Security
Identity theft, junk mail, spyware, viruses, spoof sites, phishing, pop-up ads.
All are potential security threats to our computers.
There are articles in the news every day about various occurances of the above mentioned items.
A credit card firm had their db hacked and the info of up to 15,000 people was accessed.
A similar break-in to a cellular phone database.
Students at a Pennsylvania high school used school provided laptops to view administrators computers.
Web sites that secretly install programs onto our computers.
Security is a serious subject, and vigilance is required to stay ahead of those that wish to use our cpu cycles for their own purposes.
Why, then, is it so easy for security measures to be bypassed?
Sometimes, the software itself is to blame.
When your business is writing software to sell to the world, there are many considerations.
There are deadlines and release dates, and if they are not met, shareholders, and bosses, are not happy. Thus, things get missed.
Sometimes serious things that leave huge openings in the software, sometimes minor things that aren't found right away.
Microsoft is easy to point the finger at in this case, but only because they are 500LB gorilla in the neighborhood.
Microsoft (by install numbers) has the dominant OS, web browser, and office software, thus most nefarious types try to crack Microsoft products.
If Linux (or Mac, OS/2, SunOS, etc.) was the dominant OS, they would be in the place that Microsoft is now, and all the virus writers would be working at cracking Linux.
Microsoft, and others, know that there will be bugs and vulnerabilities when they release a product, and that someone else will find some of them first.
The Almighty Dollar trumps quality, apparently.
You can tell these companies that you won't tolerate this behavior anymore.
Write all the letters you want but until you speak with your wallet, they aren't going to listen.
Don't buy from companies that have a history of this type of software release, typically referred to as "dribbleware"
Sure it's hard, and that's what they want, for you to be addicted to what they've got.
That angle has been argued many times before and I don't expect that this will really work, as many people don't like change and won't give up what they know.
Passwords
Passwords are something that you can do about your computer's security.
Or can you?
Let us set the way-back machine for about 10 years ago.
Back in the day, there were nowhere near as many sites on the web as there are now.
Navigation was pretty easy, the browser wars were heating up and all looked rosy on the horizon.
Along came cookies.
Seemingly innocent bits of code that could be used to track your browsing, but were mostly used to save site preferences and such.
There was a lot of talk about this invasion of privacy that eventually settled down, and while they can (and are) used for ill-purposes, browsers have enabled ways to block some or all cookies with preference settings.
You don't hear about them as much anymore, but most spyware and virus scan tools have cookie "cleaners" that can remove cookies while saving others you "need" to remember your site preferences and sometimes, log-in info.
For the sites that require log-ins, that is.
Back in the 'good ol days' there weren't many sites that required people to register to view what the site offered.
Now it's almost a given that you have to register to use "advanced" features.
Passwords are supposed to be hard to guess, which generally means hard to remember.
You should use mixed case letters, numbers and symbols in a password of at least 6 characters to be a decent password.
Most sites allow case-sensitve, a few don't allow numbers, many do not allow symbols in their passwords, and minimum characters vary from 0 to 6.
In the past, most people only had a few passwords to remember, dial-up log-on, email (which is usually the same as the dial-up log-on), maybe a password at work to access your computer, perhaps a couple of others for a few web sites.
Even then, it was too hard for people to remember passwords and they would be written down "somewhere safe" so we didn't have to remember them.
Now, it's easy to have 10, 20, or more sites that need log-in/password info.
Banks, (multiple) email accounts, libraries, forums, online games, chat programs, eBay, Amazon, TVGuide Online.
My city newspaper requires registration to view anything other than some basics like classifieds and weather, and there's only about 125,000 people in the city that I live in.
With so many sites requiring registration now, it becomes hard to remember all your passwords.
People start using the same password (and username) for several, or all, of the sites they register with, which is obviously insecure.
Browsers and stand-alone programs tried to alleviate some of this problem by adding password managers that can remember your login info for all the websites you visit, allowing you to have one master password to enter and allow access to those sites.
In theory, this is a good idea, but where does this password info live?
Why, on your computer of course.
The same place that people are hacking into using the vulnerabilites in the OS or browser you use.
What happens if your hard drive crashes?
You have now lost all those stored passwords and don't have access to your favorite sites anymore since you can't remember your passwords.
Some sites, like forums, banks, email, etc, need verification of who we are and provide accountability for our actions. This requirement won't go away, nor should it.
Many sites require registration to track users browsing habits so they can provide targeted advertising based on what you have already viewed on their site, and any others run by the same company.
Which give us those annoying pop-ups, pop-unders, pop-overtheres, etc, and some ad companies don't screen their customers very well, allowing them access to our machines with their malicious intentions.
Once again, the Almighty Dollar wins the day.
I'm not innocent in this game, I have done some of the above and though I don't anymore, it doesn't change the fact that I did it, and put myself at risk.
Although I never use Internet Explorer except for using Windows Update, or to download Mozilla (and formerly Netscape) on a freshly installed machine.
All are potential security threats to our computers.
There are articles in the news every day about various occurances of the above mentioned items.
A credit card firm had their db hacked and the info of up to 15,000 people was accessed.
A similar break-in to a cellular phone database.
Students at a Pennsylvania high school used school provided laptops to view administrators computers.
Web sites that secretly install programs onto our computers.
Security is a serious subject, and vigilance is required to stay ahead of those that wish to use our cpu cycles for their own purposes.
Why, then, is it so easy for security measures to be bypassed?
Sometimes, the software itself is to blame.
When your business is writing software to sell to the world, there are many considerations.
There are deadlines and release dates, and if they are not met, shareholders, and bosses, are not happy. Thus, things get missed.
Sometimes serious things that leave huge openings in the software, sometimes minor things that aren't found right away.
Microsoft is easy to point the finger at in this case, but only because they are 500LB gorilla in the neighborhood.
Microsoft (by install numbers) has the dominant OS, web browser, and office software, thus most nefarious types try to crack Microsoft products.
If Linux (or Mac, OS/2, SunOS, etc.) was the dominant OS, they would be in the place that Microsoft is now, and all the virus writers would be working at cracking Linux.
Microsoft, and others, know that there will be bugs and vulnerabilities when they release a product, and that someone else will find some of them first.
The Almighty Dollar trumps quality, apparently.
You can tell these companies that you won't tolerate this behavior anymore.
Write all the letters you want but until you speak with your wallet, they aren't going to listen.
Don't buy from companies that have a history of this type of software release, typically referred to as "dribbleware"
Sure it's hard, and that's what they want, for you to be addicted to what they've got.
That angle has been argued many times before and I don't expect that this will really work, as many people don't like change and won't give up what they know.
Passwords
Passwords are something that you can do about your computer's security.
Or can you?
Let us set the way-back machine for about 10 years ago.
Back in the day, there were nowhere near as many sites on the web as there are now.
Navigation was pretty easy, the browser wars were heating up and all looked rosy on the horizon.
Along came cookies.
Seemingly innocent bits of code that could be used to track your browsing, but were mostly used to save site preferences and such.
There was a lot of talk about this invasion of privacy that eventually settled down, and while they can (and are) used for ill-purposes, browsers have enabled ways to block some or all cookies with preference settings.
You don't hear about them as much anymore, but most spyware and virus scan tools have cookie "cleaners" that can remove cookies while saving others you "need" to remember your site preferences and sometimes, log-in info.
For the sites that require log-ins, that is.
Back in the 'good ol days' there weren't many sites that required people to register to view what the site offered.
Now it's almost a given that you have to register to use "advanced" features.
Passwords are supposed to be hard to guess, which generally means hard to remember.
You should use mixed case letters, numbers and symbols in a password of at least 6 characters to be a decent password.
Most sites allow case-sensitve, a few don't allow numbers, many do not allow symbols in their passwords, and minimum characters vary from 0 to 6.
In the past, most people only had a few passwords to remember, dial-up log-on, email (which is usually the same as the dial-up log-on), maybe a password at work to access your computer, perhaps a couple of others for a few web sites.
Even then, it was too hard for people to remember passwords and they would be written down "somewhere safe" so we didn't have to remember them.
Now, it's easy to have 10, 20, or more sites that need log-in/password info.
Banks, (multiple) email accounts, libraries, forums, online games, chat programs, eBay, Amazon, TVGuide Online.
My city newspaper requires registration to view anything other than some basics like classifieds and weather, and there's only about 125,000 people in the city that I live in.
With so many sites requiring registration now, it becomes hard to remember all your passwords.
People start using the same password (and username) for several, or all, of the sites they register with, which is obviously insecure.
Browsers and stand-alone programs tried to alleviate some of this problem by adding password managers that can remember your login info for all the websites you visit, allowing you to have one master password to enter and allow access to those sites.
In theory, this is a good idea, but where does this password info live?
Why, on your computer of course.
The same place that people are hacking into using the vulnerabilites in the OS or browser you use.
What happens if your hard drive crashes?
You have now lost all those stored passwords and don't have access to your favorite sites anymore since you can't remember your passwords.
Some sites, like forums, banks, email, etc, need verification of who we are and provide accountability for our actions. This requirement won't go away, nor should it.
Many sites require registration to track users browsing habits so they can provide targeted advertising based on what you have already viewed on their site, and any others run by the same company.
Which give us those annoying pop-ups, pop-unders, pop-overtheres, etc, and some ad companies don't screen their customers very well, allowing them access to our machines with their malicious intentions.
Once again, the Almighty Dollar wins the day.
I'm not innocent in this game, I have done some of the above and though I don't anymore, it doesn't change the fact that I did it, and put myself at risk.
Although I never use Internet Explorer except for using Windows Update, or to download Mozilla (and formerly Netscape) on a freshly installed machine.
posted by urbnsol at 2:19 AM
0 Comments:
Post a Comment
<< Home