If you are having trouble viewing this email, click here to view this online


   ISSUE 2


Article of the Month   Around the World

Privacy in Cyber Cafes

A cyber cafe is a place which provides a computer user with internet access, usually for a payment per hour or minute.

When accessing the Internet via public computers there are certain threats from which a user should be protected, such as:

- Not knowing what programs are installed on computers

For example if malicious programs like keyloggers or spyware are installed, they can capture your keystrokes to figure out passwords (when you type your password to read web mails, logon to a site etc.) and other confidential information or monitor your browsing behavior.

No matter which Internet browser you use, make sure to download the latest patches as soon as possible. These patches are the developers' response to the newest viral threats.

- Physical security in the area

Be aware of your surroundings. Keep an eye out for anyone who might be observing your computer screen and/or keyboard. For example, if the counters/partitions which are used to separate one computer from another are short, the people can peep & see what you are doing & even capture your entries on the keyboard & the information you are entering.

Here are some important tips which you can consider when you are using a computer in public areas like cyber cafes:

   - Disable automatic login:

Do not allow your login details such as your user name & password to be retained on public computers.


If the check mark is selected make sure to uncheck by clicking on the square which allows login  details to be kept on the local computer as shown in the above picture.

-  Secure Browsing:

Also, be aware of misleading links and fraudulent sites. If you are ever unsure, move your mouse pointer over a link before clicking. The real address of where the link will take you will appear.

If the real address does not match up or is a strange string of numbers, do not click. Do not open emails from unfamiliar senders, especially if they have URGENT, IMPORTANT, or WINNER in the subject line.

Make your passwords random, lengthy, and difficult. Never use your name, your nickname, your mother's maiden name, your pet's name, your social security number, or your address. Though it may be hard to remember, a string of random numbers, capitals, lowercase letters, and symbols is safest. Use entirely different passwords for each of your different logins. Only write down a password if you must; never store it with your computer. Change your passwords at least every three months, or at the first sign of hacking.

Check the URL in which you are going to enter your login credentials.  If it is an HTTPS connection then it is secure and encrypted. That means if you're using a https connection outsiders cannot see any of the data you send to or receive from that site because it is encrypted. If you can't connect via https, or the "s" disappears at some point in your browser while transmitting your confidential information, then stop accessing the site immediately.

   - Don't leave the computer with your data:

If you want to attend to any other work while you are logged to the computer, ensure to log off before leaving the place.

Do not leave your personal belongings such as USB flash drives, laptops, etc unattended. Always make sure to password-protect your belongings if you are going to use them in public places like cyber cafes.

Soft copies of documents and scanned copies must be removed from the computer before you leave the place.

   - Log out:

After you finish browsing always keep in mind to log out of any sites that you logged into, such as your web mail account, and do not simply close the window. You may notice a "Sign Out" option is available on top of the web mail window, so use that option & logout from it.

When you are finished browsing, log out of any sites you logged into.

This will prevent unauthorized access of your data by others, especially if another person is also going to use the same service after you. If you haven�t logged out, when that person opens the link it will automatically direct to your logged site. This is common for chat sites, Internet Messenger windows & any other sites. So keep in mind to Log out or Sign out from these particular sites.

   - Clear history and temporary files before you    leave:

Internet Explorer saves links that you've visited in the History folder and in Temporary Internet Files. Your passwords may also be stored in the browser if that option has been enabled on the computer that you've used. Use the following steps to clear the browser history:

Internet Explorer

Select Tools > Internet Options > Click on General Tab > Delete... button, now the "Delete Browsing History" dialog box will open. Select the options you want to delete and click on Delete button to apply the settings.


Select Tools > Options > Click on Privacy tab and select the options you want to delete. Click on OK button to apply the settings.


Select Options> Under the Hood > then select Clear Browsing Data

Double-check the browser's history, cookies, and cache. Delete anything you find there. Close all tabs and windows. Quit the browser.

   - Don't do any online financial transactions   using public computer :

It is advisable to avoid online banking or shopping where you may be required to enter sensitive information like credit card or bank account details. If it is urgent and you have to do it, make sure to change your passwords as soon as you can. You should use a more trusted computer for these types of activities.


Nilusha Guanthilake, Sri Lanka CERT|CC

 Posted on Sep 16, 2011 at 12:30pm IST

Sony recruits information security boss after hacking                         TOKYO | Tue Sep 6, 2011 5:18am EDT


Sony Corp picked a former official at the U.S. Department of Homeland Security for the new post of chief information security officer, months after a massive hacking attack leaked information on 100 million user accounts on its games networks.

