These days, many people take it for grantedthat their email is secure. People (and companies) send all kinds ofcritical information through email, expecting it to make it to thecorrect person and only that person.
That's a bad assumption.
Email is often used by Web applications to reset passwords, byfinancial sites to provide updates to profiles, and by friends andfamily with personal information. Any of this data, in the wrong hands,could be dangerous to a person. It could lead to all the usualproblems: identity theft, information exposure, and the exposure oftrade secrets.
Email passes through several servers in much the same way astraditional mail travels through several people. The sender sends anemail directly to an SMTP (or similar) server, which is often run bythe sender's Internet service provider (ISP). That server typicallyforwards the email to the recipient's mail server (which can be run bythe recipient's ISP, the recipient's...
Economy servers are typically IRC serverswhere criminals and so-called "black hats" congregate to sell theirillegally obtained merchandise. They can be thought of much like abazaar of old, where the sellers announce their wares and their pricesin the hopes that buyers will choose them. These wares typicallyinclude stolen credit cards, identities, online gaming accounts, Website logins (such as Paypal and eBay), and other illegal goods. Becausethese servers are frequently tracked by law enforcement, the people whodo the trading have to be careful.
It has been observed that these servers rarely have a single fixedaddress. Commonly, the server migrates to a new address on a regularbasis, as frequently as every week. Presumably there is somepre-arranged pattern or a central source that tells loyal users wherethe current server is. It's not uncommon for a researcher to connect toan active economy server only to find it completely empty. This forceslaw...
When you visit a Web site, you typicallytype the URL into the browser or click on a bookmark. In either case,the domain name (for example, "www.symantec.com") is sent to yourdomain name system (DNS) server. This server takes the domain name andsends back the server's address. This structure can lead to someinteresting consequences.
How many people actually know which DNS server they're using? And,if they know which server they're using, how much do they trust theperson or company running the server? The majority of networks areconfigured with dynamic host configuration protocol (DHCP). DHCP is aprotocol that allows computers to broadcast a generic "configure me"message to the local network. Any server on the network can respond tothe message, telling the computer which DNS server to use (among otherthings). This problem is two-fold: first, there is no guarantee thatthe response is coming from the expected server. And second, even if itcomes from the...
I recently stumbled upon a site that advertised an impossibleservice for Web sites: protecting a site's content from being copied,or "stolen." It's a service that is impossible. I know it's impossible,and that every Web developer knows is impossible. However, for only$37.99, this man offers to do it. At $37.99, it's a deal! And he hasall kinds of testimonials, not to mention snazzy clip-art on his site.
Of course, his solution, much like whitewashing over dirt, appearsto work. That is, until the paint starts peeling, or, in this case,until a user with any kind of experience realizes how easy it is tobypass these restrictions. I can think of a half-dozen waysimmediately, and none of them are difficult. Before long, the whitewashpeels off and the site administrator is left in the same situation theystarted in, only with $37.99 less.
Of course, there are no guarantees. You read the agreement, right?This type of service gives the site administrator a false sense...
In today's computerized world, loss of confidential information is far too common. If you look at a good list of personal information data breaches , you will quickly see that a breach occurs almost every day, and that's just in the United States!
Almost everybody knows that databases get hacked and laptops getstolen, both of which can expose all kinds of information aboutcustomers and employees. Information is frequently lost due tomalicious intentions. So security is audited, laptops are encrypted,and a lot of companies take steps to ensure that this type of exposuredoesn't happen. Data is still exposed, but many companies actively tryto prevent it.
I'll start with a story. I know a company that sells acustomer-management solution that once had a demo site, with demo data,which potential customers could play with. After a software upgrade,the demo database was no longer valid...
A few months ago, I moved out of my home town in search of greenerpastures. In doing so, I called every company I could think of whomight have my previous address. And that was a lot of calling - thesedays, it seems like changing a home address is as difficult as changingan email address!
After I arrived, I bought a lot of stuff online. I purchasedeverything from books and movies to show tickets from major onlineretailers. I made every transaction with my credit card, and everythingwas shipped to my new address. I didn't have any problems - at first -all I needed was my credit card information and everything was shippedwhere I asked it to be shipped.
Recently, however, I purchased a new hard drive from a localcomputer store. Since it's on the far side of the city, I opted to haveit shipped rather than pick it up. This morning, I received an emailsaying that they wouldn't accept the order because my shipping addressdidn't match the address on my credit card. So I...
These days, awareness about identity theftis increasing. More and more people understand that they aren'tsupposed to give out personal information unless they know who they'retalking to. But no matter how much you protect yourself, you still haveto rely on others to do the same. That leads to an important question:who knows who I am?
My first thought is my family. If somebody called my mom and askedquestions about me, would she answer? What about my dad, or mygrandparents? While I may know enough to protect my own personalinformation, they may not be aware. This is even more likely if theperson digging up information pretends to be a friend or employer, orif my family thinks that I'm somehow threatened ("We need your son'ssocial security number immediately, or he's going to lose his job").
Speaking of employers, how many job applications have you filledout? And how many required your social security number? Personally, Ican think of a dozen...
The Home and Home Office Security Report(HHOSR), a monthly report released by Symantec, provides a high-leveloverview of Internet security concerns that may be of interest to homeand home office users. March's HHOSR focused largely on Volume XI of Symantec's Internet Security Threat Report.
This HHOSR's hot topic discussed the price of a wide variety ofinformation related to personal identity. The types of information, andthe prices at which they were offered, are outlines in table 1 below.
