InfoWorld published the 10 most common security land mines that experts say you need to avoid.

Many companies spend a small fortune and deploy a small army to secure themselves from the many security threats lurking these days. But all those efforts can come to naught when making any of these common mistakes. The results can range from embarrassing to devastating, but security experts say that all are easily avoidable.

And almost all can be done without spending one more dime.

1. A slip of the finger reveals the company secret

2. People give away passwords and other secrets without thinking

3. A trusted partner ends up not being so trustworthy with your data

4. Web-based apps can be portals to leaks and thieves

5. Hoping the worse doesn’t happen only makes it worse

6. Avoiding or diluting response leadership makes breaches worse

7. Handling breach details sloppily tips off the perp

8. Trusting "silver bullet" technology hides real threats

9. Spending unthinkingly wastes resources you might need for important threats

10. Don't save the wrong data

In short, weakest point in ICT technologies is always the same one… guess who ?

The full article is available here on InfoWorld

Tags: 2008, art, blog, ces, ict, ICT Security, im, King, lan, leadership, nomadcom.net, password, risk, security, technology, thieves, threat, tips, top 10, weakness, web, world, wp, www, XP

Emirates Airlines announced yesterday that passengers will no longer have to switch off their mobile phones and will be allowed to make calls and text people during their journey on-board.

The first flight with authorized mobile phone calls was made on 20th of March between Dubai and Casablanca on-board of an Emirates Airbus A340-300 fitted with AeroMobile system, which ensures mobile telephones operate at minimum power during flights and make sure mobile phone signal does not interfere with aircraft navigation equipments.

A second aircraft equipped with the same AeroMobile system will be in service shortly.

Rates were not published, but in 2007, cost per minute was estimated between 2.50 and 3.50 USD.

Source: Arabnews via Wi-Fi Networking 

Tags: 2007, 2008, aeromobile, air, airbus, aircraft, airlines, arc, art, blog, cellphone, cellular, emirates, flight, gsm onboard, ia, im, King, lan, light, mobile, Mobile Communications, mobile phone, network, nomadcom.net, passengers, phone, phones, power, Travel, wifi, wp, www

London police launched on 25th of February a new advertising campaign. Posters and TV ads are urging Londoners to turn in people who might be taking pictures of CCTV cameras.

"Thousands of people take photos every day.

What if one of them seems odd ?

Terrorists use surveillance to help plan attacks, taking photos and making notes about security measures like the location of CCTV cameras.If you see someone doing that, we need to know.

Let experienced officers decide what action to take." 

Other posters target households:

"you see hundreds of houses every day. What if one has unusual activities and seems suspicious"

as well as mobile phone users :

"Thousands of people have mobiles. What if someone with several seems suspicious?"

What's going on in London ? Is the Metropolitan police not busy enough ? did they become completely paranoiac ? or do they need some budget increase ?

Where is this so famous British phlegm ?

As a response, many people have already redesigned the posters to point out the absurdity of them. Some samples are available on BoingBoing.

Tags: 2008, advertising, ATT, attack, blog, camera, civil liberties, counterterrorism, CTU, design, february, fon, ia, ict, im, King, lan, launch, location, london, mobile, mobile phone, nomadcom.net, officer, paranoia, PDF, phone, photo, photographers, Photography, picture, police, post, posters, public, security, snitch, suspect, terror, terrorism, uk, USA, user, wp, www, XP

The WNDW team has released its second edition of the book "Wireless Networking in the Developing World". The 425 page book includes lots of new material, including new chapters on solar power and economic planning, several new case studies.

The book is released for free under a Creative Commons license and is available in several languages (including Spanish, French, Italian, and soon Arabic and Portuguese). and it is free to download, print, update, or redistribute it.

The Wireless Networking in the Developing World book is just one part of the WNDW project. Community forums, training workshops, and additional material are also available on their website, http://wndw.net/.

via : Lunch over IP 

Tags: 2008, art, blog, book, community, develloping country, development, free, HP, ia, im, internet, King, lan, language, network, nomadcom.net, pda, power, project, release, Telecommunications, train, update, W NDW, web, website, wifi, wireless, world, wp, www

Not yet sure if it is a good news or not, but Air France has become the first airline in the world to offer an in-flight mobile phone service on international flights.

One Airbus A318 aircraft operating European routes has been fitted with a mini GSM base station to provides 123 passengers the possibility to :

• Send and receive sms and mms messages
• Send and receive emails via all phones with Internet access

During the second half of the trial, passengers will be able to make and receive phone calls, with the service being regulated to maintain passengers’ comfort and well-being.

If passengers kindly turn off ringing traffic data from/to an aircraft should not be a big deal, if not journeys may become quite annoying with uninterrupted flow of incoming messages ringing alert.

Hard to imagine how will be a long haul flight with full mobile phone services (voice and data) "offered" to passengers. 

At the end of the six-month trial, Air France will examine the feedback and comments made by customers to determine whether to launch this service on all its flights.

What is your feeling about the availability of in-flight mobile phone service ? 

