Internet Privacy and Security Blog

Guide to web analytics

2007-08-26T06:42:00.000-07:00

When collecting data tracking or metrics web analyst should always ask themselves what actions they will take based on knowing this information? If the answer is none, then the data is not worth tracking or collecting.

Euroffice is the UK's leading online office supplier

2007-08-25T06:38:00.000-07:00

Euroffice is the UK's leading online office supplier. Euroffice sells more office products to more companies than any other online company in the UK.

Be careful people this guy is using hijacked account

2007-05-11T11:48:00.000-07:00

This user http://forums.digitalpoint.com/member.php?u=46957 has hijacked my account at digitalpoint.com...so Be careful people.

Quiz Program using Java

2007-04-15T12:33:00.000-07:00

// Created by Husam Jalal

import javax.swing.JOptionPane;
public class QuizProgram
{
public static void main( String args[] )
{
String firstQuestion, //first string entered by user as answer
secondQuestion,//
thiredQuestion,
fourthQuestion,
fifthQuestion,
sixthQuestion;

int answer1,//answer question 1 by user
answer2,// answer question 2 by user
answer3,//answer question 3 by user
answer4, //answer question 4 by user
answer5,// answer question 5 by user
answer6;//answer question 6 by user
JOptionPane.showMessageDialog(null,"<<<<<<<<<<<<<<<<<<<<*>*<*>>>>>>>>>>>>>>>>>>>>>\nYou will be asked SIX questions,\nif you answer the first one you will be offered anther.\nIf you don't know the answer\nand you want to skip to the other question\nSIMPLY TYPE 0\ngood luck to you and lets begin\n<<<<<<<<<<<<<<<<<<<<<<*>>>>>>>>>>>>>>>>>>>>>>>","QUIZZES",JOptionPane.QUESTION_MESSAGE);

do{
firstQuestion=JOptionPane.showInputDialog(null,"How many oceans are they in world?\nTo skip this question enter 0","QUESTION 1",JOptionPane.QUESTION_MESSAGE );//string 1 entered by user

answer1 =Integer.parseInt( firstQuestion ); // convert numbers from type String to type int

if(answer1==0) // if the user entered 0 will skip the question. the user doesn't know the answer
break;

if(answer1==4) //if answer is 4 it is correct, show thw message in the next line

JOptionPane.showMessageDialog(null,"The answer is correct, go to the next Question","WEEL DONE",JOptionPane.PLAIN_MESSAGE);

else // if the answer is wrong offer the question anther time till you get the answer

JOptionPane.showMessageDialog(null,"your answer is wrong you should try again","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);

}while(answer1!=4); //if the answer is correct go to the next question

do{
secondQuestion=JOptionPane.showInputDialog(null, " How many stats in USA?\nTo skip this question enter 0 ","QUESTION 2",JOptionPane.QUESTION_MESSAGE);

answer2 =Integer.parseInt( secondQuestion ); // convert numbers from type String to type int

if(answer2==0)
break;

if(answer2==50) //if answer is 50 it is correct, show thw message in the next line

JOptionPane.showMessageDialog(null,"your answer is correct go to the next Question","WEEL DONE",JOptionPane.PLAIN_MESSAGE);

else

JOptionPane.showMessageDialog(null,"your answer is wrong you should try again","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);
}while(answer2!=50);

do{
thiredQuestion=JOptionPane.showInputDialog(null, " How many countries in Europe?\nTo skip this question enter 0 ","QUESTION 3",JOptionPane.QUESTION_MESSAGE);

answer3 =Integer.parseInt( thiredQuestion ); // convert numbers from type String to type int

if(answer3==0)
break;

if(answer3==12) //if answer is 12 it is correct, show thw message in the next line

JOptionPane.showMessageDialog(null,"your answer is correct go to the next Question","WEEL DONE",JOptionPane.PLAIN_MESSAGE);

else
JOptionPane.showMessageDialog(null,"your answer is wrong you should try again","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);

}while(answer3!=12);

do{
fourthQuestion=JOptionPane.showInputDialog(null, "How many continents in the world?\nTo skip this question enter 0","QUESTION 4",JOptionPane.QUESTION_MESSAGE);

answer4 =Integer.parseInt( fourthQuestion ); // convert numbers from type String to type int

if(answer4==0)
break;

if(answer4==6) //if answer is 6 it is correct, show the message in the next line

JOptionPane.showMessageDialog(null,"your answer is correct go to the next Question","WEEL DONE",JOptionPane.PLAIN_MESSAGE);

else
JOptionPane.showMessageDialog(null,"your answer is wrong you should try again","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);

}while(answer4!=6);

do{
fourthQuestion=JOptionPane.showInputDialog(null, "How many campus in Middlesex University?\nTo skip this question enter 0","QUESTION 5",JOptionPane.QUESTION_MESSAGE);

answer5 =Integer.parseInt( fourthQuestion ); // convert numbers from type String to type int

if(answer5==0)
break;

if(answer5==6) //if answer is 6 it is correct, show thw message in the next line

JOptionPane.showMessageDialog(null,"your answer is correct go to the next Question","WEEL DONE",JOptionPane.PLAIN_MESSAGE);

else
JOptionPane.showMessageDialog(null,"your answer is wrong you should try again","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);

}while(answer5!=6);

do{
fourthQuestion=JOptionPane.showInputDialog(null, "How many player in a footbal team?\nTo skip this question enter 0","QUESTION 6",JOptionPane.QUESTION_MESSAGE);

answer6 =Integer.parseInt( fourthQuestion ); // convert numbers from type String to type int

if(answer6==0)
break;

if(answer6==11) //if answer is 11 it is correct, show thw message in the next line

JOptionPane.showMessageDialog(null,"your answer is correct\n\nWell done and thank you for answering the quizzes","THIS IS THE END OF THE QUIZZES",JOptionPane.PLAIN_MESSAGE);

else
JOptionPane.showMessageDialog(null,"your answer is wrong you should try again","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);

}while(answer6!=11);

if(answer1+answer2+answer3+answer4+answer5+answer6==0)

JOptionPane.showMessageDialog(null,"you didn't answer any question","WHAT A SHAME",JOptionPane.WARNING_MESSAGE);

else

if(answer1+answer2+answer3+answer4+answer5==0)

JOptionPane.showMessageDialog(null,"you didn't answer the first 5 questions","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);
else

if(answer1+answer2+answer3+answer4==0)

JOptionPane.showMessageDialog(null,"you didn't answer the first 4 questions","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);

else
if(answer1+answer2+answer3==0)

JOptionPane.showMessageDialog(null,"you didn't answer the first 3 questions","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);

else
if(answer1+answer2==0)

JOptionPane.showMessageDialog(null,"you didn't answer the first 2 questions","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);

else
if(answer1==0)

JOptionPane.showMessageDialog(null,"you didn't answer the first questions","SORRY WRONG ANSWER",JOptionPane.WARNING_MESSAGE);

System.exit( 0 ); // terminate the program
}
}

Static RAM and Dynamic RAM

2007-04-15T12:18:00.000-07:00

One of the very important parts of the computer is the memory, and is as important as our memory. Any thing we do or we see, stored in our memory and we can retrieve it again, which is the same as the computer memory, however, the main difference between the computer’s memory and ours is that we have one type of memory and the computer has many.

Two of these types of the computer’s memory are the static RAM, (or SRAM) and the dynamic RAM, (or DRAM). In this presentation we will compare the SRAM and the DRAM, and talk briefly about their construction and their use in the computer.

Dynamic Random Access memory (DRAM)
DRAM is made up from transistors, which store the state of binary digit as a charge built up on transistor called, a Field Affect Transistor (FET). This method is the most popular, because of its ease of manufacture and hence its cost effectiveness. However it is more complex to operate than static RAM, because the stored charge leaks away very quickly and gets lost, if it is not tipped up as frequent intervals, which means that extra electronics, have to be put into the system to carry these operations. The consequence of this topping up cycle is that the speed of access for dynamic RAM is slower than the speed of the static RAM.

Static Random Access Memory (SRAM)
It is more expensive to produce. As more transistors are needed for the storage of each byte. However, static RAM, does not have to be topped up. As data is stored by monitoring the state of a transistor, being used as switch, rather than a charge storing mechanism as is the case with dynamic RAM. The technology inside the static RAM chip, is a little different instead of being stored as a leaky charge, the transistors, are permanently switched into an ‘on’ or an ‘off’ state, and this do not need constant attention, in terms of topping them up.

