I’m sure you have all been to a website to register and you get to the spot where they make sure your human by typing in the string of text in the box. right? Well this step is there not to see if you can read obnoxiously small numbers with a background that disguises the letters, but it is there to minimize accounts that would be created by bots. It has now been brought to our attention that this filter to stop bots might be UN-beneficial as of today, as researches have found a way to do it.
Many phones don’t have encryption software or specific flash chip protection. In my opinion this is a huge blunder in an age where storage requirements is constantly increasing. People can store pictures, documents, even excel and word files in these flash chips often times with sensitive information. If you get your phone stolen, a small subset of phones actually have the capability to be wiped remotely, and a lot of those that do, you can’t wipe the flash memory. Flash chips are plug and play, you don’t even need any technical ability to to abuse someone else’s information. This is one of the reasons I like the iPhone, sometimes it’s convenient to have everything locked down and no capability for extra flash memory. In many ways it’s more secure because you can just wipe it remotely and not worry about someone taking out the flash memory and viewing all the documents. The cloud is also very attractive because of this reason, physical storage is susceptible to crooks that are often just after the hardware… But to you and I the data is probably more valuable.
It is rumored that Facebook stores user data indefinitely and will sell it… Here are some quotes from the privacy policy to consider.
“We only provide data to our advertising partners or customers after we have removed your name or any other personally identifying information from it, or have combined it with other people’s data in such a way that it is no longer associated with you. Similarly, when we receive data about you from our advertising partners or customers, we keep the data for 180 days. After that, we combine the data with other people’s data in a such way that it is no longer associated with you.” (Privacy Policy, Information we receive about you)
-Yes they will store data about you and possibly sell it, But it is not associated with you. However, this does not mean it is impossible to trace back, and it says nothing about how they will disassociate it.
“While you are allowing us to use the information we receive about you, you always own all of your information. Your trust is important to us, which is why we don’t share information we receive about you with others unless we have:
(Privacy Policy, How we use the information we receive about you)
-I will Highlight, “you always own all of your information.” again, they reserve the right to share it after disassociation your identity from it.
“When you delete an account, it is permanently deleted from Facebook. It typically takes about one month to delete an account, but some information may remain in backup copies and logs for up to 90 days. You should only delete your account if you are sure you never want to reactivate it.”(Privacy Policy, Deleting and deactivating you account, Deletion)
-Most data is removed in a month, and all is removed from logs within 90 days. This seems very black and white.. it again doesn’t specify how the information will be removed, but says it will be.
Overall these few quotes make me much more comfortable using Facebook, but I remain weery. I do not completely understand privacy policies and how closely they must be attended to, but it does increase my confidence in Facebook non the less.
In 1900 the archaeologist Sir Arthur Evans (1851-1941) discovered a large number of clay tablets inscribed with mysterious symbols at Knossos on Crete. Believing he had discovered the palace of King Minos, together with the Minotaur’s labyrinth, Evans dubed the inscriptions and the language they represented as ‘Minoan’.
Evans spent the rest of his life trying to decipher the inscriptions, with only limited success. He realised that the inscriptions represented three different writing systems: a ‘hieroglyphic’ script, Linear A and Linear B The hieroglphic script appears only on seal stones and has yet to be deciphered. Linear A, also undeciphered, is thought to have evolved from the hieroglyphic script, and Linear B probably evolved from Linear A, though the relationship between the two scripts is unclear.
There is no concensus on how to transliterate the Linear A symbols – the method shown below is one possible transliteration.
The number of requests from the government to Google for information on its users has increased by 29% in the last 6 months. Google is one of the few companies that release these kinds of statistics to the public. The reason they give for doing this is that they want to raise awareness about the ECPA.
The ECPA is the Electronic Communications Privacy Act and it was enacted 25 years ago. It was set to provide people with protection and privacy against government intrusion but hasn’t been updated since it was made to reflect new advances in technologies. Because of this people are still massively vulnerable to government intrusion, with their ability to get access to users online information with out having to go through a judges approval like they would need to with a warrant. Google is just one of many high tech companies that have formed the Digital Due Process coalition to advocate reform.
This isn’t the first time Google has attempted to rock the boat over government monitoring. Most of you probably remember back when Google refused to censor search results in China. Their refusal of this demand caused them to close up shop in a much of China. On the other hand companies like yahoo have no trouble with censoring or even monitoring and giving information on political dissidents.
http://www.digitaldueprocess.org/index.cfm?objectid=37940370-2551-11DF-8E02000C296BA163
http://m.wired.com/threatlevel/2011/10/google-data-requests/
Considering the topic of our newest group project I thought that this article would be perfect to write about. Recently i read an article about how so many posts on social networking sites such as Facebook and Twitter are malicious. It is said that one in 100 tweets today are malicious and one in 60 Facebook posts are also. People have been confessiong that they feel unsafe on psites such as facebook and twitter and even a moderate percent of people feel unsafe on LinkedIn. It goes on to talk about how these things can be a danger to businesses because of the use of these sites in the workplace.
The article lists some of the latest Barracuda statistics:
- LinkedIn is the least-blocked social network by enterprises, with only 20 percent of organizations preventing their employees from using LinkedIn from work. That in contrast to Twitter (25 percent); Google+ (24 percent); and Facebook (31 percent).
