Ridiculous? Yes, but when it comes to software applications, that’s what happens every minute of the day.

Indeed, if that happened in modern day cars, there would be a consumer outcry. But in the software industry, it’s the norm.

Software applications are complex lines of computer code. And the problem is, that they are so complex (just lines of 0 and 1s), that it’s easy for a programmer (most modern day code is written in C++), to make a mistake.

Now it might be a minor mistake, but that’s all that a modern hacker (or cyber criminal as they are known as these days) needs to exploit the application. Because certain mistakes, or holes in the code (which are known in the trade as ‘bugs’), can be exploited. And the holes are in effect open portals through which hackers can insert new code which are known as viruses. Basically, a virus is a line of command code which serves a purpose designed by the hacker.

It might be as innocent as a joke which can appear on the user’s screen at a given time; or, it might be as dangerous as monitoring the user’s internet surfing and eventually learning how to drain their bank account.

But the point is, that the code, complete with ‘bugs’, is sold by the computer companies as finished products.

Now, to be fair to them, if they were to produce a totally bug free product, it would take years longer to finish and to market. And, arguably, a bug free state would be almost impossible to achieve, because the hackers tend to evolve their strategies over time.

For example, take Windows XP (the Microsoft operating system) which is one of the most complex and sizable applications you can buy, with millions of lines of code. Only now, after a huge number of service packs and patches (literally shoring up the defences and closing the holes), is Windows XP almost watertight. It has taken years to reach this stage and since then, two further incarnations have been launched: Windows Vista and Windows Seven.

And although software developers are getting better, it’s still a sad fact that most complex software applications you can buy, will have bugs and will be vulnerable to hackers.

The only way to cope with this is by using tools from quality antivirus software developers. It is these companies which have inherited the role which many believe should have been taken seriously by the developers.

The downside is, that you have to spend extra to protect products that arguably shouldn’t have been sold until they were watertight. But if you wanted 100% security, then you might have to wait years for products.

So, a flawed industry, yes, but is there a way out, yes again: buy good antivirus software and when it comes to surfing, always be a cynic.

Guest Article by Neil Camp 

Internet security is a constant worry for all users of the web so to hear that Facebook had been targeted again only heightens concerns about overall security.

The BBC and a few tech sites reported that what was described as an ‘odd’ posting which claimed to have come from Mark Zuckerberg, the founder of Facebook.

The 26-year-old American who has made billions from Facebook apparently made a posting to a fan page which is said to have called for the website to become a social business. And one which does not require the backing of the world’s financial markets. This was obviously a reference to recent stories about a possible Facebook IPO which would give a public company status.

The posting read:
“Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn’t Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business’ the way Nobel Prize winner Muhammad Yunus described it?”

Facebook issued a statement saying:
“A bug enabled status postings by unauthorised people on a handful of pages. The bug has been fixed. It was a handful of public Facebook pages and no personal user accounts were affected.”

The posting was not Mark Zuckerberg of course, but the fact that the erroneous message was the result of a hacking, won’t endear many to the website’s ability to beat off attacks.

The Muhammad Yunus referred to in the message is the founder of the Grameen Bank. This acts as a loan institution to individuals who have business ideas, but no collateral to get started.

The fake post pulled in 2,000 comments before it was brought down and software security company Sophos say that the page in question, which has three million fans, has been moved to a new address.

A spokesman for Sophos told the BBC:
“It’s quite possible that other people than Zuckerberg had access. It could have been one of those that got hacked. I can easily imagine that something like that could have happened. The other possibility is that [Mr Zuckerberg] strode away from his desk for a while and someone grabbed it and typed the message in. Although you wouldn’t think that would do much for their job prospects.

“As a general rule this can happen to anyone. Just because a person is famous or well known doesn’t mean that everything that is posted from their account is legitimate.”

It is said that French President Nicholas Sarkozy suffered a similar fate recently when his account was hacked and message released saying he was resigning. Experts are worried that tools like Firesheep make it easy for people to grab login information for unsecure websites.

With incidents like this, worries will continue about the current state on internet security.

Guest Article by Neil Camp 

The internet has brought an unbelievable freedom to shoppers and people searching out the best retail bargains. And more than ever great numbers of shoppers will be using the internet this Christmas to buy their presents.

But, this is the time when surfers should be at their most cautious. Identity theft via the internet is becoming common and unless you are protected by strong anti-virus, you run the risk of someone literally digitally cloning you and using your electronic profile to get you into all sorts of trouble.

Hackers pinch personal identities for two main reasons. Firstly, they can steal from the identity they’ve just discovered and secondly, they do action things in the name of the identity they have just discovered.

It works like this. People are naturally careless creatures and what might seem like innocent information – a name, and perhaps a date of birth, linked to an address, and maybe the name of their bank – can all be linked together to form a profile of a person. Then, with a little ingenuity, maybe usernames and passwords can be guessed at. And it might not even be guessing, because there are viruses – known as Trojans – which act as key loggers, or stroke replicators, which match the used keys when say accessing an online bank account. These viruses sit on a person’s computer, without them knowing, and pass back the information to the hacker. The hacker then matches a website url – say your bank – with the keys you use when entering your online account. And hey presto, with the other things they know about you, this then represents a profile which can be ‘attacked.’