Comparing between the SRAM and the DRAM

Static RAM (SRAM)

4 times more expensive
Very low access time
Can store ¼ as much
Information stored on RS flip-flops
No need for refreshing

Dynamic RAM (DRAM)

Low cost
Consumes less power
Can store 4 times as much
Information stored on FET transistors
Needs to be refreshed

To sum up briefly, we say that Both the SRAM and DRAM are volatile. This means that if the power of the system is off, then all the data stored in them would be lost. However because the SRAM is a fast memory it is used in a (cache memory) which comes between the CPU and the dynamic RAM, in this way the data can be processed quickly, by the processor, which mean that the processor, will get the immediate data from faster static RAM.
As on the other hand, because of its low cost and its high capacity, which is four times as much as SRAM, the DRAM is used for main memory.

References

Clements, Alan. The Principles of Computer Hardware, 3rd ed. (Oxford University Press, 2001).
Stallings, William. Computer organization and architecture: designing for performance, 5th ed. (New Jersey, Prentice Hall, 2000).

Wireless communication

2007-04-15T12:11:00.000-07:00

Wireless communication
1. Infra Red Transmission
2. Radio Transmission
a. Narrow Band
b. Spread Spectrum

1.Infra Red Transmission
This type of transmission is cheapest and easy to use for short distance, that is why it comes built-in in laptops and mobile phones, its has number of disadvantages, e.g low bandwidth, cannot be used for long distance communication, as it reflect back when strike with any obstacle like wall, furniture etc. [1]

2. Radio Transmission
This is a commonly used technology used in wireless LANs, it can be either directional or can operate at 360 degree, but depends on type of antenna being used, unlike Infra red it can pass through building and hence used for long distance transmission. Using RF Transmission the same device can communicate with more than one device at a time, by using different frequencies. The RF Transmission uses Electro magnetic waves, and used as a carrier i.e. either digital or analog data can be super imposed on it, it has three characteristics i.e. frequency, amplitude, and phase, any one of these characteristics can be used to encode/super-imposed analog or digital data for transmission.

The RF transmission is used widely in mobile, TV, Radio station etc. That is why Government tightly enforce license, because two or more stations can operate at same frequencies.

Narrow Band: uses minimum Radio Frequency band for transmitting data, for the purpose of avoiding cross talk with other stations.
Spread Spectrum: uses more bandwidth for transmission, it is commonly used by military, because Spread spectrum signal are easy to detect as uses high bandwidth.

Microwave is an extension of RF, it gives higher data rates, but it is considered as line-of sight medium and suffered for atmospheric conditions e.g. fog, rain etc.[2]

IEEE 802.11
Wireless LANs are based on IEEE 802.11; there are many versions of IEEE 802.11 i.e. IEEE 802.11(legacy), IEEE 802.11a, IEEE 802.11b, and 802.11g. These standards permit 1-2 Mbits/second and 5 to 10 Mbits/second.

It is standardized for both Infra Red and RF transmission. It uses CSMA/CD MAC protocol, which ensures that collision will not takes place; Wireless LANs, operates at less speed as compared to wired LANs, wireless LANs are more susceptible to interference, as air is the medium. [2]

Reference:
[1] http://en.wikipedia.org/wiki/IEEE_802.11
[2] http://www.smarthomeforum.com/start/wlan.asp?ID=24

Voice over IP, VoFR and ATM

2007-04-15T11:54:00.000-07:00

1. Abatract
The Internet is being modified to support voice traffic and products are being made to link the data and voice networks. Eventually the Internet and the telephone network will be one and the same.
Internet Telephony is an emerging technology and has a number of technological and evolutionary issues. The technological issues are mainly because the Internet was not designed for real time traffic such as voice. The evolutionary issue is the fact that a variety of vendors develop their products according to market demands and supplies. It will take time for all these products to converge and inter work with the same reliability as the circuit switched networks.
VoIP, VoFR and ATM are the subjects of the technology nowadays. Each of them has advantages over the others, and for the benefice of the technology they all need to be interwork.
The following article describes the tree technologies, VoIP, VoFR and ATM by an overview of each of them, the interoperability of them and the Future potential of these three technologies

2. Introduction
VOIP is growing fast. The very knowledge of the applications of this technology is enough for users and manufacturers to flock towards it. It is ideal for computer based communications and at the same time bringing down the cost of multimedia transfer. Hence VOIP products and services have flooded the market.
When Frame Relay technology was designed, it was without the option of carrying voice. The engineers have worked hard under the need of the vendors to make the voice together over the frame relay and give a good quality of voice in parallel of the high speed of the FR.
ATM was designed to be a multimedia, multi service technology. Though the ATM has been accepted by the marketplace for its ability to deliver high speed data services, till the recent past its potential for deploying for voice services was overlooked. With the competitiveness of today's market, the network operators and the service providers have been continuously striving to reduce operating costs and lift network efficiency. They recognized that significant economic benefits can be achieved once the data traffic and voice traffic are integrated onto a single network. Since ATM has been around for around a decade claiming to be a multimedia technology, most of the service providers have started installing

single ATM infrastructure to support voice, video, and data transfer.
Network engineering still working and developing the packet networks (Frame Relay, IP and ATM) to carry voice as well as data, and they are searching to reassemble these technologies into a single communication service, to develop interconnection and internetworking standards in order to deliver voice services over Frame Relay, IP and ATM.

3. Overview of VoIP
Internet Voice, also known as Voice over Internet Protocol (Voice over IP), is a technology that allows you to make telephone calls using a broadband Internet connection instead of a regular phone line. Some services using Voice over IP may only allow you to call other people using the same service, but others may allow you to call anyone who has a telephone number - including local, long distance, mobile, and international numbers. Also, while some services only work over your computer or a special Voice over IP phone, other services allow you to use a traditional phone through an adaptor.

Voice over IP allows us to make telephone calls using a computer network, over a data network like the Internet. Voice over IP converts the voice signal from our telephone into a digital signal that travels over the internet then converts it back at the other end so we can speak to anyone with a regular phone number. When placing a Voice over IP call using a phone with an adapter, we'll hear a dial tone and dial just as we always have. Voice over IP may also allow us to make a call directly from a computer using a conventional telephone or a microphone.

Voice over IP lets us make long distance voice and fax calls over existing IP data networks instead of the public switched telephone network (PSTN). Today businesses that implement their own Voice over IP solution can dramatically cut long distance costs between two or more locations.

3.1 Functionality
VoIP can facilitate tasks that may be more difficult to achieve using traditional phone networks:
Incoming phone calls can be automatically routed to our VoIP phone, irrespective of where we are connected to the network. Take

the VoIP phone with us on a trip, and anywhere we connect it to the Internet, we can receive our incoming calls.
Call center agents using VoIP phones can work from anywhere with a sufficiently fast Internet connection.
VoIP phones can integrate with other services available over the Internet, including video conversation, message or data file exchange.

3.2 Implementation
Because IP does not provide any mechanism to ensure that data packets are delivered in sequential order, or provide any Quality of Service guarantees, VoIP implementations may face problems dealing with latency. They are faced with the problem of restructuring streams of received IP packets, which can come in any order and have packets delayed or missing, to ensure that the ensuing audio stream maintains a proper time consistency.
Another main challenge is routing VoIP traffic to traverse certain firewalls and NAT. Intermediary devices called Session Border Controllers (SBC) are often used to achieve this, though some proprietary systems such as Skype traverse firewall and NAT without a SBC by using users' computers as super node servers to route other people's calls.
Keeping packet latency acceptable can also be a problem, due to network routing time and transmission distances.

3.3 Technical details
There is a lot of debate about the two most popular types of VoIP; SIP and H.323, each of them has its own merits, H.323, was the most popular protocol, though its popularity has decreased in the "local loop" due to its poor traversal of NAT and firewalls. For this reason as domestic VoIP services have been developed, SIP has been far more widely adopted. However in backbone voice networks where everything is under the control of the network operator or Telco, H.323 is the protocol of choice. Many of the largest carriers use H.323 in their core backbones, and the vast majority of callers have little or no idea that their POTS calls are being terminated over VoIP. So really SIP is a useful tool for the "local loop" and H.323 is like the "fiber backbone". With the most recent changes introduced for H.323, however, it is now possible for H.323 devices to easily and consistently traverses NAT and firewall devices, opening up the possibility that H.323 may again be looked upon more favorably in cases where such devices encumbered its use previously.

