Information on social media sites has been used against employees in ways ranging from performance evaluation to legal risk. For example, when an employee files for disability compensation and during the same period posts pictures of physical activity. “There are real concerns in terms of how social media can affect your employment status and potential job opportunities by what you do on a daily basis on these sites,” says Porfilio.

Recently, a San Francisco-based civil rights advocacy group, the Electronic Frontier Foundation (EFF) sued the Justice Department and five other federal agencies under the Freedom of Information Act to force the government to disclose its policies for using social networking sites in investigations, data collection and surveillance.

As a result of the lawsuit, the foundation obtained documents from the Department of Justice and the Internal Revenue Service that describe the value of Facebook, Twitter, MySpace, LinkedIn and other sites.

However, the boundaries are still unclear. “These documents don’t really discuss any mechanisms for accountability or ensuring that government agents use those tools responsibly,” says Marcia Hofmann, a senior attorney with the Electronic Frontier Foundation.

“There needs to be a proper justifiable framework and procedure in place to understand the parameters for such type of activity to occur,” says David Navetta, founding partner of the Information Law Group and co-chair of the American Bar Association’s information security committee. “So far there is no procedure to hold the government responsible or remedies for individuals whose privacy may have been compromised as a result of these investigations.”

7 Tips for Job Seeker’s Safety
From a job seeker’s perspective, one needs to be consistent in one’s activities and information posted about employment history, business references and recommendations provided. “The slightest conflict in their profiles can make them a potential target for fraud and ruin their online reputation,” says Porfilio.

The employer, on the other hand, needs to ensure that online hiring practices are fair and not discriminatory. How do they source their candidates? What kind of background checks do they perform? What are their typical factors for selection? “These investigations are only likely to get more widespread and intense, pushing the need for transparency in the employer-employee relationship,” says Porfilio.

Tips for ensuring online safety include:

• Use Good Judgment: Consider how your comments would be perceived before you actually post them, and put logic above emotion at all times. “Before you hit ‘post,’ realize that this will be a permanent reflection of your identity, and it may never be erased,” says Porfilio. Assume that anything you put on a social networking site will be seen by third parties, and “ask yourself whether you would want that seen,” says Navetta.
• Know Your Contact: “The key is: know your contacts,” says Navetta. Do not accept friend requests from suspicious people. Use proper introductions when adding users as friends or connections. Once you connect with somebody, they will have access to your information, and — depending on who they are — you might not want them to have that level of access. A good practice is to go through your contact list frequently to ensure you have a tight and trusted network of people, says Navetta.
• Do Not Tag Photos: “Don’t allow individuals to tag your photo, as unflattering pictures could end up costing you or your friends their jobs,” says Porfilio. A big risk in your friend putting that picture up of you from college doing silly things, and then tagging the picture — It might also get picked up on a search engine. So, if a recruiter does a search, it could come up. There are settings in social media sites to prevent friends from being able to tag you.
• Change Your Passwords: often and do not use the same password for social networking sites that you use for your email accounts and online banking.
• Know Your Privacy Settings: Many sites such as Facebook provide users with a great deal of control over who can access their information. Those settings can be confusing, says Navetta, but there are websites like these that explain how to lock down Facebook’s privacy settings, including BusinessInsider.com. Note also that Facebook is creating simplified privacy settings for future use.
• Be Consistent: Using the same photo, consistent profile language, message and links on all social media sites reduces the chances of identity theft and generates trustworthiness and recognition among employers when conducting background checks. “Job seekers also need to think twice before clicking on any links in social media sites, as these links can show up on their online history and result in turning off recruiting and hiring managers,” says Porfilio.
• Avoid Controversial Statements: If you think that somebody could take offense with respect to a political view or offensive language or comments, don’t make them on a social media site that can be viewed by others, says Navetta. “Remember: if there is nothing offensive on your site, there is nothing for potential employers to get judgmental about.”

Even though it may seem that the virus has been maintaining a low profile for the past few days, security experts warn that the virus is still a threat. In reality, it has already attacked thousands of personal computers in India and nearly 15 million computers globally till date.

So how do you protect your PC from this devastating worm? You can, if you are able to spot whether your PC is infected by it. How do you do that?

