Man infects college PCs to steal huge database

Man infects college PCs to steal huge database

What are the technical AND economic transformations that are making the new emerging media practices possible? Be specific—not just internet, but how, what capacities, materials, etc. Think about other technologies, roads, satellites, phone, and alternative energy sources, 

            Without question, the single most technical transformation is the SmartPhone. Everyone has one, everyone needs one. The current world wide ratio of cell phones is 2 cell phones for every single land line. (Maxwell, 2009) Since the SmartPhone is needed to make and receive calls, people usually sleep with the phone by their bed, let alone carry it wherever they go. The economic transfer is in lowered cost of parts, mainly the chips that run the OS. Take a picture on your SmartPhone, click a button and there it is on Facebook for everyone to see. The same can be done with Twitter as well as other social media sites.

Alternative energy sources would be my number one economic transformation outside of the Internet. Solar and wind power have yet to be harvested in an economical and practical fashion. Yes, they exist, but they are very expensive to produce and put into operation. Additionally, their size alone would preclude most people from having them in their homes. This in a sorted way leads to both economical as well as material capacities. If renewable energy were to be able to advance in the scientific portion of production as the computer did, it would eliminate the need for fossil fuels, thereby destroying OPECs grip on the world, let alone the emissions leaving the environment. With the renewable energy sources would come the materials needed to create the devices. We have seen companies such as IBM, Intel and others make billions of dollars from chips as small as or smaller than the tip of a pen. If this could materialize whereas it was feasible to create these alternate energy sources at a cheaper price, an entire new market would open up.

New emerging media practices are not new concepts however. People meet on Match.com and eHarmony.com; they meet on Facebook and other sites. How is this different than meeting someone in a gym, a nightclub or even a supermarket? The concept is the same; however the venue has changed due to the immediate ability and anonymity that people have with the Internet. The downside to meeting someone on the Internet was depicted in a cartoon that I recently read; there was a picture of a young girl with the caption of “meet 12 year old Cindy.” Below it was a sleazy old man in a dirty t-shirt with a cigar in his mouth that read, “Meet Cindy’s Internet 12 year old girl friend.” Therefore, the concept has basically remained the same, the threats that the Internet bring sometimes outweigh the good.

Reference

Maxwell, B. (2009). COUNTRIES WITH THE HIGHEST RATIO OF CELL PHONES TO LAND LINE TELEPHONES. Retrieved April 2011, from Geography Lists: http://www.geographylists.com/list21n.html

Understanding New Media

     Mediacy, hypermediacy and remediation can be used as terms to describe different types of media as well as the same type of media. The Sports Illustrated video is a prime example of this. Using the inter-active video in its new interactive format, the magazine offers the perception of immediacy for its new format, but also acts as a manifestation of the journals hypermediacy. At the same time, Grusin also claims that is premeditation because two very different markets are being advertised in one, the iPad and the new format for Sports Illustrated.

     Jenkins and Bolter offer up an example of remediation as a multi-media CD ROM whereas all information is self contained within the CD itself without having to look at outside sources for information. This is an example of an older form of media. Grusin on the other hand states that remediation does not have to be self contained and may contain a hybrid or mixed media that replicate other media.

Jenkins discusses premeditation as well in the sense of the Sports Illustrated video by having the iPad play the app, but then also has the ability to play a game while the user is reviewing the magazine, thereby deeming it preprogrammed interactivity.

      The video Gold Digger was also discussed as a form of remediation due to the look and style of pin-up magazine covers in the background while the video plays. Both Jenkins and Grusin agree that within remediation, there is a fine line to cross of undermining the premeditated type of all of our media interactions.

The article was very interesting and it did take a few times to read due to the fact that the two gentlemen contradicted each other on several accounts and obviously spoke in opinion, of which this topic is. It took several readings to realize that many forms of Mediacy can be crossed and mixed. I especially liked how they explained the terminology with the associated videos, however even there they had a few different opinions and some very grey areas. It is obvious however that both men took a lot of effort to not only develop their opinions, but their interview was well played. (Jenkins, 2011)

Jenkins, H. (2011, March 7). A remediated, premediated, and transmediated conversation with Richard Grusin (part I & II). Retrieved 2011, from Confession of an Aca-Fan: http://henryjenkins.org/2011/03/a_remediated_premediated_and_t.html

The purpose of this assignment was to discuss Comment on Murray’s four properties of the computer and give examples for each. Murray’s four properties of the computer, encyclopedic, participatory, procedural, and spatial.

Murray’s four properties of the computer

The assignment was to discuss the four properties of Murray’s view of properties of the computer. Without headers listing the four properties, I found more than four, therefore I will engage all that I read and give examples of what I believe that the author speaks of.

In the beginning, the author speaks of confusion as to where digital medium is headed. She speaks of “enhanced video games and television.” Then she compares this to the vast variety of formats that are now available, and without stating it directly, questions as to where this is going? The Internet is now used on an iPad to watch TV, on an Xbox to compete against other warriors in fictional characters across the world, but is also used as an agent to learn, seek information, both current and historical. When the automobile was first invented, it was done so to seek an alternative to horse pulled carriages, but soon developed into crude race cars. One idea came from another and they were developments spawning from the same invention, as is the Internet. I believe that no matter what the invention is, there will be offspring that was not thought of in its inception, but developments that will bring many hybrids of the same design.

