|
|
ADSP 21xx 
Have you found this site useful? Did we save you time? Did we cure your head-ache? Is your hair growing back now? Please make a donation to help with maintenance. |
Custom Search
Computer Security ParanoiaMandrake Linux 10.0 Copyright Aerospace Software Ltd., GPL, 2004 ScopeA lawyer friend asked me whether he should be concerned about computer security and whether Microsoft for instance, can monitor what he is doing on his computer. I am an Electronic Engineer, a Computer Scientist and ex-Army Signals Officer and consequently know something about this and I try to stay on top of things to keep the computer systems of my clients reasonably safe. This document is a synopsis of our discussion. Who should be ConcernedThe flippant answer is that everybody should be concerned about computer security, but that is simply unreasonable. If you are a Lawyer, an Accountant, a Doctor or anybody that is working on a multi million dollar deal, then you should give the matter some thought. These are professionals that regularly deal with things where their opponents may be interested in what they are doing. Any one of the scenarios discussed here, can be executed for a few thousand dollars. The opposing party may go and hire a gumshoe at the local spy shop, or your opponent may be the government itself, which has limitless resources. The trouble with networked computer systems is that you can be spied on remotely, from the other side of the world. SpywareSpyware has been in the news lately, due to organized crime getting involved. Until recently, if a teenager would create a spyware virus, the problem was more amusing than dangerous, since if you send spyware to 100 million computers and they promptly comply, then you will get a deluge of information, which is somewhat like shooting yourself in the foot. However, organized criminals getting in on the act changed the whole ballgame. The latest programs exploit the Secure Sockets Layer of Microsoft Internet Explorer and only send a small amount of information to the crooks - only the stuff that is really important. Consequently, they can capture lots of banking information before they get caught and shut down. Your only defense against this is to not use Internet Explorer or Outlook, but rather use Mozilla Firefox, Thunderbird, Qualcomm Eudora or Opera. The Microsoft products have more security holes than a Swiss cheese and are best avoided. In addition, you should install a good quality firewall and consider running your whole server system on a Unix operating system, such as GNU/Linux. If you are a lawyer doing criminal law, consider using Apple Macintosh or GNU/Linux machines only. Microsoft systems are good for playing games, not for serious business. Can you go and buy a book online from Amazon or do your banking? Yes, but please don't use Internet Explorer - go to www.mozilla.org and download Firefox first. BackdoorsSome computer software has backdoors or unique identifiers that can be used to connect to your system remotely, or identify uniquely where a document originated. Microsoft Internet Explorer is a very good backdoor system and can provide full remote control of your computer. Microsoft insists that these are unintentional bugs, but they are also not doing anything about it... Internet Explorer also ships with a free copy of Alexa - a spy program similar to Gator, which amongst other things, forwards your internet search terms to Microsoft. They say they use it for marketing purposes. However, it is probably not a good idea for a lawyer to have all his Google and Yahoo search terms forwarded to third parties. The Secure Sockets Layer in MS Windows which is used to encrypt most sensitive stuff also sports a set of NSA keys, which are rumored to allow the NSA to decrypt anything that was encrypted with the SSL system. This is now moot, since any half capable crook now knows how to subvert Internet Explorer SSL, it is not just a Spook game anymore. You can remove most spyware with Adaware or Spybot Search and Destroy - Google for it. BugsWe all know the Holliwood scenes where a PI plants a bug in a pot plant, but how it is really done is a little different. If you are a lawyer with the unfortunate job of defending a high profile crook, then the local Spooks could simply get a court order for a wire tap. They then go to the local telephone exchange, hook up their equipment and turn the receivers of all your telephones on remotely... The only defense against this, is to unplug your phone when your client comes to your office for a meeting, but remember to also remove the battery from your cell phone. Laser BugsIf you remember to unplug your phone, maybe you should also close the blinds. Preferably, your office blinds should be metal venetian blinds, not the cheap plastic stuff. A Spook can sit in another office or on hill a few kilometers away and bounce a laser beam off your window and then hear everything going on inside. Double glazing works even better - if they bounce the beam off the inside pane, then the street noise is attenuated by the outside pane. Screen BugsIt is possible to tune in to the emissions from your computer display. This enables a Spook to read everything that you are doing. This is more difficult with an LCD screen and the range is very short, but the Spook can rent the office next to yours and be only a meter away from your screen, so never put your screen against an outside wall. WiFi BugsThe use of WiFi in a law office is a definite no-no. I cannot stress this enough. A lawyer should NOT use WiFi devices - ever - just plain don't - it is not worth the law suits.. Joe Sixpack can use WiFi to his heart's content, but any professional should be very wary about this technology. SatellitesJust how good are satellite pictures? Well, they are good enough to read the expression on your face. The earth's atmosphere is surprizingly thin. We tend to look horizontally through all the muck, but a satellite looks from the top down, through very little air. Unless you do a lot of nude sunbathing and you annoyed a very influential person, you need not worry much about this. If you are a lawyer for the Prime Minister, then maybe you should be concerned. E-mail is sent in plain text, unless you jump through a lot of hoops to encrypt it. Consider e-mail equivalent to a postcard - actually, it is much worse than a postcard, but you should get the idea. If you were wondering, yes, the Spooks capture almost all e-mail. You can be pretty sure that whatever you ever wrote in an e-mail message is safely stored in at least five places around the world, USA, Canada, Britain, France, Russia... Cell PhonesI touched on cell phones already, but consider how they work. The phone has to stay in touch with the cell towers, to allow the system to find it when it has to route an incoming call. Consequently, if your phone is turned on, the Spooks could find out where you are and they can turn the receiver on and listen to what is going on around you. If you are a lawyer and you decide it is better to meet your crooked client in a noisy bar, then thanks to your cell phone, the Spooks will have little difficulty to find you and they can listen to what you are saying from the comfort of their offices. They need not even follow you to the roach infested, smoky joint, so you are the only one left with a dry cleaning bill. Car Security SystemsYou know the Holliwood drill, where they plant a bug on a car and then follow it with a complicated receiver, that looks like a modified Pacman game? Well, thanks to On Star or your Cell Phone, that is now much easier... Hard Disks and CDROMsWhen you buy a new computer, what do you do with the old one? Consider that a hard disk cannot be erased. Most any teenager can take a hard disk from a broken computer, put it in a working computer and read the data. Also, no matter how hard you try to erase it, the old data can always be recovered with the use of special equipment. The best way to destroy an old hard disk, is to give it a good whack with a sledge hammer, or simply bury it in your garden to rust in peace - provided that someone doesn't go and dig it up. Old CDROMs can be destroyed by bending them double - hold the disk at arm's length inside a waste paper basket, fold it double with one hand and squeeze until it shatters, but beware of flying shards - turn your head away - don't blame me if it hits you in the eye. EncryptionConsider that whatever is encrypted on a garden variety PC in ten minutes, can probably be decrypted on a super computer in a few hours. The spooks have special techniques and enormous precomputed lookup tables of data to make decryption easier. However, unless you annoyed some very influential people, encryption can be used to good effect. If you use a notebook computer, that can easily get stolen, then you should consider using an encrypted partition on the hard disk to protect your personal information. Microsoft Windows XP Pro can do this (XP Home can't), but I don't trust it since the swap space is not encrypted - I'd rather use Apple Macintosh OSX or GNU/Linux on a notebook. If you use an encrypted partition, the computer will prompt you for a very long password when you start up - a nursery rhyme or something. Then it works as normal, until you log out or shut it down. Anybody that doesn't know the key, will then need a super computer and loads of patience to read your data. Note that if you wish to use any encryption on a computer, then you have to encrypt the /swap partition as well, since it can leak plain text data. You should also consider encrypting /tmp and pointing /usr/tmp and /var/tmp to /tmp with soft links, otherwise some programs will still go and scribble in unencrypted places. See the end of my RAID How-to Guide for simple instructions using Mandriva DiskDrake to encrypt the /swap and /home partitions on a Linux server or Notebook. How I would spy on a placeI don't have time for spy games, I'll just pay the cleaner or courier $500 to bring me whatever I want... Only the paranoid will survive! ;-) |
|
Copyright © 2005-2008, Aerospace Software Ltd., GPL. |