helefter's blog

One Last Thought

Mon, 11 Dec 2006 07:42:04 -0500

One Last Thought

Phishing for Security?

One prominent topic in Internet and computer security, which I never got the chance to cover, is the Phishing epidemic. When I first encountered the term, it seemed ironically clever. I had always completely disregarded these emails, which try to lure people into entering sensitive perosnal information into mock web sites. However, this is a legitimate form of identity theft — so much so that an entire association has been created to combat phishing: "PhishTank is a free community site where anyone can submit, verify, track and share phishing data."

Phishing is most commonly found in your email inbox. Spam email is unsolicited junk email that is usually trying to get you to buy something or somehow extract personal information. Bill Gates claimed only three years that by now, spam would be completely eliminated. Unfortunately, some reports say that worldwide spam has doubled in only the last year. This is because of new, clever ways of delivering junk mail. Currently, plenty of junk email leaks through my junk filter because of the way it is digsuised. Often times, emails will be sent as large picture files. This way, although many filters will detect spam in text form, they have not mastered the automatic detection of large images that delivery similar phishing messages. All year I have received a similar notification from "5th 3rd Bank" to update my account information, a request I have repeatedly deleted and denied.

PhishTank allows everyone to report sites like these and make everyone aware that this is a scam. However, some phishermen are becoming increasingly clever, targeting people for identity theft not just through picture files in email. Some send an email with silent and unnoticed script that occurs when opened. This script is programmed to rewrite the Host file on your computer. What does this mean??? Well, if the hacker changes your Host file, when you go to update your information on, for example, Amazon.com, you may not be going to Amazon. The hacker will change the Host file so when you go to this site, you are actually taken to a copy-cat site and prompted to re-authenticate your information. The host script, which supercedes the DNS server you attempt to contact when you enter the website, can fool many users into giving out sensitive information to hackers and identity thieves.

So how should the common user combat this? For starters, don't open suspicious emails. Then, look at all the other various tips throughout the rest of our blog. We've compiled some good ones, stay safe!

Summary of Del.icio.us and our Sources

Sun, 10 Dec 2006 17:23:49 -0500

Summary of Delicious and our Sources

While researching for this project, each source that we have used can be found in our delicious accounts (helefter, kalbindo, dketch). We hope that we have raised your awareness about current news relating to security and privacy issues in the IT Industry.

Henry tended to use internet websites such as Techweb.com, CNN.com and Wired.com. He favors these websites because once directed to the main page, there are different tabs you can click on to search for topic specific news, whether it be software, networking, security or privacy. These tabs allowed him to accumulate a wide variety of tags in which to access upcoming developments in the IT Industry. Many of these tags related to security software, while others discussed trends that specific companies are using to safeguard their data.

Karlin would Google "latest technology" and as a result, a bunch of sites would appear regarding the latest technology news. She would randomly enter the sites, not knowing what she would find, and play around on the sites and tag along as she read the news. For example, Karlin was very interested in apple related news, specifically the ipone. As a result, she would google "latest iphone news" and follow up on what's coming next. She would also use sites such as CNN, BBC, or technology review.

When sitting down to tag on del.icio.us, Dan often found himself going straight to his own del.icio.us page. From here he would usually type in a tag search using various key words to find articles relating to our topic. Often searches would include common tags such as security, Internet, business, corporate, web, phishing, identity theft, and various terms of this nature. When he would find a topic that interested him, he would alter his tag searches to find more specific results regarding that topic. Another site, which usually would lead him in the right direction, was news.com. This site, which was stumbled upon in one of his searches, is a quick guide to many computer and Internet security topics. Any of the links on this page leads to a comprehensive report on the current status of technological security in the specified area. Further, each page leads to various links on the newest updates in all kinds of computer and Internet security. On occasion, searches on del.icio.us and the "A to Z´s of Security" would lead to a dead-end in tagging. In these instances, he would often turn his attention to Google searches to broaden his scope and find sites to tag off of the del.icio.us database.

Summary of Security Related Developments in the IT Industry

Sun, 10 Dec 2006 17:09:27 -0500

Summary of Security Related Developments in the IT Industry

The purpose of our group’s (Group 35) topic was to explore the upcoming and developing trends associated with security issues related to the IT (Information Technology) Industry. These issues could deal with the protection of company specific networks, online gateways to information, or even simply the operating software that we use in our everyday lives. Our goal was to be able to identify these trends of how the industry is changing, whether commercial or business related, and to discuss advancements in technology or new strategies being taken to help alleviate this issue of online security.

Security related threats are all over the news and play an integral role in how we do business online. Whether you are a business structuring a database to house all the information about past customers, or an individual consumer trying to purchase goods online, the issue of safekeeping your data is always an important one. By understanding and realizing that the IT Industry can help facilitate ones’ access to information, it is also important to remember that it is also just as difficult to safeguard that information to allow only those with access to it.

We have seen a variety of security related stories throughout the course of the semester, one being the release of new internet web browsers to hinder the threat of hackers. Both Mozilla Firefox and Internet Explorer have come out with newer versions of their browsing software. Each version was concerned with negative publicity in the media, claming that hackers have found vulnerabilities in the source code, allowing for users’ information to be at risk. While this cat and mouse game between hackers and businesses has been a constant theme in the past, companies are taking the issue of vulnerabilities (such as the loss of customer data) more seriously as they attempt to attract potential customers and increase profitability.

Operating systems and competing antivirus and security protection software has been another popular topic of debate. Companies such as Norton Antivirus and McAfee are fighting firms such as Microsoft as they come out with their own privacy protection and antivirus software to appease its users. As this comes out to a win-win situation for the user, this was not always the case. Almost weekly, there is another clam by hackers that additional vulnerabilities could be taken advantage of to hijack a system and use it for unwarranted purposes. Pictures embedded with Trojan horse viruses equipped with their own antivirus software are one recent development in this struggle for security.

Where does this leave us? We end almost exactly where we started; in a heated battle between privacy issues and the threat of security vulnerabilities to both consumers and businesses. However, one major issue has changed: This struggle is becoming increasingly more popular in the media. With the bar continually being raised, more and more is at stake as millions of consumers continue switch their habits towards using the internet rather than traditional methods as the year progresses.

Thank You

Online Shopping (14)

Fri, 08 Dec 2006 14:08:03 -0500

Online Shopping

I was wondering how secure is online shopping, because it can get pretty addictive. I used to go to the store to buy clothes because that's the fun of it, to try them on and to make that decision right on the spot... Walking around department stores... But I started buying online items especially from Victoria's Secret, because they offer crazy sales when you buy them in a bulk.

But they get addictive not only because they offer those sales, but once you buy them, they will keep sending you offers and other sales that entice you to buying more products from them. I love VS flannel pajamas - they are really comfortable, and their online store people NEVER fail to email me stuff about offers related to them. And this caught my attention: why do they keep sending me emails, and how do they know?

Today we learnt about how companies have our information and our spending habits, and I got scared because they have much more information about me than I would like them to have. I don't care if they have my home address because I keep moving in and out of apartments anyway, but the fact that they have my spending habits and other detail information will drive me crazy.

But I think it's okay as long as they keep these information to themselves. If they ended up selling my information to other companies, that will be VERY bad. That's unforgivable. That's violating my privacy right as an individual customer.

But the again, even if they were to sell my information to other companies, how would I know, until I start receiving weird emails and such? There are many instances when customers don't know what's going on at the other side, and I think that companies easily can take advantage of this to make more money for themselves.

So how is it possible for me to stay safe, even though I'm legally protected by laws and such? I don't think there's any one straight-cut path, and I don't think it's sensible to not do online shopping anymore just because of this. I guess it all comes down to the company's integrity and my (or the customers') alertness towards this matter.

Secure Sockets Layer (13)

Thu, 07 Dec 2006 15:42:48 -0500

Secure Sockets Layer

Today while doing my online banking, I saw the word "SSL" at the bottom of the page, and being a curious person that I am, I went online to search for it. So here is a little bit of what I have learnt about it.

SSL is Secure Sockets Layer, and it provides another layer of security to internet users as to help prevent other people from tampering or doing all those bad stuff. It basically needs 2 different accesses: the public key that everyone can see, and the private one that only you can provide.