-most users say the important factors to consider when joining a social network are security (92 percent), that their friends use it (91 percent), privacy (90 percent), and ease of use (87 percent
- More than 90 percent have received spam over a social network, and more than half have experienced phishing attacks
- More than 20 percent have received malware, 16.6 have had their account used for spamming, and about 13 percent have had their account hijacked or their password stolen
-43 percent of Twitter accounts as “true users” with real followers and regular tweets, and 57 percent as “not true users” — either spam bots or inactive accounts
- measured search malware on Google, Bing, Twitter, and Yahoo over a 153-day period and found 34,627 malware samples, with one in 1,000 search results leading to malware
- one in five search topics lead to malware, with “music + video” containing the most malicious links. The number two search term leading to malware: <=”" i=”">’s “JenniJ-Woww,” with 17 percent of the malicious search results.
“A German hacker group has released a new proof-of-concept tool for denial of service (DoS) attacks that exploits a weakness in SSL.
According to the group, known as The Hackers Choice (THC), the SSL vulnerability can be used to kick a server off the Internet.” [1]
A denial of service attack is probably the most widespread and easiest to accomplish by a novice hacker attack that is out there. It is especially popular with “hacktivist” groups like THC mentioned in the article because of the simplicity and lack of real knowledge that it requires to accomplish. There are many ways to accomplish a DoS attack, and the article addresses one such method that has been recently brought to the foreground. According to the article, establishing an SSL connection on a server requires 15 times more processing power than on the client [1]. These hackers have developed a tool to use that necessary processing power to their advantage in creating a DoS attack. Specifically, it targets SSL renegotiation. When the server doesn’t like the key, it tries to renegotiate the connection. The tool they made creates thousands of connection attempts to an SSL server on a single TCP connection, which eats up the processing power of the server and ultimately results in DoS. The group claims (and I agree) that SSL renegotiation is stupid. If you’re not happy with the key, terminate the connection and start a new one. This tool mainly targets servers that use SSL renegotiation.
One way of mitigating this tool’s effect is to disable SSL renegotation and use SSL accelerator hardware. But the group claims that even that will not stop the tool completely [1].
[1] http://www.securityweek.com/attack-tool-exploits-ssl-vulnerability-create-dos-attack
Multiple law enforcement agencies nationwide have become targets of cyber attacks. While some being more successful then others, a majority of these attacks are sure to be the same group of hackers. It is believed that the hackers are trying to get access to databases that contain law enforcers personal information. That personal information being public could be very dangerous. At this point there isn’t a whole lot of concern, this is not the first time law enforcement agiences have been targeted, and they try to take some precautions to keep there data safe. Dothan Systems Analyst Robb Meredeth said
We try to take our security in layers so that we have multiple layers so if any fail we’re still in good shape
He went on to say how they keep track of attacks:
We monitor success and failures of people trying to get into things. We would go back and start reviewing log-ons and access.
So for now the security of there systems is holding up well enough to keep any important data out of hackers hands. But if these attacks continue its possible they could eventually get some important data they shouldn’t have there hands on. Robb later said
It’s just like being an officer on the street you’re always aware of your surroundings and what’s going on but one thing that I’ve learned in my time with the new technology is that there’s absolutely no sure-fire secure system.
I agree that there’s no secure system, which means its only a matter of time before hackers succeed. Really made me start questioning what type of things the police have on there systems, and how good is the security for local police, they most likely don’t have the same budget for security as the FBI. But just because there budget might not be as high doesn’t mean they don’t have information that could be dangerous if public.
I came across this article on the “How Stuff Works” website. It has a lot to do with many of the things we talked about in class. Not a lot more in depth but still it ties things together nicely for anyone that still could use a simple smooth overview.
It goes more into detail about hackers themselves however; history, culture, motivation and things like that. It even has a part about the problems hackers have with the law…or perhaps more accurately the problems the law has with them.
The reasons why I included the article however were the videos that were good to watch, the links to various hacker websites and there was even a simple short quiz at the end regarding computer security. For you more advanced about hackers and computer security the article might seem simplistic but the links were somewhat interesting, including one called “Could hackers devastate the U.S. economy?” ; if you are like me you will end up clicking on links till you look at the clock and realize you need to get to bed.
For those of you that could use a quick overview of many of the things we’ve covered n class there are links at the end that you might find helpful about things like phishing, types of viruses and encryption.
I hope some of you find this helpful.
For those people out there that enjoy hacking but don’t want to worry about the consequences one may have to face because you are doing something unlawful, there’s a job in it for you. An ethical hacker is someone who rather than hacks to, for example, steal, instead hacks when hired to find weaknesses in a company’s security.
Hacking becomes a job, and a job means making money. As a ethical hacker one has a decent pay grade. Depending on the jobs you take on as well as your experience, a person can make between $60,000 and $100,000 if not more.
In the end, being an ethical hacker is a complete win-win situation. Hacking to your hearts content is now a possibility, plus you earn a steady income and the chances of serving time have been eliminated. If you want to hack being an ethical hacker seems to be the way to go.
info obtained from: http://www.nypost.com/p/news/business/jobs/what_up_with_that_job_73bcepcf42NSN1m1fRsr2I?CMP=OTC-rss&FEEDNAME=
