This week one of my columns on CBC Radio sheds light on a story circulating in network security circles that depicts a new and rather alarming attack on the banking system's transaction process. I'm getting a lot of emails from CBC listeners asking for more info, so here's an article on Wired's Threat Level Blog that elaborates further. Here are some key highlights from the article:

The revelation is an indictment of one of the backbone security measures of U.S. consumer banking: PIN codes. In years past, attackers were forced to obtain PINs piecemeal through phishing attacks, or the use of skimmers and cameras installed on ATM and gas station card readers. Barring these techniques, it was believed that once a PIN was typed on a keypad and encrypted, it would traverse bank processing networks with complete safety, until it was decrypted and authenticated by a financial institution on the other side.

But the new PIN-hacking techniques belie this theory, and threaten to destabilize the banking-system transaction process.

Information about the theft of encrypted PINs first surfaced in an indictment last year against 11 alleged hackers accused of stealing some 40 million debit and credit card details from TJ Maxx and other U.S. retail networks. The affidavit, which accused Albert "Cumbajohnny" Gonzalez of leading the carding ring, indicated that the thieves had stolen "PIN blocks associated with millions of debit cards" and obtained "technical assistance from criminal associates in decrypting encrypted PIN numbers."

But until now, no one had confirmed that thieves were actively cracking PIN encryption.

Last year I became fascinated with the rise and fall of the Storm Worm and in its wake a number of new super worms have emerged, the most recent being Conficker and Waledec.

It's not just the rate of infection and the speed by which they're able to spread, but the fact that these worms can be regarded as instant super computers. Out of nowhere they're able to harness the power of millions of computers and create the black market equivalent of the cloud computer providing on demand software as a service.

Worms often have an autonomy and sophistication that most other malware does not, inserting themselves into a system and disabling security software and the operating system's automatic updates.

It used to be that only Microsoft Windows systems were targetted but now too Apple systems are vulnerable, with a worm or two targeting OSX.

While it goes without saying that you should always be sure to run proper updates, and ensure your system is up to date, Microsoft does provide a free utility to identify and remove these worms.

One of the challenges however of these new breed of super worms is that detecting something that is otherwise invisible becomes quite a trick indeed. The advice I offer is to contemplate the use of a visual firewall that allows you to literally see what's going on within your network.

This can be done quite cheaply, using old hardware, and free software. There are a number of linux operating systems designed for just this purpose, including Coyote Linux and Devil Linux, and I add a utility like iptraf which makes it easy to see and control that network. Mind you there are better visualization tools than this, but I like to keep it simple.

While I do run Windows, I also took it upon myself long ago to learn Linux and other operating systems (like *BSD) so that I could make the most out of my computer hardware. When it comes to securing and controlling your home network it helps to have the knowledge and tools to do the job properly.

There are of course "easy" Linux systems like Ubuntu, which can get you started, but really there's no excuse for not giving it a shot. If you can run a Windows computer than you can run a Linux one. Got an old box kicking around the house? Why not give it a try...

This past week I was overwhelmed with responses from a number of media stories. A couple of Blackberry business articles, a couple of Facebook expert articles, an article about a Hong Kong sex scandal, as well as some TV and radio appearances, first about the bust of a child porn ring, and then about the bust of a Quebec based Hacker cell.

In general my policy is to respond to anyone who takes the time to get in touch with me. Yet I've now had to revise this policy to only reply to people who show respect rather than outright hostility. Something about the audience that reads the National Post that brings all sorts of trolls out from under the bridge.

The CBC audience on the other hand is a pleasure to interact with. Even when they strongly disagree with me I find CBC viewers and listeners to be intelligent and engaging. One particularly pleasant email I received was from a "middle-aged mother" who will remain nameless, but I suspect represents a typical Canadian, from an average family. For the sake of argument, let's call her Louise.

In my latest article for cbcnews.ca I've taken a look back at 2007 as a profitable and successful year for cyber crime. Explicitly I take my analysis of the storm worm and draw out a thread that shows the larger socio-political implications of this emerging technology:

The organization of all this criminal activity manifests in the form of bot nets (see sidebar) such as the storm worm, networks of hijacked machines that allow criminals to engage in their activities without being traced or identified. The sophistication of these bot nets has increased so rapidly that many observers have begun speculating that we're witnessing the early stages of a new online arms race, a cyber cold-war in which new weapons and tactics are being developed and tested.

I've done a number of CBC segments recently around computer security and information warfare. While trying not to be sensational, these are subject areas that I feel require more attention, certainly from the news media, but also from the public at large.

On the one hand they are fascinating unto themselves, and don't require any added emphasis to denote severity, yet at the same time, the phenomena generally flourishes due to the ignorance and fear of average computer users.