IT Security Blog

Protecting Online Anonymity

By

Computer users lose their privacy once their online presence and activities are no longer anonymous.  Losing anonymity means that someone or a group of people are able to track online behavior.  This includes knowing the user’s location or browsing habits.

Most people are not aware that their online activities are under surveillance.  It should be noted that Internet Service Providers  possess a full record of user activities, not to mention that search engines and websites likewise record all user activities in spite of claims that all data garnered are “anonymized” or has not been provided identifiable information.  There are providers and sites that purposely collect personal information to sell to the highest bidder. 

So how do we go about protecting our online anonymity?  Users can consider using a software implementation that uses a network of servers that can effectively conceal usage and location.  This highlights the layered nature of encryption wherein a data is encrypted and re-encrypted many times over on its way to its final destination.  The process prevents undesirable elements from unscrambling and understanding the message sent.  There are several tools available in the market today including Proxy.org, JonDonym, Ultra Surf, Tor, Proxomitron, and the Ultra VPN.

Another way to protect online anonymity is to install a good software firewall. Computer users can also stick to visiting highly reliable big sites such as Disney which are committed to upholding the highest standards.  Upholding the highest standards simply means doing right with whatever information they inadvertently or purposely obtain from the customers.   There is also an option to maintain an alias email address to enable users to receive messages without revealing the true email address.

 

The Hidden Writing

By

Computer users are fairly familiar with encryption which is basically converting a readable information to what appears to be nonsense.  Encryption is directly connected to the study of techniques for securing communication known as cryptology or cryptography.  While cryptology aims for protection against adversaries that threaten confidentiality, authenticity, and integrity of data, encryption as we know it prevents unwanted people from getting hold of critical information through computer use.  Decryption is about converting incomprehensible messages to their comprehensible form.   The adversaries in this case are the cybercriminals who prey on weaknesses of computer passwords and laxness in electronic commerce. 

In order to protect themselves, computer users have to maintain a certain degree of secrecy in their activities specifically in granting or withholding their approval for online transactions.  Revealing too much personal information could pave the way for unwanted personalities to decipher protected passwords and codes.  This is the reason why people are always reminded to be selective of what information to provide and to whom it is provided. 

E-commerce usually makes use of the encryption protocol known as the Secure Sockets Layer (SSL).  This is often seen in URLs starting with “https” instead of the typical “http”.  Decryption is facilitated by the use of a “secret key”.  Encryption also concerns itself in checking the trustworthiness of the source on any message.

Operating an online business will use e-commerce one way or the other.  Encryption has made it possible for online businesses to be conducted.  Without any secure means of financial transaction, very few customers will take the risk no matter how tempting the offer.

How Long Should Your Password Be

By

We all know the importance of having good and difficult passwords once we have access to a site or a network but one thing that many would have to consider would be the length. Others would want it short, but these are people who would not care of why they are given access. Others want it long normally something that they can easily remember such as their address or birthday. But how long should it be?

Traditionally, it should be at least 8 characters. Some are fine with 6 characters but for security reasons and avoiding hackers, it would be best to make it longer. A combination of alphanumeric characters would be better as it makes harder to crack for people who love to do mischief. So if this were the case, the potential combination would perhaps be your car plate number, bank account or even your driver’s license codes. With that in mind, you better make sure you also write it down and keep it in a safe place. This is in case you may forget it for some reason due to the tons of information you have stored up in your mind.

Regardless, a user should always make sure that the password he chooses is something he is familiar with. For most sites, we are asked to put secret questions to which we can answer for ourselves. But in choosing the right one, we must make sure that it is something only we know and not something that can be easily guessed by anyone. Failing to do so may put your access and credibility at risk.

Encryption – Why people shun away from it even now? (Part 2)

By

If you happen to be a small or medium scale company that cannot afford multiple data stores and infinite numbers of mirrored hard drives, that becomes a problem. An encrypted hard disk in a laptop that gets banged up damaging the hard disk may still have some of the information intact enough for recovery but damage some of the vital keys and software and you are left hanging by a thread or down in the gutters. Data recovery is possible but only through expensive methods with the hard disks being opened up, the platters extracted and installed into another similar hard disk for data extraction. Only the military and federal government would have enough cash to burn in terms of data recovery at that level for the price is computed in the amount of megabytes recovered and on a per hard disk basis, and imagine a 1 terabyte drive at say $50/MB then you’d be scratching your head by now, and that’s just for a single drive.
The risks of identity theft and information leakage is real but the technology is still quite prone to failure even with today’s quad-core which is why we didn’t discuss the performance issue in the discussion. Today’s multi-core processors are capable of handling complex tasks such as real time encryption and decryption as if there was nothing happening on the background. The performance issue has been addressed by more powerful microprocessors but the reliability of the hard disks which stores the information and even the CD’s are still quite weak. Till there is more definite proof that all parts of the computer has reached such a reliable level that failure is a less of a factor more people would still retain their own proprietary security measures (birthday passwords, flash thumb drives that always get lost and physically carrying their discs with them).

Encryption – Why people shun away from it even now? (Part 1)

By

encryption.jpgEncryption used to be the mainstay of military and other government agencies who need to secure the information they handled preventing anybody who may get access rendering the information useless. Everybody knows about it yet not many use it for the protection of their vital information stores, why? Well there are a hundred reasons why people mistrusts such an extreme measure as encrypting data and one is reliability of technology on which it is used on. Computers as we know have become cheaper and cheaper that has been good on one side but it also raises the risk of failure due to cheaper parts and higher risk for data loss due to failure. I know a lot of people would be going against me on this one but if you have experienced a hard disk crash during my many years of computer use and association with them in my previous line of work as a technical support supervisor, you’d know what I mean.
The technology we have today is of the highest level of quality and technological complexity of the computers I started to work with (386’s and 486’s) but the robustness of these gadgets and gizmos we call peripherals are still quite low except for the extreme types that are too expensive for the ordinary user to afford. Imagine a failed motherboard that has fried circuits, no problem for the hard disks are seldom affected by such incidents. Get the board out and swap it out and you connect the hard disk and you have your data available. Imagine you have a failure in the hard drive itself; you get some software and try to recover that information hoping you get enough of the sensitive files your boss needs in the morning. Now, imagine having a hard disk that was encrypted and had some of its sectors rendered useless, now that’s a nightmare for the encrypted data is useless with the key and the code stored into the hard disk itself.

Government Laptops and Computers get encrypted

By

datasecurity.jpgDue to the recent problems associated with the loss of government laptops and security breaches such as the incident where the laptop of a Federal Trade Official was reported to have been compromised by reportedly Chinese operatives while on a trip overseas, the US Federal government has begun to encrypt their laptops in hopes of bolstering their security to prevent such security risks in the future. Let us just hope that they do it fast enough for no one wants to get their personal and financial information released online or obtained by enemies of the state (terrorists in layman’s terms). Of the estimated 2 million laptops the US government and the many agencies have, only 800,000 have had the encryption system developed by the Department of Defense and the General Services Administration.
Encryption is one of the most secure way pf keeping data safe from unauthorized access which renders them useless without the proper software or security keys. Comparable to the dial combination on a bank vault, the encryption process turns files onto a useless bundle of information that cannot be read or used for other purposes.
All this effort to boost security of information that is gathered and collated by the various agencies and even private businesses that have ties with the government though contracts have had their computers encrypted to ensure the information they handle and use stays secure and out of the hands of criminals who aim to use them against the government.