These are the 3 basic phases:

algorhithm support

public key encryption

symmetric cypher

The cool thing is, many sites are SSL, and you can know when it's "https:" instead of "http". I became so much more aware of the sites I enter after I learnt about it. Well, now you'd feel a little more at ease if you see that little "s" behind.

Security in Businesses (12)

Thu, 07 Dec 2006 04:52:44 -0500

Security between work and home

If you walk into any corporate office you will probably see rows of cubicles with employees busy at work inside. In young, innovative companies, it is a common practice for employees to bring in an iPod or other digital music player to the office to listen while they pick at their work all day. Harmless? At first glance maybe, but this is an increasing security risk for many corporations.

Often times the company-supplied computers at employees' desks are all linked to the same server. With employees bringing in digital music players from home, they could very easily bring viruses from their home computers to work with them too. Similarly, if I were to take some work home with me one evening to work on my PC, the easiest way to transport the files back to my office computer would be through a simple USB jump drive. Unfortunately, these increasingly common devices carry the same risk: the chance that the files I bring from home could be tainted and effect the entire company's network.

Furthermore, bringing your files from home may not be exactly "copyright kosher." Files from an employee's personal computer could unkowingly be pirated or illegally downloaded media files. While this seems harmless enough, the company you work for could inadvertently infringe on copyright laws just because the files have been brought into the office with you.

So what are companies doing? Some have gone as far as banning such devices. Others, filling USB ports with glue to prevent employees from bringing in uncensored files from their home computers. Too bad if you are someone who can only make it through the day with a little music to sooth the office monotony. But, from the company's perspective, better the employees listen to the radio than inadvertently uleash a company-wide virus.

Software Debate of Electronic Voting Machines: Good or Bad? (11)

Wed, 06 Dec 2006 22:18:07 -0500

Software Debate of Electronic Voting Machines: Good or Bad?

Following the highly confrontation presidential election of 2000, millions of American citizens began researching an alternative to the old fashioned procedure of “paper ballots.�? After strenuous debates over what steps should be taken, the emergence of electronic voting systems began to be implemented. This technical fix as a solution to myriad problems in voting procedures posed yet again another difficult question to the majority of the population. "We're trusting the fate of our democracy to technology that's not ready yet," said Tadayoshi Kohno, a computer security expert at the University of San Diego in California. Since many old fashioned Americans do not trust new technology, due partially to their lack of knowledge about software and security issues as well as not wanting to innovate , it is hard for people to welcome this type of rapid change in voting methods. This may be explained by looking at the premise behind Frost’s law where many people have an unwillingness to adapt to new technologies because they feel it is unnecessary, given the front-end efforts required to adopt them. While the idea of electronic voting machines is a good one in the abstract, many problems still exist. The securities of the network and interface glitches, associated with the trust in these systems, have made people reluctant to embrace them.

With the rapid development of electronic voting machines, many experts claim that these machines are poorly engineered, unable to protect the information they guard, and at times fail to work properly. The software used in the predominant proprietary voting machines is owned by individual companies and protected by law, preventing people from accessing their software code to make the structure of voting machines transparent. One version of an electronic voting machine, produced by Diebold does not allow for a receipt after someone has voted. Under the protection of the Digital Millennium Copyright Act of 1998, Diebold has threatened to sue computer scientists who tried to figure out exactly how e-voting software works. I find actions similar to those taken by Diebold, preventing the creation of new ideas through transparent software, a severe problem our society must deal with. Procedures that sanction the idea of improving upon technology and desire to protect individual information instills upon the minds of the users that illegitimate and corruptive goals are prominent in the creation of the software. This is one major component as to why internet users and voters alike are weary of adapting new technologies.

Many experts believe that open source code is more reliable, enabling the “glitches�? of the software to be recognized and quickly stopped before hackers are able to take advantage. Since proprietary software does not allow for confirmation on what is supposed to happen, many people doubt that their votes were recorded properly in the database. If people were able to observe and fully understand the capabilities and uses for the voting software, then the public may begin to place their trust in these systems and consequently, in the idea that their information can be stored securely and taken care of. As the new elections begin to creep upon us, the hope that voters will have faith in the software and its security capabilities is a topic that almost everyone is anxious to find out.

