backtop


Print 29 comment(s) - last by Trisped.. on Jun 29 at 2:21 AM


Fig. 1: Phishing personal and private information from people is a huge business and it would seem that no one is immune from the temptation of making some fast money. It has to work – you get dozens of “offers” in your inbox daily. (Source: Gartner)

Fig. 2: The rapid proliferation of content on the Internet and the time-shifting of TV programs means a vast amount of entertainment content sits on your hard drive along with personal data that can be exposed to the world. (Source: Parks Associates)

Fig. 3: With rich content available from almost everywhere, people are increasingly grabbing their entertainment to store for later. Time-shifting a HighDef TV show can easily consume 20GB of storage capacity. (Source: Coughlin Associates)

Fig. 4: 100% data protection and security is virtually impossible. The important thing users have to do is put the best security process/procedure in place based on the criticality and sensitivity of the protected information. (Source: TheInfoPro)
"The ultimate computer, our own brain, uses only ten watts of power; one-tenth the energy consumed by a hundred-watt bulb." –- Paul Valery

The Electronic Freedom Foundation, governmental agencies and privacy groups around the globe are up in arms about the Meta data Google is grabbing from people’s searches. They’re “a little uptight” on how that personal information might be used.

Is it a potential problem? Sure.

Is it the problem? No.

The problem is you went digital. You opened yourself to every product, service, well-meaning/creative individual/organization and every whacko/evil-doer on the planet.

Microsoft, Amazon, eBay, Google, Apple and others need your information. The good guys want to sell you something. The others have bigger plans for your data.  Welcome to the wild ‘n wooly world of “1s” and “0s.” Microsoft for years has kept track of their property by inserting your tracking information.

Bill’s close personal friend at Apple broke down the entertainment barriers with no DRM (Digital Rights Management) iTunes.  Your embedded customer information comes free with every download purchases.

OK, so maybe Homeland Security did lose a hard drive with 100,000 plus employee records on it.   Maybe the FBI did lose 2,000+ notebooks with really cool information on them.  Maybe your bank or loan company lost “a few thousand files.”  They may have lost it … but it’s up to you to protect yourself from having a bad day.

Then there are the hackers, phishers of men, Trojan horse producers who have turned pro to help themselves to your information.  Of course thekidsatDoom9 and similar hangouts are good but they only do it for the challenge … for bragging rights.  Phishers and digital hijackers do it for profit.

Yeah.  You just won the Irish lottery. A thoughtful lawyer in London is going to help you get $1 million from some dude’s bank into your bank for a small fee. Some folks want to send you a free 50-in plasma screen.  The bank, eBay, your university and DailyTech just notified you that your account is being suspended unless you check your records.

P.T. Barnum was right…“There’s a sucker born every minute.”  And phishing is big business.

Sure you can delete but you’re still a long way from data safe.  Businesses lose data every day of the week.  So do individuals. Usually they never know it. Until it’s … too late!

Your Stuff
Look at your home system. You’ve got data, images, content (legal and grey) whipping around the house all the time. Putting a lead shield around the home network doesn’t do any good because you constantly reach out for … something.

While Tellywood swears we’re all reaching out for their valuable stuff, the fact is – at least in our household – it is stuff that is disarmingly free or something we already own. The kids load their drives with everything they can find.

They create a ton of their own. They load it on their MP3 players (audio, video) to take with them and to share. They throw it on their cell phones (which also hold a lot of personal data) and zap it to anyone who even looks like they are interested.  They love the control. It’s second nature. They not only want it … they expect it!

Who can blame them? But is their content protected? Kinda.

Digitally Comfortable
On a recent holiday, we sat in the airport with our son and he effortlessly got his system connected to the WiFi net.  Then he started searching. In 30 minutes he had tapped into the hard drives of three notebooks that were also online in the airport. The data? There for the taking.  And he wonders why we aren’t really excited about online banking!

Using our cell phone as a digital wallet is “logical”…to him!  All of that information is immediately available to be stolen the minute you let your guard down. Our digitally-active family is probably well on its way to surpassing most industry projections for home storage in 2010 by … oh, heck, late next year!

Since there’s no going back to music platters, VHS tapes or reams of paper, we’ve developed what we’d call a normal level of concern over our identity/data security.  We don’t buy online without thoroughly researching the outlet.

We make certain we don’t throw open the back door of our system and network to every person cruising the iNet looking for good stuff, good information they can “borrow.”

Next to healthy growth in storage; reasonable security products, applications will be more important than the next iTunes, YouTube or MySpace downloads.

