Twitter disables ‘widget’ function

Twitter has temporarily disabled one of the features on its website after a security researcher warned of a programming flaw that left the login credentials of its users vulnerable to hackers.

Twitter co-founder Biz Stone said in an email that the company had temporarily cut off access to a feature that lets users display Twitter updates on their websites by using Flash technology.
“Our team has disabled the Flash widget while we look into the problem,” Stone said.
Mike Bailey, a senior security analyst with Foreground Security of Orlando, Florida, said that the problem exploits a widely known vulnerability in Adobe Systems Inc’s Flash programming language.
Adobe has told programmers how to address the vulnerability, which was first discovered in 2006, Bailey added, but noted the operators of many websites have failed to respond to those warnings.
The microblogging site’s huge popularity has made it a prime target for hackers looking to spread malicious software to Twitter’s millions of users.
“As simple as the attack is, I’ve been finding them all over the place,” Bailey said.
Officials with Adobe declined to comment.
A hacker last month briefly hijacked the Twitter site and redirected it to one that claimed to represent a group calling itself the Iranian Cyber Army. That high-profile attack — by a perpetrator who stole credentials to the account that Twitter uses to route its traffic — did not compromise credentials of any Twitter users.
Bailey said his analysis of the Twitter site showed that it could have been vulnerable to attacks for more than a year, but that it was impossible to know whether hackers had actually exploited the Adobe flaw.
He is scheduled to discuss his research on the Twitter flaw at the Black Hat DC security research conference in Washington, which begins on Feb. 2.

Motorola seeks to ban BlackBerry

The patents relate to some early-stage innovations developed by Motorola in key areas such as Wi-Fi access, application management

Motorola Inc is seeking to ban imports of Research In Motion Ltd's BlackBerry smartphones into the US that it claims infringe its patents.
Motorola, the largest US mobile-phone maker, said it filed a complaint with the US International Trade Commission, citing unfair trade practices and infringement of five patents.
The patents relate to some early-stage innovations developed by Motorola in key areas such as Wi-Fi access, application management, user interface and power management, that are now being used by RIM, Motorola said in a statement. The technology allows better connectivity at a lower cost, the company claims.

Litigation
"We've not been able to convince RIM over two years in litigation elsewhere to reach a reasonable settlement so we've taken it to the ITC to stop its infringement," Jonathan Meyer, Motorola's senior vice president of intellectual property law, said in an interview.
He said the two companies had a licence agreement in place from 2003 to 2007 and haven't been able to reach terms since then. Motorola and RIM have been suing each other in recent years.

Surge in e-crimes in Dubai

Sixty-two per cent of phishing in the UAE last year targeted local banks
Surge in e-crimes in DubaiSixty-two per cent of phishing in the UAE last year targeted local banks
By Sharmila Dhal, Senior Reporter Published
Dubai Most cyber attacks in the UAE last year targeted banks and were perpetrated by electronic criminals from outside the country, a government report has revealed, adding that the number of hacking and defacement incidents quadrupled in 2009 from 2008.
It added that of all the electronic breaches during 2009, "phishing" comprised the main offence - 62 per cent of which targeted local banks, followed by UAE branches of international banks and other institutions at 19 per cent each.

Emergency plan
The report was presented by Mohammad Geyath, Executive Director, Technology Development Affairs, Telecom Regulatory Authority (TRA), at the Crises and Emergency Management Conference in Abu Dhabi which concluded on Wednesday. The report was put together by the Computer Emergency Response Team (CERT), a consultative body that advises TRA. The total number of cyber-related offences recorded by CERT was 51 in 2009, up from 47 in 2008, while incidents of phishing and defacement had increased to 26 in 2009, from six in 2008.
Meanwhile, the TRA announced at the conference an Emergency Plan for the country's telecom sector. Making the announcement Mohammad Nasser Al Ganem, Director-General of TRA, said the plan has been developed in co-operation with the National Crisis and Emergency Management Authority (NCEMA) and in consultation with key stake-holders, telecom operators and service providers.
Designed to protect critical infrastructure for communications, the plan encompasses various stages to deal with crises which cover all aspects of security and protection on the one hand and the preservation of a sustainable network during emergencies on the other.
Earlier, Richard Clarke, former security adviser to the US government, said of all the future risks that the world faces today, the threat of a cyber war could not be wished away, just as the potential crises arising out of climate change and pandemic diseases.

Global issue
He said nations need to ask themselves what national functions depend on cyberspace and conduct an analysis of the risks such utilities as power, water, banking, airports and oil supplies face.
He said countries should spend time to put audits and back-up systems in place to meet any contingency.
"Somewhere on the curve of low probability and high consequence, we should be prepared to spend time on these matters," he said, pointing to cyber wars in some parts of the world like Estonia and Georgia.

Telecom Emergency Plan Announced
Meanwhile the TRA has announced an Emergency Plan for the country's telecom sector.
Making the announcement at the concluding day of the Crises and Emergency Management Conference in Abu Dhabi on Wednesday, Mohammad Nasser Al Ganem, Director-General of TRA, said the plan has been developed in co-operation with the National Crisis and Emergency Management Authority (NCEMA) and in consultation with key stake-holders, telecom operators and service providers.
Designed to protect critical infrastructure for communications, the plan encompasses various stages to deal with crises which cover all aspects of security and protection on the one hand and the preservation of a sustainable network during emergencies on the other.
The stages covered include prevention, preparedness, response and recovery.
Earlier, Richard Clarke, former security adviser to the United States government, said of all the future risks that the world faces today, the threat of a cyber war could not be wished away, just as the potential crises arising out of climate change and pandemic diseases.
He said nations need to ask themselves what national functions depend on cyberspace and conduct an analysis of the risks such utilities as power, water, banking, airports and oil supplies face.
He said countries should spend time to put audits and back-up systems in place to meet any contingency. "Somewhere on the curve of low probability and high consequence, we should be prepared to spend time on these matters," he said, pointing to cyber wars that had proven to be a reality in some parts of the world like Estonia and Georgia.