backtop


Print 29 comment(s) - last by Trisped.. on Jun 29 at 2:21 AM


Fig. 1: Phishing personal and private information from people is a huge business and it would seem that no one is immune from the temptation of making some fast money. It has to work – you get dozens of “offers” in your inbox daily. (Source: Gartner)

Fig. 2: The rapid proliferation of content on the Internet and the time-shifting of TV programs means a vast amount of entertainment content sits on your hard drive along with personal data that can be exposed to the world. (Source: Parks Associates)

Fig. 3: With rich content available from almost everywhere, people are increasingly grabbing their entertainment to store for later. Time-shifting a HighDef TV show can easily consume 20GB of storage capacity. (Source: Coughlin Associates)

Fig. 4: 100% data protection and security is virtually impossible. The important thing users have to do is put the best security process/procedure in place based on the criticality and sensitivity of the protected information. (Source: TheInfoPro)
"The ultimate computer, our own brain, uses only ten watts of power; one-tenth the energy consumed by a hundred-watt bulb." –- Paul Valery

The Electronic Freedom Foundation, governmental agencies and privacy groups around the globe are up in arms about the Meta data Google is grabbing from people’s searches. They’re “a little uptight” on how that personal information might be used.

Is it a potential problem? Sure.

Is it the problem? No.

The problem is you went digital. You opened yourself to every product, service, well-meaning/creative individual/organization and every whacko/evil-doer on the planet.

Microsoft, Amazon, eBay, Google, Apple and others need your information. The good guys want to sell you something. The others have bigger plans for your data.  Welcome to the wild ‘n wooly world of “1s” and “0s.” Microsoft for years has kept track of their property by inserting your tracking information.

Bill’s close personal friend at Apple broke down the entertainment barriers with no DRM (Digital Rights Management) iTunes.  Your embedded customer information comes free with every download purchases.

OK, so maybe Homeland Security did lose a hard drive with 100,000 plus employee records on it.   Maybe the FBI did lose 2,000+ notebooks with really cool information on them.  Maybe your bank or loan company lost “a few thousand files.”  They may have lost it … but it’s up to you to protect yourself from having a bad day.

Then there are the hackers, phishers of men, Trojan horse producers who have turned pro to help themselves to your information.  Of course thekidsatDoom9 and similar hangouts are good but they only do it for the challenge … for bragging rights.  Phishers and digital hijackers do it for profit.

Yeah.  You just won the Irish lottery. A thoughtful lawyer in London is going to help you get $1 million from some dude’s bank into your bank for a small fee. Some folks want to send you a free 50-in plasma screen.  The bank, eBay, your university and DailyTech just notified you that your account is being suspended unless you check your records.

P.T. Barnum was right…“There’s a sucker born every minute.”  And phishing is big business.

Sure you can delete but you’re still a long way from data safe.  Businesses lose data every day of the week.  So do individuals. Usually they never know it. Until it’s … too late!

Your Stuff
Look at your home system. You’ve got data, images, content (legal and grey) whipping around the house all the time. Putting a lead shield around the home network doesn’t do any good because you constantly reach out for … something.

While Tellywood swears we’re all reaching out for their valuable stuff, the fact is – at least in our household – it is stuff that is disarmingly free or something we already own. The kids load their drives with everything they can find.

They create a ton of their own. They load it on their MP3 players (audio, video) to take with them and to share. They throw it on their cell phones (which also hold a lot of personal data) and zap it to anyone who even looks like they are interested.  They love the control. It’s second nature. They not only want it … they expect it!

Who can blame them? But is their content protected? Kinda.

Digitally Comfortable
On a recent holiday, we sat in the airport with our son and he effortlessly got his system connected to the WiFi net.  Then he started searching. In 30 minutes he had tapped into the hard drives of three notebooks that were also online in the airport. The data? There for the taking.  And he wonders why we aren’t really excited about online banking!

Using our cell phone as a digital wallet is “logical”…to him!  All of that information is immediately available to be stolen the minute you let your guard down. Our digitally-active family is probably well on its way to surpassing most industry projections for home storage in 2010 by … oh, heck, late next year!

Since there’s no going back to music platters, VHS tapes or reams of paper, we’ve developed what we’d call a normal level of concern over our identity/data security.  We don’t buy online without thoroughly researching the outlet.

We make certain we don’t throw open the back door of our system and network to every person cruising the iNet looking for good stuff, good information they can “borrow.”

