When thinking about the security of their data and information, there are two things companies (and individuals) need to consider. First, they must insure they have the right hardware and software to prevent any leakage. Second, no matter how much technological protection they think they may have, companies must train their personnel to protect information from social engineers. Steven Levy, author of "Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age" and Kevin Mitnick, author of "The Art of Deception: Controlling the Human Element of Security" discuss these topics but in very different ways.
While both authors are concerned for the security of data and information, Mitnick focuses strictly on the human element while Levy focuses of the software/hardware element. Not only do they differ in content, but the authors also differ in writing style. Levy writes his book like a historical documentary. Chapter one starts out in the late 1960s discussing Whit Diffy's life and rise in the crypto field. Levy describes the history of cryptography through the lives of key players in the field. Each chapter builds from the next and almost reads like a suspense, leaving the reader wondering what will be the next twist in the fight for privacy. Levy's audience seems to be anybody who is interested in crypto and the history of.
Mitnick's book, on the other hand, reads more like a training manual and best practices. His audience is corporate executives and business owners. In chapter one he writes, "The purpose of this book is to help you understand how you, your coworkers, and others in your company are being manipulated" by hostile social engineers. Mitnick believes it's the non-technical methods that intruders use to steal information from unknowing employees that should be a focus (and is often forgotten) when considering information security. Instead of reading like a narrative, live Levy, Mitnick relays his ideas through short stories covering different topics/methods. He tries to give his reader the perspective of the victim of a social engineer. In his stories, Mitnick allows his audience to "put [themselves] in their shoes and gauge how you yourself (or maybe on of your employees or coworkers) might have responded" (Ch. 1). This is a very effective writing style and allows the reader to really become engaged in the stories and forcing "what if" scenarios to wander through the reader's mind.
After each story, Mitnick does a recap or what he calls "analyzing the con". I also feel this is effective because he is able to break down the scenario for the reader perhaps pointing out key elements that could have been prevented had the victim been better trained or aware of social engineer tactics.
Overall, both books are very well written and both styles serve the purpose of the author very well. In terms of how quickly the author gets his message across and readability, I feel Mitnick does a better job.
Friday, May 25, 2012
Wednesday, May 16, 2012
Final Paper Introduction
Below you will find the Introduction to my final paper with the working title "Cloud Computing: It is here, but is it ready?" Please comment and make suggestions.
The term cloud computing has come to mean, generally speaking, an “arrangement under which users store their data on remote servers under the control of other parties, and rely on software applications stored and perhaps executed elsewhere, rather than on their own computers”. (Svantesson, 2010) The benefits of adopting cloud computing for personal or commercial use are quite substantial. Among them, as P.G. Dorey and A. Leite point out in “Cloud computing-- A security problem or solution?”, are “cost reduction, improved provisioning and access to resources beyond that which would normally be possible in a private environment”. (2011) A user is able to access data and services stored in the cloud from any location with any computer with access to the Internet. Sounds like a dream, right?
Unless you have literally been stuck in the clouds the past few years, there is little chance you have not heard of the term "cloud computing". Although very much still in its infancy, cloud computing has boomed into a very lucrative market in recent years. Offering a multiple of services and products in both the public and private sectors, the cloud computing market, according to Forrester Research, brought in around $41 billion in 2011. It is estimated that number will be over $240 billion in the next decade (Valentino-DeVries, 2011) If you have not already embraced the cloud computing wave, get ready because it looks like it may be the wave of the future.
The term cloud computing has come to mean, generally speaking, an “arrangement under which users store their data on remote servers under the control of other parties, and rely on software applications stored and perhaps executed elsewhere, rather than on their own computers”. (Svantesson, 2010) The benefits of adopting cloud computing for personal or commercial use are quite substantial. Among them, as P.G. Dorey and A. Leite point out in “Cloud computing-- A security problem or solution?”, are “cost reduction, improved provisioning and access to resources beyond that which would normally be possible in a private environment”. (2011) A user is able to access data and services stored in the cloud from any location with any computer with access to the Internet. Sounds like a dream, right?
On the surface, cloud computing may seem like a no brainer for anybody who ever yearned for more processor speed, data storage or hardware but did not want to pay or have the mountain of money required to purchase such technology. As users give cloud service providers more and more control over the things that were normally controlled at the personal level (i.e. data storage), users will have less options available to them to ensure their data is secure. Some might think, as Gary Anthes points out in his piece, “Security in the Cloud”, entrusting security needs to cloud service providers is a good idea because they are thought of as experts and highly skilled at dealing with security issues. (2011) However, such trust could be a mistake. Cloud computing has grown with such speed and breadth that its security and privacy controls have failed to keep up leaving consumers at more risk than they are aware of.
Saturday, May 12, 2012
Encryption. What is it good for?
