Briefing Room

Symantec released MessageLabs Intelligence Predictions for 2010 (also available as a PDF).

There are fourteen predications in all, the first seven are listed below. The full list with descriptions is available on the MessageLabs site.

• Antivirus is Not Enough
• Social Engineering as the Primary Attack Vector
• Rogue Security Software Vendors Escalate Their Efforts
• Social Networking Third-Party Applications Will be the Target of Fraud
• Windows 7 Will Come into the Cross-Hairs of Attackers
• Fast Flux Botnets Increase
• URL Shortening Services Become the Phisher’s Best Friend

According to AppleInsider, the act of deleting an email within iPhone OS 3.0 isn’t enough to destroy its contents. Credited with being discovered by Cult of Mac, even after emptying the Mail application’s trash, the message and all of its contents are still accessible through the phone’s Spotlight search feature.

Writes AppleInsider, “To test the flaw, delete a message within the iPhone’s Mail software. Remove it from the trash, and check your mail server to ensure it’s erased. Then, search for the subject line of the message in Spotlight, where, in many cases, the entire message can still be read. While some reports allege both IMAP and POP accounts are affected, a number of AppleInsider readers have commented that IMAP accounts are in fact not vulnerable to the Spotlight bug.”

According to a study out of University of Cambridge, a small experiment on 16 social-networking, blogging, and photo-sharing Web sites found that most failed to remove image files from their photo servers after they were deleted from the main Web site. “It’s often feared that once data is uploaded into ‘the cloud,’ it’s impossible to tell how many backup copies may exist and where, and this provides clear proof that content delivery networks are a major problem for data remanence,” writes the authors. The study reports that five of the 16 sites failed to revoke photos after 30 days. Notes the authors: “This paradigm is usually reflected in sites’ Terms of Service, which often give leeway to retain copies for a ‘reasonable period of time.’ Facebook is actually quite explicit about this, stating that ‘when you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer.’”

In the days leading up to the 20th anniversary of the June 4 crackdown on pro-democracy protesters in Tiananmen Square, Chinese security was out in force. According to the Washington Post, Twitter and other Internet services that people could have used to coordinate gatherings were blocked, as were news Web sites such as CNN and the BBC. Foreign newspapers and magazines that had been covering commemorative protests in Hong Kong were delivered with pages ripped out. Also blocked was online photo sharing service Flickr, as well as a brief interruption of Hotmail.

Those in authority in Iran were less savvy about Twitter, as the Washington Times reports: “They had managed to take down the telephone system opposition supporters used for texting but for some reason were slow to eliminate other social media. As open defiance of the election results broke out, citizen journalists used new media to spread the word. And the whole Web was watching.” The story also noted that beyond well-developed Twitter lists, local hackers were “active in helping keep channels open as the regime blocked them, and they spread the word about functioning proxy portals.”