The Georgia Institute of Technology has teamed up with Google to investigate how to counter new forms of phishing attacks by hackers. Hackers are able to control users’ internet browsing by using the “open recursive” DNS (Domain Name System) server. This type of attack is not new, although hackers have developed a technique that makes it almost undetectable by anti-virus and anti-phishing software.
A DNS server is an internet service that translates domain names into a numerical internet protocol address. For example, users would type “google.com” into an internet browser and it would translate it to something that would look like this: “207.35.118,135″. The internet browser would then direct the user to the site.
DNS servers work together in a network. If one DNS server can’t find the address it would send it to another one until the address is found. Unlike other DNS servers, open recursive DNS servers answer all DNS look-up requests from any computer on the internet. It is this feature that hackers use.
Google and the Georgia Institute of Technology have discovered that there are over 17 million open recursive DNS servers. Most of these give accurate information, but 0.4% or 68,000 are giving users false addresses to phishing sites. The hackers are able to send users to phishing sites with the DNS.
Phishing sites are false sites set up by hackers. Hackers would create sites that look like the original and get users to give information such as usernames, passwords and pin numbers. For example, they could copy an online bank site and get users to register and log in. The login information is sent to the hacker and he or she is able to use it to gain access to the user’s bank account. They trick users into entering their phishing site by sending a fake email. The email, for example, could be made to look as though it came from the user’s bank, asking them to login and update their details. The e-mail would then contain a link to the phishing site.
Hackers are using the open DNS system by targeting the user’s settings. The user would either open a virus infected attachment on an e-mail or a website with the virus embedded in it. The virus will exploit the user’s computer by changing just one file in Windows registry setting. The changed setting will allow the hacker to have complete control over the user’s browser.
If the virus is not stopped during the initial stages, it can go undetected for the rest of its existence. Users might believe that because they have anti-phishing software they can’t be infected. However, because the hacker is operating at DNS level, the anti-phishing software is rendered useless. Hackers would allow the user to browse normally, but would re-direct them suddenly if they tried to use online banking.
Google and the Georgia Institute of Technology are looking into developing a type of software that will counteract the hackers. They are also trying to create more awareness among all administrations to change their DNS servers. There is no real benefit from having an open-server. The Georgia Institute has marked phishing attacks as one of the top threats for 2008.
Author Archive
IT outsourcing has grown into a prosperous practice, and many managing directors are looking forward to harvest the diverse advantages of outsourcing. But it isn’t that all commercial enterprises should subcontract just for the sake of it; you have to measure what jobs you can do better internally.
Then comes the stage to find a workable subcontracting model. Recognize your necessities and see what your aims are. Do you only wish to have a one-time subcontracting deal? Queries like these should be addressed before you decide to go for personnel subcontracting, function subcontracting, or project-based outsourcing. That’s what we will be looking at in this article.
Firstly, we will discuss personnel outsourcing. This is basically the need when you begin to get more work than your present manpower can handle easily. But you may also be wondering what happens if the need for excess workers goes down later. Also, hiring permanent in-house staff means increase in fixed costs like extra computers, furniture, etc. for all the new entrants. And most importantly, it isn’t easy to layoff numerous employees when you don’t need them any more.
Contract employees are normally too expensive to afford, particularly in these bad economic times. Here comes personnel outsourcing, which allows you to employ fulltime overseas employees who will work only for you 40 hrs every week. The aim here is to increase the workforce for doing additional work without hiring in-house employees.
Secondly, sometimes you get clients who need a variety of services and your current manpower might not have the essential skills to execute all those mandatory services perfectly. This model of subcontracting works fine if the task you are subcontracting doesn’t necessitate bilateral work between several departments. For example, data entry work can be executed without much interdepartmental communication if you furnish all the information and a good description of the work involved.
Therefore, it is fine to outsource this unique function to an overseas IT service provider. And this function-based subcontracting framework also works well when you want to shut down an internal department like the helpdesk and outsource that entire function to cut expenses.
In the end, we have project-based subcontracting, where we outsource only specific IT projects. Projects usually have pre-specified aims and end points, and the deliverables in projects can be defined in detail. This is a one-time deal and you can choose to disburse payments only if the project finishes as per your necessities.
In the archaic days of law enforcement (think 2006), an alert police officer, veiled by the cover of brush or a hillside, would sit patiently with a radar gun waiting for a car to fly by at 90 miles an hour before firing up the sirens. But in this age of advanced technology, lead-footed drivers may never actually see flashing red-and-blue lights before receiving a citation – caught for speeding not by a cop but by the eye of a camera.
Though they have been widely used in Europe and Australia, so-called “speed cameras” are a relatively new innovation for United States law enforcement. Speed cameras are high-tech digital cameras that take pictures of vehicles breaking the speed limit (many are programmed to photograph vehicles going 11 miles or more over the posted limit). Along with getting a picture of the vehicle’s license plate, they also record the date, time, location and vehicle speed. These cameras are usually found in three different positions: fixed on poles, attached to traffic lights or housed in vans or other mobile units. When a vehicle cruises past one of the cameras going over the pre-determined speed limit, the camera will quickly take a series of photographs to document the violation. The photographs are then processed by an analyst, who tracks the license plate and identifies the registered owner (so, even if a vehicle’s owner is not the one driving, they will still receive the ticket). Citations are usually sent out 1-2 weeks after the infraction occurred, along with copies of the photos and the vehicle’s clocked speed.
While speed cameras remain controversial, a recently released report by the Insurance Institute for Highway Safety (IIHS), a nonprofit organization funded by the auto insurance industry, showed that the cameras may actually be very effective in deterring speed violations. The report, which analyzed data from a fixed speed-camera enforcement program on a busy Scottsdale, Ariz., freeway, concluded that the number of drivers traveling faster than 75 miles per hour decreased from 15 percent without cameras to 1 to 2 percent with cameras. By comparing the speeds on the camera-laden freeway with speeds on nearby freeways without cameras, researchers also concluded that the Scottsdale program was associated with as much as a 95-percent decrease in the odds that a driver would surpass 75 miles per hour.
Another area, Montgomery County, Md., is using both fixed and mobile speed cameras to enforce limits of 35 miles per hour or less – particularly in school zones. This Washington, D.C. suburb started using speed cameras in May of 2007 and charged a flat fee of $40 to every person ticketed. By comparing driver speed 6 months before using the cameras with those 6 months after getting the cameras, researchers determined speeding in enforcement areas had dropped 70 percent. On top of that, the tickets earned more than $2 million in revenue for the area.
Surprisingly, support for the speed cameras is also pretty high among drivers. Surveys have found the around 60 percent of drivers support speed cameras, which, while not an overwhelming majority, is higher than one would expect. Still, without putting cameras on every stretch of road, many question their effectiveness. While the IIHS study recorded many positive results, it also indicated that once drivers were out of the posted camera zone (an area of about 8 miles) they quickly reverted back to speeding. And, another argument against the cameras is that ticketed drivers never have the chance to face an accuser – at least not a human one.