Following orders to take down content deemed offensive by the government, Pakistan’s telecom company went the extra mile and took down the whole YouTube site.

They did this using an abusive networking trick called “BGP Injection” in which they told the world that the IP address listed in DNS for YouTube was on their network. When YouTube requests came in to the Pakistani network they were, of course, not satisfied. The problem lasted about 2 hours before the rest of the world caught on and undid the changes.

BGP Injection is impossible to prevent and difficult to address, and you only see it if you’re looking for it. In many ways it’s the ultimate phishing tool. If the right people in Pakistan had gone further and put up a fake YouTube site to satisfy incoming requests it would have been hard for users to see the problem.

It’s not a secret, but it hasn’t gotten that much attention. Now perhaps a rogue network operator will be inspired to use this technique to its ultimate, malicious ends.

They’re called “servers that lie.” Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

read more | digg story

More often than not companies in similar positions have similar views. But when Hollywood asked the two big phone companies to help with its fight against piracy, they responded in opposite ways. AT&T, as we wrote, is talking about developing a system that would identify and block illicitly copied material being sent over its broadband network.

Verizon, however, opposes the concept. I spoke to Tom Tauke, Verizon’s executive vice president for public affairs, on the subject. He said the company’s view combines a concern for the privacy of its customers with self interest. It may be costly for it to get into the business of policing the traffic on its network. Indeed, phone companies have largely spent a century trying not to be liable for what people say over their lines.

read more | digg story

Cryptographer and entrepreneur Stefan Brands runs Credentica, a Montreal-based startup that is rolling out an encryption-and-authentication system called U-Prove that allows users to disclose the absolute minimum to complete digital transactions — and to do so in a way that ensures the information they need to reveal has no shelf life whatsoever.

“By protecting privacy, you can actually enhance security,” Brands says. “My goal is to get the best of both worlds.”

Maintaining digital privacy and security has never been more important. As more and more people trust their personal information to electronic databases, security and privacy are plummeting. More than 79 million personal electronic records containing data like credit card and Social Security numbers were compromised in the United States last year — almost four times the number reported in 2006, according to the San Diego-based Identity Theft Resource Center. And more than 162 million such records were compromised globally, more than three times 2006 levels, according to Attrition.org.

Bad guys use sophisticated testing to create malware that can evade even the best security programs.

If you think that the latest security suites afford complete protection against malware attacks, think again. Today’s for-profit malware pushers use dedicated test labs and other increasingly professional techniques to improve their chances of infecting your computer. And the techniques they employ to outpace security software makers appear to be working.

Make no mistake–a good security program can go a long way toward keeping you in control of your system. But PC World’s recent tests of security suites found that new malware easily evaded the applications. In our tests of how well security software blocks unknown malicious programs, the best performer detected only one in four new malware samples. In contrast, February 2007 results from similar heuristics testing showed that the best utilities caught about half of new samples.

read more | digg story

The number of “spam” messages has tripled since June and now accounts for as many as nine out of 10 e-mails sent worldwide, according to U.S. email security company Postini.

read more | digg story

F-Secure has spotted an outbreak of a Javascript exploit that uses flaws in Apple’s Quicktime to grab MySpace profile data. It’s not easy to explain, but it’s a form of phishing: you visit what looks like a normal MySpace page, but the links have been altered to take you off-site (though that still looks like MySpace)

read more | digg story