Reports have claimed that Sarah Palin is to testify in the trial of the person who accessed her personal email account.

SC Magazine reported in September 2008 that the Anonymous group had announced that it had gained access to Palin's Yahoo account, and among the files sent to WikiLeaks were five screenshots from the gov.palin@yahoo.com, an address book and two digital photos of Palin's family.

The incident has served as a benchmark for password security, as the hackers were able to access Palin's email account by figuring out her password from publicly known information about her school, age and family.

The report by the Knoxville news, claimed that she is to testify in a US district court next month when University of Tennessee student David C. Kernell stands trial on charges involving Palin's personal Yahoo! email account.

As prosecutors claim that she is the alleged victim, her presence is guaranteed and Kernell's defence attorney, Wade Davies, wants Palin to bring any documents relating to that account - when it was opened, how it could be accessed and why and who was allowed to use it.

An interview late last year between a blogger and a hacker showed how humble the hacker can be when pressed over why they hacked into someone's account. Whether the one-time vice president nominee is likely to make Kernell feel as small is unlikely, but if Palin does attend the hearing and prove an invasion of privacy led to her being a victim the law could come down heavily on Kernell, and set a precedent for the future.

Sorry to be blasé in the headline, but the fact is that after Michael Jackson, Patrick Swayze and Natasha Richardson, celebrity deaths almost do not seem to be especially headline worthy.

In this instance, Lost Boys actor Corey Haim sadly passed away on Wednesday after a struggle with substance abuse. Now I am well aware that this is SC Magazine, and not Heat, and you are expecting more than a diatribe on celebrity news and culture, but it comes as little surprise that within hours of the coroner's office confirmation of Haim's passing that there was malware and malicious links relating to him.

Quite what the malware proposes to do is varied. Detection from Websense found ‘search terms related to Corey Haim have become the latest target for Blackhat SEO poisoning attacks' as they lead to rogue anti-virus. Google trends marked a huge spike in searches for Haim, closely followed by searches for his Lost Boys and License to Drive co-star Corey Feldman.

Websense said: “Cyber criminals again jump at a chance to spread their rogue anti-virus. When users enter keywords such as ‘Corey Haim death' in Google, some of the results will lead them to download fake security software. The downloading FakeAV file has only 17 per cent coverage from anti-virus products.”

Also on the detection trail was Chris Boyd, malware researcher at Sunbelt Software, who concurred that ‘celebrity death equals internet scams by the boatload'.

He pointed out various video sites that were proposing to show videos of Haim, from his last red carpet appearance to ‘watch Corey Haim dead at 38'. Boyd said that by visiting mycelebzone(dot)com will pop open a Hotbar prompt, which you need to install to ‘see the content'.

Boyd said: “Instead of ghoulish pictures of a deceased celebrity, the end-user will find himself looking at a ghoulish spamblog linking to fake links of ripped movies. “Oh, they'll have Hotbar, ShopperReports and BarDiscover onboard too. What a value add!

“Elsewhere, sites claiming to have horrible images, such as celebrity-autopsies(dot)com will drop you onto surveys and quizzes to be filled in, courtesy of a dancing Michael Jackson.”

He recommended avoiding links ‘floating around on video sharing sites' like the plague, as apart from the malicious threat, ‘there probably isn't much on them that would be of use to you, unless you enjoy the sensation of gaining nothing while lining the pockets of spamblog merchants'.

As we have covered before, SEO poisoning is a dangerous thing - it can catch out regular users and those seeking a sensational video. While the loss of Haim is such a sad event considering his young age, it is hard to see how times will change when the next news breaks.

An article in the Telegraph last week claimed that media companies had raised concerns about the issue of net neutrality with regards to internet traffic being treated the same by internet service providers.

It said that the communications regulator Ofcom is to scrutinise the way in which video and other bandwidth-hungry services are managed on the internet. Ed Richards, chief executive of Ofcom, said that several media companies had raised concerns about the issue of net neutrality in the last few months.

