarification on the purported release of the new guidelines.

News of the proposed revisions come amid growing concerns about the ability of cyber criminals to circumvent the existing authentication mechanisms used by banks for online transactions.

Over the past two years there have been a string of attacks, mostly against small and medium businesses , by cyber criminals using stolen banking credentials to plunder corporate accounts.

Such account takeovers have cost U.S. businesses in excess of over $100 million since 2008, according to the FBI.

Organizations such as NACHA-the Electronics Payments Association, have warned financial institutions about such attackers and said that much of it has resulted from the relative lack of strong authentication procedures, transaction controls and “red flag” reporting capabilities.

Such attacks have also highlighted the need for banks to install stronger transaction monitoring controls and fraud alerting systems analysts have said in the past. It’s unclear whether the upcoming FFIEC guidelines will call for such controls though.

Gartner too has warned about how authentication measures such as one-time passwords and phone-based user authentication, once considered among the most robust forms of security , are being increasingly circumvented by cyber criminals.

Source: http://www.pcworld.com/article/217637/govt_may_soon_force_banks_to_impose_new_online_authentication_steps.html

A: Facebook, as you’re well aware by this point, has a history of privacy scandals. CEO Mark Zuckerberg is constantly trying to push what privacy means in the 21st century — how transparent should we all be on the Internet? — but with each step, a significant number of users push back. Last week, Facebook announced on its Developers blog that it was making it possible for third-party applications to gain access to users’ mobile phone numbers and addresses. By early Monday morning the Facebook team had dialed back the change until further notice.

Some of the privacy issues have been just too much for users, resulting in cancelled accounts. But more and more organizations are joining the Facebook Connect network and incorporating the site’s development tools into their own. It’s getting to the point where you’re at a disadvantage if you don’t have a Facebook account; you can use it to log in with the same username and password on more than two million sites — it’s not just for checking in on your cousin’s newest baby pictures. So, here’s the trick: You can go nearly invisible on Facebook — nobody will be able to view your photographs, see your activity or where you’ve checked in except for existing friends — but still have an account to use around the web.

If you’re ready to move into Facebook stealth mode, follow these simple steps:

• Visit Facebook.com, log in to your profile and click ‘Account’ in the top-right corner. From there, choose ‘Privacy Settings.’

• From the ‘Privacy Settings’ page, click on ‘View Settings’ to see who can search for you, send messages to your account, see your education and work settings and more. Change all of these drop-down menus to ‘Friends Only.’

• Return to the ‘Privacy Settings’ page and choose ‘Customize Settings’ near the bottom of the page. This new page will load a number of different privacy options, but you’ll want to click through each one and change the setting to ‘Only Me’ so that nobody else can see your Facebook activity.

• Stay on the ‘Customize Settings’ page and scroll down to ‘Things Others Share.’ Here, you’ll want to edit and disable settings so that your friends are unable to write on your wall, comment on posts and check you in to places.

• Return to the ‘Privacy Settings’ page and, under ‘Apps and Websites’ in the bottom-left corner, select ‘Edit Your Settings.’ This page shows all of the third-party websites and applications that you have given access to some of your Facebook information. If you see anything on this list that you want to remove, just click to remove it from the list.

• Stay on the ‘Apps and Websites’ page, scroll down to ‘Instant Personalization’ and select ‘Edit Settings.’ Uncheck the box at the bottom of this page to block other websites from accessing your Facebook interests. Select ‘Confirm’ when a pop-up asks you if you’re sure you want to disable this option.

• Return to the ‘Apps and Websites’ page, scroll down to ‘Public Search’ and select ‘Edit Settings.’ To keep search engines from finding your Facebook profile, uncheck the box on this new screen.

Source: http://finance.yahoo.com/family-home/article/111929/stealth-mode-making-yourself-nearly-invisible-on-facebook

The goal is to give users “a deeper understanding of and control over personal information online,” Mozilla’s head of privacy said in a blog posted on Sunday.

The feature will allow users to configure their Firefox browser to tell websites and advertisers that they would like to opt-out of any advertising based on their behavior, Alex Fowler [cq] wrote in his blog post. The user’s preference is communicated to websites and third party ad servers using a new “Do Not Track HTTP header”, which is sent with every click or page view in Firefox.

The feature wouldn’t block advertising altogether, only personalized ads. If the user has enabled the feature, the advertiser would have to exchange the personalized ad for a standard ad, according to a diagram included in the blog post.

Mozilla believes the header-based approach will be better for the Web in the long run, compared to cookies or blacklists. Using a header is less complex, more persistent than cookie-based solutions and at the same time simple to locate and use. It doesn’t rely on a user’s finding and loading lists of ad networks and advertisers to work, Fowler wrote.

However, rolling out the feature will be a challenge. For it to work, both browsers and sites will have to implement it. To get past this issue, Mozilla wants to work with the technical community to standardize the header across the industry, according to Fowler. It is also proposing that the feature be considered for upcoming releases of Firefox.

Mozilla’s announcement comes on the heels of a U.S. government call to improve online privacy. In December, the U.S. Department of Commerce recommended the creation of an online privacy bill of rights and an enforceable code of conduct for Internet firms handling consumer data and tracking Web users.

Source: http://www.pcworld.com/article/217471/mozilla_to_offer_new_feature_for_improved_online_privacy.html

But behind every electronic signature used in banking and tax transactions is a multipronged, and strong, network of security provisions keeping the signers — and their data — secure.

Tom Gonser is the founder and chief strategy officer of DocuSign, which provides e-signature solutions to more than 30,000 clients, including companies like John Hancock and Fidelity Investments.

The tiers of authentication and data storage in DocuSign’s comprehensive platform are designed to give people peace of mind that their digital signatures are safer than the real thing.

“E-signatures give the user the ability to prove that a transaction has occurred that’s way beyond what you can do with paper,” Gonser told SecurityNewsDaily.

Gonser explained that when clients upload a document and the e-signature attached to it to the company’s firewall-protected server, DocuSign encrypts it and then “hashes” it — essentially creating a mathematical algorithm of the file that can be examined to determine if it’s been tampered with.

When it’s time for the e-signature, there are several levels of authentication in place to keep hackers at bay.

One security measure calls for biometric phone authentication — the customer calls a designated number and DocuSign sends a code to the user’s phone, which the customer then types into the phone. A recording of the customer’s voice finishes the process, tying the company’s phone, the user’s phone and his voice to the e-signature. DocuSign also uses one-time passwords and knowledge-based authentication methods to back up the e-signatures.

“It’s technically possible, I suppose, to break into a server, but it would take a supercomputer about 1,000 years,” Gonser told SecurityNewsDaily. “It could be hacked … but it hasn’t happened and it’s not going to happen.”

Gonser said e-signatures have followed the same path toward social acceptance as online shopping, in that purchasing items online was at one point viewed as a risk, but now it’s accepted practice.

“I don’t see the e-signature platform as a cybercrime target,” he said.

Cybersecurity experts are inclined to agree with Gonser.

Joe Stewart, director of malware research at SecureWorks, told SecurityNewsDaily that there are few risks in using e-signatures, especially since the signatures themselves are backed by a web of safety measures.

“If e-signatures became the primary method of authentication, they would certainly be targeted,” Stewart said. “A better e-signature system would rely on trusted external cryptographic hardware devices using biometrics to sign the data instead.”

Which is exactly what DocuSign and many other e-signature companies do.

Roel Schouwenberg, senior malware researcher at the security firm Kaspersky Lab, said e-signature platforms will likely stay off cybercriminals’ radar screens. Unfortunately, hackers don’t need them because there are so many easier security loopholes to exploit available.

“So far, cybercriminals have been successful without having to abuse e-signatures,” Schouwenberg told SecurityNewsDaily. “That’s likely not going to change for mass attack.”

