Contact Us
Mental Health
Financial advice
Youth Matters
Techno Corner

Arun Marballi

I have talked about the elusive nature of privacy on the Net in my earlier columns. And a recent bill in the Senate is likely to strain this already tenuous situation a little more. The bill in question is aimed at addressing the burgeoning use of spyware - both by legitimate businesses and cyber crooks. In drafting this piece of legislation, the lawmakers appear to be authorizing broadband service providers, computer hardware and software vendors to "detect and prevent unauthorized use of software for fraudulent or other illegal activities" - in other words, it is OK for them to come snooping around on our network-connected computers.

Although I agree that something must be done about spyware, this approach appears to be an overkill and strangely reminiscent of the warrant-less wire-tapping issue that came up not too long ago.

Continuing on the notion of privacy, every now and then we need to use a public or shared computer, especially when we are on a road trip or vacation, and we are frequently left with the question - what did I leave on the computer that could compromise my privacy? There is one sure way to avoid this - not to use the public/shared computer! That, however, is not always practical, so here is another option that could be just as good. There is a Web site called that hosts about 50 free, open-source (community developed and supported) applications that run entirely from a USB drive without writing or installing anything and leaving any of your data on the shared/public computer.

A shared and public computer aside, the Internet has enabled sharing of information and the social networking Web sites have taken sharing to a whole new level. These sites have made sharing of information in all formats quite natural; and where information is shared, hackers will follow. When users of these networks download data from someone's profile, they sometimes inadvertently also download malware.

In fact, the National Cyber Security Alliance (NSCA) has found that 83 percent of users downloaded unknown files from people's profiles, which potentially exposed their computers to attack. The casual nature of the interaction that is inherent in these Web sites lends itself to their riskiness. NCSA's survey reveals that while more than half of the users of these networks worry about becoming victims of cyber crime, many willingly divulge personal information such as e-mail address, name and birthday that could make them vulnerable to identity theft.

Since identity theft, phishing and spamming can originate from just about any part of the world, McAfee, a major security software vendor, recently published the results of research it conducted to identify any correlation between surfing safety and the location of Web site domains. Their research has indicated that Hong Kong domain (.hk) was perhaps the most dangerous with more than 19 percent of its Web sites posing a security threat. China's (.cn) domain came up next with over 11 percent suspicious Web sites while Philippines' (.ph) domain came in third. In comparison, Finland's (.fi) domain remains the safest domain with under 0.05 percent of its Web sites threatening Web traffic.

Despite unsafe Web sites, compromised social networking Web sites and shared computers, the bigger threats in the computing environment are in the form of weak passwords, weak configurations of devices such as wireless routers and weak people who are easy victims of social engineering - an euphemism for a con job. Common sense and a slightly heightened sense of paranoia should significantly reduce the possibility of being conned. Weak configurations generally result from use of default settings.

To enhance security, it is a good idea to not use default settings. Weak passwords are another story altogether. An easy way to come up with a strong password is to build a sentence that you can remember. The sentence should contain some numbers - for example, consider the sentence: "Buccaneers won the Super Bowl in 2002." If we take the first letter of each word in the sentence and use the numbers as is, we get a strong password as follows - BwtSBi2002. So long as we remember the sentence, we can construct the password easily. The password by itself is literally meaningless to anyone else.

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail


Contact Information
The Editor:
Send mail to with questions or comments about this web site. Copyright 2004 Khaas Baat.

Anything that appears in Khaas Baat cannot be reproduced, whether wholly or in part, without permission. Opinions expressed by Khaas Baat contributors are their own and do not reflect the publisher's opinion.

Khaas Baat reserves the right to edit and/or reject any advertising. Khaas Baat is not responsible for errors in advertising or for the validity of any claims made by its advertisers. Khaas Baat is published by Khaas Baat Communications.