He said: “It has been a big issue for historic reasons for many years in the US. It is now beginning to be an issue here. The deployment of traffic management techniques and policies is now happening in scale.”

Last year, the BBC accused BT of ‘throttling' download speeds for its iPlayer service, while BT said that content providers should not expect a ‘free ride'.

I asked Jim Black, chief marketing officer at Bloxx, whether he thought it was right that the internet be divided equally, or should there be a process of switching broadband traffic to allow for major events – such as sporting events or the inauguration of Barack Obama?

Black, who has a background in telecoms, said: “The reality is that the internet infrastructure is under strain and certainly in the UK the current infrastructure is woefully inadequate compared to other countries, such as France.

“This is likely to get much worse over the next few years, for example the BBC is already streaming live TV broadcasts over the internet as a beta trial. The real challenge is how this additional investment in infrastructure is funded, and if the ISPs and core network providers will be able to increase costs to end-users and content providers to cover this investment.

“With digital inclusion high on the government's agenda, it is unlikely there is much of an appetite to support any increase in broadband costs. The BBC and other content providers clearly don't want to have to pay the network providers to carry their content either.”

He believed that in the long term it will take government and regulatory intervention to look at how net neutrality is maintained and infrastructure build out continues. In the short term he said that there will be ongoing battles between the ISPs, the core network providers and the content providers, with the providers having the upper hand through their ability to shape and prioritise traffic.

A new Facebook application will now allow users to transfer money via an ‘e-wallet'.

Powered by the online payment company, Buxter allows users to register and load their own e-wallet in Euros or US dollars and transfer, receive and request money from other Facebook users free of charge.

The company said that Buxter is designed to encourage third party developers by giving them access to the Buxter-Facebook-API, as third party developers will be able to create individual business solutions within Facebook and then receive payments.

Charles Fraenkl, CEO of ClickandBuy, said: “Buxter is the application that will see Facebook members use the platform not just as a way to stay in touch but also as a fast, easy and secure way to exchange money or buy and sell products and services.”

So if Buxter is powered by ClickandBuy, how secure is the application developer? The company said that it is ‘certified by McAfee and tested by Germany's Technical Inspection and Testing Association' and is used for internet purchases by over 13 million people. It is used for payment processing by the likes of Apple iTunes, Napster, KPMG and mobile phone providers, is regulated by the FSA and includes 120 currencies and offers 50 national and international modes of payment throughout 30 countries.

So from this, we can assume that sterling will be offered soon. Looking into the terms and conditions, it explains that the application is used with a password and an account, and it is the user's ‘sole responsibility to maintain the confidentiality of your password and you are responsible for all activity that occurs under this'.

It states that it is ‘unable to check the identity of people using the applications' and that ‘you should make sure you are the only person using your password and you agree to notify the site holding your application of any unauthorised use of your password and any other breach of security as soon as you become aware of it'.

The privacy policy says that ClickandBuy ‘agree to protect your personal information' and by signing up to it, ‘you agree that we can export your information to any country as operationally necessary, even if that country's privacy laws are weaker or different from the privacy laws of your country and that we can use and transfer your personal information to the extent provided in the privacy policy'.

Shall we be honest? Facebook is hardly the safest platform. What impact will third party applications have on Buxter? It said ‘we are not responsible for the availability or content of any third party websites or material you access through the site. If you decide to visit any linked site, you do so at your own risk and it is your responsibility to take all protective measures to guard against viruses or other destructive elements'.

Considering that PayPal has dominated the online payments market through its (original) affiliation and eventual takeover by eBay, it could be argued that a move into an application on a social network was inevitable.

Head of software development at ClickandBuy Andrei Martchouk said that with Buxter it was offering an easy, affordable and integrated payment system to help monetise the kind of creativity seen by Facebook application developers.

Commenting on the conception of the application, he said: “I think the idea really popped into our minds, when we saw the amount of really great user generated content out there in absolutely fabulous communities on the one hand and the total lack of payment systems that use real money to conduct transactions.

“We just knew that a lot of the things that developers were creating had tremendous monetisation potential. That's when we started laying out our blueprints.”

At this early stage in Buxter's life I am trying to find something to criticise. Perhaps it is because it is hosted on Facebook – hardly a bastion for security, but one that is used by approximately 400 million people. With its FSA regulation and apparently strong reputation, I have no doubt that ClickandBuy know what they are doing, but perhaps we will wait with baited breath for a future problem.

After all of furore of the launch of the Apple iPad it is perhaps surprising that it has taken such a long time for some ‘quality' suspicious links to arrive.

The oversized iPhone has been around for over a month now and has been a consistent trending topic on Twitter and Google, and I am sure that amongst those links there has been some less than savoury items included.

But such is the demand for the iPad that malware has emerged via Facebook pages with names such as ‘iPad Researchers Wanted - Get An iPad Early And Keep It!' and ‘The Mega iPad Giveaway!' that are preying on the public's desire to own the iPad, and without the reported $499 price tag.

Sophos, who detected the threat, said that the scam pages typically take their intended victims through a three step process: firstly to ‘become a fan' of the page, secondly to ‘invite your friends' to also become fans of the page, and take part in the ‘special promotion' and finally ‘claim' or ‘apply' for your prize.

Some of the pages pretend to have thousands of positive comments from other Facebook users claiming that the offer is genuine. When the victim applies for their prize they are typically taken to an online quiz, and their phone number is requested so they can be sent the results.

This, Sophos claimed, was the ‘biggest mistake of all' as users will be signed up for a premium rate service costing in the region of $10 every week until they unsubscribe.

Graham Cluley, senior technology consultant at Sophos, said: “The scammers who created the fake iPad Facebook pages are undoubtedly skimming off some of this money by bringing new unwitting subscribers to the cellphone service.

“Of course, the public aren't being invited to beta-test the iPad, and anyone who believes that Apple is going to giveaway iPads for free is going to be bitterly disappointed. And these scams aren't just limited to iPads - we've also seen scam pages offering other expensive electronics and 'premium' services on Facebook. The one thing in common is that all of these pages are designed to trick you into believing that you are going to receive something which  the scammers have no intention of delivering.”

Proof once again that nothing comes for nothing, and if you really want an iPad you will have to join the queue, get a job at Apple or join a technology or gadget magazine's review section.

This month marked ten years since the first distributed denial-of-service (DDoS) attacks.

In a year where several significant anniversaries will be noted, this is perhaps one of the most significant for this year, as DDoS has become one of the most reported areas of web-based attacks over the past 12 months.

Paul Wood, MessageLabs Intelligence senior analyst at Symantec Hosted Services, wrote the following blog about the attack vector.

Ten years ago, on 14 February 2000, a DDoS attack which attempt to cause disruption to an online service or application, knocked a number of high profile websites leaving them offline for several hours, including a well known auction site, the website of a global news channel and an internationally recognised online retail site.

Fast-forward a decade and DDoS attacks have evolved to be more sophisticated, more prevalent and more dangerous than ever. Most recently, the website of a prominent Russian newspaper was targeted causing major disruption for the publication and its readers.

Botnets are a key player in DDoS attacks. Right now, we know that the most prominent spam-sending botnets control over five million active PCs. The actual number of botnets in existence is likely to be much higher, as an infected bot only becomes visible when it is active – in other words spewing out spam or pummelling a site with a DDoS attack.

However, most DDoS attacks are used against websites in order to saturate its capacity and prevent legitimate users from visiting the websites, when in truth it can be a lot more sophisticated than that. DDoS attackers do not care how they are able to hit mail servers; they will use a number of tactics to reach as many businesses as they can.

Dictionary attacks are a popular way of doing this, for instance, when a business's email domain is targeted with thousands or sometimes millions of randomly generated email addresses. The spammers create seemingly valid email addresses by combining first and last names from dictionaries

In doing this, only a very small proportion is likely to match a genuine emails address at the organisation. Attackers do not care how big or small an organisation is, so for a small company, this can become a silent killer for its email system.