Murray then discusses the fact that the traditional library with books is being greatly outpaced by the Internet. She discusses that the library very may in fact be an obscure or even extinct entity due to the technology that exists on the Internet. Both Borges and Bush do not think of the computer as a replacement to the library, but instead it must create a change in how our minds think in relevance to how we seek out information. That we are looking for short cuts to gain this information as fast as we can.  I remember when I was younger; our town had an evening newspaper. The town was not small by averages of other towns in the U.S., but it was the only paper. Therefore, for this paper to go to print, it had to begin early in the A.M. As this paper was phased out and the entire countywide area gravitated to a paper owned by a large conglomerate, it became an A.M. paper available at most newsstands by 5 A.M. This meant that all of the information that was printed could have been reported up until late the evening before, giving an entire day’s head start on the evening rival. Eventually the evening paper closed and we are now left with still one local paper. The Internet though has beaten the current paper hands down. With an RSS feed, a text message can be sent from a murder scene describing the details within 30 minutes of the reporter receiving notification. Did I need to know this information this quickly? When the evening paper came out I didn’t, but now that I can receive an RSS feed on my SmartPhone, I can’t live without it. I believe this is what Murray describes in the differences of Borges and Bush.

A very interesting point that is bought up is about how information is pooled by many people via the Internet, making us smarter people. Not just in current and potential future events, but in historical events such as WWI and WWII, seemingly putting us in the midst of the battle with its descriptions and pictures. All of this done with a mouse and keyboard instead of looking through an endless sea of books and references. Although I personally am not a gaming aficionado, I imagine that many of the games that are sold now that simulate war, both on foreign soil and domestic gang fights give the user the same type of experience without actually being there.

The article ends with how in the 1960’s, the computer was used primarily for scientific and economic uses of extremely large databases. Murray likens the time when Douglas Englebart (who had devoted his lifetime work and career to developing the computer for everyday use), to that of Michelangelo, seeking what he deems as a “computer renaissance.” Instead, early in the years of computers and without the time needed to develop what we have today, Murray likens Englebart to DaVinci with much work to do, but left incomplete due to lack of time. Murray also believes that it might be possible one day that we in fact will have outthought ourselves and our humanity with the further advancements that computers may take.  (Murray)

Reference

Murray, J. H. (n.d.). Inventing the medium, http://www.ctudoctoral.net/file.php/615/EM820_Spring2011/Murray_Inventing_the_Medium.pdf. Retrieved 2011, from from CTU doctoral library.

RFID and privacy

     There are a number of various types of uses for radio frequency identification units (RFID). The purpose of the chapter from Digital Privacy(Acquisti, Gritzalis, Lambrinoudakis, & Vimercati, 2008) was not necessarily to discuss the numerous applications, but to discuss the issues surround privacy concerns. However, discussing some of the applications may make the privacy issue easier to understand.

     The entire point of the RFID is to track, locate and identify an object. That object being a piece of clothing, an animal or a piece of machinery. From there, different attributes can be allocated to their purpose. In the case of clothing, a merchandiser can determine size, color and other customer traits, especially when associating them with some type of charge card.

     RFID can track inventory, streamlining shipments as they arrive and their location. RFID is used by local municipalities (in the northeast, EZ-Pass as an example). The use of EZ-Pass is the first type of RFID that I thought of that could invade privacy, as did thousands of others in its inception. If doing the speed limit between exist should take 45 minutes and I arrive in 20 minutes, does law enforcement have the right to use the EZ-Pass to give me a speeding ticket. I did several searches on this topic and found numerous similar concerns, but no actual prosecuted case of it in any state.

     My concern with this chapter is how the author details the RFID as a potential threat to privacy and civil liberties. I believe that this is overkill, however upon further reading; someone with malicious intentions could in fact use this against an individual.

     He lists several features of privacy violations;

• No tag presence awareness – I could understand if the tag is used outside of a store, but while merchandise is still unpaid for, I do not see this as a privacy violation.

• No reader presence awareness – if a customer intends on stealing an item, why should they know where the reader is located? Again, I do not see this as a privacy violation.

• Silent readings – again, as long as the merchandise is still owned by the store, no violation.

• Line of sight – same as silent readings.

     Where I do see the privacy threats as a concern is since there are no line of sight requirements, there is technology that exists that can identify items that an individual is wearing or carrying. Thereby making personal theft an easy target.

     If the RFID is not killed upon purchase, then there is a direct violation as a merchant can track the movements of a potential consumer.

     The author states that there is a school of thought in favor of RFID technology and that the privacy community has exaggerated its effect. I tend to agree with this school of thought.

      Where I believe the largest privacy violation can occur is where there are unauthorized readers. The author uses the example of someone stopping b briefly by the window of a sex shop and a reader took the information from a charge card in his pocket, identified him and is now on a mailing list of sex related items, when the individual may have only spent seconds at the window.

