Google Web Accelerator – Broadband Internet Security

Google has launched a web accelerator for broadband users.  And security has become an issue.   Some users are conscerned with cokies being copied and/or shared since the Google Web accelerator caches sites on computer systems to make downloads faster.

Web accelerator concerns on digg.com

by: n-g-k (0) on 10:34 AM 5/05/05 | Score:

This is the antithesis of the anonymous proxy, you're giving up privacy for a couple more seconds of speed here and there? Google is going to log everything, find out who goes from what site to whatever other site, datamine, look for patterns, find out all kinds of things about people and society for what purpose? To help them sell more advertising and make more money? Well, that's just the primary reason, who knows what other nefarious motivations there could be. Imagine yourself owning google with all of that supercomputing power, others have said it above, google is the ultimate hacker. You can have your GWA, I say “No thanks!”

Better solution: use Firefox, hold down CTRL when you click, any links you click on will open in a new tab and begin downloading. Using this method you can click a bunch of links you will want to see, then by the time you get to the tabs they are already opened. Use CTRL-W to close the tab when you are done reading it and the next tab will be up.

by: n-g-k (0) on 02:23 PM 5/05/05 | Score:

Here is a very good article that goes along with what I wrote above:

http://www.somethingawful.com/articles.php?a=2858

Broadband Internet Security

In light of the growing amount of broadband users, I've decided to make a page about broadband Internet security

Security seems to be the last thing people think about when it should be the first.  It takes a sluggished compromised system for most users to considered examining their system. 

There are plenty of broadband pages out there but I wanted mine to be a simple walk through for the average compuer user.

Broadband a security issue

Removing TROJAN-SPY.HTML.SMITFRAUD Trojan

My friend around the corner calls me about once a month to clean up his computer.  Usually, its just a simple matter of running
Adaware or HiJackThis.  But this time was different. 

I
was helping my partner clean a trojan off of his Dell the other
day.  And to my surprise Adaware did not remove it.  It also
removed the ability to get to the Task Manager in order to view the
processes and added a link to the desktop. 

I found out it was called TROJANSPY.HTML.SMITFRAUD.  It took more effort than usual to remove, but I did manage to get rid of it with the help of a the Geekstogo! Malware removal forum.  I've found forums to be VERY helpful in getting help cleaing up and securing my home computer with ease.  Here is how I got rid of the Smithfraud.

 http://elamb.blogharbor.com/hacked/removesmitfraud.htm

Why Information System Security Professionals Should Join the ISSA

I’ve finally stopped procrastinating and joined my local Information System Security Association, Colorado Springs Chapter (ISSA-COS).  A few of my co-workers have been encouraging me to join since last year.

 

Over the past year many of the benefits that they’ve enjoyed as member of the ISSA have spilled over on to me.  I
encourage all serious Information security professional to join because
the ISSA has their fingers on the pulse on all information security
events, jobs and seminars at discount prices.  

ISSA members are always up on the latest security events and seminars in town.  Just two months ago, an ISSA member invited me to attend an Certified Ethical Hacking course.  I actually had no idea that there was a “hacking certification” prior to her email.  I attended a free seminar with mile2 and loved it so much I decided to attend the whole course.  I was able to attend an Ethical Hacking Course which my company paid for.  I’ll be going for that cert. soon.

As an ISSA member you will have access to many information security jobs in the area and around the world.  Recently, one of my former co-workers (ISSA member) sent me information on an information security job in Baghdad.  For fear of being apart of a hostage reality show on Al Jazeera TV, I declined.  Would you decline a 300K/year job?  I must admit I think about it every now and then.  My co-worker actually took the job and is much braver than I am.

Discounts on events, seminars and training is another benefit of an ISSA member.  For
example, we are having a local Security+ training that will be held
this Saturday at Colorado Technical University and in May there will is
the SANS Rocky Mountain 2005 – Immersion Training which gives a price cut to all members. 

In my opinion, the best thing about the ISSA is the ability to network with like minded Information Security professionals.  In the local ISSA Chapter there is a meeting once a month with seminars and meetings that include speakers like Phil Zimmerman, creator of PGP and representatives from companies like 3Com’s, TippingPoint.

 

            If you are an information security professional, you should definitely sign up.  Membership is free for 90 days to give you feel for the association (attend a meeting with your 90-day membership).  It
is $99.00 a year for ISSA membership and an additional $25.00 for the
Colorado Springs ISSA division (each local chapter has its own annual
fee).  Don’t be like me and wait a year to join.  The networking is worth your weight in gold or at least 300K/year in an exotic location.

 

Join at http://www.ISSA.org

Building a Network:
Seth Godin has a good post about building a network.

Recognize and be able to differentiate and explain the following access control models

· MAC (Mandatory Access Control)
· DAC (Discretionary Access Control)
· RBAC (Role Based Access Control)

To understand MAC, DAC and RBAC you must first understand Access Control.

Access Control is the control of user and process control access to  network and operating system resources.  For example, many spyware and adware applications not only download themselves on to your computer without your permission, but they also help themselves to your systems CPU, hard drive and memory.  What happens to most of us is that we get hit with 10 or 15 of these applications by accessing the Internet without protection.  Imagine 10 to 15 badly written memory hogs using your CPU and memory to access your cached references to your web surfing habits (or worse credit card, ssn) and send that potentially valuable information to some server in Nigeria or Russia.

 

Mandatory Access Control (MAC)

 

Mandatory Access Control is military grade security.  Like DAC, it has been around since the 60’s.  With MAC, the security on all resources are strictly policy controlled.  All processes and users (or subjects) must specifically given permission to access a resource (or object). 

 

Subjects are given a number indicating their level of access.  Subjects can access any object with a lower number.  With modern military and national security systems this permissions matrix is supplemented with a classification level.

 

Discrestionary Access Control (DAC)

 

Discretionary Access Control is where a subject has control over an object. In this case a “subject” could be a home user.  And lets say the home user has admin privileges because he wants to download applications like Kazaa Lite ++.  The “object” or resource is Money Quick, a financial application that creates important bank account spreadsheets. 

 

The home user is no fool so he locks the Money Quick application down so that only the administrator has permissions to the file.  She is the only administrator on the computer so there is no problem right?  Wrong.  With DAC any application that runs while the current user is logged on has the same permissions. 

 

So, the home user finds Kazaa Lite ++ on Internet and downloads it.  The shareware app is of course loaded with all kinds of spyware, adware, Trojan filth that goes directly for her Money Quick software.

 

Is very popular and has been in use primarily in the commercial and academic worlds since the ’60’s.

 

Role Based Access Control (RBAC)

 

Role Based Access Control is fairly new and is considered the evolution of the DAC & MAC.  With RBAC, each subject is assigned a role.  Users without roles can be put into groups that pertain to a certain department or job such as sales or management.  Objects only allow subjects on a permission basis.  Modern operating systems such as Solaris, Linux and Window 2k/XP/03 are perfect example of how Role Based Access Control works.

 

The RBAC started in the 1990s and fully materialized in the RBAC96.  There is currently a lot of research being done on the RBAC. 

 

 

'the Screen Savers' is Dead.

  

The new show is called Attack of the Show (ATOS).  They don’t talk about computer security much or moding a computer like the old Screen Savers.  Its like they took TechTV’s old show Fresh Gear merged it with Screen Savers and added a band and more focus on games. 

 

I don’t know what kind of marketing statistics drove the folks at G4 to do it but they have left a vacuum.  Although I am blind with fury about the change, I can see how AOTS has a place.  They are trying to appeal to a larger audience.  But in its wake they have left behind all the true geeks who want to know how to dual boot Red Hat and Window 2003.  There is a large market that wants more content on nothing but cool computer hacks. 

 

Luckily, the old crew from Screen Savers are still giving the same level of content (if not more) to their loyal geek underground that has been quietly stewing and gnashing of teeth on blogs and forums across the Internet. 

 

List of the old crew:

Kevin Rose

Lara

Alex Albrech

Patrick

Leo Laporte (shameless book promos)

Dan Huard

Yosh-Dawg

Keith

Kat Schwartz (she’s cute) doing podcasts somewhere??

25 MAY –> FOUND HER GOTO: CATSCHWARTZ.COM

 

But there is a happy ending here.  Krose, Dan Huard, “Switcherman”  and crew are developing a show called Systm that is supposed to have as much content as the Screen Savers.  And for the truly hard core – Defcon – hacker-wanna-be's there is thebroken.

1 169 170 171