« November 2006 | Main

December 11, 2006

One Last Thought

One Last Thought

Phishing for Security?

One prominent topic in Internet and computer security, which I never got the chance to cover, is the Phishing epidemic. When I first encountered the term, it seemed ironically clever. I had always completely disregarded these emails, which try to lure people into entering sensitive perosnal information into mock web sites. However, this is a legitimate form of identity theft — so much so that an entire association has been created to combat phishing: "PhishTank is a free community site where anyone can submit, verify, track and share phishing data."

Phishing is most commonly found in your email inbox. Spam email is unsolicited junk email that is usually trying to get you to buy something or somehow extract personal information. Bill Gates claimed only three years that by now, spam would be completely eliminated. Unfortunately, some reports say that worldwide spam has doubled in only the last year. This is because of new, clever ways of delivering junk mail. Currently, plenty of junk email leaks through my junk filter because of the way it is digsuised. Often times, emails will be sent as large picture files. This way, although many filters will detect spam in text form, they have not mastered the automatic detection of large images that delivery similar phishing messages. All year I have received a similar notification from "5th 3rd Bank" to update my account information, a request I have repeatedly deleted and denied.

PhishTank allows everyone to report sites like these and make everyone aware that this is a scam. However, some phishermen are becoming increasingly clever, targeting people for identity theft not just through picture files in email. Some send an email with silent and unnoticed script that occurs when opened. This script is programmed to rewrite the Host file on your computer. What does this mean??? Well, if the hacker changes your Host file, when you go to update your information on, for example, Amazon.com, you may not be going to Amazon. The hacker will change the Host file so when you go to this site, you are actually taken to a copy-cat site and prompted to re-authenticate your information. The host script, which supercedes the DNS server you attempt to contact when you enter the website, can fool many users into giving out sensitive information to hackers and identity thieves.

So how should the common user combat this? For starters, don't open suspicious emails. Then, look at all the other various tips throughout the rest of our blog. We've compiled some good ones, stay safe!

Posted by dketch at 07:42 AM | Comments (0) | TrackBack

December 10, 2006

Summary of Del.icio.us and our Sources

Summary of Delicious and our Sources

Summary of Delicious and our Sources

While researching for this project, each source that we have used can be found in our delicious accounts (helefter, kalbindo, dketch). We hope that we have raised your awareness about current news relating to security and privacy issues in the IT Industry.

Henry tended to use internet websites such as Techweb.com, CNN.com and Wired.com. He favors these websites because once directed to the main page, there are different tabs you can click on to search for topic specific news, whether it be software, networking, security or privacy. These tabs allowed him to accumulate a wide variety of tags in which to access upcoming developments in the IT Industry. Many of these tags related to security software, while others discussed trends that specific companies are using to safeguard their data.

Karlin would Google "latest technology" and as a result, a bunch of sites would appear regarding the latest technology news. She would randomly enter the sites, not knowing what she would find, and play around on the sites and tag along as she read the news. For example, Karlin was very interested in apple related news, specifically the ipone. As a result, she would google "latest iphone news" and follow up on what's coming next. She would also use sites such as CNN, BBC, or technology review.

When sitting down to tag on del.icio.us, Dan often found himself going straight to his own del.icio.us page. From here he would usually type in a tag search using various key words to find articles relating to our topic. Often searches would include common tags such as security, Internet, business, corporate, web, phishing, identity theft, and various terms of this nature. When he would find a topic that interested him, he would alter his tag searches to find more specific results regarding that topic. Another site, which usually would lead him in the right direction, was news.com. This site, which was stumbled upon in one of his searches, is a quick guide to many computer and Internet security topics. Any of the links on this page leads to a comprehensive report on the current status of technological security in the specified area. Further, each page leads to various links on the newest updates in all kinds of computer and Internet security. On occasion, searches on del.icio.us and the "A to Z´s of Security" would lead to a dead-end in tagging. In these instances, he would often turn his attention to Google searches to broaden his scope and find sites to tag off of the del.icio.us database.

Posted by helefter at 05:23 PM | Comments (0) | TrackBack

Summary of Security Related Developments in the IT Industry

Summary of Security Related Developments in the IT Industry

Summary of Security Related Developments in the IT Industry

The purpose of our group’s (Group 35) topic was to explore the upcoming and developing trends associated with security issues related to the IT (Information Technology) Industry. These issues could deal with the protection of company specific networks, online gateways to information, or even simply the operating software that we use in our everyday lives. Our goal was to be able to identify these trends of how the industry is changing, whether commercial or business related, and to discuss advancements in technology or new strategies being taken to help alleviate this issue of online security.

Security related threats are all over the news and play an integral role in how we do business online. Whether you are a business structuring a database to house all the information about past customers, or an individual consumer trying to purchase goods online, the issue of safekeeping your data is always an important one. By understanding and realizing that the IT Industry can help facilitate ones’ access to information, it is also important to remember that it is also just as difficult to safeguard that information to allow only those with access to it.

We have seen a variety of security related stories throughout the course of the semester, one being the release of new internet web browsers to hinder the threat of hackers. Both Mozilla Firefox and Internet Explorer have come out with newer versions of their browsing software. Each version was concerned with negative publicity in the media, claming that hackers have found vulnerabilities in the source code, allowing for users’ information to be at risk. While this cat and mouse game between hackers and businesses has been a constant theme in the past, companies are taking the issue of vulnerabilities (such as the loss of customer data) more seriously as they attempt to attract potential customers and increase profitability.

Operating systems and competing antivirus and security protection software has been another popular topic of debate. Companies such as Norton Antivirus and McAfee are fighting firms such as Microsoft as they come out with their own privacy protection and antivirus software to appease its users. As this comes out to a win-win situation for the user, this was not always the case. Almost weekly, there is another clam by hackers that additional vulnerabilities could be taken advantage of to hijack a system and use it for unwarranted purposes. Pictures embedded with Trojan horse viruses equipped with their own antivirus software are one recent development in this struggle for security.

Where does this leave us? We end almost exactly where we started; in a heated battle between privacy issues and the threat of security vulnerabilities to both consumers and businesses. However, one major issue has changed: This struggle is becoming increasingly more popular in the media. With the bar continually being raised, more and more is at stake as millions of consumers continue switch their habits towards using the internet rather than traditional methods as the year progresses.

Thank You

Posted by helefter at 05:09 PM | Comments (0) | TrackBack

December 08, 2006

Online Shopping (14)

Online Shopping

Online Shopping

I was wondering how secure is online shopping, because it can get pretty addictive. I used to go to the store to buy clothes because that's the fun of it, to try them on and to make that decision right on the spot... Walking around department stores... But I started buying online items especially from Victoria's Secret, because they offer crazy sales when you buy them in a bulk.

But they get addictive not only because they offer those sales, but once you buy them, they will keep sending you offers and other sales that entice you to buying more products from them. I love VS flannel pajamas - they are really comfortable, and their online store people NEVER fail to email me stuff about offers related to them. And this caught my attention: why do they keep sending me emails, and how do they know?

Today we learnt about how companies have our information and our spending habits, and I got scared because they have much more information about me than I would like them to have. I don't care if they have my home address because I keep moving in and out of apartments anyway, but the fact that they have my spending habits and other detail information will drive me crazy.

But I think it's okay as long as they keep these information to themselves. If they ended up selling my information to other companies, that will be VERY bad. That's unforgivable. That's violating my privacy right as an individual customer.

But the again, even if they were to sell my information to other companies, how would I know, until I start receiving weird emails and such? There are many instances when customers don't know what's going on at the other side, and I think that companies easily can take advantage of this to make more money for themselves.

So how is it possible for me to stay safe, even though I'm legally protected by laws and such? I don't think there's any one straight-cut path, and I don't think it's sensible to not do online shopping anymore just because of this. I guess it all comes down to the company's integrity and my (or the customers') alertness towards this matter.

Posted by kalbindo at 02:08 PM | Comments (0) | TrackBack

December 07, 2006

Secure Sockets Layer (13)

Secure Sockets Layer

Secure Sockets Layer

Today while doing my online banking, I saw the word "SSL" at the bottom of the page, and being a curious person that I am, I went online to search for it. So here is a little bit of what I have learnt about it.

