|
|
|
"Its
personal. Its private...and no one else’s business
than yours"
- Phil Zimmermann, creator of PGP
Test
your security:
-->
Go to http://scan.sygatetech.com/
and/or http://privacy.net/analyze/
and see what comes up about YOU and your system.
--> Download and run THIS FILE, if
you DONT get an alert about "EICAR test virus", you
should be VERY worried...relax, its a test, not a real virus.
--> Here
is a nice site to test your browsers java security, try it
out!
--> You should also check some of THESE
"Leaktests" to see can data leak out of your computer...
--> Also, if you use Windows2000 or XP, try Microsoft
Personal Security Advisor, it will tell various issues about
your Win2k/XP security.
--> HERE
is an EXCELLENT site with multiple exploit and privacy tests,
try it out!
--> If you still don’t believe me, go to http://www.guninski.com
and see what he can do to your computer using the holes and bugs
in your software.
--> Or wait! I suggest you bookmark this page NOW and then
try these (WARNING! These pages might crash your browser and they
can crash your entire computer and you have to reboot!) TEST1,
or TEST2,
or TEST3,
or TEST4,
or TEST5,
or TEST6
--> In any case, I suggest you use Steve Gibson’s “Test
My Shields” at https://grc.com/x/ne.dll?bh0bkyd2
which will tell you few things about your computers and internet
connections security.
Why
should I be worried?
There
are plenty of hackers, crackers and lurkers out there to get YOU.
Why you? Because you are easier target than I am. They try to
find the easiest target they can, and believe me, they will find
it. The question is, will it be you or the guy next door...Until
he patches he’s system and the hacker either moves to an
other target or gives up because its become too complicated and
hard to attach someone.
So
what can they do to you? Well, they can hack into you or your
companies computer and steal precious information (industrial
espionage) or personal information like emails and documents you
store on your computer. They can use your computer to launch attacks
against other computers, and YOU will get the blame for it. Usually
the targets are companies and websites, perhaps the company you
are working in, and they are using you and your computer to get
them. Either for money, fame or revenge. One example about this
is DoS or DDoS attacks (Distributed Denial of Service attack).
In DoS, the hacker gets he’s hands on computer by planting
a Trojan horse program (via email attachment or from ICQ or Messenger
service usually), and then uses that computers connection and
resources to flood some specific target, like a particular www-page
so it cant be used at all and has to be shut down. Lately one
case was
exposed, in which a cracker used victims insecure WLAN connection
(Wireless Local Area Connection) to download and perhaps spread
kiddy porn...luckily the cracker was cought, and not the "victim"
who's WLAN was used and where all logs and tracers pointed to!
You can read more about these attacks in the net, Im not going
to go to the specifics here, but the point is, that your computer
can be used to commit crimes without your knowledge if you don’t
know how to protect yourself! Also, hackers use computers to launch
SPAM, store pirated software or just mess them around for their
own amusement.
There
are also cases where some perverts use their victims computer
as a tool to get her/him in person or via net….or just terrorise
her/him. And NO, children are NOT safe from these perverts either,
on the contrary, children are the easiest targets for hackers
and perverts to attack.
Then there is the danger of viruses or worms. These programs spread
from user to user and can cause serious damage. You can get worms
from your friends with email (as an attachment) and if you are
fooled onto executing them...ANYTHING can happen. Some worms get
executed simply by you looking at the email due the security bugs
in email software! Latest worms have had dangerous payloads, like
they have copied documents from your computer and emailed them
on to people you know, pillaged your files, messed up your computer
so you have to reinstall everything etc. It is very important
to protect yourself against viruses and worms and be aware! When
you surf in the internet, you can be attacked as well. Hacker
might plant an Active-X component or Javascript on the www-page
and trick you to run it, in fact, if you have default settings,
it might be done in the backround without you knowing anything
about it! It can just crash your computer or browser, or exploit
some security hole in your system and do…well, almost anything.
No, I’m not joking here! Active-X component can format your
harddrive, they can do ANYTHING what the creator of them wants
them to do. Here
you can find more information about Active-X and Java.
Also,
in many xxx-rated sites they offer you to download file that they
say “will let you to see all xxx-pics and videos”…they
are usually dialers, and when you launch them, they can make your
modem (if you have one that is) to call somewhere like Brazil....on
to some very high-cost xxx-phone service. You credit card information
can also be stolen and used for hackers own amusement and you
have to clean up the entire mess and perhaps even pay a part of
he’s “shopping”. Also, if someone is just being
naughty to you, they might lock you out from your own email service
by capturing and chancing your passwords. Or send email under
your name to your friends, boss, anyone.
What
else is on the line here?
Besides what mr. Gates says, Internet isn’t a child’s
play. Enormous amount of data is already being collected by internet
service providers, email providers, religious cults, marketing
experts, intelligence agency’s, etc. Cookies are the most
infamous “features” that can be used to track you and
build a profile from you, but there are plenty of others as well.