Where VoIP travels through multiple providers Soft Switches the concept of Full Media Proxy and signaling proxy are important. In H.323 the data is made up of 3 streams of data: 1) H.225.0 Call Signaling 2) H.245 3) Media. So if we are in London, our provider is in Australia, and we wish to call America, then in full proxy mode all three streams will go half way around the world and the delay (up to 500-600ms) and packet loss will be high. However in signaling proxy mode where only the signaling flows through the provider the delay will be reduced to a more user friendly 120-150 ms. these proxy concepts could lead the way to true global providers.
One of the key issues with all traditional VoIP protocols is the wasted bandwidth used for packet headers. Typically to send a G.723.1 5.6kbps compressed audio path will require 18kbps of bandwidth based on standard sampling rates. The difference between the 5.6kbps and 18kbps is packet headers. There are a number of bandwidth optimization techniques used such as silence suppression and header compression this can typically save 35% on bandwidth used. But the really interesting technology comes from VoIP off shoots such as TDMoIP which take advantage of the concept of bundling conversations that are heading to the same destination and wrapping them up inside the same packets. These can offer near toll quality audio in a 6-7kbps data stream.

3.4 DSL Internet access
VoIP technology does not necessarily require broadband Internet access, but this usually supports better quality of service. A sizable percentage of homes today are connected to the Internet through DSL, which requires a traditional phone line. Having to pay for VoIP in addition to both a basic phone line and broadband Internet access reduces the potential benefits of VoIP. However, some regional telephone companies now offer DSL service without the phone, thus saving us money when we switch to VoIP. VoIP can also be used with Cable Internet instead of DSL, eliminating the need to purchase two telephone lines.

3.5 Reliability
Conventional telephones are connected directly to telephone company phone lines, which in the event of a power failure are kept functioning by back-up generators or batteries located at the telephone exchange. However, household VoIP hardware uses broadband modems and other equipment powered by household electricity, which may be subject to outages. In order to use VoIP during a power outage, an uninterruptible power supply or a generator must be installed on the premises. Early adopters of VoIP

may also be users of other phone equipment, such as PBX and cordless phone bases that rely on power not provided by the telephone company.

3.6 Security
The majority of consumer VoIP solutions do not support encryption. As a result, it is relatively easy to eavesdrop on VoIP calls and even change their content. There are several open source solutions like VoIPong or Vomit that facilitate sniffing of VoIP conversations. A modicum of security is afforded due to patented audio codecs that are not easily available for open source applications; however such security by obscurity has not proven effective in the long run in other fields. Some vendors also use compression to make eavesdropping more difficult. However, real security requires encryption and cryptographic authentication which are usually not available at a consumer level.

3.7 Benefits of the technology
The integration of voice and data traffic will be demanded by multi application software.
An integrated infra structure that supports all forms of communication allows more standardization and lesser equipment management.
The integration of voice and data effectively fills up the data communication channels efficiently, thus providing bandwidth consolidation. The idea is to move away from the TDM scheme wherein the user is given bandwidth when he is not talking. Data networks do not do this. It is a big saving when one considers the statistics that 50% of a conversation is silence. The network efficiency can be further boosted, by removing the redundancy in certain speech patterns.
In general, phone service via VoIP costs less than equivalent service from traditional sources but similar to alternative Public Switched Telephone Network (PSTN) service providers. Some cost savings are due to using a single network to carry voice and data, especially where users have existing under-utilized network capacity they can use for VoIP at no additional cost

4. Overview of VoFR
Frame relay is packet switched network that was designed for transmitting data over fixed line.

The frame relay can be a long distance telephone service. Once the service is established, the customer only need to transmit his data over a local link to a nearby frame relay station so the frame relay is responsible for transmitting the data of the user and delivering to destination. A frame relay service provides many attractive alternatives to leased lines.

4.1 Characteristics of a frame relay
One of the first noticeable network is its very high transfer speeds. The data transfer speed can be very fast as same as network.
Frame relay network also provide very good security. Because of the encryption technique used to transmit data between frame relay switches, also the frame relay connection are permanent then it is available.
Frame relay was originally designed and used to transfer packets of data between two sites more cost effectively than leased lines could.
Voice over frame relay allows the internal telephone systems of companies to be connected using frame relay PVCs.

4.2 Advantages
Transferring telephone calls using frame relay has a number of advantages over using the leased line service of a standard telephone system.
Frame relay reduce the cost of a telephone call.
Frame relay uses network resources more efficiently by combining a number of channels of voice traffic with data and reliably transmitting the result over an existing frame relay network.
The cost of the equipments that connects a company’s PBX to the frame relay network is quickly recovered from the saving involved in avoiding conventional telephone line. Because VoFR does not significantly complicate network architecture or increase link speed, voice, fax and data traffic can be combined effectively over a single network of wires.
Up to 255 voices sub channels can be multiplexed on a single frame relay circuit.

4.3 Disadvantages
Data network called upon to transmit frame relay voice in addition to data, it may experience congestion problems. Many corporate

networks are already straining just to deliver data. To add voice to an already congested network is a problem.
Voice compression is necessary in frame relay application to help ensure high quality audio while maximizing bandwidth usage. Sometimes this voice compression can affect the quality of the signal and therefore the sound quality of the voice on the telephone line.

5. Overview of ATM
Asynchronous Transfer Mode ATM, is a multi service, high speed, scalable technology. It is a dominant switching supporting services with different transfer characteristics. ATM transports voice, data, graphics and video simultaneously at very high speeds,
ATM can be used as the transfer technology for local area networks, metropolitan area networks, and wide area networks, since ATM like frame relay, is a layer 2 protocol, it can be supported by many different types of physical layer media, such as twisted pair and fabric optic cable.
ATM can support different classes of traffic to provide different levels of service (QoS).

5.1 Advantages of ATM
With the standards are in place it is now possible for packet switching techniques like Frame Relay or ATM to deliver high quality speech. Some of the intrinsic advantages ATM has over other network technologies are listed below.
The very format of the cell was arrived at by considering data, voice, and video payload requirements. ATM cells are of fixed size, 53 bytes each with 48 bytes for payload and 5 for ATM header. This helps in reducing the packetization delay significantly, which is one of the major delay parameters.
It supports extensive QoS (Quality of Service), which allows voice traffic to be transmitted across the network in a reliable jitter-free way.
Various service classes’ capabilities are supported by various ATM Adaptation Layers (AALs).
ATM switches have always been designed with effective traffic management capabilities - for example, call admission control, usage parameter control, traffic shaping, etc.
Single network for voice, data, and video.
Interworking with PSTN is relatively straightforward.

5.2 Disadvantages of ATM
It is often more expensive than other data transmission options. The cost of ATM equipment is high; Due to the complexity of ATM there is a high learning curve for setting and managing the network. Compatible hardware and software may not be widely available.
ATM is now being heavily used by the large telecommunications carriers to provide voice and Internet services. Because of its complexity and cost, smaller businesses have been reluctant to use ATM.

5.3 Standards and Specifications.
Various applications are available for the transport of voice over an ATM network. Each application has differing requirements for voice transport based on what class of network operators they are defined in. The three major classes of network operators are:
National or International Operators typically have an extensive PSTN service operating over SDH/SONET or PDH infrastructure. When bandwidth is limited there will be a requirement to integrate voice and data traffic, for reasons of efficiency into a single ATM network. Within the local loop, ATM may be a valuable solution for the carriage of voice and data to business premises.
Alternate Carriers or Value Added Network Suppliers take up licenses to provide communication services in competition with the incumbent national operators. Instead of having their own transmission infrastructure, they buy bandwidth from the primary operator. Cost and limited availability of bandwidth demand ATM's efficiency, and integration of voice and data services. Example of alternate carriers is cellular phone operators.
Private/Enterprise networks buy bandwidth at commercial (retail) rates and achieve the most they can with the resources on hand. Such organizations will have already deployed a TDM network utilizing E1 or T1 links. They will be looking to integrate these solutions into a new ATM network, and gain improvements in network performance and efficiency.

6. Data and its implications over voice
IP, ATM and Frame Relay are not as same as normal telephone, public telephone carries voice others carry data and cells known as packet and cells switching.

In circuit switching network (telephones) once the transmission start the line is occupied even though the line is in hold which means that the third party can not use
the path in any way, this is not efficient recording to packet switching.