There’s not much you can do about your personal information that already exists on the iNet. Finding and eliminating it isn’t a job,  it’s a career. But there’s no sense adding to the information outlay.

Paranoid Comfort
Andy Grove, former CEO of Intel, was fond of saying, “Only the paranoid survive.” We have what we’d call a healthy paranoia regarding our data – personal and professional.

We’ve got:

  • A good firewall on our network and system
  • A couple of honest passwords … not “password,” 1-2-3-4-5, first name or last name, address, phone number or guessable items
  • Healthy protection software that checks for phishing, viruses, system/network attacks
  • A good dose of common sense on what emails we open, attachments we open and websites we visit
On our systems we use some business level security functions that security professionals have found to be good as long as the individual connected to the keyboard uses them.

The Answers Are Out There
Fortunately there is a huge crowd of experts out there ready and more than willing to tell you what you should do to protect your data and personal information.

Buy stuff online isn’t a real issue as long as they have a secure payment location. But people are more cautious. It is more secure than calling a service center (somewhere on the globe) and giving them the information.

Our techno-savvy son also helped us add protection:
  • He showed us you can lock the browser status bar and “https” in the address bar to ensure we’re got a secure connection
  • Firefox 2 – our browser of choice -- has built-in detection of fraudulent sites
  • Our security suite is set up to prevent private data from being sent by blocking transmission or replacing the data
  • We secure our systems when the actual owner (or parent) isn’t using it
Since common sense seems to lapse and disconnecting your computer from the world is out of the question, there is good identity and security software you can find to keep your private data private.

If you’re not anxious to rush onto the web unexposed to find products to help, there’s always:
  • Microsoft great security packages
  • Symantec
  • Homeland Security
  • Your government officials
You know … the Big Dogs! None of them will work 100%.

As Germaine Greer noted, “Security is when everything is settled. When nothing can happen to you.”

Sneaky and bad guys always stay ahead of the protection tools you buy. The best computer security solution still runs on one-tenth the energy of a light-bulb.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: I'm curious
By othercents on 6/22/2007 1:00:42 PM , Rating: 4
You are still using WEP? I recommend WPA, but this security is localized that someone has to be near your house to be able to crack it.

Everyone needs four things:

1) A firewall. This can be a router or software firewall on your computer.

2) Antivirus. I personally use Avast which is free for home use. Get it at Avast.com. This is because you can download viruses from websites or emails.

3) Spyware protection. I use hijackthis, but it doesn't stop spyware, but removes it afterwards.

4) Common Sense. This is what many people I know lack. If someone came to your door saying that they will have a computer delivered to you for $20, would you give him cash? I expect that 80% of internet users would. Try it, I'm sure you can get some pocket money fast.

My security is simple. If you don't want people to have it don't save it to your computer, but if you have to then just turn it off after your done.

Other


RE: I'm curious
By Spivonious on 6/22/2007 4:11:35 PM , Rating: 1
Just to address some things that I didn't mention in my first post:

Antivirus - I have never and will never use an antivirus program. They simply slow things down too much. I've been using a PC since 1989 (connected to the Internet since 1992) and have yet to be infected with a virus.

Spyware - I do use Spybot and Adaware (and have for about four years now), but as of yet haven't been infected. I still scan about once a month just to be sure.

Firewall - I do have one in the router. The only thing visible from the Internet is the router.

WEP - This is enough to discourage the neighbors from stealing my Internet connection. If someone is really determined enough to get on the wireless network while sitting outside in the car, then they deserve what they get.

Common sense rules all; I agree. I still can't believe the number of people who download the latest screen saver emailed to them from someone they don't know and then are surprised to find they've been infected with spyware or a virus.


RE: I'm curious
By GeorgeOrwell on 6/23/2007 3:18:15 AM , Rating: 2
A secure installation will start with an outer firewall (facing outwards) and an inner firewall (facing inwards).

Sometimes there will be a special firewall for each computer that is higher risk that isolates the computer from being able to utilize the network except using particular protocols to specific addresses.

Of course, get rid of Windows/Mac and your risk profile goes way down. It is not saying the number of security issues is far lower, but you are no longer running an "easy pickings" profile with thousands of backdoors.

Also if you are using Windows/Mac that by US Federal mandate, Symantec and other big brands of Anti-Virus have built-in keyloggers. These keyloggers can be used by anyone who knows the activation packet sequence.

The common sense rule is to reduce the amount of so-called "security software" on the system to the absolute minimum. In the open source world, this is a far easier task. In the closed source world of Windows/Mac, essentially there is no way to make a machine secure.

Last of all, remember "security", including "anti-virus" is a VERY BIG BUSINESS. If you follow the money, you will understand the entire picture.