And that data they collect isn’t going to "vanish"
anywhere. Governments and companies chance overnight, but technology,
information and files remain. Think about the cruel fact that
you might not get some job you apply for just because you have
spend too much time in www.playboy.com or because you have send
few emails to your friends that say:"xxxxxx is bastard!".
Or because you have by an accident surfed into www-site that contains
illegal or dangerous information. Or because someone has used
your internet userID and password and done that ! Even today employers
sometimes check their "rookies" internet image. Why
? Because they can easily built up a profile from you that way
and because its perfectly legal! Here in Finland, some internet
activity’s are protected and compared to the "phone
privacy", but in most countries, there’s no law that
sayes:"Thou can not follow ones internet activity nor sell
that information to third parties". And since information
is worth $$$, just guess how many people earn their incomes from
that ?
One
good proof about this is SPAM. SPAM is junkmail, advertises that
you can get to you email account. I have gotten SPAM before I
learned to protect my internet activities. Then I also changed
my email address, and off went the SPAM. As far as I’m a
aware of, EVERYONE I know, gets SPAM and curses it to hell, because
they don’t (want to) know how they can prevent SPAM. However,
its simple: take care on your privacy!
Besides
what goes on in the internet, your privacy and even safety, can
be violated pretty easily if your computer gets attacked. Someone,
for example, steals your computer or breaks into your house or
hacks it via internet. Not to mention if you have a laptop computer,
then your computers physical safety is in severe risk. Your documents
can be read by anyone who gets an access to your computer, your
emails can be read, your passwords and login information can be
stolen and used without your knowledge, and documents that you
have deleted earlier can easily be recovered and read. Not to
mention that your computer can be installed with Trojan horse
programs that monitor your computer usage and steal your passwords!
Computers and operating systems themselves provide no security
or very limited security, and only if you know how to use them
properly. Would you like that your personal files and emails would
be read by some criminal or psycho that broke in to your house
or stole your laptop computer or hacked it? Would your company
like the idea that documents related to your work are read from
your machine? I bet not. If you are a reporter or journalist,
then these issues can be a matter of life and death to you, depending
upon what information does the villain or hostile government get
their hands into.
Also
remember, that Windows and many programs in Windows OS environment,
create logfiles and history information about your activities.
Most of them are pretty harmless, except that they take out your
harddrive space, but there are some which you should think about.
Your TEMP-folder, for example, can contain almost anything. It
can have copies of documents you have deleted, programs you have
installed or uninstalled, log files from various programs, etc.
If you are using normal settings, you Internet Explorer browser
is almost a gold mine: it stores information about the sites you
have visited for weeks, in theory, forever! So, anyone getting
into your computer, one way or the other, can easily see what
did you see in the net and when. Programs also contain information
about what files they have last opened. Word documents also contain
hidden metadata, that can tell who has created the document, when
it has been created, what has been changed onto it and by whom
etc.
Also, remember, that deleting a file doesn’t erase it…when
you delete a file, Windows simply marks those clusters as “unused”
so that something MAY be written to them in the future. Using
a simple, freely available undelete tool, most of them can be
recovered even months after! You need to overwrite the files if
you don’t want them to be recovered by anyone.
But
I have nothing to hide! If someone really wants to hack me, go
ahead!
Now, most people who refuse to listen to common sense and protect
their privacy and security, say something like:"I don’t
have anything to hide. If someone wants to do that or that, I
don’t really care." Now, this kind of comment is very
easy to crush:"How would you like to find out someone took
over your computer, launched an attack from there, from the police
on your doorstep? Would you like me to read your personal mail
(both email and regular mail)? Would you like me to read your
personal files on your computer? Would you like me to give your
home address and phone number to hundreds of commercial enterprises
for marketing purposes, and for every crazy people I see on the
street? Or wipe all the hard work you have done and stored in
your computer? Or how about it, would you like me to mess around
in your house, steal, break or just pillage it?" Nobody would
say yes to those questions. The problem, however, is that people
simply don’t realize the fact, that in the age of computers,
your email IS as good as your regular mail, your IP-address IS
your home address, and basically the only thing that protects
you is YOUR own actions. There’s no international police
force operating in the internet. There are no international courts
where you can easily sue a cracker. Welcome to the digital age.
Also,
face recognition technology and digital cameras can be serious
threat to your privacy. In Great Britan, for example, these tools
are used on soccer stadiums to recognize and filter out known
soccer hooligans from the croud automatically. Technology advances
and devices used get cheaper all the time. Orwells vision on totally
controlling "big brother" isnt very far away these days.
All we need, is to network all this dataflow and start using face
recognition technology, and peoples movements can be totally controlled
automatically when they move around the city. Even today mobile
phones offer location awareness services for commercial use, which
allow specific individuals location to be pinpointed in few meters
accuracy when the phone is on. Every use of credit card, bank
card etc. is also registered and stored in databases, etc. The
amount of information collected from individuals and processed
is huge. And situation is not getting any better for the sake
of privacy.
These
are just some examples about what not only can be done, but what
is done on daily basis. There is very good chance that if you
don’t pay attention and know how to protect your privacy
and security, some hacker or cracker or psycho might get your
computer under he’s control. Usually things don’t get
that far and there are plenty of easy targets in the net, so you
might be lucky enough not to get abused or hacked. But don’t
count on it. Protect yourself, because nobody else will!
Also
something to think about
Ever heard of system called: Echelon ? It is global spying network
created by (as so far is known) USA, UK, Australia, New Zealand
and Canada. It not only scans all international communication
lines (using 120 satellites, microwave listening stations and
an adapted submarine) but also analyses and stores usenet messages.
All of this is done transparently and automatically (bits are
easy to handle). There is no certainty that how long has this
network being active, but it was "compromised" couple
years ago.
"NSA (National Security Agency of USA) has also intercepted
confidential company communications and given them to favored
competitors. Thomson S.A., located in Paris, and Airbus Industrie,
based in Blagnac Cedex, France, are said to have lost contracts
as a result of information passed to rivals. The U.S. government
misled states in the EU and [Organization for Economic Cooperation
and Development] about the true intention of its policy,"
the report
adds…
European
Union has considered that Echelon is severe threat to safety and
privacy in the EU region and has suggested that strong encryption
from “open sources” should be used to counter it. “Open
source”, because NSA has planted several backdoors to encryption
systems around the world. Remember, that Echelon doest just spy
on companies. It spyes everyone. Everything that moves in bit-format.
Just think about it: Big Brother IS watching. Every email you
send, every message you post, every page you visit…they might
know about it! Scary. Horrible. And, reality. Again, welcome to
the digital age!
Also,
I STRONLY suggest you read these two document about NSA and Echelon.
The first one http://mediafilter.org/caq/cryptogate/
is about NSA infiltrating to cryptosystems and companies around
the world and being able for the last 40years to intercept and
decrypt and read ALL diplomatic communications from over 120 countries
because of NSA build-in backdoor to cryptosystems! Second http://mediafilter.org/caq/echelon/
gives more details about Echelon project. Third one http://www.hro.org/docs/reps/privacy/2002/eng/sss.htm
gives information about Russian version of Echelon, SORM-2. Fourth
http://arch.ipsec.pl/prez/serwisy-2001/echelon.html
gives nice pictures about Echelon project related listening stations
around the globe. Fifth link http://www.whatreallyhappened.com/spyring.html
gives information about Isreali spyring operating in US and eavesdropping
crucial security organisations.
Spooky,
eh? Then think about THIS:
TEMPEST stands for Transient Electromagnetic Pulse Emanation Standard.It
is a procedure that is used to prevent electromagnetic radiation
from "leaking" from electronic equipment. We are used
to think that spying is something that you do with hidden cameras,
microphones or sneaking into someone’s office. Well, maybe
we should start to think otherwise. Snooping information from
your computer is basicly speaking much, much more easier.
"TEMPEST
attacks" are most easily done by analyzing the electromagnetic
radiation from your monitor (usually), but basicly it can be used
to monitor, well, anything that happens in your computer.. With
kind a phased array antenna & few electronical components
it is possible to see what you see in your computer screen...But
as an exception that it can be done from across the street and
there’s absolutely no way you can know whether or not you
are targeted by TEMPEST. This makes it very powerful way to do
some serious espionage. This is the technic that some television
licence inspectors use when they need to verify that some person
is using television without paying the license fee.
As
an example about TEMPEST attack I can tell you one story about
NSA and Cubans from 1960:s. NSA knew that Cubans where using good
crypto from CCCP that they could break. So, they simply listened
to the crypto machine using TEMPEST to spot the message that was
typed into the encryption device as it was in cleartext. The funny
thing is, that NSA did all this from 6 kilometers away in sea...
Now, if they could eavesdrop inside cryptomachine 40 years ago
from 6 kilometers away, how far and how well they can eavesdrop
things today? Things happening inside your computer or shown in
your computer screen? Thinking about stuff like this can really
get you paranoid. Luckily, there have been created some standards
to minimize the EM radiation from all kinds of devices some time
ago. However, they only minimize it, they dont remove it completely
ofcourse...
Similiar
stories, no, let me correct, facts, are told every now and then.
US embassy in Moscow was famous of being radiated by microwaves
by the Soviets to enhance the EM leaks so to speak. This is the
very reason top secret stuff should never be stored, altered or
even viewed in any electronical device. For example, in Finland,
all top secret stuff is always stored in papers only and instances
that have secret stuff or are dealing with secret stuff in electronical
form, are very well shielded and usually located deep in underground
bunkers that have good EM shieldings in place. Old tricks are
pretty effective against the "new age" espionage after
all... :)
Here
is an excellent site about TEMPEST, piles of links, etc. And here
is excellent guide on how to protect yourself from TEMPEST
without spending lot of money.
|
Tel:
+358