Source: http://www.msnbc.msn.com/id/41256683/ns/technology_and_science-security/

“There is a danger if we put too much into privacy protection,” said Jeff Jarvis, outspoken columnist, blogger and associate professor of the City University of New York’s graduate school of journalism, speaking at the Jan. 20 Digital Privacy Forum in New York.

“We’re paying so much attention to privacy that we’re going to risk missing the beauty of the Internet,” he said.

An instance of that beauty, Jarvis said, is the ability to travel around the world on Google Street View. But Germany’s recent decision to investigate the legality of Street View, and the Czech Republic’s banning of it, worries Jarvis.

“In Germany, buildings are now pixelated,” he said. “If the government can pressure Google to not take pictures of public buildings on a public street, can they say that to journalists, or people with camera phones? We have to beware the precedents we set and their unintended consequences.”

Jarvis calls for embracing the empowering freedom of the Internet and enjoying — even growing and learning — from the ability to reveal and share in a public forum.

“We’re going through a Gutenberg revolution,” he said. “This ability to be public, for all of us to have the Gutenberg press — let’s not give that up. What would happen if we lock down too much is we revert the power back to the institutions that we’ve grabbed it from. We have this power now.”

Jarvis, who created the popular blog BuzzMachine, knows firsthand the benefits of online sharing. On Aug. 10, 2009, he announced on his blog that he had prostate cancer.

Decades ago, this would have been an issue he faced alone, or with his immediate family and doctors. With the Internet, suddenly he had a support system that was millions of people strong.

Only one person accused Jarvis of “over-sharing,” he said, to which he responded, “Who’s to say what’s over-sharing? I accused him of over-listening.”

Looking toward the future, Jarvis stands behind the belief it’s a mistake to rush to enact privacy regulations, especially when that legislation would be based on fear, and not the benefits that a more social, less private online world could provide.

He used online health mapping and public health forums as examples of the life-saving work that could come from a social Internet, and discussed Germany’s opposition to using facial recognition in geo-locationprograms.

“That technology could be used to find missing children or earthquake victims or terrorists,” he said. “How can we forbid technology before we’ve ever used it?”

“The phobia of technology and the changes it causes could be dangerous,” Jarvis said. “Wonderful things come out of the social Internet, we’d lament that if we didn’t have it going forward.”

Source: http://www.securitynewsdaily.com/online-privacy-masks-beauty-of-the-internet-prof-says-0444/

For the Pentagon, which operates 15,000 networks and owns more than a million computers, the risks are huge. Though Defense systems are attacked constantly — 5,000 times per day by some accounts, and scanned millions of times per day — these digital invasions are little reported.

Banks lose millions of dollars a year from cyberintrusions. Each bank averages one million probes per month. These too, are little reported. The banks see this as a cost of doing business, and customers pay the cost in increased user fees. Manhattan District Attorney Cyrus Vance Jr. says, “The Internet is the crime scene of the 21st Century.”

For the typical PC user, the average security software package provides little insight into the true nature or danger of these attacks. And the average attack by a new virus is almost never protected by existing security software. This protection almost always comes after many computers have been infected.

For the past three decades, the Pentagon’s modernization investments have been shifting from platforms to upgrades to sensors, communications and intelligence-collection enhancements — all dependent on secure, well-functioning networks. The theory is that existing platform capabilities coupled with these “information” enhancements will provide dominant capability for U.S. forces. Adequate cyber-security is an implicit assumption to this development strategy. It is, too, a critical assumption.

NDIA member companies recently put together a white paper on the necessity to better acquire and field cyber-capabilities. The paper focused first on the problems with existing processes. Currently, responsibility is highly distributed and the acquisition is unfocused.

Multiple, overlapping policy, governance execution and reporting entities in Defense, Homeland Security, the Office of the Director of National Intelligence, the Energy Department, the Federal Energy Regulatory Commission (that promulgates requirements for the electrical grid) and other federal agencies inhibit effective cyber-protection. It is piecemeal and disjointed. The U.S. government is not taking full advantage of the investment that industry has already made in cyber-security.