One of the main reasons that this network (packet switching) is reliable because it allocates the bandwidth to the links, and each link can use the bandwidth available at any time.

One of the problems packet switching face is the delay, because of the share of the line, as a result of congestion, and in other situation could be the drop of packets so the delay must be minimised as minimum as possible to get a better quality of voice, and the integrity of the transmission.

Data and voice are tow distinct things, the voice is very sensible and any small delay will affect directly the quality of the voice, the voice will be not understandable in most cases.

One solution can be taken to solve these problems of congestions and delays is to use a bandwidth to the network in a way that will be not increased but managed by a mechanism that make priorities and reduce the congestions and delays.

7. The interoperability of the three technologies
Operating data and voice together with IP,ATM and Frame Relay is the best network solution of any other technology, however, the standardization of the elements such as protocols, voice compression and other elements are not compatible and then not standard to inter-work between them. Standardization is very important for the three technologies, and without it no mean to the interoperability.

VoIP interoperability defined by ITU H.323 without the definition of the address encoding and security and other things which is mean that the definition is not complete, based on these kind of definitions it will be no interoperability between equipment of different vendors.
IP vendors are collaborating and working together to achieve interoperability gatekeepers and gateways of different vendors to deploy different IP platform at either end of the network.
Frame Relay is a Permanent Virtual Connection (PVC), the reason why the RF.11 Phase 2 is not yet implemented, the two ends use

the same vendors equipments, in the meantime vendors are trying to interoperate the equipments for interoperability that the market requires.
With Voice Over ATM, the problem of the interoperability is there, AAL2 is not yet standardized, therefore the problem of interoperability between vendors still there, as same as FR and IP.

8. Future potential of these three technologies
With more and more voice traffic moving onto data networks. Vendors of voice equipment will continue to develop integrated voice and data devices based on pocketsize technology.
RAD Data Communications will remain in the forefront of industry efforts to provide universal services, for the benefit of the users
Since standardization has not been adopted for any one technology, it is not possible to expect the interoperability standards between technologies in the near future. It is essential that the interoperability be transparent to the users, who want to communicate through the network efficiently and without concern for the technological issues involved.
Due to the lack of interoperability standards for voice communications over Frame Relay, IP and ATM, vendors must develop proprietary interworking solutions.
RAD is developing a pre-standards strategy to facilitate interworking between Frame Relay and IP. The strategy will provide a migration path from Frame Relay to IP technologies, which can be an important advantage when IP services become available. RAD is currently developing an interworking solution between Frame Relay and IP. The VoFR-VoIP product will perform signalling conversion and negotiate with the remote IP product in order to choose a common voice compression algorithm and other parameters.

9. Conclusion
The integration of voice and data networks has been a long time coming, and complete unification is still a distant goal for most organizations. Consolidation is progressing in parts of the network, especially where medium-term cost savings can justify a new approach. Each of the major packet-voice-transport options--IP, frame relay and ATM--has its strengths, and no single technology is the best fit for every situation.
ATM is mature, reliable and manageable. However, its limited span and high cost per port will discourage IT managers from deploying it end to end. Inexpensive and fairly reliable, voice over frame relay is

a good interim step, but best used by only a few hundred sites per backbone. And voice over IP, with its wide reach, shows great promise but has some hefty requirements for maintaining its quality.
Although hundreds of vendors are exploring these technologies, four have taken the lead. Cisco, Lucent, Nortel and 3Com.
Interoperability between the various networks will allow users to benefit from the best that each network has to offer. The extent of compatibility is limited by the prioritization methods and signalling protocols, even though these networks follow similar fragmenting techniques. The level of interoperability will increase with the introduction of standardizations within the protocols, which will facilitate the interworking.

(Word count: 3678)

10. References:

http://www.fore.com/products/wp/voicewp.htm
http://www.cisco.com/warp/public/cc/cisco/mkt/switch/cat/8500/index.shtml.
http://www.fore.com/products/voice-plus/voice-plus_po.html
http://en.wikipedia.org/wiki/Special:Search?search=voice+over+ip&fulltext=Search
http://www.freedomcomms.com/newcontactform.asp
http://www.protocols.com/papers/voe.htm
http://www.rapid.co.uk/iptelephony.html
http://www.telsyte.com.au/feature/voip.htm

Hacking

2007-04-11T10:52:00.000-07:00

Two things frighten today's computer users: viruses and hackers. And just similar to viruses, the majority of people don't understand hackers or what they do.

Hackers come in many varieties. The word "hacker" typically brings to mind people who break the security of computer networks, application software, and people who make malicious programs similar to viruses.

In the traditional parlance of computer programmers, a hack is a quickly written piece of code that makes something work; a hacker is someone who enjoys exploring the details of programmable system and how to stretch their capabilities, as opposite to most users, who prefer to learn only the minimum necessary. Since, hackers get hold of advanced knowledge of operating systems and programming languages. They may know of holes within systems and the reasons for such holes.

Hackers always seek further knowledge, freely share what they have discovered, and never, ever deliberately damage information.

A cracker in the other hand is one who breaks into computer systems without authorization, for malicious purposes, to steal or destroy vital information, or just to show off. Therefore crackers can easily be identified because their actions are malicious.
However these aren't mutually exclusive, but it's a simple way to divide the activities that fall under hacking.

Once crackers get onto the computers that host networks, they can modify or remove files, steal information and erase the evidence of their actions. However many hackers break security systems just to see if they can do it. They may enter the system, look at the information within and never go back. For these hackers, it's more a test of skill than an attempt to steal or alter data.

Hacker ethic
The hacker ethic was not something that was written up as a guiding principle, but a commonly, silently, agreed upon creed that simply came to be. The ethic on the whole consisted of allowing all information to be free in order to learn about how the world worked, using the already available knowledge to create more knowledge. Anything that prohibited them from this knowledge was resented.
Many hackers act on this by writing and giving away open-source software. A few go further and assert that all information should be free and any proprietary control of it is bad.
The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing open-source and facilitating access to information and to computing resources wherever possible.

Where did hacking start?
It started with telephone technology. This practice was referred to as phreaking. Typically, phreaking which was wide-spread in the seventies is used to make free calls or to have calls charged to a different account. However phreaking is now recognized as any act by which to circumvent the security of the telephone company.

What attracts people to hacking?
People have always been fascinated by adventure and exploration. Never before have they been able to get this without leaving their home. It is the Internet, and the ability to go anywhere, talk to anyone, and not reveal your personal information. That is in brief what most attracts people to the hacker culture, which is gradually becoming the Internet culture. Moreover is the wide-spread of hacker-oriented sites on the Internet, it is estimated that there are about 30,000, bringing hacking and terrorism within the reach of even the technically challenged.
It is not necessary to have the full knowledge, you just have to have the time, just download the tools and the programs. It's the democratization of hacking. And with these programs they can click on a button and send bombs to a network, and the systems will go down.
Finally some crackers crack for profit. They will break into almost any type of system you like, for a price. Some of these crackers get involved with criminal schemes.

Tools used by hackers

Port scanners are probably the most commonly used scanning tools on the Internet. These tools scan large IP spaces and report on the systems they encounter, the ports available and other information, such as the operating system types. The most popular port scanner is Network Mapper (Nmap).
Vulnerability scanners tools that look for a specific vulnerability or scan a system for all potential vulnerabilities. Vulnerability tools are freely available on the net. The most popular vulnerability scanner available is Nessus.
Rootkits the term rootkit describes a set of scripts and executables packaged together that allow intruders to hide any evidence that they gained root access to a system. Some of the tasks Performed by a rootkit are as follows:

Modify system log files to remove evidence of an intruder’s activities.
Modify system tools to make detection of an intruder’s modifications more difficult.
Create hidden back-door access points in the system
Use the system as a launch point for attacks against other networked systems.

The threat from hackers

1. Trojans
A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.

2. Viruses
A destructive program that has the ability to reproduce itself and infect other programs or disks. Usually a virus will not show itself straight away, but will add itself to programs and disks to spread itself widely on many computers before it is triggered into its destructive phase.
The best defence is to run anti-virus software regularly furthermore, anti-virus software should be updated monthly.

3. Worms
Type of virus or replicative code that situates itself in a computer system in a place it can do harm. They replicate themselves by emails to many computers. They are network orientated viruses, tend to exist in memory and are non permanent, whereas viruses tend to reside on disc where they permanent until eradicated.

