If you are having trouble viewing this email, click here to view this online



   ISSUE 76

24 November 2017

Article of the Month Around the World

Software Infringement

�Software infringement� might be a strange word for most of you, but this is a violation where many users do in a daily basis. As users who benefit from different types of software, we should be aware of, what is software infringement? What are the consequences of it. Let�s look at what is software infringement is?
As a general matter, copyright infringement occurs when a copyrighted work is reproduced, distributed, performed, publicly displayed, or made into a derivative work without the permission of the copyright owner.
-U.S. Copyright Office-
As per the definition software infringement/copyright infringement is the use of software for many different purposes without the copyright owner�s (A piece of software is copyrighted to its developer) permission. Let�s put it in simple way, Software infringement can be represented in various terms, such as using pirated software�s, cracked software, fake software, etc.
It�s true that sometimes software�s can be expensive; Having said that, it is not an excuse for using pirated software. Because there are pretty decent free and open source (FOS) alternatives available for many commercial software. It may not be as perfect as a proprietary software though, Foss software makes a good effort to keep in line with the proprietary software.
There are many reasons to justify, why it�s not wise to use pirated software. Few such instances are,



Hidden cost
Using cracked version of software may not always be free. There could be hidden cost involved in it, which is true in most cases. Assume that these software is used in a commercial environment. There are high chances where cracked software may crash your systems, which may lead to monetary and other losses to the business. With malware embedded in cracked software, it is highly possibly can happen.



Why do hackers/crackers crack software and distribute it for free? Thinking in a rational way, crackers would not distribute cracked software without any benefit. Certainly there will be benefits for them. By the looks of it, the software will work perfectly as the licensed product; But behind the scene there can be malware embedded to it. Ultimately the cost of using pirated software could end up in a disaster. Your privacy gets violated, personal/banking information could be stolen, damage to the systems and many more.

No upgrade/patches/support

Think of a situation where your production department uses a pirated system for a critical process. All of a sudden the system crashes. And you don�t have the expertise to fix the issue. What will you do? Now you are lost. You will have no one to turn to. Not only that these type of software will not get any upgrades or patches. Patches are really important when it comes to fixing security and other issues in the system. These issue can be applicable for both personal and commercial use.


It is illegal

Everyone knows unauthorized usage of copyrighted software is illegal. But not many of them realizes it, using these kind of software will lead them to trouble. People think they will not be caught. This is not the case anymore. We have come across many incidents where people are finding police or law enforcement authorities knocking their door with search warrants to search if you use pirated programs. Keep it in mind that, almost everything you have done in an environment is re-traceable.

Having said all these consequences of using cracked software, there are many ways to stay safe meanwhile accomplishing you work. If your requirement is for a short period of time, you can always go for a trial version of proprietary software. If you need to use it for long term purpose, but if you can�t afford to buy, it is wise to go for an alternative software which is free or low in cost, rather than going for an alternative way to use the expensive commercial software. You can get a pretty decent community support for Free and open source (FOSS) software as well. Think wisely and make decision.



Abdul Raheem

Abdul is an Associate Information Security Analyst at Sri Lanka CERT|CC

























1 Statistics on the Internet growth in Sri Lanka
2.The Dragon Research Group (DRG)
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
4.Shadowserver Foundation
5. Team Cymru

  Multi-stage malware sneaks into Google Play


"....Another set of malicious apps has made it into the official Android app store. Detected by ESET security systems as Android/TrojanDropper.Agent.BKY, these apps form a new family of multi-stage Android malware, legitimate-looking and with delayed onset of malicious activity.
We have discovered eight apps of this malware family on Google Play and notified Google�s security team about the issue. Google has removed all eight apps from its store; users with Google Play Protect enabled are protected via this mechanism...."


Hackers hit Sacramento transit system, demand money to stop attack


"...Hackers looking for a payout have hit the Sacramento Regional Transit (SacRT) system, defacing the agency website, erasing data from some of its servers, and demanding money to stop the attack and not do further damage...."



'...When a woman named Wu received a text message from a local fire department about the inhabitants of her home, she was shocked. The department notified Wu that her house, rented out to a couple, had in fact been sublet to many others. Long before she knew it, the details of her house had been input into China�s policing system, which has a better memory than most people in China about what they did, and where, and when.....'




'...Adobe kicked off today�s Patch Tuesday barrage with a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with the near-customary Flash Player update addressing a handful of critical flaws.

None of the vulnerabilities patched today are under active attack, Adobe said; Adobe also pushed out security bulletins for Photoshop CC, Connect, DNG Converter, InDesign CC, Digital Editions, Shockwave Player and Adobe Experience Manager.....'

Microsoft and GitHub team up to take Git virtual file system to macOS, Linux


'....One of the more surprising stories of the past year was Microsoft's announcement that it was going to use the Git version control system for Windows development. Microsoft had to modify Git to handle the demands of Windows development but said that it wanted to get these modifications accepted upstream and integrated into the standard Git client.

That plan appears to be going well. Yesterday, the company announced that GitHub was adopting its modifications and that the two would be working together to bring suitable clients to macOS and Linux....'

Month in Brief
Facebook Incidents Reported to Sri Lanka CERT|CC in October 2017
  Statistics - Sri Lanka CERT|CC

Multiple Intel firmware vulnerabilities in Management Engine

'...The research that led to finding the Intel firmware vulnerabilities was undertaken "in response to issues identified by external researchers," according to Intel. This likely refers to a flaw in Intel Active Management Technology -- part of the Intel ME -- found in May 2017 and a supposed Intel ME kill switch found in September. Due to issues like these, Intel "performed an in-depth comprehensive security review of our Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience."....'

DNS resolver will check requests against IBM threat database

"...The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features.

The Quad9 DNS service, at, not only turns URIs into IP addresses, but also checks them against IBM X-Force's threat intelligence database. Those checks protect agains landing on any of the 40 billion evil sites and images X-Force has found to be dangerous. .."
Uber hid hack that exposed data of 57 million users, drivers

�..Uber revealed Tuesday that hackers stole data on 57 million drivers and riders in October 2016, the ride-hailing company said on Tuesday.

The pilfered data included personal information such as names, email addresses and driver's license numbers, the company said. Social Security numbers and credit card information, however, didn't appear to have been compromised...�
Survey: Cloud security concerns linger, but not enough to stop adoption

."...Organizations are increasingly willing to migrate their applications, data and processes to the cloud in spite of lingering security concerns, according to a new survey of Canadian senior-level IT practitioners by security and cloud solutions provider Scalar Decisions.

According to the 2016 Scalar Cloud Study, respondents listed security as one of their chief concerns prior to migrating their processes to the cloud (37 percent) and even more so as the migration proceeds (75 percent, the #1 concern). Moreover, 77 percent of survey-takers said their organizations are not doing enough to address cloud security on the IT or business side, or both...."

Notice Board
  Training and Awareness Programmes - November  2017

Brought to you by: