Wednesday 11 June 2014

The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013

CONSUMER PROTECTION
The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 come into force on 13th June 2014.

These regulations affect any trader providing service to consumers, i.e. Business to Consumer relationships. Some activities are excluded, gambling, banking, some areas of property, lettings, package travel, regular food deliveries and timeshare because they are covered by other areas of law. The regulations do not apply to vending machine sales, automated sales or services ordered by phone or internet for a single connection.

The full regulations can be found at http://www.legislation.gov.uk/uksi/2013/3134/made

We wish to highlight one part of the regulations because it relates to use of telephone numbers, we will let you read the rest of the document at your leisure.

41. Help-line charges over basic rate
 (1)  Where a trader operates a telephone line for the purpose of consumers contacting the trader by telephone in relation to contracts entered into with the trader, a consumer contacting the trader must not be bound to pay more than the basic rate.
(2) If in those circumstances a consumer who contacts a trader in relation to a contract is bound to pay more than the basic rate, the contract is to be treated as providing for the trader to pay to the consumer any amount by which the charge paid by the consumer for the call is more than the basic rate.


If you currently provide service or products to consumers and your activities are not excluded you need to consider the numbers you publish for after sales calls.

Numbers beginning 01, 02 and 03 are acceptable because they are classed as local calls so they are not charged more than basic rate.

Premium rate numbers beginning 09, 0871, 0872, 0873 and numbers beginning 084 are not acceptable as they are charged at more than basic rate.

Numbers beginning 080 are Freephone numbers but because they cost more than basic rate from some mobiles you should provide an alternative number for mobile users.

Numbers beginning 07 are mobile numbers, some of these could be free to callers within their mobile call bundles but not all numbers are.  The guidelines suggest these are acceptable but you may wish to consider providing an alternative number.

If you currently use 084x and 087x numbers you can request alternative numbers beginning 03 replacing the second digit, 8, for a 3, with the rest of the number remaining the same. This means that the number 0845 123 4567 could be replaced with 0345 123 4567, for example. We class these as reserved numbers as they can only be ordered by the customer with the matching 08 number.

Plum Communications can provide a whole range of 01, 02, 03 numbers including the reserved 03 numbers and we can route them to your choice of destination number. Our hosted services allow use of auto attendant, divert to mobile, voicemail, call recording, time of day routing and in call transfer to alternative destination.


For more information on how to stay compliant and how to use inbound numbers please call:

Plum Communications   Tel: 0161 622 3500 or email:  info@plumcom.co.uk.

[+/-] Show Full Post...

Tuesday 10 June 2014

.uk domain type launched today

DOMAIN NAMES .UK

From 10 June 2014 a new domain name type is available to register in the uk.  It ends in .uk but unlike other domains it is not preceded by .co or .org etc. If you have ever tired of giving your domain name in full or found the domain name is too long to fit on your business card now is the time to register the slightly shorter variant.

Launched today the .uk domain is available to register subject to some rules. Where .co.uk or org.uk or .me.uk existed prior to 28 September 2013 their registrants have precedence to register the .uk variant of the name. The reservation period is five years but we would recommend registering early so you can use either variant. Where none of these existed and where the domain is not excluded anyone can register the .uk name subject to Nominet rules.

Plum Communications are able to register the new .uk domain names now as well as the second level domains managed by Nominet (see below).

.co.uk
The number one domain for British businesses online.

.org.uk
The preferred non-commercial domain for championing causes and raising support, intended for non-commercial organisations and is most commonly used by charities, trade unions, political parties, community groups, educational councils, professional institutions etc.

.me.uk
The personal domain for individuals wanting to build a unique, online presence.

.ltd.uk
For private limited companies, designed to work with the system used by Companies House, companies should be able to have a domain name which closely matches their company name.

.plc.uk
For public limited companies, designed to work with the system used by Companies House, companies should be able to have a domain name which closely matches their company name.

.net.uk
For Internet Service Providers.

.sch.uk
For schools, because many schools share similar if not identical names, geographical areas are used as third level domains to differentiate between them. For example, schoolname.area.sch.uk.

Other separately managed domain types include:
.ac.uk for academic establishments such as universities
.gov.uk  for government bodies
.mod.uk and .mil.uk for UK Armed Forces and Ministry of Defence establishments
.nhs.uk for NHS organisations
.police.uk for UK Police Force

For more information or to register domain names please call:
Plum Communications   Tel: 0161 622 3500 or email:  info@plumcom.co.uk.

[+/-] Show Full Post...

Thursday 5 June 2014

Gameover: ZeuS with P2P Functionality Disrupted

Earlier this week, the Federal Bureau of Investigation announced that an international effort had disrupted the activities of the peer-to-peer (P2P) variant of ZeuS/ZBOT known as “Gameover.” Trend Micro was one of the parties that was involved in this effort to disrupt the activities of this well-known online banking Trojan.

Gameover is well-known for its resilience to takedowns. This is due to its peer-to-peer connection to its command and control (C&C) server as compared to other ZeuS variants (such as IceIX, Citadel and KINS) that employed centralized C&C servers. Gameover is based on the source code of ZeuS, which was leaked in May 2011.

However, it has significant differences from other malware families (like Citadel and Kins) that are also based from the said leaked source code. Typically, a ZeuS malware only connects to a specific command-and-control (C&C) server defined in its configuration file. If the server is already inaccessible, the ZBOT malware will unable to download the dynamic configuration file that contains the targeted banking URLs.

The first ZBOT variant with P2P capabilities was seen in late September 2011, and was detected as TSPY_ZBOT.SMQH. Users are lured into clicking a malicious link pointing them to a malicious website that served the Blackhole Exploit Kit (BHEK). BHEK was an exploit kit known for using various software vulnerabilities; at the time it was the most common exploit kit in use.

More recently, Gameover variants still propagate via spam mails, but with the help of other malware like UPATRE that download encrypted executable files to bypass firewall filters. Some of these newer variants are detected as TSPY_ZBOT.ABTE. UPATRE malware is one of the malware commonly seen in email attachments which download other malware onto infected systems.

Investigations suggest that Gameover builders are not sold to individuals. Instead, they are privately operated which means only one Gameover botnet is running , compared to the multiple botnets that power other ZeuS variants. Gameover has been using the same RC4 key to decrypt the downloaded configuration file since it was first discovered; this also makes Gameover resistant to takedowns as the entire botnet can quickly share new configuration files and updated versions.

Infection Flow Gameover initially decrypts the static configuration file which contains the hardcoded peers and the RC4 key to decrypt the downloaded configuration file. Usually 20 IP addresses with different port and communication keys are listed in the static configuration file. It queries the hardcoded peers to check which are still alive to connect to the botnet network. Once connected to a peer, it can download updated configuration file, binary, and list of peer IPs. If all 20 peers are dead, Gameover will still try to connect to its C&C server. To find the URL of this server, it uses a domain generation algorithm (DGA) to generate domains which are renewed every start of the week, making it more resilient to takedowns.

ZBOT-CryptoLocker Ties The disruption of Gameover also damaged another malware threat, CryptoLocker. In October 2013, Trend Micro spotted a spam campaign that illustrated how ZeuS and CryptoLocker are connected. The spammed message contained a UPATRE variant which download ZeuSs variant, these in turn downloads the CryptoLocker on the system. This serves as the final payload of infection chain.

Trend has previously reported that CryptoLocker is a ransomware family known for encrypting certain files and locking the system it infects. Once the system is infected, the user is asked to pay ‘”ransom” to regain access to their files. Some of the payment methods used include: Bitcoin cashU MoneyPak Ukash The latest Gameover update also contains a notorious rootkit family, NECURS. The purpose of installing NECURS is to protect the files, registries and process related to Gameover malware making it more arduous to remove.

Trend Micro protects users from this via its Smart Protection Network that detects the malicious files and spammed messages, and blocks all related URLs. Trend Micro tools for GOZ and Cryptolocker Malware can be accessed in this page.

More Information Regarding Trend micro and other internet security devise and services is available from Plum Communications.

Sources

http://blog.trendmicro.com/trendlabs-security-intelligence/gameover-zeus-with-p2p-functionality-disrupted/

http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted/gameover-zeus-botnet-disrupted

http://www.plumcom.co.uk/security.php?page=security

[+/-] Show Full Post...

Wednesday 4 June 2014

O2 Travel - £1.66 for all the data you need in Europe

As of today O2 are changing their O2 travel proposition to better meet customer needs. As customers are now using more and more data, they are removing the restricted O2 Travel 15MB data and replacing it with all the data you need in Europe for only £1.66 per day. What does “all the data you need in Europe” actually mean? From 3 June customers will not have an upper limit on the data they can use on O2 Travel, however they will experience reduced speeds once they pass 50MB usage in any one day. Who can have O2 Travel? This product is available to all SMB customers on tariffs with domestic voice bundles. O2 Travel is not available for customers without domestic call bundles, e.g. B4B PAYU, Mobex, Mobile Broadband, iPad and Data Only tariffs. Source O2

[+/-] Show Full Post...