There are concerns that, in the future, botnets will become increasingly self-sufficient, which could make them even more efficient at propagating DDoS attacks. With the 2008 takedown of McColo, an ISP based in California, a significant drop in global spam volumes followed by as much as 80 per cent.

However, less than two weeks after this ‘significant blow', active spam-sending botnets started to make a speedy recovery. Since McColo, botnets have changed. Savvy botnet owners are now building in business continuity plans to ensure their networks are self sufficient, robust and less prone to disruption. Clearly, attackers have learned the importance of having a proper backup strategy for their command and control channels. Semi-automated networks mean that cyber criminals are now free to pursue new business opportunities, while targeted DDoS attacks take down critical online applications and services on their own.

Any organisation with an online presence needs to take action now to protect itself from these types of attacks. Using a cloud-based security service operating at the internet level means that attacks can be mitigated before they hit your network. In addition, cloud security services mean that organisations, however large, do not necessarily need to make additional infrastructure investments.

This week saw the fifth anniversary of the first arrest of a spammer through instant messaging.

The act, apparently called ‘spIMming', sits alongside such alternatives as ‘SMiShing' and ‘Vishing' as forms of targeted spam, and could still have an impact on businesses. As the use of email is arguably being phased out by Generation Y in favour of instant messaging (IM), it could be the case that 'spIMming' becomes the next significant method.

Commenting, Symantec Hosted Services said that while IM use is expected to increase considerably over the next year, few users are conscious of the dangers IM presents not only to a single machine but potentially to an entire network.

Simon Heron, internet security analyst at Network Box, previously said that employees need to be educated for instant messenger use as they did for spam email. He commented last summer: “Broadly, the messages for employees are: only use the service approved by your IT department, don't trust anyone you don't know, don't click on shared links, keep your personal details to yourself, log out when you've finished, and keep your IM service and anti-virus systems up to date.”

So regardless of the technology, the arrest and subsequent charge of New York teenager Anthony Greco of sending more than 1.5 million pieces of 'spIM' advertising pornography and mortgages showed that the threat and practise was recognised.

Since then, there has been little activity, and in my time at SC there have been no memorable reports of 'spIMming'. Was this because the main sender and activist was caught five years ago, and others have not caught on or been deterred? Or is it simply that Greco was a spam revolutionary, and bought into a trend that was in its infancy in 2005?

Paul Wood, senior research analyst at Symantec Hosted Services (formerly MessageLabs), predicted that by the end of 2010 one in 300 IM messages will contain a URL, and that one in 12 hyperlinks will be linked to a domain known to be used for hosting malware.

He said: “Problems arise from the fact that IM has been very difficult to regulate and control so many organisations, particularly those in regulated sectors, have simply chosen to block its use, even though it's clearly a useful tool that is becoming more widely used.

“Organisations that simply ban IM risk frustrating employees and damaging the business by hindering productivity. To effectively combat the threats posed by 'spIM', businesses need to adopt a policy-based security service in the cloud which carefully monitors all potential threats before they hit an individual user's machine – wherever this channel may be.”

Wood acknowledged that Greco's successful formula was in being able to bypass CAPTCHA technologies to establish a number of accounts on a major well-known social networking site to send out the 'spIM' messages.

It could be argued that he was ahead of the time, but if Star Wars taught us one thing, it was Yoda saying ‘always two there are, a master and an apprentice'. You can bet that there is a 'spIMmer' waiting to pick up the lightsabre in 2010.

After writing about the likes of Panda security and Microsoft's Security Essentials, I was recently asked if I wanted to give F-Secure's 2010 internet security a try.

Always one to try something new, I installed it on the Dell Latitude XT2. Firstly for the product capabilities, it includes anti-virus, firewall, spam email filtering, phishing protection, parental control, browsing protection and automatic updates according to the box, which I ripped when trying to open it. Nice start.

The box and software also feature the new logo which is very nice, however the packaging is pretty hefty for a CD and guidebook, while a leaflet offers the hosted version.