I must admit that I have thought very little about data encryption and securing my electronic mail until reading "Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age" by Steven Levy. It seems obvious that big business and government agencies would have a strong desire to want to secure their data and communications. I am pretty certain that the Kelloggs company does not want the recipe to their Famous Amos cookies to be stolen by some hi-tech hacker. So they secure their network and data. For sure the Government must secure its data and communications or risk giving away the nation's most importnat secrets. So, why would a private citizen, somebody who doesn't have top secret recipes or national security information to hide, need or want to use encryption?
After reading from Levy, I believe a better question would be, why wouldn't a private citizen want encryption? Currently, when I send an email from my google account, it is not secure. This means that my ISP has access to that email, not to mention the dozens of computers the message passes through on its way to its final destination. At each of those computers, it is possible to make a copy of that email to be scanned later. There are programs that can scan thousands upon thousands of emails a day looking for certain words, social security numbers or credit card numbers. A good way to think of encryption is like an envelope for a written letter. You probably wouldn't send that letter without first sticking it in an envelope and sealing it. Why? Because you don't want anybody to be able to read it's contents. So why wouldn't you do the same with your email?
I guess you might say to yourself, "well I do not really have that much to hide so why would anybody want to sort through all the emails I write?" That is true. Your correspondence to your friend about what a great time you had on your vacation seems pretty innocent. You tell her all about the restaurants you went to and the tours you went on. Then you mention briefly how you stayed out a bit too late one night at the local pub and maybe had a bit too much too drink. Just like the teacher who posted a photo of herself with a beer in here hand on Facebook, she also thought that her posting was private and could do her no harm. After the photo was leaked, she lost her job. Do you want to take that risk? So, just like you buy that extra insurance for that expensive new Iphone you purchased, using encryption is the piece of mind knowing that all of your data is secure from prying eyes and you are safe from any unintended consequences.
Reference: http://actionamerica.org/privacy/encrypt.html
After reading from Levy, I believe a better question would be, why wouldn't a private citizen want encryption? Currently, when I send an email from my google account, it is not secure. This means that my ISP has access to that email, not to mention the dozens of computers the message passes through on its way to its final destination. At each of those computers, it is possible to make a copy of that email to be scanned later. There are programs that can scan thousands upon thousands of emails a day looking for certain words, social security numbers or credit card numbers. A good way to think of encryption is like an envelope for a written letter. You probably wouldn't send that letter without first sticking it in an envelope and sealing it. Why? Because you don't want anybody to be able to read it's contents. So why wouldn't you do the same with your email?
I guess you might say to yourself, "well I do not really have that much to hide so why would anybody want to sort through all the emails I write?" That is true. Your correspondence to your friend about what a great time you had on your vacation seems pretty innocent. You tell her all about the restaurants you went to and the tours you went on. Then you mention briefly how you stayed out a bit too late one night at the local pub and maybe had a bit too much too drink. Just like the teacher who posted a photo of herself with a beer in here hand on Facebook, she also thought that her posting was private and could do her no harm. After the photo was leaked, she lost her job. Do you want to take that risk? So, just like you buy that extra insurance for that expensive new Iphone you purchased, using encryption is the piece of mind knowing that all of your data is secure from prying eyes and you are safe from any unintended consequences.
Reference: http://actionamerica.org/privacy/encrypt.html
Monday, May 7, 2012
Judge says Facebook’s Like button is not free speech | Marketplace from American Public Media
I thought this article was relavent to what Lori Andrews discusses in her book, "I Know Who You Are and I Saw What You Did." Very interesting question. Should hitting the like button on Facebook be protected as free speech under the 1st Amendment? Is the person expressing an opinion by doing so? This is another great example of how what was thought to be a seemingly simple, private act carried out on a social network has come back to hurt someone. Check it out.
Judge says Facebook’s Like button is not free speech | Marketplace from American Public Media
Judge says Facebook’s Like button is not free speech | Marketplace from American Public Media
Saturday, May 5, 2012
Out to Lunch
After finally landing my first teaching job at the local high school where I will be teaching Information Technology and Social Studies, my fabulous new principal (Mrs. M) took me by surprise when she asked me to lunch one afternoon. We drove out to the local diner and over a burger and fries we discussed the new job and how I was adjusting. After awhile, the topic turned to the Internet and Mrs. M started to express concerns with her security and privacy as she was new to the online experience. She inquired what, if anything, she should be looking out for in those regards.
I told her that she was right to feel concern about online security and privacy. The Internet has exploded onto society and into our lives so quickly that laws dealing with privacy and security on the Internet have not kept up (and current laws do not apply or are too narrowly written to cover all). There are also consequences that are not fully understood yet regarding certain operating dynamics of the Internet.
First and foremost, I told her, is that she needs to be aware that everything she types and posts on the Internet is being watched or recorded by somebody. Always be very cautious about what information you are posting about yourself. I warned her that leaks from what people had posted on sites like Facebook have led to divorce, being fired, prevention from getting a job or admission into college (Andrews, Ch. 9). I told Mrs. M the sad story about Ashley Payne that Lori Andrews relays in her book "I Know Who You Are and I Saw What You Did". Ashley, a teacher, had posted some pictures of her at the famous Guinness brewery in Ireland on her Facebook page. Even though her settings were set to private so only her friends could see them, her principle forced her to resign after receiving an anonymous email from a concerned "parent". Many institutions including schools, credit card companies and employers use information from social networking sites to make decisions about people and most of these institutions, including the courts, consider social networks to be public spaces, not private ones. Meaning what you post online can be used against you. (Andrews, Ch. 9) Then, I gave her my copy of Andrews' book and told her to read it.
I didn't get much into the topic of data mining and behavioral advertising that most Internet sites are practicing now but I did want to make her aware of what Eli Pariser, in his book "The Filter Bubble: What the Internet is Hiding From You", calls the "filter bubble". The great thing about the Internet is that most of the services provided are for free. For example, Google provides it's search services for free just like Facebook provides it social networking services for free. However, I informed Mrs. M, there is a hidden cost. The cost is information about you. I explained to her that sites like Google use the data that users type to create an Internet universe designed specifically for each individual user. Google remembers what you have searched for (and clicked on) in the past to bring back search results they think are more relevant to you. If I searched for the same thing, I would get a completely different list of results. News aggregators like the Huffingtonpost.com even attempt to curate the news to what they think a users interests are. Although personalization seems good, taken to its extreme, it can get pretty ugly. I explained to Mrs. M what Pariser said in his book, "a world constructed from the familiar is a world in which there's nothing to learn. If personalization is too acute, it could prevent us from coming into contact with the mind-blowing, preconception-shattering experiences and ideas that change how we think about the world and ourselves". (Intro) That is pretty powerful. So until the powers that shape the Internet decide something different, I told Mrs. M to be aware of the "filter bubble" and to intentionally make sure she clicks on and reads a wide array of topics and subjects so she does not limit herself to what she is exposed to on the Internet. Then, I gave her my cope of Pariser's book and told her to read it.
I told her that she was right to feel concern about online security and privacy. The Internet has exploded onto society and into our lives so quickly that laws dealing with privacy and security on the Internet have not kept up (and current laws do not apply or are too narrowly written to cover all). There are also consequences that are not fully understood yet regarding certain operating dynamics of the Internet.
First and foremost, I told her, is that she needs to be aware that everything she types and posts on the Internet is being watched or recorded by somebody. Always be very cautious about what information you are posting about yourself. I warned her that leaks from what people had posted on sites like Facebook have led to divorce, being fired, prevention from getting a job or admission into college (Andrews, Ch. 9). I told Mrs. M the sad story about Ashley Payne that Lori Andrews relays in her book "I Know Who You Are and I Saw What You Did". Ashley, a teacher, had posted some pictures of her at the famous Guinness brewery in Ireland on her Facebook page. Even though her settings were set to private so only her friends could see them, her principle forced her to resign after receiving an anonymous email from a concerned "parent". Many institutions including schools, credit card companies and employers use information from social networking sites to make decisions about people and most of these institutions, including the courts, consider social networks to be public spaces, not private ones. Meaning what you post online can be used against you. (Andrews, Ch. 9) Then, I gave her my copy of Andrews' book and told her to read it.
I didn't get much into the topic of data mining and behavioral advertising that most Internet sites are practicing now but I did want to make her aware of what Eli Pariser, in his book "The Filter Bubble: What the Internet is Hiding From You", calls the "filter bubble". The great thing about the Internet is that most of the services provided are for free. For example, Google provides it's search services for free just like Facebook provides it social networking services for free. However, I informed Mrs. M, there is a hidden cost. The cost is information about you. I explained to her that sites like Google use the data that users type to create an Internet universe designed specifically for each individual user. Google remembers what you have searched for (and clicked on) in the past to bring back search results they think are more relevant to you. If I searched for the same thing, I would get a completely different list of results. News aggregators like the Huffingtonpost.com even attempt to curate the news to what they think a users interests are. Although personalization seems good, taken to its extreme, it can get pretty ugly. I explained to Mrs. M what Pariser said in his book, "a world constructed from the familiar is a world in which there's nothing to learn. If personalization is too acute, it could prevent us from coming into contact with the mind-blowing, preconception-shattering experiences and ideas that change how we think about the world and ourselves". (Intro) That is pretty powerful. So until the powers that shape the Internet decide something different, I told Mrs. M to be aware of the "filter bubble" and to intentionally make sure she clicks on and reads a wide array of topics and subjects so she does not limit herself to what she is exposed to on the Internet. Then, I gave her my cope of Pariser's book and told her to read it.
Subscribe to:
Posts (Atom)