There has been much capability already developed, but little emphasis has been placed on reuse and redeployment. Scant credit is given in procurements for already developed and embedded cyber-capability. Contract awards are often given for “technically compliant/lowest cost” while criteria for “best value” is less frequently encountered. State and local government entities must also be folded into a comprehensive program.

The nation must have a coherent acquisition approach, a cohesive strategy, and supporting legislation/regulation that recognizes and corrects the disconnects in organization and execution. There needs to be better integration through all government entities, laterally and vertically.

For all these reasons, there must be a much closer partnership between government and industry. This would promote a more robust understanding and definition of cyber-requirements, and a better recognition of and capitalization of the existing capability embedded in contractor developed software.

The necessity to address vulnerabilities was recently recognized by Army Gen. Keith Alexander, commander of U.S. Cyber Command. He has said the Defense Department is not only vulnerable to its own systems, but faces risks from systems owned and maintained by others that the government relies upon. “Our mission at Cyber Command includes not only the defense of our military networks, but also a role in guarding our nation’s defense industrial base,” he said. “More than 90 percent of our military’s energy is generated and distributed by the private sector and more than 80 percent of our logistics are transported by private companies.”

NDIA supports the development of a more cohesive acquisition strategy by government that encompasses a complete end-to-end solution, and that helps align R&D initiatives.

It would be helpful if legislation clearly encouraged partnerships and clearer acquisition strategies. This legislative focus should translate into federal acquisition regulations that emphasize best-value competitions. The legislation should also do more to bring the disparate elements of the federal government into a more coherent structure.

Finally, this area is ripe for more formal and rigorous education.

Interestingly, the 2011 National Defense Authorization has a section focusing on “Cyber Warfare, Cyber Security, and Related Matters.” It calls for the continuous prioritization of policies and standards under the National Institute of Standards and Technology Act. It directs the secretary of defense to develop a strategy for assuring the security of software and related applications as well as a template for acquiring tools and applications. Required elements of such strategy cover assurance, comparative assessments of offense/defense and potential adversaries, testing, infrastructure (facilities), remediation, research, innovation sharing, unproductive duplication, certification and accreditation.

By March 1, the secretary must submit a Defense Department “cyber warfare policy” report to Congress that addresses, among other elements, modeling and simulation tools to use in assurance and assessment activities. Significantly, the legislation also directs the secretary of defense to conduct, in coordination with DHS, a comparative assessment of critical infrastructure. This appears to be going in the right direction, but not all federal agencies are involved. More needs to be done.

In recognition of the issues at risk and their surpassing importance, NDIA is in the process of standing up a Cyber Division to give better industry focus to the many critical issues involved.

Source: http://www.nationaldefensemagazine.org/ARCHIVE/2011/FEBRUARY/Pages/ToImproveCyber-Security,USNeedsCohesivePublic-PrivatePartnership.aspx

The feature had been debuted with a quiet Facebook blog posting on Friday afternoon, Jan. 14.

It said the feature would let users “easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for up-to-the-minute special deals directly to your mobile phone.”

In other words, Facebook was giving advertisers and third-party application developers access to users’ cell-phone numbers and home addresses.

Over the weekend, the feature drew condemnation from security experts and privacy advocates.

“It won’t take long for scammers to take advantage of this new facility to use for their own criminal ends,”said Graham Cluley, senior technology consultant for the British security firm Sophos.

Users would have to give permission to app developers to get their addresses and phone numbers, but Cluley wrote that “there are just too many attacks happening on a daily basis which trick users into doing precisely this.”

“Now shady app developers will find it easier than ever before to gather even more personal information from users,” Cluley added. “You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purpose of SMS spamming, or sells on the data to cold-calling companies.”

A current example of such an attack involves a viral video of a girl so distracted by texting that she falls into a shopping-mall fountain.

A Facebook worm has been posting messages reading “Girl Falls Into A Fountain While Texting.” But the link included in the post is malicious, directing users to a page that requests their names, lists of friends and user IDs.