Thanks to Joe Stewart, director of malware research at SecureWorks, you can now see if your computer is affected by Conficker with a simple eye test. Stewart came up with a Conficker Eye Chart, which is a simple visual test you can use to evaluate a PC just by surfing to that page and looking at the images. Below the images, there is also a guide on how to interpret the results. It couldn’t be simpler!

However, the test doesn’t work if you’re behind a web proxy.

The worm is programmed to update itself from domains it randomly generates. For the latest version, Conficker C, this amounts to nearly 50,000 domains a day. The virus author needs to use only one of these domains to host the update, thus making tracking nearly impossible.

Use the test to check whether your PC is infected with Conficker and take the necessary remedial measures. To read more on Conficker, click here.

Source: Techtree.com

Facebook’s 120 million users are being targeted by a virus designed to get hold of sensitive information like credit card details.

‘Koobface’ spreads by sending a message to people’s inboxes, pretending to be from a Facebook friend.

It says “you look funny in this new video” or “you look just awesome in this new video”.

By clicking on the link provided they’re then asked to watch a “secret video by Tom”.

When users try and play the video they’re asked to download the latest version of Adobe Flash Player.

If they do, that’s when the virus takes hold and attacks the computer.

Guy Bunker works for Symantec, who make Norton AntiVirus, and says there are two ways Koobface gets people’s credit card details.

“It can either wait for you to buy something online and just remember the details you type in on your keyboard.

“Otherwise it can search your computer for any cookies you might have from when you’ve bought something in the past, and take them from there.”

Networking threat

The Facebook case is the latest example of hackers using social networking sites to try to cash in.

MySpace was targeted by Koobface in August.

Security experts say people are far less suspicious about viruses on sites like Facebook because you need to be a member to log in.

Facebook won’t give any specifics on how many users have been hit by the virus, only saying it’s a small percentage.

But they have posted some advice on the site about what to do if you come across it.

“We’re currently helping our users with the recently discovered ‘Koobface’ worm and phishing sites.

“If your account has recently been used to send spam, please visit one of the online antivirus scanners from the Helpful Links list, and reset your password.”

Guy Bunker from Symantec says the virus is easy to get rid of.

He said: “You can either just download some anti-virus softrware from the web. Or you can do it yourself.

“Just go to your Windows directory and search for these two files: tmark2.dat and mstre6.exe.

“If you find either of them delete them straight away.”

Source: BBC.com

Legislation that affects the use of Internet-connected computers is springing up everywhere at the local, state, and federal levels. You might be violating one of them without even knowing it.

In this article, we’ll take a look at some of the existing laws and some of the pending legislation that can affect how we use our computers and the Internet. Nothing in this article should be construed as legal advice; this is merely an overview of some of the legislation that’s out there, how it has been interpreted by the courts (if applicable), and possible implications for computer users.

#1: Digital Millennium Copyright Act (DMCA)

Most computer users have heard of this law, which was signed in 1998 by President Clinton, implementing two World Intellectual Property Organization (WIPO) treaties. The DMCA makes it a criminal offense to circumvent any kind of technological copy protection — even if you don’t violate anyone’s copyright in doing so. In other words, simply disabling the copy protection is a federal crime.

There are some exemptions, such as circumventing copy protection of programs that are in an obsolete format for the purpose of archiving or preservation. But in most cases, using any sort of anti-DRM program is illegal. This applies to all sorts of copy-protected files, including music, movies, and software. You can read a summary of the DMCA here.

If you’re a techie who likes the challenge of trying to “crack”DRM,” be aware that doing so — even if you don’t make or distribute illegal copies of the copyrighted material — is against the law.

#2: No Electronic Theft (NET) Act

This is another U.S. federal law that was passed during the Clinton administration. Prior to this act, copyright violations were generally treated as civil matters and could not be prosecuted criminally unless it was done for commercial purposes. The NET Act made copyright infringement itself a federal criminal offense, regardless of whether you circumvent copy-protection technology or whether you derive any commercial benefit or monetary gain. Thus, just making a copy of a copyrighted work for a friend now makes you subject to up to five years in prison and/or up to $250,000 in fines. This is the law referred to in the familiar “FBI Warning” that appears at the beginning of most DVD movies. You can read more about the NET Act here.

Many people who consider themselves upstanding citizens and who would never post music and movies to a P2P site think nothing of burning a copy of a song or TV show for a friend. Unfortunately, by the letter of the law, the latter is just as illegal as the former.

#3: Court rulings regarding border searches

Most Americans are aware of the protections afforded by the U.S. Constitution’s fourth amendment against unreasonable searches and seizures. In general, this means that the government cannot search your person, home, vehicle, or computer without probable cause to believe that you’ve engaged in some criminal act.

What many don’t know is that there are quite a few circumstances that the Courts, over the years, have deemed to be exempt from this requirement. One of those occurs when you enter the United States at the border. In April of this year, the Ninth Circuit Court of Appeals upheld the right of Customs officers to search laptops and other digital devices at the border (the definition of which extends to any international airport when you are coming into the country) without probable cause or even the lesser standard of reasonable suspicion. The Electronic Frontier Foundation (EFF) and other groups strongly disagree with the ruling. You can read more on the EFF Web site.

Meanwhile, be aware that even though you’ve done nothing illegal and are not even suspected of such, the entire contents of your portable computer, PDA, or smart phone can be accessed by government agents when you enter the United States. So if you have anything on your hard drive that might be embarrassing, you might want to delete it before crossing the border.

#4: State laws regarding access to networks

Many states have criminal laws that prohibit accessing any computer or network without the owner’s permission. For example, in Texas, the statute is Penal Code section 33.02, Breach of Computer Security. It says, “A person commits an offense if the person knowingly accesses a computer, computer network or computer system without the effective consent of the owner.” The penalty grade ranges from misdemeanor to first degree felony (which is the same grade as murder), depending on whether the person obtains benefit, harms or defrauds someone, or alters, damages, or deletes files.

The wording of most such laws encompasses connecting to a wireless network without explicit permission, even if the wi-fi network is unsecured. The inclusion of the culpable mental state of “knowing” as an element of the offense means that if your computer automatically connects to your neighbor’s wireless network instead of your own and you aren’t aware of it, you haven’t committed a crime — but if you decide to hop onto the nearest unencrypted wi-fi network to surf the Internet, knowing full well that it doesn’t belong to you and no one has given you permission, you could be prosecuted under these laws.

A Michigan man was arrested for using a café’s wi-fi network (which was reserved for customers) from his car in 2007. Similar arrests have been made in Florida, Illinois, Washington, and Alaska. See

#5: “Tools of a crime” laws

Some states have laws that make it a crime to possess a “criminal instrument” or the “tool of a crime.” Depending on the wording of the law, this can be construed to mean any device that is designed or adapted for use in the commission of an offense. This means you could be arrested and prosecuted, for example, for constructing a high gain wireless antenna for the purpose of tapping into someone else’s wi-fi network, even if you never did in fact access a network. Several years ago, a California sheriff’s deputy made the news when he declared “Pringles can antennas” illegal under such a statute.

#6: “Cyberstalking” laws

Stalking is a serious crime and certainly all of us are in favor of laws that punish stalkers. As Internet connectivity has become ubiquitous, legislatures have recognized that it’s possible to stalk someone from afar using modern technology. Some of the “cyberstalking” laws enacted by the states, however, contain some pretty broad language.

For example, the Arkansas law contains a section titled “Unlawful computerized communications” that makes it a crime to send a message via e-mail or other computerized communication system (Instant Messenger, Web chat, IRC, etc.) that uses obscene, lewd, or profane language, with the intent to frighten, intimidate, threaten, abuse, or harass another person. Some of the lively discussions on mailing lists and Web boards that deteriorate into flame wars could easily fall under that definition. Or how about the furious e-mail letter you sent to the company that refused to refund your money for the shoddy product you bought?

Closely related are the laws against “cyber bullying” that have recently been passed by some states and local governments.

The best policy is to watch your language when sending any type of electronic communications. Not only can a loss of temper when you’re online come back to embarrass you, it could possibly get you thrown in jail.

#7: Internet Gambling laws

Like to play poker online or bet on the horse races from the comfort of your home? The federal Unlawful Internet Gambling Enforcement Act of 2006 criminalizes acceptance of funds from bettors — but what about the bettors themselves? Are they committing a crime?

Under this federal law, the answer is no, but some state laws do apply to the person placing the bet. For example, a Washington law passed in 2006 makes gambling on the Internet a felony. The King County Superior Court just recently upheld that law, although challengers have vowed to take it to the Supreme Court.

Be sure to check out the state and local laws before you make that friendly online bet.

#8: Security Breach Disclosure laws

A California law passed in 2003 requires that any company that does business in California must notify their California customers if they discover or suspect that nonencrypted data has been accessed without authorization. This applies even if the business is not located in California, as long as you have customers there, and no exception is made for small businesses.

#9: Community Broadband Act of 2007

This is a piece of pending federal legislation that was introduced in July of 2007 as U.S. Senate Bill 1853. In April 2008, it was placed on the Senate Legislative Calendar under General Orders and is still winding its way through the legislative process. This federal law would prohibit state and local governments (municipalities and counties) from passing laws that prohibit public telecommunications providers from offering Internet services.

This is in response to laws passed in a few states, as a result of lobbying from the telecom industry, that prohibit cities from installing and operating public broadband networks, such as public wi-fi networks. The big telecom companies have a vested interest in preventing cities from establishing networks that could compete with their own services by providing free or low cost Internet services because the public services are partially or wholly taxpayer-subsidized.

If this law passes, it could make it easier to find free or low cost ISP services in cities that choose to build public networks. On the other hand, it could (depending on how it’s funded) cause tax increases for those who live in those municipalities, including those who don’t use the public networks.

#10: Pro IP Act

Back on the copyright front, the House of Representative recently approved by an overwhelming majority HR 4279, which imposes stricter penalties for copyright infringement. It creates a new position of “copyright enforcement czar” in the federal bureaucracy and gives law enforcement agents the right to seize property from copyright infringers.

This may all sound fine in theory, but when you look at the way other seizure and forfeiture laws have been applied (for instance, the ability of drug enforcement officers to seize houses, computers, cars, cash, and just about everything else that belongs to someone tagged as a suspected drug dealer — and in some cases not returning the property even when the person is acquitted or not prosecuted), it makes many people wary. Read more about the bill here.

Some local jurisdictions have already established seizure authority for piracy. See this article for more information.

Source: http://blogs.techrepublic.com.com/10things/?p=356

Now a days Internet has become a home to spam. Millions of spam bots crawl the web daily to find email addresses and then bombard them with spam emails thus destroying their efficiency and creating problems for users. The best solution to this is to get a temporary or disposable email inbox which automatically expires after a certain time period.

Benefits of Temporary/Disposable Mailbox

There are many advantages of having a temporary or disposable mailbox on the web. But here are some key benefits:

• Protect you from spam mails
• Protect your mailbox from exploits, spoofs and hoaxes
• Require no signup and/or registration
• Automatically expire after a certain time period

Top 20 Temporary Mailbox services

Collected below is a list of best temporary/disposable email services that provide you give you a temporary email inbox which is totally spam free and needs no registration or sign up:

1. Mailinator is one of the best and top rated disposable email services that gives you a temporary mailbox on the following address format e.g. something@mailinator.com
2. MyTrashMail is another good temporary mail service that gives you a mailbox in the address format e.g. something@trashymail.com and also gives you secure temporary mailbox if you signup
3. MailExpire stands out in the crowd by giving you the option to have a temporary inbox ranging from 12 hours expiry to as long as 3 months
4. TemporaryInbox is yet another simple and easy to use temporary email service that gives you an email address in different formats
5. MailEater gives you a free temporary email inbox in the format e.g. something@MailEater.com
6. Jetable not only allows you to set the life span of your temporary email inbox but also allows you to forward the mails in your temporary inbox to your real email address
7. SpamBox gives you a temporary email address in the format e.g. something@spambox.us and also allows you to set the lifespan of your inbox
8. GuerillaMail lets you generate a temporary email which expires in a time of 15 minutes and also tell you how to offer a temporary email service on your site.
9. SpamHole provides you a 2 hour long temporary email inbox at the address format e.g. something@spamhole.com
10. 10MinuteMail generates an easy 10 minute email inbox for your temporary email needs
11. DontReg is one bigger, better, faster and safer temporary email inbox solution
12. TempoMail is one new temporary email inbox services that give you spam-free mailbox
13. TempEmail aims to give you a fast, anonymous yet secure temporary email inbox
14. PookMail is a multi-language temporary email inbox service that gives an email address in the format e.g. something@pookmail.com
15. SpamFree24 is a new multi-domain temporary email inbox service which is growing rapidly
16. KasMail requires registration, allows up to 25 aliases, can set aliases to expire after a certain amount of time.
17. SpamMotel requires registration, provides mail forwarding, mail can be accessed through desktop e-mail clients, can reply to e-mail from your real e-mail address using SpamMotel e-mail.
18. GreenSloth requires no registration, receive-only, e-mail expires automatically after a week
19. AnonInbox requires no registration, simple, no frills.
20. Spam.la is a fast disposable email service which requires no registration, no frills. You can see all spam being sent to all Spam.la accounts, or just your own.

Article sourced from http://www.sizlopedia.com/2007/05/27/top-20-temporary-and-disposable-email-services/

TO: ***************
FROM: service@irs.gov
SUBJECT: 2008 Economic Stimulus Refund.

Over 130 million Americans will receive refunds as
part of President Bush program to jumpstart the economy.

Our records indicate that you are qualified to receive the
2008 Economic Stimulus Refund.

The fastest and easiest way to receive your refund is by
direct deposit to your checking/savings account.

Please click on the link and fill out the form and submit
before April 24th, 2008 to ensure that your refund will be
processed as soon as possible.

Submitting your form on April 24th, 2008 or later means that
your refund will be delayed due to the volume of requests we
anticipate for the Economic Stimulus Refund.

Source: http://www.myitforum.com/forums/m_177804/mpage_1/key_/tm.htm#177809

It appears that some overzealous engineers at Pakistan Telecom in their bid to block YouTube hijacked its IP routing table by accident. They wanted to make sure pakistani internet users trying to access the site would be redirected. To make it worse, the information was leaked in to the wider internet leading to Internet Service Providers around the world blocking YouTube. IP hijacking involves taking over a web site’s unique address by corrupting the internet’s routing tables which direct the flow of data around the world. This caused YouTube’s website to be down for nearly an hour. The pakistani engineers realized their mistake after hearing from their counterparts at YouTube.

Don’t be mistaken by the title. Web site owners already have enough trouble from hackers scanning their web sites for vulnerabilities. This always involved complex scripts and tools but the hacking group ‘Cult of the Dead Cow’ (cDc) which is best known for creating the deadly Back Orifice trojan just released Goolag, an open-source tool that allows even script kiddies to leverage the use of google to help find such vulnerabilities easily.

The web auditing tool from cDc was announced with the following press release:

SECURITY ADVISORY:  The following program may screw a large Internet search
engine and make the Web a safer place.

LUBBOCK, TX, February 20th -- Today CULT OF THE DEAD COW (cDc), the world's
most attractive hacker group, announced the release of Goolag Scanner, a web
auditing tool.  Goolag Scanner enables everyone to audit his or her own web
site via Google.  The scanner technology is based on "Google hacking," a form
of vulnerability research developed by Johnny I Hack Stuff.  He's a lovely
fellow.  Go buy him a drink.

"It's no big secret that the Web is the platform," said cDc spokesmodel
Oxblood Ruffin.  "And this platform pretty much sucks from a security
perspective.  Goolag Scanner provides one more tool for web site owners to
patch up their online properties.  We've seen some pretty scary holes through
random tests with the scanner in North America, Europe, and the Middle East.
If I were a government, a large corporation, or anyone with a large web site,
I'd be downloading this beast and aiming it at my site yesterday.  The v
ulnerabilities are that serious."

Goolag Scanner will be released open source under the GNU Affero General
Public license.  It is dedicated to the memory of Wau Holland, founder of the
Chaos Computer Club, and a true champion of privacy rights and social justice.

GOOLAG SCANNER FUNCTIONS AND FEATURES

Goolag Scanner is a standalone windows GUI based application.  It uses one
xml-based configuration file for its settings.  All dorks coming with the
distribution of gS are kept inside one file.

The group describes itself as:

About CULT OF THE DEAD COW
Based in Lubbock, Texas, CULT OF THE DEAD COW (cDc) is the most influential
computer underground group in the world.  The cDc alumni list reads like a
Who's Who of hacking and includes a former Presidential advisor on Internet
security, among others.  The group is further distinguished by publishing the
longest running e-zine on the Internet [est. 1984], stretching the limits of
the First Amendment, and fighting anyone or any government that aspires to
limit free speech.

Sources: www.goolag.org