RE: I'm curious
By darkpaw on 6/23/2007 11:00:28 AM , Rating: 1
Did your distro come with a tin foil hat or did you make your own?


RE: I'm curious
By GeorgeOrwell on 6/23/2007 2:30:09 PM , Rating: 3
Before you dismiss what I have to say, why don't you spend 15 minutes with Google (via a proxy for the obvious reasons)? You will see all I am offering is facts and well-established best practices for firewall usage.

It wasn't too long ago that a German intelligence agency dropped Microsoft Windows. They found evidence of backdoors and chatter. This was the first big intelligence agency to drop Windows and so far, most others are following suit.

In the US, the NSA even published their own security enhancements/changes for Linux. If anyone is in a position to know that Windows is incapable of being made secure, it is the NSA.

You may not want to hear that Windows/Mac are easily exploited tools that contain many backdoors (and packet level phone homes that sit right above the theoretical noise limit of your connection).

Perhaps these ideas create a bit of dissonance with your world view. Nonetheless, you will come back to my words years from now, wishing you had listened.

The simple fact of the matter:

If you work with information, and wish to be a survivor, moving away from Windows/Mac is a very good thing to do.


RE: I'm curious
By CollegeTechGuy on 6/24/2007 12:20:10 PM , Rating: 2
Every operating system is suseptable to attacks just as much as any other, including Linux. The only difference is Windows and OSX are the 2 biggest OS's out there. So why would a hacker waist his time trying to figure out how to hack Linux backdoors when everyone is running Windows and OSX. Its the same idea why the best Anti-Virus programs are not the mainstream programs. Hackers write viruses to fool and actually turn off Norton and McAfee because those are the 2 biggest. You use a less common anti-virus your less likely to get infected. But its still possible, just like its still possible to hack Linux. It just doesn't happen as often because the only people who use Linux are people who are more computer literate like programmers and such...people who have the knowledge to write a virus or hack computers.

So don't go badmouthing Windows and OSX, because Linux is just as suseptable.


RE: I'm curious
By GeorgeOrwell on 6/25/2007 2:00:20 AM , Rating: 2
What you had to say supports my point:

If you run Windows/Mac, you have a higher risk profile.

There are simply orders of magnitude more machines out there, all more susceptible to common attacks vs. UNIX/Linux systems.

I'm being careful not to say "UNIX/Linux is unhackable", but strongly get across the factual statement that Linux/UNIX DOES have a lower risk profile. There are tons of already written hacks/worms/trojans/scripts/etc/etc/etc/etc/etc out there for Windows and Mac (Windows in particular). Add to this that the average Windows/Mac user doesn't even know how to tell if his or her machine is infected and, of course, these systems are the targets of choice.

No one in the know uses Windows/Mac if their information is important. You'd be safer posting it on a public forum. At least then you'd be more assured of your copyright.

At the end of the day, an individual cannot compete with the big business of "protection". All you can do is opt out. And that means open source Linux/UNIX.

Or, if you wish, you can choose to live in the dream world of "secure Windows" or "secure Mac".

In this dream world, you can pay your "protection", but as you stated, there are problems with it. Which, if you "follow the money", makes sense.

Because tomorrow is another day, with another threat, and with another payment on your protection.

Ultimately, those with courage do one thing. Those without, pay until they die.


RE: I'm curious
By porkpie on 6/25/2007 8:48:20 AM , Rating: 2
> What you had to say supports my point

Um, no he didn't support it at all. He said there are more viruses for Windows because its a larger target. NOT because it has "thousands of backdoors" built in.

Anti-virus programs don't contain built-in keyloggers. The German government switched off Microsoft because of anti-MS sentiment in the country, not because they "found evidence" of backdoors. And you don't need to use a proxy to prevent the CIA from killing you just for googling on any of these issues.

You're wrong on all these points sadly. Take off the tinfoil hat.

> I'm being careful not to say "UNIX/Linux is unhackable

That's good. Because on 4 of the past 9 years, Linux logged more CERT security bulletins than did Windows, despite it being a target 50 times smaller.


RE: I'm curious
By gradoman on 6/23/2007 12:44:09 PM , Rating: 2
Not to be an ass or anything, but how could you possibly know if you've been infected or not if you don't have antivirus? And spyware, you've never had spyware? You're pretty ace if you've never had any issues from 92 til now.

Common sense rules the day, but I must say, not having any of those issues is simply amazing.

Please enlighten me as to how you avoid all those issues, know that you're not infected and keep yourself isolated from the (hostile) world wide web.


RE: I'm curious
By GeorgeOrwell on 6/23/2007 2:57:04 PM , Rating: 2
Here is a small subset of tests that can get you started.

Data leakage:

1. If you are handy with WireShark (Ethereal), then you can monitor your packets. Use port mirroring on your switch so you can monitor from another machine easily. It will blow your mind to see how many programs (and web pages) are uploading data.

2. A simpler detection mechanism that often turns up some interesting information: reverse firewall your machine and look at the log of what communications are being attempted. This sort of reverse/inverse firewall is very common in the intelligence community.

Infection:

1. Image your machine before you install any software and/or connect it to the internet. Then compare what is on your machine today vs. the image. This is a basic measurement. It does not diagnose the problem, but does alert you to the problem. Note that many 'problems' hide themselves in ways that are difficult to detect -- i.e. inside encrypted OLE streams, encrypted containers, etc. You can see something changed, but because Microsoft's formats are all closed, you do not know if it is legit or not.

Beyond comparing images, there is no reliable way of telling if a machine is infected. Installing third party diagnosis software -- i.e. Symantec, Trend Micro, etc -- creates more problems than it solves.

It is far easier to avoid infection vs. avoiding data leakage. If you stay away from IE, Active X, VBScript, Microsoft Office, and other Microsoft software, you are ahead of the game. Then turn off Flash and Javascript in your browser. Of course, use an open source browser. (etc)

Remember that selling 'protection' is a very very old business. There are always a few 'examples' to make sure the rest of the customers keep paying...

Most importantly, ask yourself, continuously, "who benefits?" and you will gain the understanding you need to make your machine secure from both infection and data leakage.


RE: I'm curious
By Spivonious on 6/23/2007 9:44:33 PM , Rating: 2
George, I think it's safe to say that 99% of hackers run some form of a *nix. Do you think they don't know how to exploit it to its fullest? No O/S, regardless of how it was written is completely immune to attacks. To think so is idiotic. There's a healthy level of paranoia on the WWW and then there's you. I'm sure Symantec/McAfee/etc. create viruses to detect. Otherwise they wouldn't stay in business. They're just preying on the fact that there's a sucker born every minute.

Turning off ActiveX, VBScript, Flash, and Javascript (I notice you left Java applets out of this list, is it because Java is now open source?) severely limits your ability to interact with most modern webpages. Take of the conspiracy goggles and just accept that someone may be watching what you surf. Most likely they're doing it just to find out what to try to sell you next.


RE: I'm curious
By GeorgeOrwell on 6/25/2007 2:45:40 AM , Rating: 2
There is no such thing as "complete immunity". That is what the "protection" people are going to sell you. In the real world, it is all the dialectic:

We create the problem.
We offer the solution.
We get the result we want.

McAfee wrote the very first viruses for computers. This is how the "protection" racket got started. Obviously if you have "scan.exe" (the first checker) and it didn't find anything, well, that's not going to sell, is it??

So McAfee wrote up a bunch of viruses and made up fancy foreign names (Bangladesh, Cambodia, etc.) to align the viruses with countries that were not at the time aligned with "US interests". Never mind that these countries did not even have computers. Most of the dupes in the US would never know these details.

McAfee used the dialectic to jump start what is now a computer "protection" business worth many hundreds of billions worldwide.

As for Google, they are NSA from the get go. Palo Alto (where Google started out) was crawling with NSA staff all during the early days of Google. NSA has a live feed of Google. Whatever you search for is cataloged to your identity. This is why Germany (first) and other countries will make proxies like TOR illegal. You will be categorized as a "terrorist" in the near future if you use any sort of proxy.

The facts being what they are, you can at least reduce your risk of infection and data leakage by moving to Linux/UNIX open source. Yes, for better security, turn off Java in your browser too. There are external controls for Java VMs (and it is open source), but not for the other technologies I previously mentioned. Nonetheless, no Java = lower risk.

For the near future, you can have some privacy if you unplug from the Internet. That is the message of the original article.

In the farther out future, your computer will not boot unless it downloads an activation token from the Internet. Microsoft is working very hard to make this "real time activation validation" part of every Windows PC. Much of the infrastructure is running today on Windows XP SP2 and Vista. And what Microsoft cannot build into Windows, they make Intel and AMD build into the processors/chipsets/etc. We have all heard of LeGrande/Presidio/TPM/etc.

The real world is nothing like what it looks like on the surface. Google doesn't make its money on ads. It makes its money laundering money that is represented as "ad sales". This is why Google is the "least public" of any "public" company IN HISTORY. That is why just the founders, with their votes alone, can reject any shareholder proposals (such as voting down the recent anti-censorship proposal) (the very same as Yahoo! did). And, of course, the founders with their billions under the "protection" of the people who run the stock market... do whatever they are told to do. Wouldn't want that stock price to drop into the ocean... would you?

