Security and Privacy

abdomendebonairΑσφάλεια

2 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

159 εμφανίσεις

Chapter 10

Privacy and

Other Social Issues


Copyright © 2003, Addison
-
Wesley

What Is Privacy?


Freedom from observation, intrusion, or
attention of others


Society’s needs sometimes trump individual
privacy


Privacy rights are not absolute


Balance needed


Individual rights


Society’s need


Privacy and “due process”

Copyright © 2003, Addison
-
Wesley

Privacy and the Law


No constitutional right to privacy


The word “privacy” is not in the Constitution


Congress has passed numerous laws


Not particularly effective


Issue is pace of change


Privacy is a function of culture


Privacy means different things in different
countries and regions


Serious problem on global Internet


Copyright © 2003, Addison
-
Wesley

Figure 10.1 Some U.S. privacy laws.










Year


Title


Intent


1970


Fair Credit Reporting
Act


Limits the distribution of credit reports to those who
need to know.


1974


Privacy Act


Establishes the right to be informed about personal
information on government databases.


1978


Right to Financial
Privacy Act


Prohibits the federal government from examining
personal financial accounts without due cause.


1986


Electronic
Communications
Privacy Act


Prohibits the federal government from monitoring
personal e
-
mail without a subpoena.


1988


Video Privacy
Protection Act


Prohibits disclosing video rental records without
customer consent or a court order.


2001


Patriot Act


Streamlines federal surveillance guidelines to simplify
tracking possible terrorists.





Copyright © 2003, Addison
-
Wesley

Collecting Personal Information
(e.g., your email address => email spam)


Notice/awareness


You must be told when and why


Choice/consent


Opt
-
in or opt
-
out


Access/participation


You can access and suggest corrections


Integrity/security


Collecting party is responsible


Enforcement/redress


You can seek legal remedies

Copyright © 2003, Addison
-
Wesley

Figure 10.
3 Amazon.com’s privacy policy.


Copyright © 2003, Addison
-
Wesley

Figure 10.4 Dell displays the BBB seal.


Seal of approval


BBB


TRUSTe


WebTrust


Enhances Web
site’s credibility

Copyright © 2003, Addison
-
Wesley

Collecting Personal Information


Often voluntary


Filling out a form


Registering for a prize


Supermarket “Rewards” cards


Legal, involuntary sources


Demographics


Change of address


Various directories


Government records

Copyright © 2003, Addison
-
Wesley

Figure 10.5

Online personal information.


Copyright © 2003, Addison
-
Wesley

Completing the Picture


Aggregation


Combining data from multiple sources


Complete dossier


Demographics


Finding missing pieces


Browser supplied data


TCP/IP


Public forums


monitoring


Samurai

Copyright © 2003, Addison
-
Wesley

Capturing Clickstream Data


Record of individual’s Internet activity


Web sites and newsgroups visited


Incoming and outgoing e
-
mail addresses


Tracking


Secretly collecting clickstream data


ISP in perfect position to track you


All transactions go through ISP


Using cookies


Using Web bugs

Copyright © 2003, Addison
-
Wesley

Figure 10.6 Tracking with cookies.



Client requests
Acme page


Acme returns
page


Client requests
embedded
banner from
Gotcha


Gotcha returns
banner and
cookie

Copyright © 2003, Addison
-
Wesley

Tracking with Web “pixel spyware”


Web pixel spyware


single
-
pixel clear GIF


Image reference buried in HTML


Browser requests image


Server returns bug plus cookie


Request provides clickstream data


Difficult to spot a Web pixel spyware


Web pixel spyware in HTML formatted e
-
mail


Secret return receipt

Copyright © 2003, Addison
-
Wesley

Figure 10.8 A demonstration Web
spyware.



This Web
bug is
designed
to be seen

Copyright © 2003, Addison
-
Wesley

Figure 10.9 A Web pixel spyware buried
in an e
-
mail message.


Again, this one is designed to be seen

Copyright © 2003, Addison
-
Wesley

Surveillance and Monitoring


Surveillance


Continual observation


Tampa


facial scanning at Super Bowl


Packet sniffing


Monitoring


The act of watching someone or something


E
-
mail Web bugs


Workplace monitoring is legal

Copyright © 2003, Addison
-
Wesley

Surveillance and Monitoring Tools


Spyware


Sends collected data over back channel


Snoopware


Records target’s online activities


Retrieved later


Screen shots, logs, keystrokes


Other surveillance/monitoring sources


OnStar and GPS tracking


E
-
ZPass systems


Phone calls and credit card purchases

Copyright © 2003, Addison
-
Wesley

Spam


Electronic junk mail


Spammers use anonymous
remailers


Mailing list sources


Online personal information services


Dictionary attack software


Do not respond in any way!

Copyright © 2003, Addison
-
Wesley

Anonymous Remailers


Some good FAQs


http://www.andrebacard.com/remail.html


An example


http://www.anonymizer.com


What they know about you


Not an endorsement

Copyright © 2003, Addison
-
Wesley

Figure 10.10 This banner ad mimics a
dialog box. Do not click “OK”.



Fake banner ads like this one are very annoying


Spawner


spawns its own pop
-
up ads


Mouse
-
trapper


Turns off browser’s Back button


Disable pop
-
ups ad’s close button


No way to close ad


must reboot


Spam is a source of spawners and mouse
-
trappers

Copyright © 2003, Addison
-
Wesley

Fraud


The crime of obtaining money or some
other benefit by deliberate deception.


Most common forms of IT fraud


Identity theft


Credit card fraud


Scammers and con artists


Financial swindles

Copyright © 2003, Addison
-
Wesley

Protecting Your Online Privacy


Implement appropriate security measures


Get a copy of your credit report


Use:


Junk e
-
mail account


Anonymous remailer


Stealth surfing service


Common sense


Deal with recognized, trusted e
-
retailers


Keep important numbers and passwords secret


Use good passwords


If your computer acts strangely, find out why