And usually the hacker won’t use that profile themselves. They prepare the data and sell it on a website where criminals pay for the information, in an auction, and then do with it as they see fit. Not a particularly nice state of affairs, but worth billions to the organised crime gangs who can now steal via computers, and not get their hands dirty.

It can also work in another way. Rather than drain your accounts of your precious money, the hacker decides its more profitable to pose as you and apply for credit, or buy products. Applying for credit, as well as other goods and services, is becoming more popular than just attacking a bank account. Buying goods on credit, or arranging loans, can yield the criminal a far bigger return and it can be some time before the thefts are discovered.

There was a recent scam where East European scammers had created a simple money making machine. They bought personal identities off the criminal websites, then ordered contract mobile phones on their behalf, to be delivered to the homes of chosen accomplices. Once the phones were in the possession of the accomplices, they set about telephoning premium numbers which the gang leaders had set up in Eastern Europe. And because the premium numbers (about £1.50 a minute) were overseas, the mobile phone providers were obliged to pay the call rates before passing the bill onto the unsuspecting people whose identity the phones had been registered. A shock for all parties concerned.

So, yes, Father Christmas is used to being copied by millions across the world. It’s part of the festive fun. But just make sure your identity doesn’t get copied as well and that nice iPhone they’ve ordered for you – which you never got – has been happily ringing a strange Eastern European number. You’ve been warned.

Guest Article by Neil Camp 

It’s being reported that the website was the target of a hacker known as TinKode. A Romanian, TinKode is thought to be behind a number of recent high profile hacks. Using sophisticated firewall antivirus software is one way webmasters try to keep out cyber criminals and hackers, but TinKode is thought to have launched his attack using what’s known as SQL injection, a common tactic used by many worldwide.

It involves an attack upon the site’s database. It basically compromises the database which supports the site by sending out malformed queries and looking at the responses generated by such actions.

The attack happened appropriately enough on Bonfire Night and the hacker posted the details of the information he managed to retrieve – via his Twitter stream – including the passwords and user names of the site’s administrators.

A spokesman for the Royal Navy told the BBC News website that the site had indeed been compromised, but said that “…there had been no malicious damage.” Furthermore, that the site was temporarily suspended and that a static image had been uploaded on the home page, stating:
“Unfortunately the Royal Navy website is undergoing essential maintenance. Please visit again soon.”

A spokesman for computer security company Sophos told the BBC New website that the affair was “…immensely embarrassing, particularly in the wake of the recent security review where hacking and cybercrime attacks were given the top priority.
Now we have the Royal Navy with egg on its face. He’s obviously more of a show-off type of hacker rather than malicious. But if he’d wanted to he could have inserted links which would have taken the website’s readers to malicious sites."

Experts reckon that TinKode has to date carried out over 50 defacements of various websites over the last 12 months. The targets have ranged from YouTube, to small businesses and adult websites.

The Ark Royal may be going to save some money on the defence budget, but some of the savings had better be spent on a decent firewall antivirus software.

Guest Article by Neil Camp

The Panda antivirus software say the phishing attacks are geared towards collecting personal bank details from people’s computers and the popular Apple iTunes service is in the firing line.

The phishing attack centres on emails which are sent to people and masquerade as genuine iTunes receipts for goods not purchased. The email contains a link that the person clicks and asks them to download a malicious and fake PDF reader. If the user agrees to the download, then they are directed to other websites that download all sorts of malware.

Hackers have identified iTunes as a multi-use platform which every day has millions of people loading credit and debit card details, as well as conducting a huge amount of transactions. The potential number of victims is worrying large parts of the computers security industry.

At the heart of the ‘con’ is a genuine attempt by people concerned that they have received an incorrect receipt for a purchase they never made. The natural reaction is to click the link, identify the nature of the receipt and then try and put matters right. Of course, the hackers are in the meantime directing their victims to websites that have nothing whatsoever to do with Apple, but are there to download nefarious malware.

And once the malware has been downloaded – mostly banking trojans in this case – the viruses get to work copying a person’s bank and personal details, which then gives the hackers complete control of various financial transactions. This might range from making purchases, to draining a bank account completely.

The skill of the phishers is to replicate almost perfectly an iTunes email and then release these to millions of unsuspecting computer users.

Security experts remind people that the best way of avoiding such tricks is never to enter a supposed site by way of an email link, unless the source of the email can be completely guaranteed. As always, a suspicious mind is one of the best ways to defeat such tricks.

Luis Corrons, the Technical Director of PandaLabs, creator of Panda antivirus software range of applications, said:
“Phishing is nothing new. What never ceases to surprise us is that the techniques used to trick victims continue to be so simple, although the design and content is often very well worked. It’s often difficult not to fall in the trap. That’s why it’s absolutely crucial that when you use platforms such as iTunes, and you receive these types of notifications, never go to the website through the email, but rather from the platform itself. You can check your account status in real time from the account itself. And in this case you would therefore realize it is an attempt at phishing.”

Guest Article by Neil Camp