Thursday, June 19, 2008

Hacking And Malware Victim Almost Goes To Jail, The Bad Guy Gets Away.


In early 2007, Michael Fiola was fired from his job. His I.T Department found some really bad material on his computer, these included child pornography images. No one really likes such a man, family and friends abandoned him. Legal proceedings would start soon and Michael would most certainly spend over a dozen years in jail. Michael denied any wrong doing and caused many observers to comment that it was typical for a child pornographer to behave that way. His wife was the only one who believed his story and stood by him during those terrible moments. It took the services of an extremely talented and hard working forsenic investigator, to bring out the truth. As it turned out, the images on the laptop were pretty bad and would prove to be juicy proof in the legal hearing. However it was not Michael who downloaded them, the images appeared on the machine without his knowledge and without any action on his part.

It turned out that the Massachusetts state service that gave Michael the computer was to blame. The I.T department of this office had issued him a laptop that was not well protected. This caused the laptop to be infested with several malware program all without the knowledge of Michael! The story ended well for Michael but it is quite likely that many other computer users could be faced with a similar program. A hacked computer could have it's security compromised and become a puppet, controlled by pranksters and probably fraudsters. The public in general and the legal system in particular has no sympathy for victims like Michael. With the rapid spread of computer and internet usage, frauds related to this technology have managed to keep pace too.

Frightening possibilities exist, a terrorist organization could spread propoganda by sending emails through a computer which had it's security compromised! The U.S could then have the innocent victim rotting in a high security torture prison in the many islands and nations that allow it to open such prisons. Losing a job or being shunned by family members, would be very light as compared to facing systematic physical and mental torture by state investigators. It is unlikely that any lessons will be learned in such cases. The perpetuators of Internet crimes are rarely caught. Special deals with law makers often leave the few that are caught with a light sentence.

There is a very interesting view point that the author of this article would like to make. When you buy a licensed software like MS Windows or MS Office, you do not become the owner of the software. The amount you pay for the licence is something like a rental charge for using the software. It would be illegal to reverse code the software and make any changes to it even if, you are an expert. The reasoning is that, you do not own the software (just rented it) and therefore cannot make any modifications to the software. At the same time, the software publisher (eg. Microsoft) can at any time stop supporting the software and return nothing to you. Given this scenario, it would mean that any security loopholes in the rented software, are the responsibility of Microsoft. The responsibility should not be limited to Microsoft publishing a patch on their website and hoping that you will download it. The resulting damage caused by the security bug should also be compensated for, wait a moment before you criticize this comment. Software publishers are always raising hell regarding piracy and are quick to point out that a software is intellectual property, much like a pen, book, car or house. If this is so let's compare this to renting a house. Let's assume that there was a secret door in the house that you rented, the landlord never informed you regarding this secret door. A thief enters through that door and burgles your house, would the landlord not be held responsible. So let's treat a security loophole in a software as the publisher's (landlord's) respobsibility. The ensuing damages caused by a fraudster exploiting the security loophole should be compensated for by the software publishers. If this is done, the software houses would make a desperate dash to get hold of the fraudsters and the internet would become a safer place to browse, learn, transact and relax in.

Monday, June 16, 2008

Smaller Storage Devices Bring Bigger Data Security Problems

If you have been staying updated with the latest in storage devices, few issues are glaring. The first is that storage devices are growing smaller, thumbdrives have today become lighter, smaller and slimmer. The second thing is that, the storage capacity on these small storage devices is increasing. And ofcourse, all this is happening with a fall in price too. All this sounds great to the tech guys but wait a minute, there are several dangers too. Whether you are a personal computer user or working as an I.T manager in a huge organization, the problems posed by these small storage devices are real and they (problems) are growing.

Losing one such small storage device means that, a lot of your data could fall into alien hands. There was a very interesting and alarming news report a couple of years ago. The report mentioned that, a local town market in Afghanistan had vendors selling used thumb drives! A small investigation by the mighty and powerful U.S army in the vicinity revealed something quite unbelievable. These thumb drives infact belonged to the U.S army and had information stored by army personnel. The data was probably outdated and they decided to discard the thumb drives. These landed in dustbins and the garbage collectors innocently sorted out the garbage and tried to sell them in the local market.

Office computers face another threat from these small storage devices. It is very easy for staff to bring in a thumb drive and load confidential information into the drive. The devices are so small that they can be hidden in shoes, waterbottles etc. A leading jeweler in Asia once faced a situation where one of their designers actually copied the companies designs on to a thumb drive. She then slipped the thum drive into her high ankle shoes and tried to pass security. High security in a jewelry factory ensured that the incident was quickly caught and reported. However, you surely cannot expect this level of security to be maintained in all industries.

Finally, mobile phones with cameras equipped with high capacity small storage devices continue to pose severe security threats. Video clips and images of confidential documents, products and even office and factory layouts can be recorded on these phones. The information can either be carried home in the device or, emailed through the device right out of the office. These phones have their own internet connections and need not tresspass on company networks.

Warning: Information leaked through mobile phones is not easy to detect. Most organizations check belongings of staff only when they leave office. This is not done when staff enters the office. The staff can safely get in a mobile phone equipped with a camera and audio recording facility. The confidential information recorded can include data files, images, video clips and even voice recordings. Once done, the information can be emailed out of the office right from the desk of the staff. The internet connection used is not related to the company network so cannot be intercepted. The staff can then erase the information and leave the mobile phone in the office when going home. A security check at the gate will not find the mobile phone and the information would have left the office without anyones knowledge!!!.

Thursday, June 5, 2008

Skype Exposes A HUGE Internet Explorer Farce

Here is something that most techies already know but will easily go down as one of the greatest farces of our time. If you have made attempts to block out skype usage from your computer or network you would already be a victim of this cheap loophole in Microsoft Internet Explorer. Firstly, activate the built in firewall in windows, then specifically choose to block the Skype program on your computer. Save the firewall settings and once again check back to make sure that the firewall settings are as you wished them to be.

Now start skype, try to login and wow, Bill opens the Gates for the skype program. You will be able to successfully login to your skype account and do a normal usage. Now back to the windows firewall settings, here is the surprise. The firewall would have selected Skype as one of the programs that CAN run on your system. And who ever gave skype the authority to do this, well Bill Gates was probably so busy buying and taking over companies that he never knew when he would pocket Skype. So... he allowed that program to conveniently open up the firewall for itself.

We have news that many other programs have the ability to do this trick and play havoc with your firewall. We also heard that microsoft actually helps softwared developers learn how to do this neat 'trick' at your expense. In our opinion this is downright cheating and manipulation as the user of the windows software was never told that the owner of windows might allow certain softwares to overwrite your firewall settings. In pure technical terms this would be hacking, but in terms of business microsoft refers to these software developers as business partners or value added retailers!!!.