Basic Information on Internet/Computer Security & Privacy

Q: Can you write to me (so i can pass it on) and offer what can/should be done about computer security and privacy? And, what you can offer... so, people with little experience in this "situation" can understand and not freak out

A:
I. Why Me?

The most common belief is that "I will not be targeted." [e.g. Why would anyone want to attack my computer? Or, I don't have anything valuable on my computer. We're not Ft. Knox, you know? My response -- whose information do you care more about... the info. at Ft. Knox... or the info. on your computer?]

There is more than one answer to "why". After you read the "who" part, below, you should be able to get a better understanding. In any event, the 3 main reasons you would be attacked are:

II. Who?
The Internet population could be categorized as follows:

* 99% under-informed individuals, businesses and govt. agencies

* .01% reasonably-informed individuals and businesses

* .09% hackers and other threats

  1. old time hackers (who were really trying to help by pointing out weaknesses in networks without causing any damage)
  2. malicious youth and oldsters pretending to be youth (comparable to graffiti)
  3. rouge loonies
  4. organized crime
  5. terrorists
  6. foreign governments
  7. US Govt., FBI, etc.
  8. businesses that surreptitiously gather private info.

* .9% other / misc.

III. What?

So, it wouldn't be that bad... if....

I mean statistically speaking, there aren't that many bad guys. However, because the bad guys have learned to exploit the "under-informed" with such effectiveness -- it is a REALLY UGLY SITUATION.

My guess is that several billion people have had their privacy/security rights abused... and that several million computers are currently controlled, at least in part, by the "hackers and other threats"

Q: Please describe what that means - briefly and how/why it affects me (and the others who have had their privacy/security rights abused.)

A: Hmmm... what that means? Well, it could mean many different things. It could be someone placing a file on your computer that collects information (called a cookie.) It could be someone placing unauthenticated and uninvited computer code/programs onto my computer (such as, Java, Flash or other mobile code.) It could be a company that places a little program on your computer called "spyware." Spyware often is used to monitor consumer behavior. Or, maybe it is a virus that collects all your email addresses, usernames, passwords, other personal information, as well as, every keystroke you make on your keyboard. The virus then emails the information to a remote email address.

Wow... imagine this... your computer gets a virus and sends all your personal information to the bad guys (using an email address at some unknowing ISP.) After the bad guys have had plenty of time to look at it, the FBI confiscates the ISP's computers -- in essence, they have also acquired whatever information was typed into your computer without issuing you a search warrant.

I'm sorry to say that these are not hypothetical situations. In all of these scenarios, people lost privacy, time, money and/or have had information and equipment destroyed.

And, what worries me the most about this situation is that it is likely to get much worse. The under-informed population is continuing to propagate their weaknesses without any apparent attempt to examine the long term costs.

Q: Can you briefly describe their weaknesses?

1. The website owners are often behaving as computer programmers without having any real computer programming experience. How many companies and individuals are creating websites that are not educated computer programmers? To make a bad situation worse, the website owners typically don't have a plan to secure their new, publicly accessible, computer programs. [i.e. Would these same companies produce their own car... then leave it unlocked and running in front of a mental ward? The Nimbda virus is an example of a virus that acts like a mental patient and took over millions of under-informed business' computers]

2. The viewers (internet users) are accepting the security and privacy setup that comes with their default computer settings (which is too often not the highest setting.) At the same time, they do not appear to be taking the responsibility to protect and educate themselves.

Recommendations:

If internet users refused to accept unauthenticated and uninvited files through email and web browsers, we would all be better off. Turn your security settings on "high" and boycott businesses whose websites refuse to respect your basic rights.

Just say NO to the (data) pushers!
NO Cookies
NO Java
No Email attachments that are not authenticated.

How to get started:

We are experimenting with a test. And, we suggest... that if you do not pass, you should revoke your privilege to drive on the information superhighway (until you better educate and protect yourself.)

http://kingarthur.com/test.html

Back To: Studies in Computer & Internet Security

2002 by Rev. LeRoy Montana & the Membrane.com Help Desk
This article may not be redistributed without our permission.