PAPA Framework and Online Retailers

Tue, 05 Dec 2006 23:59:06 -0500

PAPA Framework and Online Retailers

In this new age of information, a serious and avoidable question has emerged itself from the channels of the internet and widespread information systems: How do we stay ethical with our use of information. The four main issues, known as P.A.P.A. (Privacy, Accuracy, Property and Access) discussed in depth of the Richard Mason article act as a foundation for what online consumers are beginning to see on the internet. The Wall Street Journal article Online retailers are Watching You discusses current advertisings trends of major online distributors, and how they use of this information (P.A.P.A.) may be infringed upon.

From reviewing the Wall Street Journal Article, companies are tracking customer specific data online to track their buying habits. After accumulating this data, they continue to price discriminate these users to both cash in on greater profits as well as attract a wider potential consumer base. The question then becomes whether or not these secretive practices are a violation of the P.A.P.A. ethics code of conduct (as mentioned by Mr. Mason).

Speaking specifically from a privacy standpoint, the tactics taken by online retailers discussed in the Wall Street Journal could be considered a violation. One reason for this claim is the fact that most data recorded by online websites are stored and then sold to other companies wanting to use this information. Without personal consent of the user, we believe this type of practice is a violation of confidential information.

From an accuracy and property perspective, we believe that although important, the practices taken on are not a violation because the information is accumulated by the individual user. For this reason, the database of information stored about a particular person can only be accurate, because it is needed for shipping purposes. Hence, there is no way for the user to type in incorrect data about himself/herself.

Lastly, in terms of accessibility, the practices taken by online retailers could be considered an infraction of the P.A.P.A. ethics code. Users who type in their sensitive information may not wish for it to be distributed. Distributing these information violates privacy rights of individuals, and these companies should be liable for a lawsuit.

Internet has undoubtedly increased the efficiency of goods exchange in the market, and even to the point where physical contact or communication is no longer necessary. At the same time, however, internet users become more susceptible to dangers that they might not even be aware of; this becomes an incentive for companies to manipulate the information that they receive from customers. Therefore customers should always be alert when it comes to protecting their own privacy rights, and be quick to take action when they find that their information is being shared.

Email Via Cellphone - Secure? (10)

Sun, 03 Dec 2006 01:01:00 -0500

Email Via Cellphone-Secure?

In Japan, for the older generation who are not familiar with computers, "emailing" pretty much means using the phone to message someone. You type in your message in your phone, and send it to another person's phone, or computer email. For example, if I have a cell phone, I will be able to send an email to your Umich webmail account. I don't know how that works, but it does, and I thought that it was pretty cool.

My friend who didn't have a phone will just use her computer to email her friend's phone before they were to meet up. It's definitely convenient. And I don't think there are extra charges for this function.

However, how safe is it to use an email account to send a message to a phone? After all, it's through internet connection and such. You know, when your friend was about to send you an email from her computer to your phone, if someone was actually hacking her computer, your phone information might be revealed. And these things are inevitable.

I'm not saying that it's dangerous to do that, but it's the "what if" that caught my attention. The hacker will be able to sell your information to sales marketer and other companies, and you might need to change your phone number in the end.

I don't know how much more secure the internet connection needs to be before you shouldn't use this function, and I think it's a problem in US because that function has just been introduced really recently, and who knows what might happen. It's new, and there's no complaints or bad things that happened yet, but I think those who are using this function should really be careful. After all, we're talking about internet security, who's constantly being abused everyday.

New Security Products- What's Next? (9)

Tue, 28 Nov 2006 16:41:37 -0500

New Security Products- What's Next?

Newest Security Releases

In the past, computer security software has aimed to stop viruses and other malicious programs once they enter your personal pc; not anymore my friends. Newer software is aiming to prevent the interaction between you and harmful programs altogether, essentially snipping the weed at its bud so to speak.(See Story)

Currently, McAfee and other well known businesses tailored to your security needs (i.e. Microsoft and Mozilla Firefox) are coming up with new ways to avoid this contact. Some of these tools include "phishing" blockers within the new Internet Explorer and Firefox web browsers, along with a "SiteAdvisor" blocking any known threat and prompting users for access for potential threats.