4. Logic or time bomb
A logic bomb is a program, or portion of a program, which lies inactive until a specific piece of program logic is activated. In this way, a logic bomb is very analogous to a real-world land mine.
The most common activator for a logic bomb is a date. The logic bomb checks the system date and does nothing until a pre-programmed date and time is reached. At that point, the logic bomb activates and executes its code.

Measures to prevent hacking
No one connected to a computer network is in reality safe from hackers. Fortunately, most invasions or infections don't result in severe damage to the system that has been attacked.
The only real defense is limiting the risk by using virus scanners, firewalls and (making them easier to install and configure). Furthermore improvements in vulnerability scanning and better explanations of how to repair them, and better intrusion-detection with fewer false-positives are all key technologies in this race. However in the end, hackers see security systems as a challenge, not an obstacle.

Nevertheless the most important improvement is in the area of awareness among users, furthermore enforcing new low and regulations by governments against this crime.

The outlook for computer security?
To summaries this important topic it is fair to say that while better security technologies are appearing all the time, education and awareness will continue to be the limiting factor. System administrators must learn about and maintain their systems securely. Users have to understand their security responsibilities like choosing good passwords, not installing unauthorized modems. Nevertheless innovations like biometrics and smart cards will go a long way toward making security easier for the end user as well as for the system administrators.

References

Alex Noordergraaf. (2002). How Hackers Do It: Tricks, Tools, and Techniques. Sun BluePrints™ OnLine—May, 2002
CNET Networks, Inc. (Accessed 1 April 2004) http://www.zdnet.co.uk/
Linux User & Developer (13 Nov 2003) ‘Hack Attack’. Linux User & Developer Magazine. (Issue 34) page 22.

Transport Layer Security

2007-04-11T06:16:00.000-07:00

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains substantially the same. The term "TLS" as used here applies to both protocols unless clarified by context.

Description
The TLS protocol(s) allow applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and communications privacy over the Internet using cryptography. Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (be that a person, or an application such as a web browser), can be sure with whom they are "talking". The next level of security—in which both ends of the "conversation" are sure with whom they are "talking"—is known as mutual authentication. Mutual authentication requires public key infrastructure (PKI) deployment to clients.

TLS involves three basic phases:
1. Peer negotiation for algorithm support
2. Public key encryption -based key exchange and certificate-based authentication
3. Symmetric cipher -based traffic encryption

During the first phase, the client and server negotiation uses cryptographic algorithms. Current implementations support the following choices:

for public-key cryptography: RSA, Diffie-Hellman, DSA ;
for symmetric ciphers: RC2, RC4, IDEA, DES, Triple DES, AES or Camellia;
for one-way hash functions: MD2, MD4, MD5 or SHA.

How it works
The TLS protocol exchanges records; each record can be optionally compressed, encrypted and packed with a message authentication code (MAC). Each record has a content_type field that specifies which upper level protocol is being used.

When the connection starts, the record level encapsulates another protocol, the handshake protocol, which has content_type 22.

A typical handshake proceeds as follows:

A Client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested cipher suites and compression methods.
The Server responds with a ServerHello, containing the chosen protocol version, a random number, cipher, and compression method from the choices offered by the client.The Server sends its Certificate (depending on the selected cipher, this may be ommitted by the Server).

These certificates are currently X.509, but there is also a draft specifying the use of OpenPGP based certificates.

The server may request a certificate from the client, so that the connection can be mutually authenticated, using a CertificateRequest.
The Server sends a ServerHelloDone message, indicating it is done with handshake negotiation.
The Client responds with a ClientKeyExchange which may contain a PreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher).
The Client and Server then use the random numbers and PreMasterSecret to compute a common secret called the "master secret". All other key data is derived from this master secret (and the client- and server-generated random values), which is passed through a carefully designed "pseudorandom function". The Client now sends a ChangeCipherSpec message, essentially telling the Server, "everything I tell you from now on will be encrypted." Note that the ChangeCipherSpec is itself a Record Layer protocol, and has type 20, and not 22.
Finally, the Client sends an encrypted Finished message, containing a hash and MAC over the previous handshake messages.
The Server will attempt to decrypt the Client's Finished message, and verify the hash and MAC. If the decryption or verification fails, the handshake is considered failed and the connection should be torn down.
Finally, the Server sends a ChangeCipherSpec and its encrypted Finished message, and the Client performs the same decryption and verification.
At this point, the "handshake" is complete and the Application protocol is enabled, with content type of 23. Application messages exchanged between Client and Server will be encrypted.

Given the above recount of a TLS/SSL connection process, one may have trouble envisioning a typical browser session. To elaborate upon this and to give ordinary insight to a typical TLS/SSL connection we can use what is commonly referred to as the SSL six step process. SSL establishes a stateful connection negotiated by a handshaking procedure between client and server as previously mentioned. During this handshake, the client and server exchange specifications for the cipher that will be used for that session.

The handshake begins when a browser connects to a TLS/SSL-enabled server and requests that the server send back its identification.
The server sends back its identification in the secured form of a digital certificate. The certificate will contain (usually all of these variables, but dependent on the X.509 standard used) the server name, the trusted certifying authority (CA), and the server public encryption key.

The browser may contact the server of the trusted CA and confirm that the certificate is authentic before proceeding. The browser then presents a list of encryption algorithms and hashing functions (used to generate a number from another).

From this list the server picks the strongest encryption that it also supports and notifies the client of the decision.

In order to generate the session keys used for the secure connection, the browser uses the server public key from the certificate to encrypt a random number and send it to the server.

The client can encrypt this data, but only the server can decrypt it (with its private key): this is the one fact that makes the keys hidden from third parties, since only the server and the client have access to this data.

The server replies with more random data (which doesn't have to be encrypted), and following this:
Both parties use the selected hash functions on the random data to generate the session keys.

This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the session keys for the remainder.

If any one of the steps in previous mention fails, the TLS/SSL handshake fails, and the connection is not created.

TLS/SSL have a variety of security measures:

The client uses the CA's public key to validate the CA's digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA.
The client verifies that the issuing Certificate Authority (CA) is on its list of trusted CAs.
The client checks the server's certificate validity period. The authentication process stops if the current date and time fall outside of the validity period.
To protect against Man-in-the-Middle attacks, the client compares the actual DNS name of the server to the DNS name on the certificate.
Protection against several known attacks (including man in the middle attacks), like those involving a downgrade of the protocol to a previous (less secure) version or a weaker cipher suite.
Numbering all the records and using the sequence number in the MACs.
Using a message digest enhanced with a key (so only a key-holder can check the MAC). This is specified in RFC 2104.
The message that ends the handshake ("Finished") sends a hash of all the exchanged data seen by both parties.
The pseudorandom function splits the input data in half and processes each one with a different hashing algorithm (MD5 and SHA), then XORs them together. This provides protection if one of these algorithms is found to be vulnerable.
SSL v3 uses the SHA-1 hashing algorithm and supports certificates for authentication. SHA-1 is considered much safer than the previous MD5 used in SSL v2. Additional improvements in SSL v3 include better handshake protocol flow and increased resistance to man-in-the-middle attacks.

Applications
TLS runs on layers beneath application protocols such as HTTP, FTP, SMTP, NNTP, and XMPP and above the TCP or UDP transport protocol, which form part of the TCP/IP protocol suite. While it can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form HTTPS. HTTPS is used to secure World Wide Web pages for applications such as electronic commerce & asset management. SMTP is also an area in which TLS has been growing and is specified in RFC 3207. These applications use public key certificates to verify the identity of endpoints.

An increasing number of client and server products support TLS natively, but many still lack support. As an alternative, users may wish to use standalone TLS products like Stunnel. Wrappers such as Stunnel rely on being able to obtain a TLS connection immediately, by simply connecting to a separate port reserved for the purpose. For example, by default the TCP port for HTTPS is 443, to distinguish it from HTTP on port 80. However, in 1997 the Internet Engineering Task Force recommended that application protocols always start unsecured and instead offer a way to upgrade to TLS - which a pure wrapper like Stunnel cannot cope with.

TLS can also be used to tunnel an entire network stack to create a VPN, as is the case with OpenVPN. Many vendors now marry TLS's encryption and authentication capabilities with authorization. There has also been substantial development since the late 1990s in creating client technology outside of the browser to enable support for client/server applications. When compared against traditional IPSec VPN technologies, TLS has some inherent advantages in firewall and NAT traversal that make it easier to administer for large remote access populations. Vendors like Arkoon, Aventail, F5 Networks, Juniper, and others have been developing in this space for some time.