In fact, nearly all Facebook scams — from an alleged Miley Cyrus sex tape to any number of sexy videos — deceive users into giving out personal information.

Three days after the feature was unveiled, Facebook responded to the backlash with a carefully worded post on its Facebook Developers Blog.

“[W]e got some useful feedback that we could make people more clearly aware of when they are granting access to this data,” the posting read in part. “[W]e are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready.

“We look forward to re-enabling this improved feature in the next few weeks.”

Source: http://www.securitynewsdaily.com/facebook-flip-flops-on-selling-user-addresses-phone-numbers-0435/

1.       Change your account passwords. Creating new, effective passwords for all of your accounts can prevent you from identity theft. Mnemonics based on personal information work best and are difficult for hackers to crack, but even the best passwords should be changed approximately every 3 months. Keep in mind that you should never share your password with anyone.

2.       Verify and modify your friends list. If you are online friends with somebody that you actually don’t’ know very well, consider deleting them. Remember, privacy organization Truste recently found that 42% of teens accept friend requests from strangers on social networks.

3.       Check your privacy settings. Many social networking websites like Facebook and MySpace made multiple changes to their privacy policies during 2010 and if you haven’t maintained your settings, they may have been moved to the site’s default settings. Take the time now to review them on every social networking site you use and make changes where necessary.

4.       Google yourself. This is the first thing people will do when they want to find dirt on you, so stay ahead of the game and learn what’s out there. If you find any suspicious, inappropriate or unauthorized content, report it to the site’s administrator immediately.

5.       Review the dangers of oversharing. Mentioning your full name, school name, address, age, birth date, or telephone number online is a definite no-no. This goes for content on Facebook, Twitter, Skype, and personal blogs too. Avoid posting photographs that reveal identifiable information such as your school’s name, and absolutely never use your real full name within your username.

6.       Disable geotagging on devices. Smart phones often automatically store metadata within any photograph you take and reveal your exact location. Uploading photographs from a smart phone to a social networking site or photo sharing site (like Flickr) discloses you or your child’s whereabouts to just about any interested party. Note that Twitter also has a geo-tagging feature that is set “off” as default, but might currently be turned “on.”

7.       What about Foursquare? Find out if your child has signed up for the popular GPS-based game in which users “check in” to various locations throughout their city via a cell phone app. It may sound like fun, but like geotagging, sites like Foursquare can jeopardize your child’s safety by divulging their location.

8.       Review e-commerce safety tips. Your teen may have their own credit card or debit card, so it’s important they know how to stay safe when shopping online. Educate him or her about legitimate e-business seals (like BBB, Verisign or Truste) and the significance of a plural url (https instead of http).

SafetyWeb is the leading service simplifying online safety by helping parents guard their children’s online safety, identity and reputation. The service monitors the web to deliver reports and immediate alerts on irregularities and dangers associated with kids’ and teens’ online activity. Because SafetyWeb acts as an online guardian angel, they arm parents with information to determine acceptable and healthy online behavior. The company was founded by Michael Clark and Geoffrey Arone, who have worked on web sites that combined, serviced over 200 million register users. For more information on online safety made simple, visit: www.SafetyWeb.com.

About the author:
Tammy Blythe Goodman is a New York City-based writer/editor with experience creating content for multiple platforms including film, radio, print, online and mobile. In addition to frequently contributing to SafetyWeb, she has also developed content for Associated Content, Sony Corporation, Fox Interactive, PartnerPeople, CyberRead, Aleratec, and InBlaze Entertainment.  Tammy has also written several award-winning mobile video games for Gameloft, an international video game developer and publisher of downloadable games.

She holds a Bachelor of Arts degree in Communications: Visual Media and Literature: Cinema Studies from American University as well as a Masters of Fine Arts degree in Film from Columbia University.

Source: http://www.computeruser.com/articles/privacy-8-new-years-resolutions-for-protecting-your-privacy-online.html