The "ad business" is the ultimate money laundering machine *and* the ultimate intelligence gathering system. "Ads" (i.e. spy machinery) on every web page... that is an NSA wet dream come true. And the sheer intangibility of "web ads" is the ultimate money laundering wet dream. Alchemy they call it.

This is why Google is the ultimate insider play. When it comes to money laundering... you do know what the CIA, NSA, Mossad, etc., really do, don't you?

For example: do you understand that opium production in Afghanistan is at an all time historic high? (after being dropped to zero by the Taliban). You know who owns these opium fields? (read up on your history). And how many many billions in drug money (just from this opium) needs to be put back into "the system" as clean money. Well, someone has to do this job. Fortunately there is Google, the ultimate alchemy of Big Brother & The Bank.

Or do you still believe in voting, home ownership, and the Easter Bunny?

Do you join Morpheus or do you go back to eating your noodles at the little shop?

Heavens... perhaps you are starting to understand the dialectic? The dialectic is the real secret, not the rubbish they call "The Secret".

What separates the meat creatures from the masters is less than you think, but more than you know.


RE: I'm curious
By Etsp on 6/26/2007 9:06:31 AM , Rating: 2
It was my understanding that the first computer virus was the (c)Brain virus, created in pakistan... and that John Mcafee got a copy of it and wrote an antivirus program to prevent it from working... I have yet to see you present any form of evidence for anything you have said. I have agreed to some of it... but you are making some rather big claims, and that sort of thing usually warrants at the very least, a link (from a credible source)


RE: I'm curious
By Etsp on 6/26/2007 9:08:00 AM , Rating: 2
*edit* first virus for the PC... PC != Computer...even more-so in the 1970's and 1980's


RE: I'm curious
By Spivonious on 6/23/2007 9:40:23 PM , Rating: 2
If I have had any viruses, they have gone undetected, and therefore really weren't viruses, at least malicious ones at that. Just to humor myself, I downloaded and installed avast and it did its scan and found nothing.

Up until around 2000 I had dial-up, so it was pretty easy to control when I was and wasn't connected to the Internet. When we went broadband, we were behind the router's firewall, so nothing could get in that we didn't want. And of course I didn't open any email attachments I wasn't expecting, disable all cookies except those I explicitly allow, pretty common sense stuff. Ad-Aware does pick up the occassional "tracking cookie", but I wouldn't consider those spyware. Spyware really didn't exist until broadband came around anyway.

Do I trust too much in the router's firewall? Perhaps, but that plus common sense hasn't failed me yet.


RE: I'm curious
By MobileZone on 6/25/2007 3:07:18 AM , Rating: 2
Staying behind a simple router firewall doesn't mean you're protected from hacker attacks in anyway. These ready-to-use firewalls only block known ports or have basic and limited security features. Also, if the user doesn't know how to configure it and lets it in the way it comes, they become even more useless.

Any basic hacker with basic knowledge can pass your "router firewall" as easy as taking kid's candy.

Router firewall is good, but just as a cherry on the cake's top.


RE: I'm curious
By Spivonious on 6/25/2007 11:03:10 AM , Rating: 2
Well, I guess my mind rests easy because I'm not a hacker target. They would find some ripped CDs, some games, and some old documents from college.

I'm curious how one can bypass the router's firewall. From the outside one does not even know there are computers hooked up to it. I have no port forwarding enabled so, unless I misunderstand, any incoming packets would have to be requested by me.


RE: I'm curious
By sxr7171 on 6/24/2007 11:39:33 PM , Rating: 2
I use an anti-virus only manually. I never let it sit there and run all the time. I just every now and then run a manual scan and that's it. I don't even have one installed yet on this new computer.


RE: I'm curious
By tdktank59 on 6/25/2007 11:57:48 AM , Rating: 2
antivirus...

you ever try norton corperate?

its the only one i trust and use lol sure its from then 90's... but its stayed updated and work ive never had a problem with it and it finds the viruses within seconds of it hitting the computer.

It dosnt bog my computer down any either!

unline norton 2007 just royal butt F*@&s my computer...


"A lot of people pay zero for the cellphone ... That's what it's worth." -- Apple Chief Operating Officer Timothy Cook




Latest By Andy Marken
Want Data Privacy? Get Off the Computer
June 22, 2007, 11:30 AM
Teachings of the Wii Generation
May 30, 2007, 7:06 PM













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki