Posts Tagged attack

Anonymous and Operation Facebook

The media has been buzzing the past day or so about “Operation Facebook” which was announced on YouTube by Anonymous.   Anonymous is the hacker collective made famous for their attacks in support of Wikileaks earlier this year.  Their type of politically motivated hacking is quite different from the profit motivated cyber crime hacking I write about in my novel “Counting from Zero”.

While this has been big news, other Anonymous sources have disavowed the attack.  Whether this was planned then abandoned by Anonymous, or in fact just the work of Anonymous wannabes isn’t at all clear.  Whether there is a actual attack planned or they are looking for zero day exploits is also debatable.

Regardless, everyone should be careful what information they post on social media sites such as Facebook.  Your privacy depends on a lot of factors, including your own privacy settings, the privacy settings of your friends, the security of your computer and your friends computers, and ultimately the security of the entire Facebook site.  You should not post anything to Facebook that you wouldn’t embarrass you if it showed up on Wikileaks next week.

I was interviewed on KMOV-TV News last night about this issue.  You can watch the short segment here.

With regards to Facebook privacy, there is another less well known issue – Facebook tracking of your web browsing using widgets, but this is a topic for another day…

Advertisements

, , , ,

Leave a comment

Who Do You Trust? Not these Certificates!

digital certificate

A Digital Certificate

In my techno thriller Counting from Zero one character asks “isn’t it just about who you trust?” It is a key question in Internet and computer security, as well as in life.

One every day example on the Internet relates to something called digital certificates. When we do online banking, enter our credit card information, or login with a secret password to a site, we rely on our web browser to provide us a secure browsing connection – a connection across the Internet that is encrypted in both directions. Our web browser uses digital certificates to ensure that when we do our online banking, we are communicating with our bank, and not some site pretending to be our bank so they can steal our information and empty our bank account. You will see a padlock or other icon displayed to show that the connection is secure.

Certificates are issued by companies called Certificate Authorities. We trust these companies not to issue certificates to the wrong people or bogus certificates. However, apparently that is what has just happened. Here is an article in Network World about it. Bogus certificates were issued for a number of sites including Google, Yahoo, Windows Live, and others.

When a certificate has been issued in error, it is possible to revoke it, so that your browser will no longer accept it. The bad certificates have already been revoked, and good browsers, listed in the Network World article will stop trusting the bad certificates immediately. However, Microsoft has issued an emergency software update to fix an issue in Internet Explorer related to this. If you use IE you should install the update right away, and perhaps consider switching to a browser such as Firefox.

In Counting from Zero, digital certificates and revocation play a part in the plot, relating to the main character’s attempts to fight a botnet, a collection of compromised computers on the Internet. Also, other issues relating to certificates are discussed, including the question: “What does it mean when my browser gives me an error message about a certificate? Should I just click OK?” The short answer is, of course, No!

Another time I’ll write about my personal difficulties in buying and installing a certificate for my book website https://countingfromzero.net. Notice the URL begins with ‘https’.  If you click on the padlock on your browser, you can see details of the encryption and the certificate.  I’ll also blog another day about a VoIP security protocol called ZRTP that I’ve been involved with that does away entirely with certificates and all these problems.

, , , , , , ,

Leave a comment