Global cybercrimes cost $114 billion annually : Symntec        Posted onWed Sep 7, 2011 4:11am EDT

A study by Symantec Corp, the maker of Norton computer security software, estimates the cost of global cybercrimes at $114 billion annually.

U.S. gets chance to catch up on credit card security.                          By Peter Svensson, Associated Press  | September 9, 2011

NEW YORK (AP) -- The next time you swipe your credit card at check-out, consider this: It's a ritual the rest of the world deems outdated and unsafe.

Mobile devices a growing target for criminals.                                              By Grant Gross | September 12, 2011 06:00 AM ET


The best way to protect business information on smartphones from cybercriminals is to leave that information off smartphones, a mobile security expert said last month.

FTC proposes kids' online privacy rule update                                          Posted on Sep 16, 2011 at 12:30pm IST


A proposed update of the U.S. online privacy rule for children would revise definitions of personal information and beef up parental consent mechanisms to reflect technological changes. 

Your Facebook profile could expose you.


A 1997 MIT study found that 87% of the country's population can be uniquely identified simply by knowing a person's birthday, gender, and zip code -- all information that Facebook users routinely put on their profiles.

In 2000, 100 billion photos were shot worldwide, according to Future Image analyst Tony Henning. In 2010, there were 2.5 billion photos uploaded by Facebook users alone -- each month.

What's the connection?

With new facial recognition software able to match offline faces to a rapidly growing number of online photos, your face can soon be linked to all the information you post to Facebook. And that information can be connected to a host of potentially sensitive information about you.


Month in Brief

Facebook Incidents Reported to Sri Lanka CERT|CC in August 2011


  Fake + Harassment



Statistics - Sri Lanka CERT|CC



The Microsoft Security Bulletin Summary for September 2011 describes multiple vulnerabilities in Microsoft Windows, Microsoft Server Software, and Microsoft Office.        Microsoft | Published: Tuesday, September 13, 2011

Microsoft has released updates to address the vulnerabilities.
Fake lottery

Sri Lanka CERT|CC received a complaint recently regarding a fake lottery scam. The victim was informed via e-mail that he has won a huge sum of money on an Internet lottery.

He was asked to deposit 550 British pounds as application processing fees. The scam mail contained very official looking certificates and documents to deceive the victim. Had he deposited the money as requested, it would have been a sad story. There for do not fall for these types of scams. If you are in doubt you can get necessary advice on these from Sri Lanka CERT|CC.

  Notice Board
  Training and Awareness Programmes - September 2011  
  Date Event Venue
- 8, 9 A/L ICT Seminar Anuradhapura Central College
- 13 Content development programme for non-IT Teachers - Introduction session PICTEC Anuradhapura
- 14-17 Info@Ruwanpura- 2011 ICT Education Exibition Ruwanpura NCOE, Kahawatte
- 14 Awareness programme on safe use of Internet Info@Ruwanpura, Ruwanpura NCOE, Kahawatte
- 21

Award ceremony of Young computer Scientist Competition of National Level School ICT Championship-2011

Sri Lanka Foundation Institute
- 22 Public Software Awareness Programme Anuradhapura District
- 30 Distribution of OLPC laptops which donated by 'World Vision' to the students of selected schools in Maho zone. Wijayaba Vidyalaya, Maho

National Level Annual Computer Hardware Maintenance Workshops - Organized by the ICT Branch, Ministry of Education

  Date District Venue
- 01 Jaffna J/Ramanathan College.
- 02, 03 Jaffna J/Sanmarka M.V.
- 06, 07 Rathnapura R/Royal College
- 08, 09 Monaragala PICTEC
- 10,11 Badulla Dencil KobbekaduwaM.V.
- 12,13 Batticaloa Paddiruppu CRC and Bt/Hindu Collage
- 14, 15 Ampara Ampara CRC and Addalichenai Central Collage
- 16, 17 Kandy Eeriyagama Pushpadana Vid.
- 19, 20 Nuwaraeliya SIDA, Hatton
- 21, 22 Kegalle Kegalu Balika Vidyalaya
- 23, 24 Kurunegala Provincial Department of Education
- 25, 26 Matale St.Thomas College
- 27, 28 Polonnaruwa Po/Bendiwewa M.V. Jayanthipura
- 29 Trincomalee Gomarankadawala M.V.
- 30 Trincomalee PICTEC, Thulasipuram

Other Events - October 2011

  Date Event Venue
- 14

Cyber Security Quiz by Sri Lanka CERT|CC - For students of Sri Lankan Tertiary education institutes.

Hotel Renuka, Colombo


Brought to you by:                           

In partnership with: