If Dr.Suess were writing green eggs and ham today he would have probably wrote it like that. The Internet has opened the door to the world, to our home but it has also opened the door to our homes to the world. Privacy issues are a major issue in the security dilemma of this day. Cookies, small bits off code are put on our machines each time we browse the net. Some of these cookies are good when we go to a site such as ITT tech online they let the web server know who we are and are used to update our information. But not all cookies are like that some are put there by advertisers who use them to track our surfing habits on the Internet and build a database of information about us. This information may include data about our personal life’s that could be detrimental if it were to fall into the wrong hands.
Kelly from Carnegie Mellon University says this concerning cookies,” Since cookies record every site users have viewed or companies that have bought the user’s identity, this could pose potential dangers to Internet users. When searching through Google or Yahoo, sometimes searches lead to promiscuous materials, which if clicked on by the user are recorded as a site viewed on that user’s computer. The organization that placed the cookie onto the user’s computer could then sell this information to other companies causing the user to receive unwanted ads and possibly junk mail. Ultimately, the user’s Internet viewing records could be falsely recorded and used against them if ever released to the public” (Kelly)[1]
Although these cookies are mainly to serve advertising if the company that collects the information sells the database to someone else a potential employer could gain access to this knowledge. Consider the implications of this if that individual did accidentally or purposefully end up at pornographic web sites. If they were researching a medical condition that information may lead an insurance agent or employer to assume they had that medical condition. Any time we fill out forms on a web browser or just surf the net people are looking at us and watching and recording what we do.
Cookies are not the only issue, these days. Now programs called spy ware are packaged along with many free applications and some not free applications and install themselves on our machines without our knowledge. Like cookies these spy ware programs watch everything you do and record it. They set up house in the registry and bloat it take up bandwidth and CPU resources and make our computers run amiss. Many of these are poorly written and cause applications to crash. This opens a whole new security issue.
John McCormick says this in his news article that he posted in Tech Republic, “There is improved port management. It will no longer be up to the application to close ports after it is finished. Before, if a developer left out the closing routine or the application crashed, a port could remain open and leave XP open to attack. SP2 encourages port management with an application white list that only a user with administrator privileges can alter. Placing an application (such as a peer-to-peer program) on the white list causes ports to be managed automatically. Such applications can also now be run as a regular user rather than needing local administrator privileges to open ports in ICF.”(McCormick)[2]
So a poorly written Spy ware program has been placed on your machine it is using a port to connect to the internet and crashes. Now the port is open to anyone who wants to come in. Hackers realize this and keep track or which ports these spy ware programs use. Knowing this they don’t even have to scan your computer they already know which ones may be open.
In the late 90’s the world woke up when the media revealed that the FBI had set up a system to spy on people on the Internet called Carnivore. Jeff Tyson describes Carnivore in his article How Carnivore Works saying,” In 1997, the FBI deployed the second generation program, Omnivore. According to information released by the FBI, Omnivore was designed to look through e-mail traffic traveling over a specific Internet service provider (ISP) and capture the e-mail from a targeted source, saving it to a tape-backup drive or printing it in real-time. Omnivore was retired in late 1999 in favor of a more comprehensive system, the Dragon Ware Suite, which allows the FBI to reconstruct e-mail messages, downloaded files or even Web pages.”(Tyson)[3]
In the late 90’s we thus worried about the FBI and” Big Brother watching us”. Since then more malignant software has been released much of what today is called spy ware. These programs take control of peoples computers by hijacking their web browsers and redirecting them to sites that the hijacker chooses. Pest patrols white papers give the following definitions.” Ad ware: "Software that brings targeted ads to your computer, after you provide initial consent for this task. Some Ad ware may hijack the ads of other companies, replacing them with its own. Ad ware typically will track your browsing habits and report this info to a central ad server."
Browser Helper Object (BHO): "A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events; create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." There are many exploits of this technology which search all pages you view in IE and replace banner advertisements with other ads, monitor and report on your actions, change your home page, etc."
Hijacker: "A Trojan that may reset your browser's home page and/or search settings to point to other sites. Such sites are sometimes porn sites, often loaded with advertising. Homepage Hijackers may prevent you from changing your browser's homepage or from visiting a particular site."
Spy ware: "Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spy ware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spy ware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed."
Trojan: "Unwanted software which runs in a user's machine, as an agent of the attacker, without user awareness. Unlike viruses and worms, Trojans do not replicate (make copies of themselves.)"(Stang)[4]
This may cause additional security threats because one may visit on web site and be viewing advertisements from another and become misinformed of the actual content.
What is even more of a security threat is what Dr. David Stang goes on to describe saying,” No product should offer to disable your security software. But some products do just that, and receive our nomination in this category. For instance, StopSign is a Firewall Killer interfering with the operation of several personal firewalls. In addition, it suggests turning off Norton Anti-Virus Email protection and PC-Cillin POP3 Filter, and detects and offers to remove both SpyBot and AdAware. Radlight will try to remove Ad-aware.”(Stang)[4]
This means that some spy ware software is going to disable a firewall and change other security settings leaving one open and vulnerable to malicious attacks from others. This spy ware is insidious changing settings in the background without informing the owners of the computers.