Each one of these new enhancements will be included on top of the normal antivirus software and pop-up blockers normally included in a typical software package.

Lastly, and perhaps one of the more spoken about privacy issues, is that of spam email. Currently, GMail (Google Mail) has created and even more efficient way to recognize spam email from illegitimate providers. In a recent article titled Google’s Gmail Learns How to Spot Spam Google claims that it has "gotten 15 times better at distinguishing legitimate commercial e-mail messages from spam." This is good news for GMail users, and bad news for spammers. Google is also giving credibility to "Techies" that locate and report bug huntersChalk on their webpage... Chalk another one up for the good guys.

Increasing Insecurity in Mac (8)

Wed, 22 Nov 2006 01:10:35 -0500

Increasing Insecurity in Mac

While doing my weekly tagging, I came across a site that talked about how Mac, compared to Windows, has less virus and problems with security in general. But these things are going to change, and that hackers and those people who've got too much time in their hands will start attacking Mac.

This is a very disturbing thought. I have always found comfort and security in Mac, knowing that there are not many virus or bugs created for this system. I guess it's because of the rise of the number of people using Mac that makes the market for creating virus that's Mac-compatible very interesting and hot.

If Mac were to become very similar of that to Windows, with all those anti-spam and anti-virus updates that need to be done every year, it will suck. If that were to happen, I think I'd switch to Windows, because it is more compatible with many other softwares anyway. Updating Mac's system will be so much more costly than that of Windows, just because Windows has all the compatible system available in the market but not that of Mac. Also, Apple is always costly to maintain anyway. That means that Mac users will burn more holes in the pockets.

Also, the fact that Mac has done the whole Intel core-duo thing, which means that Mac users can use Windows as well in their MacBook, increase the potential risk in terms of internet security and virus protection.

This is very intimidating, may it be just a rumor or a thought.

Norton Anti-Virus (7)

Tue, 21 Nov 2006 23:14:54 -0500

Norton Anti-Virus

Since I am a computer illiterate, my brother usually will update all these things for me, and I will just happily use my PC for the year (Windows only lasts a year with me, for some reason...) And ever since I got myself a PowerBook, I've never had to do all those things, until my brother graduated and he passed me his Dell PC. Then the problems arose.

After using my computer for 1 year, Norton told me to update my registration, since it's expired. It took me about 2 months before I got down to continue my subscription, because I doubted the use of it at all. After using the computer for a month, I almost killed my computer because it kept bugging me to continue my subscription. It was surprisingly irritating that it almost became a bug by itself.

Other than Norton (ironically), there were so many pop-ups in many sites that I visited that I have never encountered before - apparently Norton built a firewall of some sort that will block pop-ups. Also, it has built such a strong and secured firewall that I kept getting asked if I really wanted to read a file, or to download a file, in case there's bugs or hackers on the move.

I was amazed that the internet that we use are pretty messed up nowadays (forgive my ignorance, since I'm a Mac user and I'm computer illiterate); there are many pop-ups, irritating advertisements, automatically download-able files when you enter a site, etc. There is no way that you can call this secure. We have come to a point in time where a system, or a firewall, is necessary to protect our privacy.

I felt safe using my computer with Norton, but at the same time cynical. Did people invent these firewalls to overcome those problems, or did they invent these problems to invent the firewalls for us to purchase?

FireFox (6)

Fri, 17 Nov 2006 15:28:48 -0500

FireFox

I have started using online banking to free myself from all those paperwork and hassle. But my Safari wouldn't let me log onto the account, and I have always used my friend's Internet Explorer (I don't like the IE on Apple, but preferred the IE on Windows). I downloaded the latest version of FireFox because one of my roommates told me that it is possible to log in with FireFox.

I was glad that I downloaded FireFox - I think it is one of the better system; I like the tabs, I like the layout, I like how it helps you retain your username and password if you give the permission to.