TLS is also being used increasingly as the standard method for protecting SIP application signaling. TLS can be used to provide authentication and encryption of the SIP signalling associated with VOIP (Voice over IP) and other SIP-based applications. Vendors like Covergence, Linksys, and Microsoft are examples of vendors that provide TLS capabilities for SIP applications .

History and development
Developed by Netscape, SSL version 3.0 was released in 1996, which later served as the basis for TLS version 1.0, an IETF standard protocol first defined in RFC 2246 in January 1999. Visa, MasterCard, American Express and many leading financial institutions have endorsed SSL for commerce over the Internet.

SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between peers.

Early short keys
Some early implementations of SSL used 40-bit symmetric keys because of US government restrictions on the export of cryptographic technology. The US government explicitly imposed a 40-bit keyspace small enough to be broken by brute-force search by law enforcement agencies wishing to read the encrypted traffic, while still presenting obstacles to less-well-funded attackers. A similar limitation applied to Lotus Notes in export versions. After several years of public controversy, a series of lawsuits, and eventual US government recognition of changes in the market availability of 'better' cryptographic products produced outside the US, the authorities relaxed some aspects of the export restrictions. The 40-bit key size limitation has mostly gone away. Modern implementations use 128-bit (or longer) keys for symmetric key ciphers.

Incorrect uses
Some websites have been criticized for incorrectly using TLS and therefore negating its security benefits [1]. Such incorrect uses include:

Only securing the form submission page, while failing to secure the login page [2]
Displaying a secure page mixed with non-secure media [3]

Both practices have been found present in many commercial websites such as those of Bank of America, Washington Mutual, JPMorgan Chase & Co. [4], and PayPal.

Implementation
Programmers may use the OpenSSL, NSS, or GnuTLS libraries for SSL/TLS functionality. Microsoft Windows includes an implementation of SSL and TLS as part of its Secure Channel package. Delphi programmers may use a library called Indy, which has ways of connecting components to a TLS intercept using the OpenSSL libraries. This enables the development of secure Web browsers and Web servers using Delphi/Indy/OpenSSL. The protocols supported are SSLv2, SSLv3, and TLS v1.

References

The Netcraft Secure Server Survey
Wagner, David; Schneier, Bruce (November 1996). "Analysis of the SSL 3.0 Protocol (PDF)". The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Press.

Why data encryption preserves confidentiality but not integrity and availability?

2007-04-11T05:57:00.000-07:00

Encryption provides a means of preventing an unauthorised party from reading our data (hence confidentiality of data can be maintained).
It does not do anything to ensure that the data is correct (integrity) or that it can be obtained when needed (availability).
Secrecy: only sender, intended receiver should “understand” message contents sender encrypts message receiver decrypts message.
Authentication: sender, receiver want to confirm identity of each other
Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection.

How an email is sent from one computer to the other?

2007-04-11T05:51:00.000-07:00

Three steps are now required to deliver the message to its final destination, sender to local mail server, local mail server to destination server and destination server to recipient. If the receiver's mail server is not functioning then the sender's server retains the message and tries to deliver it later. Mail servers are normally provided and maintained by Internet Service Providers (ISPs) - e.g. AOL.

SMTP is used to transfer the message from the sender local server and between the servers, but it cannot be used to retrieve the message by the recipient. The reason for this is that SMTP is a 'push' protocol (i.e. it is designed to deliver messages) whereas retrieval is a 'pull' operation. To solve this remaining problem, another protocol is required. Two popular mail access protocols are known as POP3 (Post Office Protocol - version 3) and IMAP (Internet Mail Access Protocol). Note however, SMTP is still required to send e-mail.

user A invokes his/her user agent for e-mail, provides e-mail address (e.g. usera@hotmail.com) compose and then sends the message via user agent
user A’s user agent sends message to his/her email server - placed in a message queue
The client side of SMTP opens a TCP connection to an SMTP server
After some initial SMTP handshaking, the SMTP client sends user A’s message into the TCP connection
At user B’s mail server host, the server side of SMTP receives the message – places the message in user B’s mailbox
user B invokes his/her user agent to read the message at his convenience

VoIP categories

2007-04-08T07:47:00.000-07:00

There are three categories of VoIP:
1. Phone-to-phone
Using normal telephone equipment it allows real time voice transmissions
2. Computer-to-computer:
By using software and computer hardware calls can be made between two computers connected to the internet or private network.
3. Phone-to-computer or computer-to-phone:
Using mixture of the two above.

The Future of VOIP
According to new research by Ovum, 15 per cent of UK businesses have deployed IP telephony, however it is expected that the number will increase up to 40 per cent in next two years. However some observers predict that as VOIP is more universally adopted, monthly fees for telephone service will disappear and a single internet connection could be used for telephone, television, e-mail and surfing the net. Nevertheless many businesses think that quality of service is the most common barrier for enterprises considering the switch to VoIP. [1]

Taiwan's largest telecommunications company blamed VoIP for part of the decrease in long-distance telephone calls revenue in the last years. [2]

Future potential of the three technologies
Since the voice traffic transmitting through data networks is increased dramatically in the last few years because of both supply and demand-side interactions, vendors of voice equipment will continue to develop integrated voice and data devices based on pocketsize technology.

Data and its implications for voice
Unlike most data communications, which can accept delay, voice communications must be performed in near real-time, which means that network delays must be kept short to remain barely visible to the user.

Circuit switching network is more effective and efficient in dealing and transmitting voice than packet switching networks, due to the delay of voice packets across the network, this delay occurs because of the congestion in the network that might result in dropping some packets which will affect the voice integrity. However adding bandwidth to the network is one way to overcome the problem of network delay and congestion.

The interoperability of the three technologies
It is necessary that the interoperability be transparent to the users, who want to communicate through the network and without concern for the technological issues involved.
Fragmentation techniques in Frame Relay, IP and ATM, are relatively similar, however prioritization techniques, signaling protocols and voice compression algorithms are not compatible. Nevertheless development is being made in direction of standardization within each protocol and interworking between them, however still significant work remains to be done. [3]

At present, the Frame Relay Forum has set standards for transmitting voice over Frame Relay; however, there are no standards for voice switching between VFRADs. Furthermore the interoperability standards for voice and multimedia over IP are defined by ITU H.323 which include endpoint negotiation and the format of the information but not issues such as encoding and security. [4]

However achieving interoperability between these varieties of networks will allow users to benefit from the best that each of these technologies has to offer.

References

Sylvia Carr 2006, Silicon.com, http://networks.silicon.com/telecoms/0,39024659,39157577,00.htm
Dan Nystedt 2006,Networkworld.com, http://www.networkworld.com/news/2006/033006-network-operators-voip.html
Rad.com, http://www2.rad.com/solution/voe22.htm
Voice over IP now, http://www.voipnow.org/2005/09/carrying_voice__1.html

Voice over IP

2007-04-08T06:20:00.000-07:00

VoIP Stands for (Voice over Internet Protocol) which is a category of hardware and software was originally developed to make voice communication between computers in different locations achievable. VoIP works by sending voice data in packets using IP rather than by traditional circuit transmissions of the PSTN, it converts the voice signal from the telephone into a digital signal using codec then once the voice digitise it is compressed into smaller package and then converted into datagram format, the voice datagram is then encapsulated with the appropriate UDP and IP headers and sent over the internet or private network. However it is essential in VoIP to compress voice since traffic usually travels over low-speed links.

Voice compression
Since traffic usually travels over low speed network, voice compression is essential in VoIP however ITU G.723.1 algorithm is used to maintain high quality voice.

Echo Cancellation
G.165 and G.168 are some of the specs recommended to deal with echoes, which can occur in VoIP networks. Echoes which take place as a result of any differences in the impedance in the circuit switched. [1]

Advantages of VoIP
One of the advantages of VoIP is that the telephone calls over the Internet are free; therefore the data network can be used for both voice and data, which could eliminate the expense of having a separate voice system.

