If you are having trouble viewing this email, click here to view this online



   ISSUE 30

24 January 2014

Article of the Month  Around the World

Cyber Friendships and Social Networking


How can we enjoy the Internet safely?



Social networks have provided the exposure to enhance the circles of friends by sharing their information within a network. It is a place to hangout, learn and talk with friends. Within a large community, people can communicate through blogs, chat rooms, email and instant messages (IM). However, people might enter to a community where security threats appear due to people with dirty intentions. Most of the time teens and tweens are getting involved in this cyber socialization and tend to use technology differently. Therefore, it is important to understand these threats and know how to enjoy Internet safely.


Cyberbullying is a term which refers where young people undergo harassments or threats from another person. When the people are getting involved in harassing, it is called cyber-harassment or cyber-stalking. Cyberbullying occurs when someone uses IMs, emails, posting personal information, photos, or videos which are designed to hurt or blackmail someone else

Effects of Cyberbullying

The young communities are victims of cyberbullying. They are reluctant and ashamed of social stigma. They are exposed to greater risk on stress-related disorders, depression, and anxiety and most probably some kids have decided to commit suicide. As punishments, they might be suspended from school or the parents will punish them because of violating school�s principles or discrimination. It reveals that the kids, who have access to a phone or a computer device, are on a risk at all the time.

How to avoid Cyberbullying

 If the parents can identify that their child has being cyber-bullied, they can help their child by explaining the childhood experiences of parents and it helps to reduce the depression of a child

 Most of the devices have the facility to block the emails, Instant Messaging (IM), text messages. So people can block the bullies to avoid the risk.

 Parents need to be aware about their children�s online world and they can control the accessibility of technology for their children.

 Limit the information available on web sites about yourself because this could leads to someone getting your personal information.

 Use strong credentials to protect personal accounts from unauthorized access and do not save your credentials on browser.

 Scan and verify before opening email attachments and links in instant messages from unknown persons.

Udeesha Isurinda Sumanaratne

is an undergraduate of the University of Colombo School of Computing who is currently following Bachelor of Computer Science(CS) Currently he is working as Intern - Information Security Engineer at Sri Lanka CERT|CC







  Penetration testing: Accurate or abused?

�. . .According to a recent Ponemon study, since 2010 cybercrime costs have climbed 78% and the time required to recover from a breach has increased 130%. On average, U.S. businesses fall victim to two successful attacks per week where their perimeter security defenses have been breached.

Penetration testing (pen testing), also known as �ethical hacking,� is an important and key step in reducing the risks of a security breach because it helps provide IT staff with an accurate view of the information system from an attackers point of view.... .�

  Best practices to help prevent online data breaches

'.... Leveraging preliminary year-end data from the Open Security Foundation and the Privacy Rights Clearinghouse, the OTA estimated in its guide that over 740 million records were exposed in 2013, making it the worst year in terms of data breaches recorded to date.

And yet, after analyzing approximately 500 breaches over the past year, the OTA determined that 89 percent of all breach incidents were avoidable had basic security controls and best practices been enforced....'

Whitepaper: CISO guide to next generation threats


'.... To regain the upper hand against next-generation attacks, enterprises must turn to true next-generation protection: signature-less, proactive and real time.......'

Most top 500 Android mobile apps have security and privacy risks


'.... After testing the top 500 Android applications, MetaIntell identified that approximately 460 of those 500 Android applications (available in apps stores such as Amazon, CNET, GETJAR, and Google Play) create a security or privacy risk when downloaded to Android devices.

�Access to personal data is what makes mobile applications uniquely useful and relevant to users,� said Chris Hazelton, research director for mobile and wireless, 451 Research. �In exchange for free apps, consumers are willing to share personal data with third party developers. Companies cannot afford to do this, and must control access to data on mobile devices � creating a real need for greater transparency and control of the apps that are available to employees from public app stores.�........'

New Snapchat CAPTCHA system hacked in record time

'.... The revelation that usernames and phone numbers of some 4.6 million Snapchat users have been compromised marked a very bad start of the year for the company behind the popular photo messaging app, but it is not the end of their security woes.

On Wednesday, the company introduced a new way to verify if a user looking to register an account is human: he or she has to choose 4 pictures out of 9 that contain the "Snapchat ghost" (the app's logo).....�

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in December 2013
  Total Hacked Sites
 Statistics - Sri Lanka CERT|CC


VA Software Upgrade Bares Beneficiary Medical and Financial Data

'....  Was Navy veteran Sylvester Woodland hitting the refresh button incorrectly on the Veteran Affairs' E-Benefits website Wednesday night? �It gave me a different person's name, each and every time I came back," he told ABC.

Woodland said he called the Defense Department, the VA, and North Carolina Democrat Sen. Kay Hagan's office, but he didn't get any response until Thursday morning. Then, the website went down and an email arrived from Defense requesting that he send digital images of the few pages he printed out.........'

Google dismisses eavesdropping threat in Chrome

'.... New Zealand has finally passed a new Patents Bill that will effectively outlaw software patents after five years of debate, delay, and intense lobbying from multinational software vendors........'

Windows malware tries to infect Android devices connected to PCs


.... This method of targeting Android devices is unusual, since mobile attackers prefer social engineering and fake apps hosted on third-party app stores to distribute Android malware........'


Chinese Censors May Have Accidentally Hacked Themselves and Caused a Major Internet Outage



...... The cause of China�s massive internet outage this week, which affected an estimated 200 million users for as long as 24 hours, is something of a mystery. Chinese users trying to reach a range of websites ending in .com were re-routed instead to an IP address owned by Dynamic Internet Technology, an anti-censorship group in the US run by a member of the Falun Gong, a religious organization banned in China.....'


BlackBerrys Will Make Up 98% of Mobile Devices on New Defensewide System



'.... A Pentagon system intended to secure a mix of brand name smartphones for warfighters will primarily support BlackBerrys when the tool starts launching later this month, according to Defense Department officials.

About 80,000 BlackBerrys and 1,800 Defense-owned Apple and Android-based phones and tablets will begin being hooked up to the new management system on Jan. 31, officials announced on Friday.........'

Notice Board
  Training and Awareness Programmes - January 2014
- 20th-21st-January Zonal ICT coordinators meeting Education Leadership Development Center- Meepe
23th-January 2014 Zonal ICT coordinators meeting- Northern Province Zonal ICT center, Vavuniya South
- 24th January -2014 Zonal ICT -coordinators meeting- Eastern Province Eastern Provincial Department of Education Trincomalee
- 25th January to 28th January Content development workshop for �e-thaksalawa� Learning Management System Computer Laboratory , ICT Branch


Brought to you by: