Following orders to take down content deemed offensive by the government, Pakistan’s telecom company went the extra mile and took down the whole YouTube site.

They did this using an abusive networking trick called “BGP Injection” in which they told the world that the IP address listed in DNS for YouTube was on their network. When YouTube requests came in to the Pakistani network they were, of course, not satisfied. The problem lasted about 2 hours before the rest of the world caught on and undid the changes.

BGP Injection is impossible to prevent and difficult to address, and you only see it if you’re looking for it. In many ways it’s the ultimate phishing tool. If the right people in Pakistan had gone further and put up a fake YouTube site to satisfy incoming requests it would have been hard for users to see the problem.

It’s not a secret, but it hasn’t gotten that much attention. Now perhaps a rogue network operator will be inspired to use this technique to its ultimate, malicious ends.

The latest IRS phishing e-mails redirects victims to sites hosted in Russia, and they mimic the actual Internal Revenue Service web site almost perfectly. And to complete the illusion, as soon as you’ve entered your personal and financial information you get redirected to the actual IRS site. Fiendish! Message Labs reports that this type of spam spiked in January, hitting ten times the normal level.The IRS isn’t unaware of this problem - in fact it has a page devoted to warning about scams. They point out that “The IRS does not send unsolicited e-mail about tax account matters to individual, business, tax-exempt or other taxpayers.” If you’re wondering how your refund is doing, go directly to www.irs.gov and check the “Where’s My Refund?” page. Don’t click any links in email that claims to come from the IRS–it doesn’t!

They’re called “servers that lie.” Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

read more | digg story

PassPub generates unique passwords to give individuals increased security. Passwords are used everyday to gain access to personal information e.g. email, banking, online shopping. Standard guidance given on selecting secure passwords is to use a combination of letters and numbers. This is a task ideally suited to a computer generated process.

PassPub provides many easy ways to obtain a randomly generated unique password to protect your personal information.

https://www.passpub.com

Browser Security Test is a registration-free service that scans your browser for security issues. It works on Firefox, Internet Explorer and Opera browsers. The service is free and takes a couple minutes, depending on your connection speed.

http://bcheck.scanit.be

More often than not companies in similar positions have similar views. But when Hollywood asked the two big phone companies to help with its fight against piracy, they responded in opposite ways. AT&T, as we wrote, is talking about developing a system that would identify and block illicitly copied material being sent over its broadband network.

Verizon, however, opposes the concept. I spoke to Tom Tauke, Verizon’s executive vice president for public affairs, on the subject. He said the company’s view combines a concern for the privacy of its customers with self interest. It may be costly for it to get into the business of policing the traffic on its network. Indeed, phone companies have largely spent a century trying not to be liable for what people say over their lines.

read more | digg story

Cryptographer and entrepreneur Stefan Brands runs Credentica, a Montreal-based startup that is rolling out an encryption-and-authentication system called U-Prove that allows users to disclose the absolute minimum to complete digital transactions — and to do so in a way that ensures the information they need to reveal has no shelf life whatsoever.

“By protecting privacy, you can actually enhance security,” Brands says. “My goal is to get the best of both worlds.”

Maintaining digital privacy and security has never been more important. As more and more people trust their personal information to electronic databases, security and privacy are plummeting. More than 79 million personal electronic records containing data like credit card and Social Security numbers were compromised in the United States last year — almost four times the number reported in 2006, according to the San Diego-based Identity Theft Resource Center. And more than 162 million such records were compromised globally, more than three times 2006 levels, according to Attrition.org.