For the technical part,
Air France uses Mobile OnAir onboard mobile telephony system, certified by EASA (European Aviation Safety Authority) which does not interfere with the radio-navigation instruments on this Airbus A318 and may only be used at cruising altitude once the new illuminated sign “Switch off your phone” is turned off (recycling the "no smoking" sign ?).  The system is activated at 3,000 metres (10,000 feet).

More about this trial on AirFrance site including a video of the 1st trial flight.

Tags: -50 days-, 2007, access, air, airbus, aircraft, airfrance "air france" gsm "gsm onboard" aircraft aviat, art, availability, Aviation, blog, bt, ces, customer, europe, flight, gsm, HP, ia, im, in-flight, International, internet, internet access, ITU, King, lan, launch, light, list, mobile, mobile phone, nomadcom.net, passengers, phone, phones, safe, safety, services, sms, term, traffic, video, what is, world, wp, www

TGV tests Wi-Fi + satellite link in three TGV trains on its Eastern network. If the experiment proves successful the new service should be generalized, from 2009, to all 52 oars network East.

With combines effort of satellite link and wireless network, in locations, such tunnels and train stations, where the satellite link cannot be established, the wi-fi network takes over to maintain the access to the Web without interruption.

French railways company SNCF previously conducted unsuccessful test using GPRS data network before launching a 2 years research and preparation program to implement this dual solution. Among technical difficulties to overcome are these related to 320 km/h TGV trains speed which causes instability and vibrations. 

The project is done in a partnership with Orange(France Telecom mobile operator), Capgemini, Alstom Transport and Eutelsat.

SNCF will put on board of its TGV a dedicated Web portal providing information about destinations, weather forecast, News, traffic information as well as a real time tracking service. From a technical point of view, TGV trains are fitted with a server where all portal content is loaded prior the journey in order to minimize bandwidth consumption due to its high cost. The tested system has been designed to provide simultaneous web connection for 14 per cent (50 users) of the total capacity of each TGV train (350).

The business plan is not defined yet, but the widespread of the system on TGV Eastern Europe network would represent an investment of 120 millions USD over 4 years. First price estimation given by SNCF Passenger service would be a flat 4-5 USD to access the Web portal during the whole journey and a 4-5 USD per hour to access the Internet.

A very interesting project and definitively a real challenge to maintain permanent web connectivity during a train journey at more than 300 km/h where the 16'000 volt power line running over the train may also create some electro-magnetic interferences and without mentioning all micro interruptions of the satellite link each time the train pass under a bridge or when dense foliage is found within the satellite's line of sight.

Any reader who already had the chance to test the reliability of the service ?

More infos (in French): Journal du Net, CNet France.

Tags: 2007, access, arc, art, blog, bridge, capacity, ces, connection, connectivity, consumption, CTU, design, europe, forecast, ia, im, internet, internet access, King, lan, launch, location, mobile, Mobile Communications, mobility, network, nomadcom.net, power, project, reader, real time, reliability, satellite, search, sncf, telecom, tgv, traffic, train, user, web, wireless, wp, www, XP

British secret services MI5 warned UK businesses about Chinese hackers.

MI5 director-general wrote to 300 UK firms including Banks and law firms to warn them about "electronic espionage attacks" conducted by "Chinese state organizations".

IT Security company Sophos reports that 30 per cent of malware are "made in China". Trojan horses are designed to rob login credentials of anything including email and games. 

China's People's Liberation Army (PLA) was already blamed in September 2007 for attacking governments computers of France, Germany, New Zealand, Australia and United States, including Pentagon systems.

Trojan horses often target computers with unpatched vulnerabilities and without proper level of security deployed.  

The Chinese government has denied any involvement in the attacks and pointed its finger to unidentified hackers.

The question is now to discover if malware "made in China" are really powerful and smart of if attacked computers were the result of a serious lack of security and preventive protection measures.

Source: The Register 

Tags: 2007, art, ATT, attack, blog, ces, computer, computers, design, espionage, event, game, ia, im, King, lan, law, login, malware, nomadcom.net, nyt, power, sco, security, services, spy, spy cyber china espionage "cyber spy" attack warning MI, the register, uk, wp, www

As part of the various and numerous initiatives taking place in Thailand this year, a multimedia event names "Thailand: 9 Days in the Kingdom" marking the 80th birthday of His Majesty King Bhumibol Adulyadej on 5 December has now been revealed to public.

‘Thailand: 9 Days in the Kingdom’ project invited in January 2007, 55 of the world’s leading photographers for a photo shoot throughout Thailand over a nine-day period. Result of captured images shows different facets of Thailand: its peoples, traditions, landscapes and cityscapes, commerce and industry.

‘Thailand: 9 Days in the Kingdom’ is now completed and released to public in three parts:

• A wonderful 304 pages large-format pictorial book which portrays Thailand today (50 USD).
• A multimedia exhibition of photographs taken during the shoot held at CentralWorld Event Gallery.
• Two documentary films on the project.

‘Thailand: 9 Days in the Kingdom’ includes seven photos-essays made by some of world famous photographers on various themes:

• reverence for the King (Anuchai Secharunputong, Thailand)
• the ongoing events in the south (Abbas, France; Charoon Thongnual, Thailand)
• Thai boxing (Greg Gorman, USA)
• the harvesting of birds’ nests (Éric Valli, France)
• the care and treatment of AIDS patients by a Catholic priest (James Nachtwey, USA)
• and the country’s colourful cabaret scene (Greg Gorman, USA)
• aerial views of Thailand (Yann Arthus-Bertrand).

In short, if pass by Bangkok before the 5th of December, don't miss the exhibition. For the others, if you like Thailand, the book and its DVD is a must have (available in English and French).

More : 9 days in the Kingdom, A glimpse of the exhibition

Tags: 2007, 9 days in Thailand, art, Bangkok, Bhumibol Adulyadej, blog, book, event, exhibition, Flickr, HP, ia, ict, im, industry, King, lan, launch, LED, nomadcom.net, photo, photographers, Photography, project, public, release, Thailand, Thailand: 9 days in the Kingdom, theme, upa, USA, world, wp, www

I found the article below on "The Register" site and asked myself the following question: 

If connecting to Internet using an open and unsecured wifi access point is considered as a crime, why authorities do not apply the same principle to other services (mainly electricity and water) we often use without any formal agreement of the owner ?

 " More than half of computer users have illegally stolen Wi-Fi connections, according to The Times – but only 11 alleged offenders have been arrested in the UK, as the police seem to think those deploying Wi-Fi should be more careful about securing their connections.

The data was collected from a "Have Your Say" survey on the website of security-specialist Sophos: apparently 54 per cent of the 560 people who responded admitted nicking bandwidth from insecure Wi-Fi routers.

This might say more about Sophos customers than the general population, and extrapolating the results to every computer user in the country is probably a crime against statistics: so that's exactly what The Times has done.

…

Anyone caught stealing a Wi-Fi connection can be fined up to a grand, even if it's left unsecured, so make sure you ask nicely next time you're looking to log on, and if the person next to you has never stolen a Wi-Fi connection then we have to assume that you have. "

What is your opinion about accessing open wifi ? Do you think it is a crime ?

Source: The Register

Tags: 2007, access, agreement, art, blog, ces, computer, connection, connections, crime, customer, electricity, enforcement, free, ia, im, internet, internet access, King, lan, law, list, MIT, nomadcom.net, police, population, security, services, statistics, survey, the register, thief, thieves, uk, user, water, web, website, what is, wifi, wireless, wp, www

The attacks on Swiss financial institutes with the aim of unjustified enrichment and the threat of the targeted industrial espionage via the internet are the main topics of the fifth semi-annual report of the Reporting and Analysis Centre for Information Assurance.

The report assesses the situation of the first half of the year 2007 in Switzerland and is now available online and clearly shows that the human factor remains the weakest point of ICT security.

Focus areas of issue 2007/I

• Attacks on Swiss financial services
  "Classic" phishing attacks by e-mail with password requests have decreased substantially in Switzerland. Moreover, all such attacks have been unsuccessful. On the other hand, successful attacks with malware have increased. Two-factor authentication systems (e.g. transaction authentication numbers, SecurID, etc.) do not afford protection against such attacks and must be viewed as insecure once the computer of the customer has been infected with malware.

• Industrial espionage and data theft
  The threat posed by targeted state or private industrial espionage continues. Not only the operators of critical infrastructures, the armament industry, or public authorities are threatened. Medium-sized industrial companies as well as manufacturers of luxury articles and fashion are also being targeted. The attacks are carried out by sending targeted e-mails to individual employees which contain malware in their attachments or links to bogus websites.
• Attacks on web servers:
  malware distribution, phishing, data theft Compromising of web servers has increased. The purpose is to use web servers to distribute malware, such as by drive-by infection, to steal data (especially on commercially used servers), to carry out (interim) storage of data (e.g. in connection with phishing), or to distribute messages that are generally political in nature.
• Malware / attack vectors
  Malware is still usually distributed through e-mail attachments or e-mails with links to bogus websites. Using clever social engineering techniques, the victim is deceived into opening the attachment or clicking on the link. Websites installing malware on the computer without any action by the user (drive-by infections) have heavily increased as an infection vector. Vulnerabilities in the operating system, the browser, or other applications are exploited. For a long time now, this no longer only happens on dubious sites, but also on (compromised) serious and well-known sites. Rates of recognition of malware by anti-virus software remain low.

The complete report is available on Melani website in italian, german, french and english.

A complete and useful list of all Internet risks and related protection measures is also available.

Tags: 2007, 24, aim, analysis, Annual, art, ATT, attack, blog, ces, computer, connection, CTU, customer, engine, espionage, human, ia, ict, ICT Security, im, industry, install, internet, IT World, ITU, King, lan, list, malware, melani, nomadcom.net, online, password, phishing, public, risk, security, services, social, storage, swiss, switzerland, theme, threat, user, web, web server, website, wp, www, XP