But there's the problem - it helps you retain your username and password. I got used to clicking on "Yes" everytime it asks me whether I want my username and password saved. I do that out of convenience, and because I don't think the other passwords are that important - I'm pretty sure that my roommates know those passwords too, out of convenience to shop online, etc.

The first time I log into my bank account, it asked me whether I want to save my username and password, and I almost hit a Yes, but I caught myself on time, fortunately. I was shocked, because I thought that they would know to never ask when it's something important like that. I therefore chose "never save for this site", which I was glad that they have that option. But the fact that they couldn't make that connection between a bank account and any other stupid accounts just shocked me. That just proved to me how insecure the internet security is.

Perhaps it's the bank that lacks the security measures needed, and perhaps it's FireFox that lacks that recognition system. Nevertheless, I was brought to the reality of how internet works: no matter how secure you want it to be, there is just a limit to it. Our technology is not that advanced yet as to be able to replace humans' brain.

I guess this will be a warning to me, and to everyone else, to be really careful at all times, especially those little things that you do out of habit.

Internet Security and I (5)

Tue, 07 Nov 2006 23:39:49 -0500

Internet Security and I

Our lifestyle has slowly moved away from the traditional way to a very modern and fast-paced environment. I, for one, have done extensive online shopping, and even to the extent of paying my bills online. I also check my bank statements through the internet, and manage my various credit cards online. We have become so dependent on the internet, but with the convenience, comes along risk and danger. How safe is that, you might ask.

This is what I would normally do:

Only access bank accounts, or other bank/bills/credit card accounts with my main computer, or laptop at home.

Always be paranoid when I'm done and try logging in after I log out, to make sure I have properly logged out of the site.

When I'm shopping online, I make sure that they are big companies that people have heard of, hence reducing the risk of giving your credit card information away to random companies.

Update my Norton anti-virus AND firewall, and make sure that they block the pop-ups too. Try to get it as secure as possible, even if you're spending lots of money on them.

When it comes to password, you know what you should do - change them often. But how much longer can you keep track of all the different passwords? Use a program for password manager, I assure you, it's easy. But it always comes down to this: how safe is that?

As technology advances, there are more hackers and smart people out there who get around doing illegal things. People hack your internet connection, get access to your personal information - this is the price of being in a very computerized world and conforming to it. I'm sure many people have told you to be careful with your information when it comes to internet, because really, it all comes down to trust, and maybe luck.

Windows XP Exposed (4)

Sun, 05 Nov 2006 15:20:40 -0500

<align=center>Windows XP Exposed </>

For a number of years, the Windows Operating System has had the reputation of being inferior to other operating systems when discussing user security. Being the most widespread and widely used operating system in the world today, it's easy to see why safety and security amongst window’s users is so important.

This year has been no different; in a recent article , yet again Windows has been scrutinized for its security vulnerabilities with its XP operating system. Security researchers say hackers have published code allowing hackers to disable the XP firewall on computers running the XP system. This would give hackers the opportunity to plant malicious code via the internet.

For consumers, it is always troubling to hear that sensitive information is not always 100% secure when signing on to the internet. AIM, Google, EBAY, Windows, Mac OS X and YahooMail all have become household names across the world, and each one of them relies on premise that they can safety provide their service to their customers. So what can consumers do to help themselves? Here is a short list of what users can do to help protect themsevles when using the internet:

Do business with reputable companies- Before providing any sensitive information, make sure the company asking for your personal information is an established company.
Take advantage of security features- If your computer comes with antivirus or firewall software, make sure to keep these programs up to date and running at all times when using the internet. Download any necessary patches as soon as they become available and do not download any unnecessary programs that you think are unsafe.
Be aware of your account activity- Check your online accounts periodically to make sure that everything is in order. Many times, if personal information has been stolen, checking your accounts is a way to freeze your accounts before a lot of damage is done
Check Privacy Policies- Yes, this is the fine print that no one spends much time looking over. However, websites must spell out how the information they collect will be used, how the information is encrypted and where the information will likely to be sent. If you find out that your information may be sent without an encryption, you may want to encrypt it yourself before sending it via the internet.