SSL is Secure Sockets Layer, and it provides another layer of security to internet users as to help prevent other people from tampering or doing all those bad stuff. It basically needs 2 different accesses: the public key that everyone can see, and the private one that only you can provide.

These are the 3 basic phases:

  • algorhithm support
  • public key encryption
  • symmetric cypher

    The cool thing is, many sites are SSL, and you can know when it's "https:" instead of "http". I became so much more aware of the sites I enter after I learnt about it. Well, now you'd feel a little more at ease if you see that little "s" behind.

    Posted by kalbindo at 03:42 PM | Comments (0) | TrackBack

    Security in Businesses (12)

    Security between work and home

    Security between work and home

    If you walk into any corporate office you will probably see rows of cubicles with employees busy at work inside. In young, innovative companies, it is a common practice for employees to bring in an iPod or other digital music player to the office to listen while they pick at their work all day. Harmless? At first glance maybe, but this is an increasing security risk for many corporations.

    Often times the company-supplied computers at employees' desks are all linked to the same server. With employees bringing in digital music players from home, they could very easily bring viruses from their home computers to work with them too. Similarly, if I were to take some work home with me one evening to work on my PC, the easiest way to transport the files back to my office computer would be through a simple USB jump drive. Unfortunately, these increasingly common devices carry the same risk: the chance that the files I bring from home could be tainted and effect the entire company's network.

    Furthermore, bringing your files from home may not be exactly "copyright kosher." Files from an employee's personal computer could unkowingly be pirated or illegally downloaded media files. While this seems harmless enough, the company you work for could inadvertently infringe on copyright laws just because the files have been brought into the office with you.

    So what are companies doing? Some have gone as far as banning such devices. Others, filling USB ports with glue to prevent employees from bringing in uncensored files from their home computers. Too bad if you are someone who can only make it through the day with a little music to sooth the office monotony. But, from the company's perspective, better the employees listen to the radio than inadvertently uleash a company-wide virus.

    Posted by dketch at 04:52 AM | Comments (0) | TrackBack

    December 06, 2006

    Software Debate of Electronic Voting Machines: Good or Bad? (11)

    Software Debate of Electronic Voting Machines: Good or Bad?

    Software Debate of Electronic Voting Machines: Good or Bad?

    Following the highly confrontation presidential election of 2000, millions of American citizens began researching an alternative to the old fashioned procedure of “paper ballots.? After strenuous debates over what steps should be taken, the emergence of electronic voting systems began to be implemented. This technical fix as a solution to myriad problems in voting procedures posed yet again another difficult question to the majority of the population. "We're trusting the fate of our democracy to technology that's not ready yet," said Tadayoshi Kohno, a computer security expert at the University of San Diego in California. Since many old fashioned Americans do not trust new technology, due partially to their lack of knowledge about software and security issues as well as not wanting to innovate , it is hard for people to welcome this type of rapid change in voting methods. This may be explained by looking at the premise behind Frost’s law where many people have an unwillingness to adapt to new technologies because they feel it is unnecessary, given the front-end efforts required to adopt them. While the idea of electronic voting machines is a good one in the abstract, many problems still exist. The securities of the network and interface glitches, associated with the trust in these systems, have made people reluctant to embrace them.

    With the rapid development of electronic voting machines, many experts claim that these machines are poorly engineered, unable to protect the information they guard, and at times fail to work properly. The software used in the predominant proprietary voting machines is owned by individual companies and protected by law, preventing people from accessing their software code to make the structure of voting machines transparent. One version of an electronic voting machine, produced by Diebold does not allow for a receipt after someone has voted. Under the protection of the Digital Millennium Copyright Act of 1998, Diebold has threatened to sue computer scientists who tried to figure out exactly how e-voting software works. I find actions similar to those taken by Diebold, preventing the creation of new ideas through transparent software, a severe problem our society must deal with. Procedures that sanction the idea of improving upon technology and desire to protect individual information instills upon the minds of the users that illegitimate and corruptive goals are prominent in the creation of the software. This is one major component as to why internet users and voters alike are weary of adapting new technologies.