Disadvantages of VoIP
VoIP does not offer any method to ensure that data packets are delivered in sequential order. Furthermore Quality of Service is not guarantee.
VoIP implementations may face problems dealing with latency, and jitter that causes non-smooth voice streams, however jitter can be controlled by a jitter buffer that avoids delay. [2]

References

Voice over IP now, http://www.voipnow.org/2005/09/carrying_voice__1.html
Fatima Ahmed, Developer.com, http://www.developer.com/voice/article.php/3112781

Applications of voice over ATM

2007-04-07T19:53:00.000-07:00

The perfect platform is offered by multimedia workstations, which combine voice communication and visual data, such as videoconferencing.
The second most common method is to provide a direct connection of telephone, fax machine or modem to an ATM network switch. The third method is to place voce over ATM through a direct connection of a PBX voice switch to an ATM network switch.

Voice compression
Since ATM networks benefit from the high bandwidth, voice compression is not essentials. Nevertheless, voice compression is necessary in hybrid ATM Frame Relay networks, because Frame Relay uses voice compression hence ATM must for that reason be capable of supporting voice compression that will work with VoFR equipment.

Voice over ATM

2007-04-07T19:37:00.001-07:00

ATM regarded as “a very complex technology, perhaps the most complex ever developed by the networking industry” [1]

Short for Asynchronous Transfer Mode is similar to frame relay, very high speed packet switched service which can be used for sending data or voice between two points either within a LAN, MAN or WAN, the transfer rates are up to 622Mbps, or faster, furthermore ATM is a very scalable, nevertheless it is an expensive technology.

In ATM data is sent in small packages of 53 byte called cells, which are relatively small compared to units used with older technologies, the reason for keeping the cells small is when a cell reaches a node in the ATM network, the cell will be able to pass quickly through the node to the destination. The small cell size enables ATM equipment to transfer audio, video and computer data over the same network.

ATM differs from TCP/IP, in TCP/IP messages are divided into packets and each packet can take a different route from source to destination, whereas in ATM a fixed channel or route is created, between two points whenever data transfer begins. This difference makes it easier to track and bill data usage across an ATM network, however it makes it less adaptable to sudden surges in network traffic. [2]

One of primary benefits of end to end ATM is the capability to integrate voice and data traffic.

However there are two methods of transmitting voice traffic over ATM and they are: CBR which is the most popular method for voice transport among ATM concentrators and switches, since the ATM Forum’s standard has promoted interoperability between vendors. The second method is real-time VBR which offers a more cost effective, since the ATM network doesn’t use any bandwidth during periods of silence. The unused bandwidth during these periods will be available to other ATM service categories.

References

Anthony Alles, 1995, "ATM Internetworking" http://www.cisco.com/warp/public/614/12.html
Teligent, http://www2.teligent.se/?sid=514&parentsid=27

Advantages and disadvantages of voice over frame relay

2007-04-07T19:33:00.000-07:00

As well as offering efficient and flexible data transport mechanism, frame relay reduces the cost of bandwidth; furthermore VoFR technology provides telecommunication and network managers with the opportunity of merging voice and voice-band data with data services over frame relay.

However many enhancements were carried out to improve frame relay which increased its effectiveness. Furthermore a lot of effort is being expended by standards bodies, manufacturers and public network service providers to recommend and implement these changes. Once these changes become available, frame relay is expected to grow in popularity.

In order to permit retailers to interconnect their VoFR competent equipments the Frame Relay Forum Technical Committee has developed an Implementation Agreement. A Discussion of Voice over Frame Relay 2000 [1]

Disadvantages of voice over frame relay

Reducing the sound quality because of voice compression.
According to Deanna K. Dokey “Lack of standardization regarding equipment specifications and acceptable levels of quality for voice transport.“ [2]

References

A Discussion of Voice over Frame Relay 2000 http://www.mfaforum.org/frame/Whitepaper/4017.shtml
Deanna K. Dokey, The Center for Virtual Organizations and Commerce, Louisiana State University http://isds.bus.lsu.edu/cvoc/Projects/TechLibrary/VoiceOver/comparison_of_alternati ves.htm

Voice over Frame Relay

2007-04-07T19:29:00.000-07:00

Voice over Frame Relay is a packet switched WAN protocol which allows the network to carry live voice traffic over a Frame Relay network.

Frame relay is a Data Link Layer protocol that is built on the existing CCITT X.25 and ISDN standards (Miller, 1991). It was designed for LAN-to-LAN internetworking across the WAN and it's normally used in commercial data networks because of its flexible bandwidth, using network resources more efficiently by merging a number of channels of voice traffic with data and passing on the result over an existing frame relay network and finally because of it is low-cost, however it is primarily recommended for star topology networks.
Unlike the Internet frame relay guarantees throughput and minimum delay, furthermore because of using Permanent Virtual Connections (PVC) between sites frame relay network is more secure than the Internet. [1]

Rather than trying to digitize the whole voice sample, low bit rates are achieved by analyzing and processing only the necessary components of a voice sample. Following the removal of repetitive patterns and silent periods, the remaining speech information then digitized and placed into voice packets suitable for transmission over a frame relay network. [2]

Furthermore frame relay technology was designed for data transmissions and not voice. However through the use of Voice Frame Relay Access Devices (VoFRADS), voice to be packetized and travel over a frame relay network, however the quality of voice traffic is not guaranteed.

References

RAD data communications rad.com, http://www2.rad.com/networks/1995/fram-rel/future.htm
A Discussion of Voice over Frame Relay 2000 http://www.mfaforum.org/frame/Whitepaper/4017.shtml

Technological change from a circuit based network to a packet based network

2007-04-07T19:26:00.000-07:00

Technological change from a circuit based network to a packet based network can provide considerable consumer benefits.
Economic advantages are one of the main reasons for the growth of packet voice networking, it has been estimated that packet voice networking costs 20 to 30 percent of an equivalent circuit-based voice network, due to lower hardware and software costs moreover the greater efficiency of packet transmission.
Furthermore economics influence moving onto a single packet network for voice, data, image, and video, in the long-term is greatly cheaper than maintaining two parallel networks, circuit-switched for voice and packet-switched for data.

References
Joseph Kraemer 2002, "SUMMARY OF STRATEGIC TRENDS IN THE U.S.TELECOMMUNICATIONS INDUSTRY" http://www.newmillenniumresearch.org/archive/trends.pdf

Networking technology

2007-04-07T19:22:00.000-07:00

“Not so long ago the Internet used to be run on phone system, but now, phone system are running on the Internet.” Kooksoon Loh 2000

Over the last few years networking technology has improved to the stage where voice can be transmitted reliably over the network. Nevertheless, growth in voice traffic has been relatively small comparing to the growth of data traffic which is greater than voice traffic in majority of the networks. However voice traffic, as an application on a data network, has gained great benefit from many existed technologies that resulted in breakthroughs in latency management and queuing prioritization, which was then applied and employed in voice traffic.

In addition to the above, standards have been set to assist commercial use of voice over packet technology VoIP, ATM cells or frame relay cells.

Nevertheless and with these technologies comes the pressure of choosing the right and suitable technology for any specific situations and task, furthermore comes the difficulty of interoperability between these varieties of networks.

However achieving interoperability between these varieties of networks will allow users to benefit from the best that each of these technologies has to offer.
Additionally it is clear that manly cost saving and efficient use of network resources are the driving forces behind the voice over packet solutions.

A new survey found that the third of UK businesses fail to report security crimes and breaches

2007-04-07T08:08:00.000-07:00

According to a new survey by Infosecurity Europe 2007, which involved about 285 large organizations in UK, almost the third of these businesses don't report information security crimes and breaches. The survey discovered also that IT managers are faced with a very difficult choice in whether or not to report any security crime.

Managers have to weigh between their responsibility to report security crimes in order to prevent similar incidents in the future and the effects of reporting these incidents on their reputation amoing their customers and hackers.

Nevertheless according to Jonathan Coad the media lawyer from Swan Turton "From my experience as a media lawyer, reporting crime to the police is a double edged sword as invariably the press have found out about the incident within 24 hours of reporting it to the police, creating a real PR risk."

However Phillip Virgo, the Secretary General of think tank Eurim stated that "The time has come to respond to the needs of the customer for security tools they can understand, realistic advice, guidance and support on how to use them and for reporting systems that will route their enquiry to some-one who will respond - be it law enforcement or technical support,"

Source of the news

Summer email spam for women

2007-04-06T12:39:00.000-07:00

As we move toward the summer email headers like 'lose weight fast' are being increased by spammers, targeting at women. Spammers also include other products such as body wraps that supposedly absorb fat and dietary supplements.

