Exspans Systems Inc Logo home
 
Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
zboxassist

Member
Registered:
Posts: 89
Reply with quote  #1 
FYI - Check if you have an account that has been compromised in a data breach at https://haveibeenpwned.com/


__________________
zboxassist
0
Grazillda

Avatar / Picture

Member
Registered:
Posts: 48
Reply with quote  #2 
It is not affecting me and I don't know anyone who has been caught up. Embarrassing for a few individuals, but the way things are going, soon forgotten. I know too much about computer system and the people who run them to trust them with my intimate details.
0
zboxassist

Member
Registered:
Posts: 89
Reply with quote  #3 
I don't see how you avoid not being affected. Now days, effectively all organizations use computers, If you bank, purchase, or do any sort of business with them, data about you gets on their computers which can be hacked.
__________________
zboxassist
0
automan

Avatar / Picture

Moderator
Registered:
Posts: 136
Reply with quote  #4 
You make a very important point. We jumped on the technology as soon as we saw it could work and both security and human ethics are very much an after thought. We are faced with insecure systems, which include humans who lose data sticks, and tech workers who are no longer motivated by the technologies, but more by personal profit. I do not use online banking myself, which is strange because I did early work in making it possible. Every business enterprise uses computer systems and between all of them that you do business with, it would make a very comprehensive profile. The collection of information and building profiles of individuals is part of a move towards pin-point direct advertising.
0
Grazillda

Avatar / Picture

Member
Registered:
Posts: 48
Reply with quote  #5 
When I looked at the link it refered to Ashley Madison and I did not go any further. I would worry about entering an email address into a panel like that, just in case it, itself, is a data capture point. We are all in danger of misuse of our personal information. There have been a lot of incidents where people have misplaced laptops and thumbdrives with private info about taxpayers, patients and clients, on. There are so many potential places in the information supply chain that information can be taken from.
0
Zamin

Avatar / Picture

Member
Registered:
Posts: 67
Reply with quote  #6 
Everyday there are stories of incompetence and criminal activity related to people being defrauded and blackmailed. Here is just another one that was sent to me earlier.

http://www.dailymail.co.uk/news/article-3271369/Warning-Internet-banking-users-hackers-snatch-20m-UK-accounts-using-particular-virulent-virus-infect-thousands-computers.html
0
Grazillda

Avatar / Picture

Member
Registered:
Posts: 48
Reply with quote  #7 
It is a good idea to have several email addresses for different purposes. Don't use the same ones for social media as for financial transactions.

On another slightly related note I have a colleague who has a very long history of good credit. One of the credit score agencies lost data for about 250,000 consumers, and he was one of them. So now he apparently has no credit score. The way our society works that is definitely pwned.

0
zboxassist

Member
Registered:
Posts: 89
Reply with quote  #8 
I see two major categories of hacking -individuals and organizations. When an individual is hacked, for the most part, only that individual's personal information is stolen. That individual has to choose the level of security they want for their data. However, when an organization is hacked, thousands or millions of people's personal information is stolen. That organization is responsible for the protection of their clients data. That is and should be a very high standard.
__________________
zboxassist
0
Zamin

Avatar / Picture

Member
Registered:
Posts: 67
Reply with quote  #9 
The way I see it, if an organization loses my data, and it costs me, then they are responsible for that cost. It can be pretty inconvenient for the individual to have their information stolen. It can be quite traumatic. For a corporation there will be lots of hand wringing, but not the same level of individual trauma. Some organizations like banks rely on a public perception of stability and frequently just quietly absorb the cost of fraud and data theft. Security was very much an after thought for many organizations. Security of data originally meant having 3 back up sites for data, not protecting it. Even the original conception of the internet that we now use had open sharing as its design goal, not privacy and data protection. People want to jump on bandwagons when they see that something works, without waiting to see the consequences. Well now we have seen the consequences and it is probably a good thing that many organizations are now making data security a major part of their design goals.
0
Zamin

Avatar / Picture

Member
Registered:
Posts: 67
Reply with quote  #10 
Computer systems fraud is not just limited to pwning people through interception of their private data. This story http://www.dailymail.co.uk/news/article-3299582/Hacking-conmen-target-pensions-Gangs-use-details-stolen-cyber-attacks-TalkTalk-14-firms-prey-cash-rich-elderly.html about pensions fraud in the UK is very worrying. These criminals do not care that they are taking advantage of the elderly, who are less able to fight back. Every one of these stories points at the venality of human kind, as much as they do to the insecurity of current systems.
0
automan

Avatar / Picture

Moderator
Registered:
Posts: 136
Reply with quote  #11 
The British government are in process of making laws to make the use of encryption by civilians illegal. http://www.extremetech.com/extreme/217478-uk-introduces-law-to-ban-civilian-encryption-but-government-policies-recommend-its-use

This will potentially make it more difficult to send information in a manner that is hidden, private and secure and for people to protect themselves against data thieves. The good thing about the bureaucrats who make laws like this, is that they have no technical understanding at all, and think of encryption only as some variant of Public Key. The truth is that any software designer could potentially create a string of characters that they personally only have the algorithm to interpret. They also assume that people only have access to ASCII based systems.

If you really want to pass secret information, it is actually may be best now to avoid conventional PGP, which can be broken by thud and blunder. I have experimented with dual-key, dual mode encryption, where the resulting strings are then hidden inside photos. The big problem with techniques like this is that the recipient will need both a z/OS and a Windows or Linux system and perform part of the decryption on each system. As it is not conventional encryption and looks like noise it will be very difficult to prove it is encrypted information for the purposes of prosecuting civilians.
0
zboxassist

Member
Registered:
Posts: 89
Reply with quote  #12 
Steganography (w/o crypto) is security though obscurity. Hopefully steganography will not be illegal. Hiding your message may be sufficient unless someone is searching for it. In which case, you need to add cryptography. That would be illegal, but hopefully unnoticed and not prosecuted.

Except for convenience, don't understand why you would need multiple platforms (z/OS, Windows, Linux, etc.) for steganography or encryption algorithms. It seems like you should be able do everything on one platform.

__________________
zboxassist
0
zboxassist

Member
Registered:
Posts: 89
Reply with quote  #13 
Just my option -- Good open source crypto has already been published and available to everyone. There is no practical way to un-publish those algorithms and make them unavailable. How does the government think making crypto illegal will prevent criminals from using crypto? Something being illegal does not seem to stop criminals.
__________________
zboxassist
0
automan

Avatar / Picture

Moderator
Registered:
Posts: 136
Reply with quote  #14 
That which I described before came from a challenge some years ago. I chose to a) make the fact that there was a message difficult to see. b) if it is seen difficult to comprehend. I chose to use an MVS based system to pass it through because I wanted to start with a different encoding system. I used that to first prepare the text by a substitution operations and bit manipulation operation. I then segmented it into 7 bit bytes and passed it to a Linux system to prepare it for PGP and insertion into an image. Seeing as the recipient already needs 3 pieces of information (passwords) and decryption programs, PGP could easily be substituted a non public key system. To go with it I designed a method of decryption that involved 3 people who did not necessarily know each other. As I say this was a challenge, so the end result is not practical for the point and click crowd.
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:


Create your own forum with Website Toolbox!