Next to healthy growth in storage; reasonable security products, applications will be more important than the next iTunes, YouTube or MySpace downloads.

There’s not much you can do about your personal information that already exists on the iNet. Finding and eliminating it isn’t a job,  it’s a career. But there’s no sense adding to the information outlay.

Paranoid Comfort
Andy Grove, former CEO of Intel, was fond of saying, “Only the paranoid survive.” We have what we’d call a healthy paranoia regarding our data – personal and professional.

We’ve got:

  • A good firewall on our network and system
  • A couple of honest passwords … not “password,” 1-2-3-4-5, first name or last name, address, phone number or guessable items
  • Healthy protection software that checks for phishing, viruses, system/network attacks
  • A good dose of common sense on what emails we open, attachments we open and websites we visit
On our systems we use some business level security functions that security professionals have found to be good as long as the individual connected to the keyboard uses them.

The Answers Are Out There
Fortunately there is a huge crowd of experts out there ready and more than willing to tell you what you should do to protect your data and personal information.

Buy stuff online isn’t a real issue as long as they have a secure payment location. But people are more cautious. It is more secure than calling a service center (somewhere on the globe) and giving them the information.

Our techno-savvy son also helped us add protection:
  • He showed us you can lock the browser status bar and “https” in the address bar to ensure we’re got a secure connection
  • Firefox 2 – our browser of choice -- has built-in detection of fraudulent sites
  • Our security suite is set up to prevent private data from being sent by blocking transmission or replacing the data
  • We secure our systems when the actual owner (or parent) isn’t using it
Since common sense seems to lapse and disconnecting your computer from the world is out of the question, there is good identity and security software you can find to keep your private data private.

If you’re not anxious to rush onto the web unexposed to find products to help, there’s always:
  • Microsoft great security packages
  • Symantec
  • Homeland Security
  • Your government officials
You know … the Big Dogs! None of them will work 100%.

As Germaine Greer noted, “Security is when everything is settled. When nothing can happen to you.”

Sneaky and bad guys always stay ahead of the protection tools you buy. The best computer security solution still runs on one-tenth the energy of a light-bulb.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: I'm curious
By GeorgeOrwell on 6/23/2007 2:57:04 PM , Rating: 2
Here is a small subset of tests that can get you started.

Data leakage:

1. If you are handy with WireShark (Ethereal), then you can monitor your packets. Use port mirroring on your switch so you can monitor from another machine easily. It will blow your mind to see how many programs (and web pages) are uploading data.

2. A simpler detection mechanism that often turns up some interesting information: reverse firewall your machine and look at the log of what communications are being attempted. This sort of reverse/inverse firewall is very common in the intelligence community.

Infection:

1. Image your machine before you install any software and/or connect it to the internet. Then compare what is on your machine today vs. the image. This is a basic measurement. It does not diagnose the problem, but does alert you to the problem. Note that many 'problems' hide themselves in ways that are difficult to detect -- i.e. inside encrypted OLE streams, encrypted containers, etc. You can see something changed, but because Microsoft's formats are all closed, you do not know if it is legit or not.

Beyond comparing images, there is no reliable way of telling if a machine is infected. Installing third party diagnosis software -- i.e. Symantec, Trend Micro, etc -- creates more problems than it solves.

It is far easier to avoid infection vs. avoiding data leakage. If you stay away from IE, Active X, VBScript, Microsoft Office, and other Microsoft software, you are ahead of the game. Then turn off Flash and Javascript in your browser. Of course, use an open source browser. (etc)

Remember that selling 'protection' is a very very old business. There are always a few 'examples' to make sure the rest of the customers keep paying...

Most importantly, ask yourself, continuously, "who benefits?" and you will gain the understanding you need to make your machine secure from both infection and data leakage.


RE: I'm curious
By Spivonious on 6/23/2007 9:44:33 PM , Rating: 2
George, I think it's safe to say that 99% of hackers run some form of a *nix. Do you think they don't know how to exploit it to its fullest? No O/S, regardless of how it was written is completely immune to attacks. To think so is idiotic. There's a healthy level of paranoia on the WWW and then there's you. I'm sure Symantec/McAfee/etc. create viruses to detect. Otherwise they wouldn't stay in business. They're just preying on the fact that there's a sucker born every minute.

Turning off ActiveX, VBScript, Flash, and Javascript (I notice you left Java applets out of this list, is it because Java is now open source?) severely limits your ability to interact with most modern webpages. Take of the conspiracy goggles and just accept that someone may be watching what you surf. Most likely they're doing it just to find out what to try to sell you next.


RE: I'm curious
By GeorgeOrwell on 6/25/2007 2:45:40 AM , Rating: 2
There is no such thing as "complete immunity". That is what the "protection" people are going to sell you. In the real world, it is all the dialectic:

We create the problem.
We offer the solution.
We get the result we want.

McAfee wrote the very first viruses for computers. This is how the "protection" racket got started. Obviously if you have "scan.exe" (the first checker) and it didn't find anything, well, that's not going to sell, is it??

So McAfee wrote up a bunch of viruses and made up fancy foreign names (Bangladesh, Cambodia, etc.) to align the viruses with countries that were not at the time aligned with "US interests". Never mind that these countries did not even have computers. Most of the dupes in the US would never know these details.

McAfee used the dialectic to jump start what is now a computer "protection" business worth many hundreds of billions worldwide.

As for Google, they are NSA from the get go. Palo Alto (where Google started out) was crawling with NSA staff all during the early days of Google. NSA has a live feed of Google. Whatever you search for is cataloged to your identity. This is why Germany (first) and other countries will make proxies like TOR illegal. You will be categorized as a "terrorist" in the near future if you use any sort of proxy.

The facts being what they are, you can at least reduce your risk of infection and data leakage by moving to Linux/UNIX open source. Yes, for better security, turn off Java in your browser too. There are external controls for Java VMs (and it is open source), but not for the other technologies I previously mentioned. Nonetheless, no Java = lower risk.

For the near future, you can have some privacy if you unplug from the Internet. That is the message of the original article.

In the farther out future, your computer will not boot unless it downloads an activation token from the Internet. Microsoft is working very hard to make this "real time activation validation" part of every Windows PC. Much of the infrastructure is running today on Windows XP SP2 and Vista. And what Microsoft cannot build into Windows, they make Intel and AMD build into the processors/chipsets/etc. We have all heard of LeGrande/Presidio/TPM/etc.

The real world is nothing like what it looks like on the surface. Google doesn't make its money on ads. It makes its money laundering money that is represented as "ad sales". This is why Google is the "least public" of any "public" company IN HISTORY. That is why just the founders, with their votes alone, can reject any shareholder proposals (such as voting down the recent anti-censorship proposal) (the very same as Yahoo! did). And, of course, the founders with their billions under the "protection" of the people who run the stock market... do whatever they are told to do. Wouldn't want that stock price to drop into the ocean... would you?

The "ad business" is the ultimate money laundering machine *and* the ultimate intelligence gathering system. "Ads" (i.e. spy machinery) on every web page... that is an NSA wet dream come true. And the sheer intangibility of "web ads" is the ultimate money laundering wet dream. Alchemy they call it.

This is why Google is the ultimate insider play. When it comes to money laundering... you do know what the CIA, NSA, Mossad, etc., really do, don't you?

For example: do you understand that opium production in Afghanistan is at an all time historic high? (after being dropped to zero by the Taliban). You know who owns these opium fields? (read up on your history). And how many many billions in drug money (just from this opium) needs to be put back into "the system" as clean money. Well, someone has to do this job. Fortunately there is Google, the ultimate alchemy of Big Brother & The Bank.

Or do you still believe in voting, home ownership, and the Easter Bunny?

Do you join Morpheus or do you go back to eating your noodles at the little shop?

Heavens... perhaps you are starting to understand the dialectic? The dialectic is the real secret, not the rubbish they call "The Secret".

What separates the meat creatures from the masters is less than you think, but more than you know.


RE: I'm curious
By Etsp on 6/26/2007 9:06:31 AM , Rating: 2
It was my understanding that the first computer virus was the (c)Brain virus, created in pakistan... and that John Mcafee got a copy of it and wrote an antivirus program to prevent it from working... I have yet to see you present any form of evidence for anything you have said. I have agreed to some of it... but you are making some rather big claims, and that sort of thing usually warrants at the very least, a link (from a credible source)


RE: I'm curious
By Etsp on 6/26/2007 9:08:00 AM , Rating: 2
*edit* first virus for the PC... PC != Computer...even more-so in the 1970's and 1980's


"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein




Latest By Andy Marken
Want Data Privacy? Get Off the Computer
June 22, 2007, 11:30 AM
Teachings of the Wii Generation
May 30, 2007, 7:06 PM













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki