By the day after release of Apple’s new iPad 3, hackers had already found three ways to jailbreak the OS of the tablet device. This represented a drop of six days compared to the time necessary for jailbreaking the iPad 2 after launch.

Hackers also dryly noted that out of Apple’s entire device lineup, the best-protected device is also the very cheapest one: the Apple TV 3.1 television appliance.

Why? Most of the features in Apple’s iOS operating system, which is used on all of the company’s mobile devices, are simply discarded and disabled on the Apple TV. This reduces the “area for attack” available to hackers, thus creating significant obstacles for them.

Although the newer version of the Apple TV was ultimately hacked nonetheless, the jailbreak tool did not catch on with users. It is usually the case that Apple gradually updates the operating system with the features that users had hoped to gain through jailbreaking their devices.

Reuters reports that charges have been pressed by the US government against Bo Zhang, a 32-year-old China-born programmer. He is accused of illegally copying the source code of government-owned software that cost $9.5 mln to develop, to an external hard drive.

When the leak was discovered, the programmer was a part-time employee of the U.S. Federal Reserve Bank, which helped him get access to the source code of the software developed for the US Department of the Treasury.

The compromised program, called Government-wide Accounting and Reporting Program (GWA), was developed for monitoring the money transfers made by the US government and reporting to a variety of government agencies and organizations.

Once the leak was discovered, the bank initiated an internal investigation and handed the results over to the police. As the result, Bo Zhang was arrested on January 18.

The FBI did not find any signs of espionage and he was released on bail. The trial will take place on February 17 and if he is found guilty (he is being charged with the theft of government property), he may be sentenced to up to 10 years of prison.

Some time ago, Facebook got involved in a new scandal. The hype was based around the fact that HTTP cookies saved by Facebook on users’ computers remained there even after they logged out of the social network, thus casting a shadow of suspicion on it developers and created an impression that they could be monitoring users’ activities on other sites.

On September 25, Facebook officials sent a statement to major mass media assuring the public that they were not monitoring users’ activities on other websites.

However, on September 22, the US Patent and Trademarks Office received a patent application for a technology that made it possible to track user’s actions outside a social network.

It’s clear that “to patent” does not equal “to use”, but hardly anybody can guarantee that the social network will not get such functionality in the future.

Data mining (deep data analysis) — a collective term used for a set of methods for detecting previously unknown, unusual, interpretable and practically useful knowledge in arrays of data that can be used for making decisions in various fields of human activities.

It’s common knowledge that complete privacy in today’s world is a utopian concept: our names appear in different kinds of lists and reports on a daily basis. We pay for goods and services with credit cards, use mobile phones, buy tickets… And when it comes to the Internet, we leave a colossal number of tracks: from the addresses of visited pages to search engine queries – everything can be intercepted, logged and stored in a single database.

The primary purpose of data mining lies in the analysis of huge amounts of data in such databases (involving special analytical patterns).

For instance, there is nothing suspicious about money being transferred from one account to another. Or about somebody buying a plane ticket to a large city. Or buying a large shipment of fertilizers. Or, let’s say, buying a kitchen timer or several cheap mobile phones from an online store. However, if all of these purchases were made by a single person, the local anti-terror force should definitely take a closer look.

It would seem that combining so many heterogeneous pieces of information is an immensely complex task. However, such a system is absolutely possible and may have been in operation for some time now.

The Total Information Awareness program was developed by the Pentagon from 2002 through 2003 and was aimed at detecting suspicious behavioral patterns. Following a number of public protests, it was renamed to Terrorism Information Awareness (TIA) and became nearly completely confidential. The report of the Department of Homeland Security mentions three active programs of this type. Similar solutions are being developed by other countries as well: China, the United Kingdom, Israel and Germany.

The legitimacy of such analysis is a matter of harsh public debate and none of the parties has been able to decide whether security is more important than privacy (or vice versa). And while the debate is in full swing, data collection and analysis are booming on the Internet – the Law hasn’t fully set foot on this land yet.

Employers and their employees do not always manage to part peacefully. That’s why revenge is a fairly commonplace phenomenon that even such giants as Microsoft are not fully protected from.

Revenge can be take the shape of legal action taken against a former employer or even sabotage involving damage or deletion of internal documents and disclosure of corporate secrets.

These are the kinds of problems that Gray Wireline Service, an American engineering company, faced at the end of 2010 after firing Ismael Alvarez, an employee with a 7-year tenure.  Outraged by this decision, Alvarez hacked the corporate server and deleted important reports, as well as information about oil and gas wellsites.

The judge’s response was harsh as well: Ismael got 5 years of suspended imprisonment, 1 year of house arrest and was fined over $20,000 for his actions.

Gray Wireline Service made no comments as to whether the fired employee had access to these documents prior to leaving the company and whether the company implemented any, even the most basic, security features. As a rule, weak security policies are the main reason of such incidents.

A week ago, for instance, a company called PanTerra Networks (PBX provider) suffered massive damage from the actions of a fired employee only because her email account remained active for several months after she left the company. The fired employee found email messages containing confidential financial reports and contracts due to be signed. All of these documents were shared online, which resulted in damages of over $30,000 and loss of many potential clients.

McAfee, Inc. has published research on how aware companies are of risks associated with computer security. This report shows that almost half of the organisations do not have a reliable defence against such risks, or do not know anything about them at all. Only 20% of companies have confidence in their IT security provisions.

Despite the fact that a large number of programs have appeared this year which analyze IT security of corporate networks and check compliance management, they have not been very popular. Corporate users prefer integrated solutions to narrowly specialised products.

Due to changes in legislation the need for security policy compliance is an issue for 75% of companies, while 10% have already received fines. Databases containing personal information have caused the greatest problems, so they have received the greatest attention.

“Organizations are under increasing pressure to protect customer information and privacy, as well as their own sensitive business information, driving the need for a strong focus on risk and compliance management. As the results of this study show, companies recognize the need to improve risk management through better identification of threats, vulnerabilities and countermeasures, as well as the need to improve policy compliance through more automation of IT controls,”

said Stuart McClure, senior McAfee vice president.

Microsoft initiated a lawsuit to prevent one of its managers from assuming a position in a competing company.

According to Microsoft, Michael Michevsky, their former manager, copied a large number of internal documents prior to leaving Microsoft and intended to disclose them to Salesforce, the company’s direct competitor.

The court agreed to the argumentation of the plaintiff and issued a court order prohibiting Michael to assume the position of a vice president at the competing company.

Microsoft representatives insist that the actions of their former employee are in breach of the non-disclosure and non-compete agreements that he signed at the time he was hired.
The summons also states that Michevsky copied over 900 files with over 25,000 pages of text (around 600 MB) to his laptop. These documents allegedly contained confidential information about the company’s marketing strategy and copyright-protected items.

Salesforce refused to comment on this incident.

According to researches, the number of users affected by cybercrimes in 2010 dwindled by nearly 30% and reached 8 million, which is 3 million fewer than in 2009.

However, despite the decline in the number of victims, the actual damage was much more substantial. This happened due to the fact that attackers used much more intricate and modern techniques with a purpose of inflicting maximum damage and making as much profit as possible on every intrusion.

Old methods, like theft of credit card details and one-time cashing of the stolen money, are rarely used these days, since they are easy to track down. Attackers are using increasingly complex and hard-to-detect schemes. For instance, a fraudster can steal your personal data, open a new bank account, take a bank loan or get a new credit card to cover his tracks…

The calculated value of an average damage per user explains the research results: it grew by 63% to $630 in the period of 2009 to 2010.

According to a research by Javelin Strategy, the growth of retail sales entails a decline in cybercrime rate. The experts who discovered this correlation believe that the rather bad results for 2010 are directly related to the consequences of the global economic crisis.

RapLeaf, a US-based company, has been successfully working in the area of social network monitoring (SMM) for several years and has accumulated significant experience in collecting and analyzing these data. In other words, the core of this business is the collection of comprehensive information about Internet users and selling it to interested third parties.

At the moment, RapLeaf’s database contains information about a huge number of uses – over one billion.

The main purpose of this information is obvious: ads and improvement of advertising efficiency through more accurate targeting. Ironically, these services are especially popular among politicians and public figures.

The company even got involved in a minor political scandal at the end of the past year when Wall Street Journal reporters noticed a rapid growth of the amount of finely targeted ads served to specific users. An investigation conducted by WSJ revealed that Jim Bender, a republican candidate, used RapLeaf’s services during his election campaign.

From a legal standpoint, RapLeaf has no right to store users’ names in its databases, but it’s not particularly important at the moment: the law does not prohibit storing the identifiers of users’ social network accounts that can be used to obtain actual users’ names.

Apparently, this data is not mined from social networks only. When a user registers on one of RepLeaf’s affiliate sites, it sets a user cookie that enables its owners to quickly and reliably collect information about this user.

Note that such monitoring activities can and are used for “positive” and “peaceful” purposes as well. For instance, there is a project that uses similar methods and aims at creating a system capable of recognizing the behavioral patterns of people with signs of depression who can potentially commit a suicide or hurt others.

It’s not a secret that a lion’s share of viruses and other types of malware are contracted on sites featuring adult content – erotic and pornographic materials. However, major publishers rarely cross this line, as the risk of losing sales and reputation is too high.

Mainstream Media International, the owner of YouPorn, a popular porn “tube”, chose another way of making money on its visitors: theft of the users’ browsing history.

These activities became the ground for a collective lawsuit against the company filed by site visitors accusing the company of eavesdropping and violation of privacy. The lawsuit specifically stated that all monitoring was intentional and that the JavaScript that copied browsing history records was obfuscated.

Obfuscation is a method of making the source code of a program unreadable and extremely hard to analyze while completely preserving its functionality.

Information collected using such methods has its price and this price is quite high. Knowing what sites users visited and what content they viewed allows companies to create better targeted paid products or services.

As a rule, such statistical data are purchased by advertising companies and ad networks interested in improving the accuracy of their campaigns and serving more relevant ads.

If the suit is satisfied, Mainstream Media International can be seriously punished for violating a number of laws, including the federal computer fraud and abuse statute, the computer crimes law of California, the competition and consumer rights laws.