13 January 2011
I dedicate this post to all the paranoid guys out there that believe in some theory of conspiration, that the government taps their phones and satellites track their moves. As one wise man said “paranoia is your friend”.

In such a technologically advanced age I sometimes stop and think about the price at which all this comes, and how bad people can use this technological advantage in their advantage. The more we computerize and centralize everything the more exposed we get to the threats of cyber attacks.

Now and then you hear that some big site’s db has leaked out, with all it’s thousands of users and passwords. Those who get the db can further use it in malicious ways, like try the emails and passwords against paypal, some percent will match, and do some buying on ebay? Ok, ok, paypal and ebay have some mechanisms of protection against that, but then again.. I got my ebay account blocked once, as I am using many computers, and for reactivating it I had to pass some validations, like what was your school or something, and I usually just write something in. No standard way of validation worked for me so I started fooling around with ebay profile pages till I managed to bypass(no hacking) the security, change the profile data, and validate with changed info, so much for protection I say..

But back to db leacks. What are the chances that the next leak will be the facebook db? I say pretty high. I don’t believe you have a different password on every account that you possess out there. If one db has leaked, they may have access to more than one account.

I do remember, early in the days, guys would just build some lousy site with some lousy info, that required you to register, and then used those password to check against some services they were interested in.

I don’t have a good solution to that problem. If you work with only one computer at all times, there are applications that can manager all your passwords, so you can have one site – one password. And for the unlucky ones that work with 3-4 computers daily, be sure to have separate passwords for sites that involve credit card information.

So I recommended using a password manager, but how can you be sure this password manager software is not some CIA stuff that also makes sure the agency has your password in case they need it? Besides configuring your firewall to deny access to this software, you can’t.

Once upon a time, in some lost blog of mine, I wrote a post about google, the potential threat that it poses to all the online-bounded humankind.

90% chance you have a google account for email. You may have a credit card associated for google check out (works mainly for USA only), some docs and excels with google docs, photos on picasa. Are you using gtalk? All that is just the tip of the iceberg. Google is tracking statistics for an awful big number of websites, and providing ads for like half the internet. Try naming one not so big website that doesn’t have google ads on it?

So what is the threat. First threat is google. It has access to your emails, your money, your conversations, documents, people in your photos (let’s not forget about face recognition), it knows what sites you visit so it can figure out your interests and provide targeted ads (you may think of it as a good idea, but it really is stuff you don’t actually need, just like, and is a total waste of money). It can have all your mobile contacts if you own an Android powered phone. It’s too much information that is accessible by one company. And don’t get me wrong here, I don’t hate google, I do have an account and an Android phone, but the hypothetical case when it can go “evil”, frightens me.

Second threat that google poses is someone breaking in and getting all that information that is concentrated in their huge data centers. That might end up catastrophically.

I mentioned targeted ads. It is arguably a useful thing. Getting ads that reflect your interests. Wouldn’t that be great? Wouldn’t it be great to spend money on things you don’t quite need? I guess..

After all.. when you go shopping, do you buy what you really want/need or something that has crept into your subconscious by means of tv/radio/internet ads? When you go voting, is it really the right person, or was your opinion influenced by persons that know how to program your brain to act in their best interests? If you do have the time, read about NLP – Neuro Linguistic Programming.

Till now I spoke about vulnerabilities at some third party. But how secure are you? Can you be sure nobody monitors your conversations? If you are in USA, all your communications might be monitored, without even a warrant. God bless the non-USA residents as they still have some rights.

A few years ago I spotted a vulnerability in the way an ISP provider was installing modems to its clients, by not setting any passwords on them, leaving the admin interface open to the world wild web. What’s the worst thing might happen, you say? It took me a few days to write a DNS server that could give my own IP to any DNS request, with that done a simple change in the admin interface of the target and I could proxy all the traffic. It’s time to check if your router has a password on it.

The internet poses a lot of threats. Don’t wander if you are secure, because you aren’t. If you don’t have any valuable information don’t get stressed. If you have, you might start reading all the security docs in the world, and it would still be too little to protect yourself. Sometimes there is just nothing you can do about it.

If you’re a paranoiac you shouldn’t use computers at all. Best place to live is in the woods where the satellites can’t spot you and where are no cameras at each corner, where you don’t have to own an ID card to be somebody.



blog comments powered by Disqus