Lecture Fourteen--ICS 131--Win 2000--23 Feb 00
Review of Lecture Twelve--Privacy
Some examples of "unprivacy"
Comet Cursor
Banking
Healthcare Web Sites
DoubleClick
One company's response
DC's five points
Is it enough?
Very short history
From the village to the web
What should the various players do?
Users
Companies
Government
-------------------------------------------------------------------------------
Security
The growth of computing
(and the internet in particular)
has exceeded our ability
to provide adequate security--JF
Recent events
February--Denial of Service
December--Theft of 300,000 credit card numbers
March--Melissa virus--e-mail systems
Calling card numbers stolen
How big is the problem?
Companies don't want to admit they have been hit
---------------------------------------------------------------------------------------
Some questions
• What are the problems?
• What are the security breaches?
• Who are the hackers?
• What can be done about computer security?
• What can you do on your PC?
• Any role for government?
-----------------------------------------------------------------------
What are the problems?
What are the security breaches?
-------------------------------------------------------------------------------------------
[Sager, Ira, et al. CyberCrime. BW, 21 Feb 00, 37-42]
The Weapons
Denial of Service
Scans--probing internet looking for weaknesses
Sniffer--searching data packets
Spoofing--faking an e-mail address to elicit info
Trojan horse--program that exploits vulnerable sw
Back Doors--another way in
Malicious applets--do bad things
War dialing--search for a way in thru a modem
Logic bombs--trigger a malicious act
Buffer overflow--causing one to make trouble
Password crackers--sw to guess passwords
Social engineering--con information
Dumpster diving--GSIA business games
----------------------------------------------------------------
Who are the hackers?
----------------------------------------------------------------
The Players [BW, 21 Feb 00, 40]
White-hat hackers--good guys (?)
Black-hat hackers--bad guys
Crackers--hackers for hire
Script bunnies--aspiring hackers
Insiders--Maybe 60% of problems caused by
---------------------------------------------------------------------------
What can be done about computer security?
----------------------------------------------------------------------
Locking Out the Hackers:
A five point program
[Sager, Ira; Gross, Neil; and Carey, John
Locking Out the Hackers, BW, 28 Feb 00, 33-34]
1. Stamp out software bugs
2. Fortify the ISP's
3. Make the Penalty Fit the Crime
4. Companies, Cover your XXXX
5. Teach your children well
------------------------------------------------------------------------
1. Stamp out software bugs
"More than 75% of the incidents we see
are the direct result of widely known
[software] bugs..."
CMU's Computer Emergency Response Team
"Chasing software perfection,
chasing the last bug, is not
what customers want...."
Microsoft's security response team
---------------------------------------------------------------------
More comments on software bugs
"Speed and money are antithetical
to security and reliability...."
SRI International (Peter Neumann)
"What's more, at most colleges
teaching computer science,
techniques for developing secure code
are not even part of the required curriculum."
------------------------------------------------------------------
2. Fortify the ISP's
to filter out bogus packets
Cost and support issues
3. Make the Penalty Fit the Crime
Define the crimes
e.g., posting software that
could launch attacks as a crime
Define the penalties
--------------------------------------------------------------
4. Companies, Cover your XXXX
Install appropriate software and follow up
monitor it
back up data
update software
read bulletins
5. Teach your children well
computer ethics (driver education)
--------------------------------------------------------------------------------
[Back Off, Hacker. Armstrong, Larry. BW, 28 Feb 00, 160-161]
[How Not to be a Zombie. Lewis, Peter H. NY Times, 17 Feb 00,
D1, D3]
"Easy-to-use software can keep
online intruders out of your PC"
Web site software
Shields UP! (www.grc.com)
secure-me.net
Security systems for PC's
Blackice Defender--www.networkice.com
Conseal Private Desktop--www.signal9.com
Norton Internet Security 2000--www.symantec.com
Zonealarm--www.zonelabs.com
------------------------------------------------------------------
[copy BW table on page 161]
-------------------------------------------------------------------------
[Policing the Internet: Anyone But Government.
Steve Lohr, NY Times, 20 Feb 00, wk3]
"...[T]he F.T.C recently began investigating
how medical Web sites handle personal information.
And last week, DoubleClick, the Internet's
leading advertising placement company,
reported that the F.T.C. was investigating
how the company collected and used personal data."
"I find the profiling technology disturbing
--this notion of checking on consumer viewing
habits without them knowing it--especially
if that information is then merged with other
databases so they can be identified,"
said Robert Pitofsky, chairman of the F.T.C.
------------------------------------------------------
[Breaking In, Hacker-Style. Gina Kolata,
NY Times, 20 Feb 00, wk3]
------------------------------------------------------------
Summary
• What are the problems?
• What are the security breaches?
• Who are the hackers?
• What can be done about computer security?
• What can you do on your PC?
Logistics
• Quiz on Monday, 28 Feb, will cover
Lectures Readings
Mon, 14 Feb ( e-mail, more) Rest of Part V
Wed, 16 Feb (privacy) Part VI
Wed, 23 Feb (security)
• Official announcements
Quizzes can be given at
beginning of Monday class,
at end of Monday class,
or both.
Final exam will be on Friday of finals week.
• Marx lecture, 29 Feb
131 in the News
"Love, Honor, Cherish. But Reveal My Password?"
"Some people who share lives have trouble
sharing e-mail accounts". NY Times, 17 Feb 00, D1, D9
"At Ford, E-Commerce is Job 1". BW, 28 Feb 00, 74-78
Providing PC's, printers, and access is only one step in
a seven-step program "to rewire the auto maker."
"Construction Heads Into the Internet Age."
NY Times, 21 Feb 00, C1, C9
Internet traffic report. "The news media provide
regular updates on everything from traffic to weather.
So why not an 'Internet update'? NY Times, 21 Feb 00, C4
"A Software Shortcut is Drawing Attention."
"But Security Issues Remain a Concern".
NY Times, 20 Feb 00, Bu 7
"Online but Not Antisocial". Smith, Janna Malamud.
NY Times, 18 Feb 00, A31
"Tech-Driven Efficiency Spurs Economic Boom.
Sanders, Edmund. LA Times, 22 Feb 00, A1, A10
"The Internet and Democracy." MS ad,
NY Times, 22 Feb 00, A12
"This is one of a series of essays on technology
and its impact on society. More information is
available at www.microsoft.com.
"Privacy on the Internet", NY Times, 22 Feb 00, A26
"Social Consequences of the Internet"
www.stanford.edu/group/siqss