So on to the installation, it was pretty straightforward. I inserted the CD that kicked in autoplay with run.setup.exe asked for by the OS. From here I am given three options – install/evaluate F-Secure; scan for security threats; or learn more. There are also language options, but I am more disturbed by the rattling CD inside the removable drive.

So I choose my language, agree to the licence agreement and input the 20-digit subscription key. After this it is the installation type – automatic or step-by-step, I go for automatic although it warns me that it will replace other security programs, well as far as I know there is no other security on this so I will press ahead with the former.

The installation takes a couple of minutes and requires a restart, after this it validates the subscription key which is a bit slow and I am shoved into the parental control section which has three options: small children; teenagers or small children and teenagers. As a semi-responsible 30-something I decide to cancel this, but take a quick look at the small children option and see the time scale for locking out on weekdays and at weekends.

Back to the download, it downloads updates and installs updates, which is done in the background, but is a little laboured. It offers a minimise option but considering that I do want to use the internet after installation I figure it is best to leave it.

So with the process over, I am protected up until today so I give the SC Magazine website a try, and am glad to say all works perfectly! I am offered the choice of a full computer scan that will take five steps: scan; virus cleaning; spyware cleaning; riskware items; and suspicious items. Ah I'm not going anywhere, let's do it.

The first scan takes some time, but this is somewhat reassuring as if it were a quick process, you would suspect that it would not be doing a deep inspection. The scan process seems to scan six or seven items at a time, and after several times (I will spare the real-time commentary) it scanned a total of 42,215 items.

It offers to clean by item or automatically, so I go automatic assuming that it will give me a better chance of nailing the gremlins. This literally takes seconds and the computer is seemingly as clean as the day it was first made.

So with all of that done, I am given the main dashboard and on ‘Tasks' I am offered a check for updates, to open the firewall, restore settings or override blocked programs.

On the next use, I decide to give it a boot-up to see how it works post-installation. Firstly as the Dell Latitude XT2 starts up rather quickly, there is no indication that there is an update or scan taking place. I click on the desktop icon and it tells me that the 'computer is protected' and 'all security features are up-to-date'.

On the updates feature on the dashboard, it tells me that the last check was done automatically and that the update check was successful. What has concerned me, and what I felt was a failing with some other anti-virus products, is that they do not update automatically. However this has been done, with it telling me 'updates are installed automatically several times a day'.

So overall I would say that I am pleased with F-Secure Internet Security 2010, despite a little concern over a lack of presence during start-up it seems to work well in the background, has given me no problems and according to its statistics of my use, has blocked more than I realised.

Over the past few weeks I have had the pleasure of using the Dell Latitude XT2 laptop.

Taking my usual netbook-loving hat off, this was a little bigger than I was used to but I was delighted to find that it did not weigh too much and was practical to carry, despite being a tough little so and so. As for the basics of its size, well it is 11.7" x 8.7" x 1.1" (297x220.6x27.4mm) with a 12.1" Premium WXGA (1280x800) LED display screen.

The big USP of this is a swivel screen that turns the simple laptop into a tablet. On inspection my first thought was ‘this will make presentations easier', however once twisted into shape, it is a touchscreen tablet with a button to move the display from landscape to portrait. As good a design as this is, it does take some getting used to use the touchscreen keyboard and while as a reading tool it is very practical, you may prefer to stick with the full-sized keyboard as I did.

Coming to me as a review kit, it did not come with any pre-loaded software apart from the Windows 7 operating system. So after recent Microsoft advice I downloaded Internet Explorer 8, along with the journalist's favourite Open Office and security software in the shape of F-Secure 2010 – see the review here.

This was my first use of Windows 7, and while this review is not focusing on that particular software, I found it easy to use despite the flashing icons and disappearing pages to the bottom toolbar. The Dell Latitude XT2 features an Intel Core 2 Duo U9400@ 1.4GHz processor, with 2GB DDR3 @ 800MHz memory and 64GB SSD HDD.

