The Buymusic.ca Blog

Today you will notice many sites have gone dark in opposition to a law proposed in the United States House Of Representatives called CISPA.

The Cyber Intelligence Sharing and Protection Act enables private companies and the United States government to exchange information related to internet security issues including private information to prevent cyberattacks, without public disclosure or the need for warrants. And this is of course where the idiom in the subject line of this post comes in.

In order to prevent cyberattacks and attacks against the national security of the United States everyone’s information would be exchanged and stored on multiple computers for analysis, opening this information up to misuse, abuse or theft.

This bill enables the distribution of information that you don’t want made public, from private posts and email to your internet browsing information, without your knowledge or consent. And it also contains an exemption from liability, reducing an individual’s ability to sue if something were to go wrong during this exchange of information.

The proponents of the bill are also relying on people’s inability to understand that the definitions used in this bill may extend the coverage of this bill beyond “cyber attacks”, the term “national security of the United States” having been linked to that country’s commercial interests in past legislation.

Your choice to purchase something outside of the United States could cause your information to be taken under the premise that the purchase was a threat to the American intellectual property owners because the product might not be authentic or authorized by an American company.

Having unfortunately been subjected to counterfeit DVDs in the past via eBay, my personal, private information could be collected and distributed. And because of this, an act beyond my control, I could face further victimization without legal recourse to prevent it.

Yes, some intellectual property provisions have been removed from the bill but what’s to stop them from re-introducing them ? They have no qualms re-introducing warrantless searches, over and over again and warrants do not significantly impede their current efforts to stop crime on the internet. And I have yet to see and evidence substantiating the claim that privacy is a hindrance to law enforcement, so why are these sentiments remaining in Government ?

I suspect internet security firms want to be funded by the public and are doing their best to present these bills as solutions to politicians that have no idea of what is involved.

Vic Toews, for example, is proof positive that politicians can be severely illiterate when it comes to technology.

In February 2012 this Canadian politician had introduced a bill in Parliament that he had not read in its entirety, claiming that it would address child pornography. And he had been so well convinced that it would that he actually accused opponents of this legislation of standing with child pornographers, in the House of Commons of all places.

Even joint statements from the Privacy Commissioner of Canada and her provincial counterparts had failed to convince him that there were serious issues with the bill and it took a severe public backlash to get him to actually review what he was proposing.

This isn’t the time for half-baked, open ended legislation that can be exploited by the very criminals that these bills are trying to address. And it is rather stupid to believe criminals would not use arguments about the constitutionality of these laws in their defense.

Opposition has been strong within the United States and a White House petition has apparently convinced the President to threaten to veto the bill, “as currently crafted” in a April 16th, 2013 statement (pdf).

Another petition for Americans and non American alike is also available at Avaaz. There are currently over 800,000 signatories on this petition.

Justice Minister Rob Nicholson has stated that Bill C-30 will not proceed in Parliament in response to the concerns brought up by the Privacy Commissioner of Canada and members of the public.

This bill would have enabled police to access internet traffic without a warrant and would have required the installation and maintenance of extra equipment by internet providers, who would have passed the associated expenditures down to the consumer.

Canadians would not only have lost rights in regards to privacy but could have also been subjected to security breaches via the new aforementioned online spying equipment had this bill gone through.

A new bill will be unveiled shortly in Parliament so additional information will be posted to this blog a.s.a.p.

Last week the Department of Homeland Security advised individuals to disable Java in their browsers in response to the release of vulnerability information on the web.

“Web exploit packs” have been sold online enabling amateurs to perform numerous malicious tasks on machines on which Java is installed.

Java has since released an update but the warning remains at Homeland Security.

Avoid clicking any links on emails or messages containing the following subject lines : “Hi baby, please check my Facebook profile,” or “I miss you, check my new photo please”

These links install malware on your system.

A new virus has been detected by Seculert on point of sale terminals in the United States, Britain and Canada.

“Dexter” forwards information from debit and credit cards directly to fraudsters who can duplicate cards.

Seculert estimates that hundreds of terminals have been infected, in 40 nations, so it’s best to keep an eye out for odd transactions on your bank statements and credit card bills.

You should also consider enabling email and/or mobile alerts on your accounts, as an extra security measure.

Skype users be warned : Do not open any message whose subject line is “lol is this your new profile pic?” !

This message directs individuals to a malware infected file, using an URL shortener services like goo.gl, that in turn infects an individual’s computers.

This malware collects user names and passwords for numerous sites and services including Facebook, Twitter, Godaddy, Paypal, eBay, Netflix and Yahoo. It may also lock your system and send unsolicited messages to individuals in your contact lists, asking your contacts to download the infected file(s) to their computers.

Skype advises their users to refrain from clicking “on suspicious or unusual files and links, even if it’s coming from people you know”. They also suggest their users update their software, including their anti-virus software.

In June 2011 I had posted a somewhat off-topic warning about a security issue I had been encountering for months.

I had been receiving unsolicited calls from individuals with thick Indian accents claiming to be “Software Maintenance Department of Online PC Care” asking me to give them access to my computer because of some alleged virus infection.

This was of course a common con by that time, which also involved individuals claiming to represent Microsoft calling random numbers in Canada, the United States and the United Kingdom.

Basically they gained access, altered settings without the user’s knowledge and then proceeded to extort $49 to $450 from the user to “repair” the damage they had caused.

The Federal Trade Commission in the United States have taken legal actions against these fraudsters yesterday, freezing their assets and demanding a halt to this activity.

The Canadian Radio-Television and Telecommunications Commission have also penalized the companies involved in this tech support scam in respect to Canada’s no call list legislation.

If you have received a call of this nature, please file a complaint with the CRTC via this form.

The government of Germany has issued a warning to their citizens asking them to use alternatives to Internet Explorer because of a security issue that has been discovered over the weekend.

Germany’s Internet Explorer users have been urged to use alternative browsers like Firefox or Chrome until a patch is issued by Microsoft.

Microsoft is currently working on a patch and asks users to install the latest version of their Enhanced Mitigation Experience Toolkit as a temporary measure until this patch is released.

I personally use Firefox to browse and Spybot’s Search & Destroy immunity function, which instructs all of the browsers to block problematic sites. But I’ve turned Spybot’s resident “SDHelper” and “Teatimer” off to avoid conflicts with my security software.

It appears that an older part of Yahoo’s systems had been left exposed resulting in a security breach that could have compromised over 400,000 accounts.

To change your password, login and click on your user name on the top left of your screen. You will be given an option to change your password in the following screen, after having been prompted to login again.

Click here for information of how to create a strong password for Yahoo.

In November 2011, The FBI charged seven individuals from Estonia who concocted a scheme to redirect internet traffic through their web sites to collect affiliation fees.

Through email attachments and web sites, these individuals infected an unknown amount of computers with a virus that changed the DNS settings of computers, rerouting them to a series of web sites that have since been disabled by the FBI during Operation Ghost Click.

Unfortunately the FBI will cease to operate their clean DSN servers on July 9th and computers that remain infected with the DNSchanger virus will no longer be able to access the internet.

To check whether your computer is infected, you can visit the Canadian DNS OK web site by July 8th. And if you are infected removal instructions are available from the DNS Changer Working Group.