    Many experts believe that open source code is more reliable, enabling the “glitches? of the software to be recognized and quickly stopped before hackers are able to take advantage. Since proprietary software does not allow for confirmation on what is supposed to happen, many people doubt that their votes were recorded properly in the database. If people were able to observe and fully understand the capabilities and uses for the voting software, then the public may begin to place their trust in these systems and consequently, in the idea that their information can be stored securely and taken care of. As the new elections begin to creep upon us, the hope that voters will have faith in the software and its security capabilities is a topic that almost everyone is anxious to find out.

    Posted by helefter at 10:18 PM | Comments (0) | TrackBack

    December 05, 2006

    PAPA Framework and Online Retailers

    PAPA Framework and Online Retailers

    In this new age of information, a serious and avoidable question has emerged itself from the channels of the internet and widespread information systems: How do we stay ethical with our use of information. The four main issues, known as P.A.P.A. (Privacy, Accuracy, Property and Access) discussed in depth of the Richard Mason article act as a foundation for what online consumers are beginning to see on the internet. The Wall Street Journal article Online retailers are Watching You discusses current advertisings trends of major online distributors, and how they use of this information (P.A.P.A.) may be infringed upon.

    From reviewing the Wall Street Journal Article, companies are tracking customer specific data online to track their buying habits. After accumulating this data, they continue to price discriminate these users to both cash in on greater profits as well as attract a wider potential consumer base. The question then becomes whether or not these secretive practices are a violation of the P.A.P.A. ethics code of conduct (as mentioned by Mr. Mason).

    Speaking specifically from a privacy standpoint, the tactics taken by online retailers discussed in the Wall Street Journal could be considered a violation. One reason for this claim is the fact that most data recorded by online websites are stored and then sold to other companies wanting to use this information. Without personal consent of the user, we believe this type of practice is a violation of confidential information.

    From an accuracy and property perspective, we believe that although important, the practices taken on are not a violation because the information is accumulated by the individual user. For this reason, the database of information stored about a particular person can only be accurate, because it is needed for shipping purposes. Hence, there is no way for the user to type in incorrect data about himself/herself.

    Lastly, in terms of accessibility, the practices taken by online retailers could be considered an infraction of the P.A.P.A. ethics code. Users who type in their sensitive information may not wish for it to be distributed. Distributing these information violates privacy rights of individuals, and these companies should be liable for a lawsuit.

    Internet has undoubtedly increased the efficiency of goods exchange in the market, and even to the point where physical contact or communication is no longer necessary. At the same time, however, internet users become more susceptible to dangers that they might not even be aware of; this becomes an incentive for companies to manipulate the information that they receive from customers. Therefore customers should always be alert when it comes to protecting their own privacy rights, and be quick to take action when they find that their information is being shared.

    Posted by helefter at 11:59 PM | Comments (0) | TrackBack

    December 03, 2006

    Email Via Cellphone - Secure? (10)

    Email Via Cellphone-Secure?

    Email Via Cellphone-Secure?

    In Japan, for the older generation who are not familiar with computers, "emailing" pretty much means using the phone to message someone. You type in your message in your phone, and send it to another person's phone, or computer email. For example, if I have a cell phone, I will be able to send an email to your Umich webmail account. I don't know how that works, but it does, and I thought that it was pretty cool.

    My friend who didn't have a phone will just use her computer to email her friend's phone before they were to meet up. It's definitely convenient. And I don't think there are extra charges for this function.

    However, how safe is it to use an email account to send a message to a phone? After all, it's through internet connection and such. You know, when your friend was about to send you an email from her computer to your phone, if someone was actually hacking her computer, your phone information might be revealed. And these things are inevitable.

    I'm not saying that it's dangerous to do that, but it's the "what if" that caught my attention. The hacker will be able to sell your information to sales marketer and other companies, and you might need to change your phone number in the end.

    I don't know how much more secure the internet connection needs to be before you shouldn't use this function, and I think it's a problem in US because that function has just been introduced really recently, and who knows what might happen. It's new, and there's no complaints or bad things that happened yet, but I think those who are using this function should really be careful. After all, we're talking about internet security, who's constantly being abused everyday.

    Posted by kalbindo at 01:01 AM | Comments (0) | TrackBack