On a request by Mr. Karthick VP Selvaraj from the University of Greenwich (www.gre.ac.uk) for creating Public Awareness, please find his findings below.If you have questions or clarifications, please contact Karthick vigneshwar at pk839@gre.ac.uk

Early May 2010, an ethical war driving had been conducted by Karthick V P selvaraj in London and Birmingham (U.K). It had been inferred that almost half of the wireless networks are insecure. Parallel to that, a research had been conducted by surveying the public of London and Birmingham with a sample size of 50 each, the correlation of the war driving and survey shows that the number of insecure network is high because of lack of awareness about the wireless security among the public.

It is important to secure wireless network in order to protect one’s wireless network from hackers, financial fraudsters and the terrorist who exploit the insecure wireless networks.

Legal Issues:

In United Kingdom, Illegal internet usage is illegal according to Computer Misuse Act. In case if you experience free internet apart from hot spots, please be aware that you are using others internet illegally which can cost you up to £5000 fine and an imprisonment of 2 years according to Computer Misuse Act.

Accountability:

If you have either limited or unlimited Internet usage, please be responsible to have a check on the accountability of your internet usage, because somebody else can use your Internet for their own welfare, illegally. When you share your internet with your family and friend please be sure that the internet sharing key is held confidential, else someone outside can peep into your network and then into your computer.

Internet Setup Configuration:

It is must to know about the initial router configuration those are as follows,

1) SSID – Service Set Identifier: In order to identify one’s wireless network, the name of the router manufacturer along with some part of the router serial number is used. For example O2wireless9477xx (here xx are numbers from 0 to 9).

There is a security Myth which states that in order to have a strong security one should hide the SSID from broadcasting. This is false as the SSID act only as an identifier. Instead of hiding the SSID from broadcasting, one can change the default SSID name as the default configuration can be predicted and can be exploited by the hackers if the router manufacture details are known.

2) To be accountable and to have a control over your network, please be advised to configure the router as below,

Open your web browser and type http://192.168.1.1 this will direct you to your router configuration page.

Usually the username will be admin and the password will be admin. If you have issues with logging in contact your ISP or your Router manufacturer to acquire the username and password.

Once you are logged in, you can find tabs to manage your Encryption Either WEP or WPA2 (WPA2 is more secure than WEP), who are all connected (trusted users or illegal users), how to allow/deny them can be easily managed.

If you find your Neighbour connected to your network illegally, you can make a screen shot of their MAC (Media Access Control) Address (computer’s identity) from the connected computer list and can have it as a proof for their illegal act.

So it is must to know about how to configure and manage your router and its password, it is a must to change the password periodically and to know it is illegal to use others internet illegally without their knowledge.

Karthick V P Selvaraj

At the recent Pwn2Own contest held during the CanSecWest 2010 security conference, the Web browser targets were the latest versions of Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari. All of the targeted browser platforms were patched up to date and included the latest anti-exploitation technologies.

Excerpt from:
Pwn2Own 2010: Lessons Learned

In October 2009 we started tracking the Mariposa, or Butterfly, botnet. At that time, a security company had reported that a large number of Fortune 100 companies had been infected with this threat

See the rest here:
Jailing the Butterfly

If you have been following this series on Trojan.Hydraq over the last week you may have noticed that the blog entries have been well, boring.

See the article here:
Trojan.Hydraq – Typhoon In A Teacup

While Trojan.Hydraq has been described as sophisticated, the methods used to obfuscate the code are relatively straight forward to deobfuscate.

Symantec Security Response has repeatedly warned that looking for free movies and videos online often results in malware infection, and here we go again with yet another example. We recently became aware of a campaign, centered around the YouTube Web site, to trick users into following malicious links.

Go here to see the original:
Smutty Searches Scuppered

Symantec goes to great lengths to prevent false positives from occurring. Undoubtedly false positives (FPs) are a concern for all vendors across the antivirus industry. However with as large a user base as Symantec has, we need to set the bar very high

Go here to read the rest:
Preventing False Positives at Symantec

In quality assurance circles at Symantec it is often stated that clean data (e.g. files from clean software) are to false positives as malicious data are to true positives.

Read more from the original source:
Software White-listing Program

Zeus is a botnet package that allows for the easy creation and command and control of a botnet.

The Security Response team has compiled the top security trends of 2009. We pulled data from the Global Intelligence Network and the experiences of the thousands of analysts and security experts at Symantec to come up with the top trends for the year.

See the original post here:
Breadth of Security Issues in 2009 = Stunning