The one big criticism I have of my time with this laptop, Dell will be delighted to hear, is with regard to the operating system and affect on the battery life. As detailed in this story from the Register, the upgrade from Vista to Windows 7 has left it with limited battery life – at a full charge I could get two hours, but even with the use of powersave and with the screen dimmed, it did not last well. As I said this is not a hardware problem, but something that does affect its usability remotely.

As for extras, it comes with a remote CD drive to allow for more port space on the laptop, and there is a fingerprint scan should you feel the need to utilise it.

Overall this is an excellent laptop that apart from battery issues, was a pleasure to use and that I encountered no problems on whatsoever. The software downloads were quick and easy, I still need to conquer Windows 7 but connectivity to a variety of wireless networks was flawless and although wide, it is small enough for comfortable every day use.

Earlier this week I logged on to the website of my bank and was greeted with an option to download software named ‘Rapport'.

This was not the first time I had heard of this, it was flagged to me by a friend last year who emailed me saying that they had tried to log into their bank website and were greeted with details on Rapport, with a short Q&A that read as follows;

But why do I need Rapport? I'm already protected by a firewall and anti-virus software.
Traditional online security software is essential, but Rapport goes even further, providing another layer of protection when banking online. We recommend you use Rapport alongside your firewall and anti-virus. It's not designed to replace your existing protection.

I've never heard of Rapport – can I trust it?
Yes. Rapport is produced by the financial security experts at Trusteer. Industry analysts at Online Banking Report described Rapport as 'a major boost in fraud prevention'. They also named Rapport 'Best of the Web'.

Won't it be a hassle?
No. Rapport takes seconds to download and install. There's no need to restart your computer. And it's already set up to protect you when you use RBS Digital Banking.

Now being the investigative journalist that I am, I looked into it further. I found out that it is produced by an Israeli company called Trusteer, who is now stepping up their marketing in the UK.

The description on the website explained that ‘Rapport from Trusteer is a lightweight browser plug-in plus security service that prevents criminals from tampering with a user's browser and protects against man-in-the-browser, man-in-the-middle and phishing attacks.

“When users browse to sensitive websites such as internet banking, web mail or online payment pages, the Rapport plug-in immediately locks down the browser and prevents any unauthorised access to web pages and confidential information that flow through the browser.”

All very good stuff, but it left me with some unanswered questions – considering that we have spent many years telling people not to click on suspicious links, not to download untrustworthy files, be careful about what they install – is it really likely that members of the public will download this? Or will it be comparable to software updates, ignored rather than installed?

I spoke with Mickey Boodai, CEO of Trusteer, who explained that it is a ‘piece of software that sits on the computer and locks down the communication between you and the bank'. If malware, or a banking Trojan to be specific, tries to intercept the login process, the communication is locked down so nothing looks at it.

Boodai said: “This isolates the browser and blocks intervention to it. Software will block it for the duration of the session.”

So what about education and publicity for the public who are the target market in this instance? Boodai admitted that it was being promoted by the banks directly, and while some customers may call back and ask about it, most will trust the bank's advice on security.

He said: “We keep it as simple as possible as it is very technical and once a consumer gets confused they lose interest.”

So looking further at the software, Boodai said that you can use multiple windows on a browser and use Rapport to protect the window with which you access the banking site. It is available for use with Internet Explorer, Firefox, Chrome and on Safari on the Mac. Once you have downloaded it, it places an icon on the browser that turns the address bar green so it is an indication of it being secure.

Boodai said: “It starts working from the moment you go on to the banking website, on all other websites you can click on the icon and choose to protect it. It will remind you to use it for any special site and we recommend you use it to protect it.”

So if it protects the login process on such a sensitive site as banking, I asked him if there were plans to roll it out to other sites – such as social networking, web mail or even auction or shopping sites. He said: “We are focussed on the financial sector at the moment and technology to market at a high level, it is not limited to any website, it is a good solution.”

I have to admit that while Mickey Boodai did answer my questions and I have no doubt that it works efficiently; if it did not I doubt that UK banking sites would touch it, there is still a doubt in my mind about how it will be received by the general public.

As we have said in the past, the security-savvy public and I feel that many will be suspicious until they are informed about Rapport.