Arun Marballi

Can you have your cake and eat it too? That is what many of us would like to do � especially when it comes to using the Internet. What I mean by this is that we would like to use the Net to access content of all kinds located on servers everywhere, yet we are alarmed when we learn that in doing so we are leaving our footprints everywhere we go.

Doing one without the other is just not going to work. It is almost analogous to visiting the mall and getting your picture recorded by every security camera in your vicinity. In each case, your presence is recorded but your identity is not. That is the key to remember in the debate on net privacy or lack thereof. On the Net, when we visit a Web site our IP address (our presence) is often recorded but our identity (Name, User ID or e-mail address) is not unless we voluntarily provide or are tricked into divulging this information.

Using the Internet, per se, does not compromise user privacy. That typically happens when we inadvertently tread onto a Web page that has been booby-trapped or access a Web site that has been maliciously set up with the sole intent of getting our private information.

According to a report in The Register, a security journal from the U.K., more than 10,000 malware-ridden Web pages have been detected � including travel sites, government agencies and hobbyist sites. Many of these web page attacks appear to be originating from China. Compromised Web pages enable miscreants to use a technique called a drive-by attack to download malware onto our computers � an attack that only works, however, if we have not patched our software and kept it up-to-date.

Cell phones continue to make the news again this month. This time, the targeted victims are Chinese mobile phone users. Miscreants are believed to have created a Trojan virus that attempts to extort money from users of Symbian Series 60 phones � the money payment to be carried out via a recharge card and transferring the funds to an Instant Messaging account.

The infection appears to be spreading via SMS (Text) and MMS (Multimedia) messages. Many Nokia and Samsung Smart Phones also are based on the Symbian Operating System and could be vulnerable if this extortion model were to come to our shores.

A couple of years ago, Peer-to-Peer (P2P) media-sharing sites such as Napster came under heavy fire for digital copyright infringement and were legally reduced to sharing only non-copyright protected media files and software (free-ware). With the emergence of networks like BitTorrent and Gnutella, using clients such as Limewire (one of the most popular clients), P2P is making a comeback.

Although, by themselves, these networks are not necessarily a problem, they have been identified to inadvertently create a backdoor for accessing private information stored on ones computer. Here is how this problem manifests itself � if you are using one of these networks, the client software that you download to enable use of the services, runs through a series of configuration screens during the set up process. One of these configuration parameters identifies folders that are to be shared with other users of the network and some of the clients default to the Windows �My Documents� folder.

If this setting is accepted as is, the contents of the My Documents folder on your computer are visible to anyone logged into the network anywhere in the world. The My Documents folder in the Windows XP world is the folder in which most users save their documents, spreadsheets, photos, etc. Keeping in mind that these P2P networks hold a particular attraction for the teenage and young adult audience, the possibility of compromised computers in our homes is quite high. It is important, therefore, that we determine if we have any of these P2P clients on our computers and guard against the possibility of unintended file sharing by reviewing their configuration.

Finally, what are the major issues facing you in the world of computers, Internet and security?

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].

Home