     Probably the best forms of legitimate use to not violate privacy are utilizing a kill command (rendering the device useless) or an active jamming device.

      I understand that there is the potential for privacy invasion with these devices, and I am not suggesting that the thought is irrational, just highly improbable due to the cost of mitigating the problem if caught violating privacy vs. its actual practicality.

Reference

Acquisti, A., Gritzalis, S., Lambrinoudakis, C., & Vimercati, S. D. C. d. (Eds.). (2008). Digital Privacy: Theory, Technologies, and Practices. New York: Auerbach Publications.

Privacy-Preservation Techniques in data mining

Privacy Preservation in Data Mining

Data mining has an ultimate goal of prediction. (Acquisti, Gritzalis, Lambrinoudakis, & Vimercati, 2008) Data mining has many uses in today’s organizations, specifically in consumer focused companies such as financial, retail and marketing to name a few.

Data mining gathers and is the process of analyzing data from different perspectives and summarizing it into useful information. The information could be used to increase sales, decrease overhead or even find correlations of information that were not known to exist. If a company wants to properly target their advertising dollars, they are going to data mine. By applying predictive data mining, you will find the proper target audience and further, find out what their likes, dislikes and habits are. (Anissimov, 2011)

There are several types of algorithms that are utilized in data mining. To name a few, clustering algorithms are given a set of data that may or may not have any meaning, the clustering algorithm thereby clusters the data in several methods that may have not been recognized by the naked eye. The K-means clustering is a method of cluster analysis which takes into consideration a number of observations and puts them into K clusters; the expected result is an attempt to find the center of natural clusters in the data as well as a clarification of the differences of the different sets of data. (Wagner, Cardie, Rogers, & Schroedl, 2001)

A primary concern for data mining research is the development of data collection methods that incorporate the privacy of the individual. A productive direction for future data mining research will be the development of techniques that incorporate privacy concerns. Specifically, we address the following question; Since the primary task in data mining is the development of models about aggregated data, can we develop accurate models without access to precise information in individual data records? With data mining, a retailer could use point-of-sale records of past purchases to send targeted promotions on an individual’s purchase history.

In the corporate world, data mining is used most frequently to determine trends and predict the future. It is used to build models and decision support systems that give management information they can use to sell their products more efficiently. Data mining however is used in retail as well as pharmaceutical sales and even by the Department of Defense to predict with greater accuracy the likelihood of an attack. (Palace, 1996)

In regard to preserving the privacy of personal information, it is important to note that the privacy of individuals should never be sacrificed. The text gives an example of insurance companies sharing the data of patient records with the doctor’s office. Some data needs to be kept unique, while others can be shared. Sensitive information about an individual could be shared with law enforcement by an airline without the entire passenger list being violated. There have been many cases whereas different law enforcement agencies didn’t collaborate their information and in fact, with data mining could have shared information without giving away the entire portfolio that they have on record of the individual in question, thereby making the identification and apprehension an easier task. (Acquisti, et al., 2008)

References

Acquisti, A., Gritzalis, S., Lambrinoudakis, C., & Vimercati, S. D. C. d. (Eds.). (2008). Digital Privacy: Theory, Technologies, and Practices. New York: Auerbach Publications.

Anissimov, M. (2011). What is data mining? , 2011, from http://www.wisegeek.com/what-is-data-mining.htm

Palace, B. (1996). Data Mining Technology Note prepared for Management 274A : Anderson Graduate School of Management at UCLA UCLA.

Wagner, K., Cardie, C., Rogers, S., & Schroedl, S. (2001). Constrained K-means clustering iwth background knowledge. Proceedings of the Eighteenth International Conference on Machine Learning, 2001.

Christopher Depew's VisualCV - Christopher Depew

Christopher Depew's VisualCV - Christopher Depew

review of Forcing Firms to Focus: Is secure software in your future?

In the chapter Forcing Firms to Focus, Jim Routh the author gives an actual scenario of a company that he was the CISO of, how he progressed beginning with the stakeholders all the way through gaining the trust and respect of the developers. He uses a generic name, but of course I had to find out who the company was that he worked for and was discussing. The company that he was working for was American Express.(Anonymous, 2011a) As a major financial institution with a large working budget, it was obvious that he had little convincing to do on the part of the stakeholders and the board of directors.


He discusses previous security measures and modern methodologies of security as well as potential threats. He mentions the Melissa virus (Ellis-Christensen, 2011) as a modern virus that virtually shut down Microsoft servers by attaching itself to either WORD or Outlook and picking the first 40 names in the address book and re-sending the virus. Fortunately, Microsoft realized this right away and created a patch for it, which now exists in all aspects of MS Office in versions beginning with Office 2000. He explains that it is usually web applications that are how intruders gain access to the servers and can obtain multiple amounts of data including identity theft from the end user. (Oram & Viega, 2009)

The author lists a statistic form a survey that was conducted by McAfee where approximately two thirds of mothers that were end users, ranked their teenager’s online safety as important as or more important than drunk driving or drug use. I personally could not find this survey, but for the matter of record, I find this a bit far-fetched and wonder how the survey was conducted.

The author tells us that we can find the 10 top favorite hacking techniques by going to the website of The Open Web Application Security Project (OWASP), which lists the number one hacking technique (at time of publishing Beautiful Security)as cross-site scripting (Oram & Viega, 2009), but as of today it is listed as number two with number one being injection. The technical aspects of injection are “Injection can result in data loss or corruption, lack of accountability, or denial of access. Injection can sometimes lead to complete host takeover.” (Anonymous, 2011b) On this website, the reader can find Threat Agents, Attack Vectors, Security Weakness, Technical Impacts and Business Impacts for most known security threats.

As it usually occurs, Routh described that at American Express [1] developers were not as much concerned with the security vulnerabilities as they could be dealt with in future enhancements. He then goes on to describe how he convinced American Express that the development of the code must include the thought of security threats while being developed.

The author was aware of new regulations that were coming through, and in 2008 the first guidelines were issued by the Office of the Comptrollers of the Currency (OCC) (Corporate, 2011) He stated that the cost for compliance was significant, but at this point American Express had no choice in the matter. They put in place a software development process that they used both internally as well as a mandatory guidance for their vendors. To be assured that they were in compliance, they used a third party vendor to check their code as well as the code of the vendor. This vendor, Verify is a worldwide known organization that is used for multiple security purposes and has clients such as many U.S. governmental departments. (Anonymous, 2011c)

The author concludes that his effort has saved his organization 11% in productivity by eliminating security vulnerabilities early on in the lifecycle of the development of their software instead of spending those dollars to fix problems after they occur. (Oram & Viega, 2009)

References

Anonymous. (2011a). InformIT Network. 2011, from http://www.informit.com/authors/bio.aspx?a=2211919B-476B-40AE-84B5-4AE2FE6239D7

Anonymous. (2011b). OWASP top ten project. 2011, from http://www.owasp.org/index.php/Top_10_2010-A1-Injection

Anonymous. (2011c). Verify homepage. 2011, from https://www.vscnet.com/Default.aspx

Corporate. (2011). Office of the comptroller of currency. 2011, from http://www.occ.treas.gov/index.html

Ellis-Christensen, T. (2011). What is the Melissa Virus? WiseGeek.com, from http://www.wisegeek.com/what-is-the-melissa-virus.htm

Oram, A., & Viega, J. (Eds.). (2009). Beautiful security: O'Reilly Media, Inc.
_____________________________________

[1] assuming that my research is correct and American Express is the actual name for his fictious name of Acme

Education sector most affected by malware

Education sector most affected by malware

week VII Privacy-enhancing technologies

Users of the Internet may or may not be aware that every post that they make to a blog, a wiki, an email or even Web pages that are viewed, can be viewed and saved without the users knowledge. Let’s assume for a second that we are not talking about spying on credit card or bank information, social security numbers or even home addresses. We need instead to talk about the very basics of why privacy is extremely important.


The authors of Digital Privacy: Theory, Technologies and Practices discusses a wide array of privacy issues including but not limited to email, remailers and privacy enhancing technologies. They go on to say that identity theft is the number one growing crime in America today. (Acquisti, Gritzalis, Lambrinoudakis, & Vimercati, 2008) Another alarming fact is that databases are shared between government and private organizations.

The text discusses various types of remailers. Basically, a remailer is a computer service which renders your email private, as technology changed, so did the abilities of the remailer to hide the origin of the original sender. Why would someone want to hide their identity in email? Suppose someone is sending an email within an organization that they know that the head of their department is going to be fired by week’s end? If that department head were to be able to access and read that email, it may jeopardize many other jobs. In many countries, such as China and Iran as examples, monitor their government run Internet Service Providers (ISP), every web page visited is recorded and they review emails to see if there are dissidents within their jurisdiction and act as an actual Big Brother [1] .

The most famous remailer that was shut down was anon.penet.fi (Acquisti, et al., 2008) . I looked up this remailer, along with others such as alpha.c2.org and found that they were in fact, shut down for legal reasons. Anon.penet.fi was founded by Julf Helsingius . (Anonymous, 1996) An example of why someone would want to use a re-mailer, Helsingius told Wired Magazine that he used the debate of caller ID on a regular phone. When it first became popular, people were upset that the person being called would be able to know who was calling.

Many people believe that the same thing applies to email, that the privacy of the sender must remain anonymous. Unfortunately, there is a dark side to having an anonymous email. Since the email is encrypted and/ or stripped of its headers, less than scrupulous people can come up with a plethora of reasons why they would not want to be known.

Ironically, there are many websites that utilize remailers and the non-technical person is usually not aware of its presence. Websites such as www.craigslist.com, dating sites such as www.eharmony.com and www.match.com all use pseudo anonymous remailers. This means that they are using an email such as joestud@match.com but is then forwarded to Harold Smith’s (false name) actual Yahoo! or Gmail account.

I researched a few remailers that exist right now, including the two included in the text book. PGP Desktop and Gnu PG were what were included in the text as ideal remailers, which appear to be honest organizations with integrity. The problem that I saw with both of those examples was that they are both installed programs on the computers hard drive, whereas a company such as www.hushmail.com is a remailer that is web based. Having the ability to utilize email on any computer is more convenient in my eyes, but it is a personal preference.

Hush mail claims on its website that it is the most secure email system in the world. It also discloses however that if it finds out that any illegal activity is discovered, they will report the incident to the proper authorities. It goes on to say that it will only comply with any subpoena that is part of, or a reciprocating member of the government of British Columbia, Canada.

I personally utilize MS Outlook to access my POP3 Gmail account. Outlook comes already setup so that all email sent is encrypted. This however, does not preclude the ISP from unencrypting the message.

Another security issue are anti-phishing tools that I found to be important. Phishing is when an attack happens to a user when they visit a site that was disguised as a known site without the user’s knowledge. (Acquisti, et al., 2008) I have installed on my personal computer Mozilla, Internet Explorer (my default browser by choice) and Firefox. What I found interesting is that Firefox 3.6.13 comes with McAfee site advisor as part of the program. It checks the security certificate of every site that is visited. Also, when loaded, it checks software that may need updates.

As technology develops programs such as MS Outlook with built-in encryption and Firefox’s security checks will be part of all future programs, both web based and installed program.

References

Acquisti, A., Gritzalis, S., Lambrinoudakis, C., & Vimercati, S. D. C. d. (Eds.). (2008). Digital Privacy: Theory, Technologies, and Practices. New York: Auerbach Publications.

Anonymous. (1996). Press Release. http://w2.eff.org/Privacy/Anonymity/960830_penet_closure.announce.

--------------------------------------------------------------------------------

[1] Big Brother was a term used to characterize the government spying on citizens in George Orwell’s book, 1984. Ironically, this and other terms were written in this book that was first written in 1949.

EM835 week VI Infosecurity Lawyers

     I have to begin with the fact that when first reading this chapter; I felt I was not going to like it. In fact, disdain it, the pages and even the ink on the pages. After all, in my former career, an attorney was involved in every transaction that we were involved with and compliance was a department that was locked away in a secret place. I have heard every attorney joke that exists. Basically, attorneys were a necessary evil.


     Then I did a search on security breaches and found a website from a non-profit organization called Privacy Rights Clearinghouse listing every U.S. security breach bought to litigation from 2005 until its updated date of today’s writing (January 29th, 2011). Up to this date, of all cases that were litigated, the total amount was 512,334,164. (Clearinghouse, 2011)It included items such as breaches of securities by doctors signing off on patient files that they never saw, billing them and leaving their files unsecure to a simple laptop stolen from a University that contained students information, including address and social security numbers.

     My idea on security breaches were mostly going to be in large corporations that were hacked and 40 million credit card numbers were stolen, or maybe a government server was attacked that contained vital U.S. security information. Ironically in local news, Wikileaks is which immediately came to mind. It actually was in fact started as a wiki but not longer accepts edits to its sites. (Editorial, 2011) This site has been blacklisted by most web hosting companies, banks and viewed as a national threat to many countries. Those are the major items that I believe most people think of, on this type of grand scale. It is staggering to think about the amount of money that is lost, or should I say not realized lost, due to security breaches.

     The chapter 12 of Beautiful Security lists a case that went before a judge in 1944 where a barge that was unmanned, broke loose in NY Harbor and caused damage. The judge came up with a formula to determine what the liability of this case would be. The formula B is less than P times L, where B is the burden, P is the probability and L is the injury. Therefore, the burden (B) would be based on if it is lower than P times L. The author translates this case to state that “the burden on an organization to prevent an information security breach or lapse is less than the probability of that breach multiplied by the damages that could result, that organization should seriously consider taking on that burden.” (Oram & Viega, 2009) They then go on to say on how should they determine the return on security investment (ROSI). Does the organizations security dollars match their potential liability? Without going into detail of the ensuing formula, my initial thoughts were how you determine the ROSI in 2009, when a new security breach possibility arises in 2010, then re-determining the ROSI in 2010 for a new breach to raise its ugly head in 2011 and so forth. I would expect that based upon the solution cost or the cost of mitigation, the ROSI will have to be re-visited on a regular basis.

     Does an organization take a pragmatic approach to their potential security breach exposure, or wait until there is an actual problem and attempt to mitigate the problem then? I believe that the latter was the norm in early technology years and the former is now the driving forces of both IT and compliance departments. An organization can follow all of the rules and guidelines so as to comply with their state and federal regulations and still be breached, just as a company that does not comply with the laws, and remain unscathed. It is apparent to me that if an organization is going to flourish in today’s changing worlds; IT and compliance have to be best friends, even if they are a necessary evil.

References

Clearinghouse, P. R. (2011). Chronology of Data Breaches Security Breaches 2005-Present

from Privacy Rights Clearinghouse: http://www.privacyrights.org/data-breach#CP

Editorial. (2011). Wikileaks. New York Daily News. Retrieved from http://www.nydailynews.com/topics/WikiLeaks.org

Oram, A., & Viega, J. (Eds.). (2009). Beautiful security: O'Reilly Media, Inc.

EM835 week V

     In the chapter Beautiful Log Handling, the author states “Today’s growing log standard efforts (such as MITRE’s Common Event Expression or CEE) will lead first to the creation of log standards and ultimately to their adoption.” (Oram & Viega, 2009) In fact, the author’s example of MITRE Corporation already currently provides and partners security efforts such as Malware (MAEC), Attack Patterns (CAPEC) and Vulnerabilities (CVE) among other standards that are partnered with and/ or co-sponsored by such agencies as the National Cyber Security Division of the U.S. Department of Homeland Security. (Mitre, 2011) In fact, if not for the threat of malicious attacks on the part of other countries (in regard to the security of the U.S.), attacks on retail competitors (as an example) and the important data that is stored, how the logs are handled is critical. In fact, an example that the author uses is the need to abide by laws such as the Health Insurance Portability and Accountability Act. (HIPPA, 2011)


     It might seem obvious to have log standards that would account for any deviations among items such as public servers of an organization that are placed in a DMZ so as to separate their Internet presence from their LAN, thereby not compromising the integrity of data within the rest of the organization. Then I began to think about why in today’s technology world, why would large companies have an issue with maintaining proper logs. Using a retail example as the author did in Beautiful Security, I thought of the merger in 2005 of Sears Roebuck and Kmart stores. Without having specific knowledge of their issues of combining the data into one source, I am sure that both of them operated on two very different legacy systems that had issues with converting the data, thereby making accurate logs virtually impossible.

     There is a very large Healthcare facility in the town that I live in with over 100 doctors of various practices. This facility is owned and operated by a larger corporation, which owns other such facilities. They grew this large by acquisition of other practices and like facilities. There is no doubt that there had to be a major undertaking to have all of the data merged into one system so as to abide by the HIPPA law. I tried to find an example of a major intrusion of a corporation due to improper log information, but that data seemed to be too vague since I wasn’t exactly sure what I was looking for. So, in the case of the local healthcare facility, I am sure that their IT staff is highly trained in the conversion of data and the challenges with keeping accurate logs.

     In any case, world governments and Fortune 100 companies realize the need to rid themselves of the legacy systems of their past, and get the data onto one platform so that proper logging can take place to not only prevent an invasion, abide by certain laws but to also perform due diligence in identifying the culprit of the attack.

References

HIPPA. (2011). Health Information Privacy. 2011, from http://www.hhs.gov/ocr/privacy/

Mitre. (2011). A Standardized Common Event Expression (CEE) for Event Interoperability. 2011, from http://cee.mitre.org/

Oram, A., & Viega, J. (Eds.). (2009). Beautiful security: O'Reilly Media, Inc.

Wireless Networking

I recently saw a movie where a safecracker worked for a company that in fact, manufactured safes. Their reasoning was simple, if this safecracker could bypass the security of their safes, or any other safe for that matter, then that flaw must be remedied. In Beautiful Security, the author discusses how part of his job is to do just that, find flaws with wireless systems. (Oram & Viega, 2009) Never thinking of this as a solution to avoid hackers, it makes a lot of sense to have someone that can find the flaws in wireless security systems.

After all, it is widely known what is at stake by having a wireless network attacked. Companies in all of the modern business era have sought out personal data so that they could more readily market to them. What is at stake here is much greater as the “pirate” is seeking the information for personal financial gain.

One major issue that needs to be addressed is the security issues that exist in Third World countries where they do not have the technology or resources to crack down on this pirate access. It was estimated that in 2000, over $2 billion was lost due to pirated software. (Bhasin, 2002) Where the tide is now shifting to mostly Internet downloaded software, the case of increased security and awareness is much greater. Bhasin talks about software; very few were concerned because, after all, did it matter to you or me if Microsoft, Oracle or Sun lost a few dollars? Now with the advent of the new age of Internet users, people have become more familiar and comfortable with purchasing items online. This means placing orders with a credit card. Sure, any merchant that is worth anything will have the check out cart secured and the data encrypted when sent, but what can be encrypted can be unencrypted.

I remember reading about how having open source software to prevent a lot of software privacy, this may be true, however there are still dangers with this as well in regard to wireless connections. Android, who is owned by Google, is an operating system that is based largely on a Java platform. Java in itself is largely open sourced; therefore does it mean that apps can be written and utilized to capture important data from Smartphone’s? In addition, Google owns Android; does this mean that Google can capture the data transmitted on Smartphone’s? Microsoft, after an unsuccessful bid to purchase Yahoo! created a 10 year agreement to allow Microsoft to use its vast presence to advertise in exchange for a 12% profit of the revenue associated with its advertising efforts. (Oreskovic, 2011) EBay owns PayPal; the list is staggering of the sharing of the information among companies and their holdings.

Every time a hacker comes up with a new virus or worm, Norton, McAfee, et al come up with a cure for it, only to turn around and find out another malicious individual creating chaos. With the advent and extreme popularity among Smartphone owners (many of which are NOT tech savvy), how many cures are there going to be in the future for the prevention of hacking a wireless communication device?

The twists on the legal issues surrounding wireless and the Internet are mind boggling. When a user signs on to Facebook, they are doing so with their private logon and password. Recently, a Federal judge ordered it legal to subpoena Facebook, MySpace, Twitter and other social networks information that may be relevant in a criminal proceeding. (Grow, 2011) Many cases have been won on this decision. How many people access their favorite social network site via their Smartphone? Does that in fact now become part of the same legal decision? Cell phones for years have, if believed to have been involved in a crime, are admissible as evidence. What happens if a hacker accesses a person’s status page and creates a situation whereas they could potentially incriminate innocent people?

Wireless networking is inevitable and is here to stay. As technology develops, it is obvious that any and all flaws be realized in their research and development and creates a fix for them prior to their release. Maybe it even makes sense for Google and PayPal and Microsoft to hire some of the convicted pirate criminals to find if they can in fact, hack their network.

References

Bhasin, S. (2002). Software Piracy- A challenge to E-world. SANS Institute InfoSec Reading Room.

Grow, B. (2011). In U.S. courts, Facebook posts become less private. Reuters.

Oram, A., & Viega, J. (Eds.). (2009). Beautiful security: O'Reilly Media, Inc.

Oreskovic, A. (2011). Yahoo warns of weak Q1, more cost cuts planned. Reuters,

No books

Well here I am, Wednesday morning and no books. Although the groups have changed, I still only have access to wiki/ group A and not B that was re-assigned to. If I even knew what the topic was, I could write on it outside of the text, but the title does not disclose its contents. Hopefully, Fed Ex dude, or UPS guy will be here today bearing presents with bindings of joy from the skytop of Colorado Springs.

Chapter 3 summary

There was some confusion as to if I was in group A or B, therefore I summarized chapter 3 in addition to my previous post;

Copyrights on the Internet and Software

Definitions

Digital Millennium Copyright Act (DMCA) – statute that protects the copyrights of electronic media

Section 512(c) – otherwise known as “notice-and-take-down.” Section of the DMCA whereas if an infringement by the copyright holder is noticed, the individual (s) infringing must remove the content from their website. Without going into great detail, the ultimate question for a website owner to use 512 (c) as a defense against infringements lawsuits would be the proof “is there any financial gain by the website owner?”

EULA – end users license agreement – the user agrees to all terms and copyrights by the manufacturer of the software

International Copyright treaties –

• Berne Convention

• World Intellectual Property Organization (WPO)

Legality issues

Links – providing a link on ones webpage to another page – NOT illegal as the link is the just the address

Deep Linking – providing a link to other websites individual pages without showing who the destination content author is – LEGAL ONLY if it is clear as to the owner of the target page (s).

Peer to peer – file sharing among users. Legality depends. A landmark example of this is the company Napster. Enabling peer to peer file sharing is considered by the U.S. Supreme Court as intending that the technology of the company is being used for infringement of the music companies copyright and although did not sell the music, the inducing of the copying is considered as infringing. This case caused Napster to file for bankruptcy, which ultimately sold its name to another company that now sells music per downloaded or viewed content? Two companies in example of utilization of 512 (c) in peer to peer are YouTube and MySpace. (Landy & Mastrobattista, 2008)

Other issues

Free Internet Radio has been an area with much litigation and discussion regarding its legality. The largest online radio company, Pandora ("Pandora Radio," 2011) sought the “safe harbor” section of the DMCA. Their position was that the website did not profit directly from a copyrighted work. Even though Pandora won their legal battle, they changed their format so that their radio “stations,” are created by the user by user chosen genre. Pandora set it up so that the user does not get to choose individual songs. Furthermore, the user can skip songs, but they are limited to how many songs they can skip in an hour, thereby giving the user less choice. Pandora also made a concession to the record companies so as to abide by other countries rules, and as of 2009, if a user listens to more than 40 hours of music in any given month, they have the option of paying .99 cents for the remainder of the month, or $36 annually for a premium service known as Pandora One.(Dantes, 2009)

Landy says that an unknown exists in how far the “safe harbor” rules of the DMCA will go. In the case of Viacom vs. YouTube (owned by Google), they were currently battling in court at the time of printing The IT/ Digital Legal Companion. (Landy & Mastrobattista, 2008) The case was however settled on June 23, 2010. The DMCA is explicit: it shall not be construed to condition “safe harbor” protection on “a service provider monitoring its service or affirmatively seeking facts indicating infringing activity . . . .” (Diaz, 2010) YouTube’s defense was proving that Viacom notified YouTube of over 100,000 videos submitted by YouTube users to “take down” these videos. YouTube had them removed within one day, thereby complying with the “take down” rule.

Copyrights of Software and Computer Code

The major rule of copying software is simple as it is obvious. No software can be copied without the manufacturers consent except for one copy used, by the purchasing owner, for archive purposes.

It is difficult however, to find the copied software “pirates.” This is especially true in third world and other countries that do not have the means to police these pirates. It is estimated that in the year 2000 alone, $12 billion was lost to illegally copied software.(Bhasin, 2002)

A major characteristic of what is NOT considered an infringement are ideas and methods. Copying code is obviously in violation, but a software company that writes code for a program such as a spreadsheet is not in violation of copyright infringement for the concept as no one owns the rights to the idea of a spreadsheet.

Copyrighting technology has become an essentially important monetary issue as well as a huge legal section of the law, both domestically and internationally.

References

Bhasin, S. (2002). Software Piracy- A challenge to E-world. SANS Institute InfoSec Reading Room.

Dantes, D. (2009). Pandora charges listeners for internet radio. WalletPop.com. Retrieved from http://www.walletpop.com/2009/07/08/pandora-charges-listeners-for-internet-radio/

Diaz, S. (2010). Google prevails in Viacom-YouTube copyright lawsuits; appeals on deck. ZDnet.com, (Between the lines). Retrieved from http://www.zdnet.com/blog/btl/google-prevails-in-viacom-youtube-copyright-lawsuit-appeals-on-deck/36229

Landy, G. K., & Mastrobattista, A. J. (Eds.). (2008). The IT/ Digital Legal Companion: A comprehensive business guide to software, internet, and IP law Burlington: Syngress Publishing, Inc.

Pandora Radio. (2011). from www.pandora.com

The first chapter in this blog is to discuss digital copyright basics. In opening, I will attempt to align this discussion with my research focus, perception of online pedagogy by both educators and secondary age students.


I first will define the exclusive rights under Copyright Law. According to Landy, exclusive rights include reproduction or the right to make copies; distribution or the right to sell or rent those same copies; public performance which gives the copyright holder the right to display the copyrighted item in public and derivatives which is the basic right to create works based on a specific work. (Landy & Mastrobattista, 2008)

In virtual education, copyright laws would not apply on content as no author of any curriculum either owns the idea, concept or principle of both education and online education. If an individual were to create for example, a method of delivery of the curriculum that is totally new to the industry, then this intellectual property would be protected under a patent. (Landy & Mastrobattista, 2008)

Several rules have been formed to protect digital works and their privacy that exist not only in the U.S., but are recognized worldwide. This enactment is known as the The Digital Millennium Copyright Act or DMCA. ("The digital millennium copyright act of 1998," 1998) This legislation mandates that the members of this act will prevent avoiding technological measures used to defend those works that are protected under a copyright.

One obvious violation that I see right away for virtual education is the violation of the copyright via creating a derivative work. Often in virtual education, curriculum designers will utilize games as a learning tool. If for example, the designer were to create a counting game for first grade students using Disney characters, without a license to do so they would be in violation of Disney’s copyright as those characters, or any facsimile thereof, would be considered a derivative work. (Landy & Mastrobattista, 2008) Not only would the characters themselves be an infringement of the copyright, any reference to a book, a movie or another game would constitute copyright infringement.

An interesting part of copyright rules that would apply to say, a book, may or may not apply to software. An example that Lindy uses is that if I were to purchase a copy of a book by Stephen King that is copyright protected, I can resell that same book to anyone, at anytime that I would like. However, he goes on to state that this “first sale” principle may not apply to software as it is often licensed. This means that this software cannot be transferred to another party without the permission of the licensor. (Landy & Mastrobattista, 2008)

A current issue with copyright infringement involves LimeWire.com and a $1 billion lawsuit by the recording industry. (Gardner, 2011) Currently, LimeWire is fighting for proof of revenues that have been lost both by the record companies, and third party companies such as Amazon.com and Apple. I visited the LimeWire website after reading this Reuters article and this splash page was found;

ATTENTION

“LimeWire is under a court order dated October 26, 2010 to stop distributing the LimeWire software. A copy of the injunction can be found here. LimeWire LLC, its directors and officers, are taking all steps to comply with the injunction. We have very recently become aware of unauthorized applications on the internet purporting to use the LimeWire name. We demand that all persons using the LimeWire software, name, or trademark in order to upload or download copyrighted works in any manner cease and desist from doing so. We further remind you that the unauthorized uploading and downloading of copyrighted works is illegal.” (homepage, 2011)

Although the music is not software, it is a digital download and is relevant to this topic. It is also obvious that LimeWire is destined to be in bankruptcy court very soon for violation of copyright regulations as well as infringement on intellectual property among other regulations.

Finally, the purposes of the copyright laws are to protect the author and prevent unauthorized reproduction of all types of work.

References

The digital millennium copyright act of 1998, Pub. L. No. 105-304, 112 Stat. 2860 (Oct. 28, 1998). C.F.R. (1998).

Gardner, E. (2011). LimeWire fighting to bitter end. Reuters,

homepage, L. (2011). from LimeWire.com

Landy, G. K., & Mastrobattista, A. J. (Eds.). (2008). The IT/ Digital Legal Companion: A comprehensive business guide to software, internet, and IP law Burlington: Syngress Publishing, Inc.