According to Neil Hammerton, chief executive at communications management firm Email Systems "The move to directly target women with 'health-related' email in the summer shows spammers' ever-present desire to develop new audiences for their products by any means necessary"

Furthermore he added that "Unfortunately, such scare marketing to specific audiences is becoming a frequently adopted tactic by the spamming community."

Source of the story

More than half of the security experts at a conference for security experts have insecure WiFi settings

2007-04-06T11:55:00.000-07:00

According to AirDefense the majority of the computers used by security experts who were at the RSA conference in San Francisco in February this year didn’t have the appropriate security protection.

The wireless traffic was scanned by AirDefense on the first day of the conference and found a total of 623 Wi-Fi enabled notebooks and mobile phones. 56% of those devices were configured automatically to log-on to networks with default names such as 'Linksys' or 'T-Mobile'.

Furthermore and according to vnunet.com “attackers could exploit the feature through a so-called man-in-the-middle attack in which a rogue access point is set up with a Service Set Identifier that is identical to the common service.”

Read the full story

Pay less for your Internet Security Suite and get more protection

2007-04-06T09:46:00.000-07:00

Security software tests by PC Magazine proves that you can pay less for your Internet Security Suite and get more protection.

The independent testing by PC Magazine demonstrate that the Internet Security Suite CyberDefenderFREE provided by www.cyberdefender.com outperformed most costly and widely available security software products at removing and blocking spyware.

In the review which conducted by PC Magazine, CyberDefenderFREE(TM) 2.0 achieved higher marks at removing spyware than companies such as McAfee, Grisoft (AVG), and Trend-Micro PC-cillin.
Nevertheless CyberDefenderFREE(TM) 2.0 scored the same as Windows Live OneCare.

Read the full story

What online businesses should do to protect themselves

2007-04-05T14:27:00.000-07:00

Websites should emphasis on the site security by using the following:

1. Encryption and Decryption:
Which involve using Secure Sockets Layer (SSL) when transmitting private documents via the Internet. This will guarantee protecting the information in transmission between the web server and the client's web browsers using 256, 128, 56 or 40-bit encryption.

2. Digital signatures:
Which is a digital code attached to a message and is unique to that specific message for identifying the originator of the electronic message and cannot be forged.

3. Securing our web server:
By keeping all the software including the operating system and the WWW server up-to-date, furthermore by using firewalls, Anti-Spyware and antivirus software.

4. Authentication:
Users must be individually identified to enable them specific access that will prevent any unauthorised modification deleting or corrupting of information.
This requires each user to be assigned a username and password within the system. Usernames and passwords are by far the most commonly used means of authentication in any IT systems, and are capable of providing a fairly effective level of protection.

Online security

2007-04-05T14:00:00.000-07:00

The security of the customer’s data is a serious matter therefore businesses should protect all of their transactions with Secure Socket Layer (SSL) technology, using digital signatures, securing their web server and use an authentication system. They also should protect their customer’s information with their privacy policy.

Ineffective website security will open the door to computer and network attacks which results in damage to the technical and information assets, the consequences of all of that will be loss of customer confidence and damaged reputation and credibility. Nevertheless in some cases, attacks can put any company out of business, especially where the website is the sole source of the revenue. In addition site security is the main reason why customers are reluctant to spend money online.

The following laws and acts oblige online businesses to securely keep any data about their customers from being damaged, lost or being unlawfully processed:

Universal Declaration of Human Rights article 12.
European Convention on Human Rights Article 8.
Data Protection Act 1984 and Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
the computer misuse act, 1990, which introduced three new criminal offences and they are:
Unauthorised access to computer material, which described as simple hacking that is using a computer without permission
Unauthorised access to computer material with the intent to commit or facilitate commission of further offences.
Unauthorised modification of computer material.

Weirdest thing I've seen today

2007-04-04T08:07:00.000-07:00

Off the topic I know, sorry I couldn't resist sharing with you.
Almost 100 employees working at the site of the 'tallest building with a twist' escaped as a wall holding back the Dubai Marina waters breached and flooded the foundation site.
Excavation work on the 80-floor Infinity Tower was nearing completion when the incident happened.

Source: Dubai News Online

Types of firewalls

2007-04-03T18:23:00.000-07:00

There are several classifications of firewalls depending on:

Whether the communication is being done between a single node and the network, or between two or more networks.
Whether the communication is intercepted at the network layer, or at the application layer.
Whether the communication state is being tracked at the firewall or not.

With regard to the scope of filtered communications there exist:

Personal firewalls, a software application which normally filters traffic entering or leaving a single computer. This filtering may be based on the traffic itself or on the identity of the process which is attempting to listen for or send data.
Network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks or DMZs (demilitarized zones). Such a firewall filters all traffic entering or leaving the connected networks.

The latter definition corresponds to the conventional, traditional meaning of "firewall" in networking.

In reference to the layers where the traffic can be intercepted, three main categories of firewalls exist:

Network layer firewalls. An example would be iptables.
Application layer firewalls. An example would be TCP Wrappers.
Application firewalls. An example would be restricting ftp services through /etc/ftpaccess file

These network-layer and application-layer types of firewall may overlap, even though the personal firewall does not serve a network; indeed, single systems have implemented both together.

There's also the notion of application firewalls which are sometimes used during wide area network (WAN) networking on the world-wide web and govern the system software. An extended description would place them lower than application layer firewalls, indeed at the Operating System layer, and could alternately be called operating system firewalls.

Lastly, depending on whether the firewalls keeps track of the state of network connections or treats each packet in isolation, two additional categories of firewalls exist:

Stateful firewalls
Stateless firewalls

http://en.wikipedia.org/wiki/Firewall_%28networking%29

Firewall

2007-04-03T18:21:00.000-07:00

A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections set and configured by the organization's security policy. Firewalls can either be hardware and/or software based.

A firewall's basic task is to control traffic between computer networks with different zones of trust. Typical examples are the Internet which is a zone with no trust and an internal network which is (and should be) a zone with high trust. The ultimate goal is to provide controlled interfaces between zones of differing trust levels through the enforcement of a security policy and connectivity model. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone (DMZ).

A firewall's function is analogous to firewalls in building construction.

Proper configuration of firewalls demands skill from the firewall administrator. It requires considerable understanding of network protocols and of computer security. Small mistakes can render a firewall worthless as a security tool.

http://en.wikipedia.org/wiki/Firewall_%28networking%29

Digital Rights Management (DRM)

2007-04-03T18:17:00.000-07:00

Digital Rights Management (DRM) is an umbrella term referring to technologies used by publishers or copyright owners to control access to or usage of digital data or hardware, and to restrictions associated with a specific instance of a digital work or device. The term is often confused with copy protection and technical protection measures, which refer to technologies that control or restrict the use and access of digital content on electronic devices with such technologies installed, acting as components of a DRM design.

Digital Rights Management is a controversial topic. Advocates argue DRM is necessary for copyright holders to prevent unauthorized duplication of their work to ensure continued revenue streams. Some critics of the technology, including the Free Software Foundation, suggest that the use of the word "Rights" is misleading and suggest that people instead use the term Digital Restrictions Management. Their position is essentially that copyright holders are attempting to restrict use of copyrighted material in ways not included in the statutory, common law, or Constitutional grant of exclusive commercial use to them. Others, such as the Electronic Frontier Foundation consider some DRM schemes to also be anti-competitive practices, citing the iTunes Store as an example.

Introduction
Digital rights management technologies attempt to control or prevent access to or copying of digital media, which can be copied with very little cost or effort. Copyright holders, content producers, or other financially or artistically interested parties have historically objected to copying technologies, before digital media. Examples have included player piano rolls early in the 20th century, audio tape recording, and video tape recording (e.g. in the Betamax case in the US). The advent of digital media increased concerns. While analog media inevitably loses quality with each copy generation, and in some cases even during normal use, digital media files may be copied an unlimited number of times with no degradation in the quality of subsequent copies. Digital Audio Tape, thought by many observers of the time to be a probable replacement for the audio cassette, was a market failure in part due to opposition to it on grounds of unauthorized copying potential[citation needed]. The advent of personal computers, the ease of ripping media files from a CD or from radio broadcast, combined with the internet and popular file sharing tools, has made unauthorized dissemination of copies of digital files (often referred to as digital piracy) much easier. This has concerned some digital content publishers, leading some to pursue DRM technologies to try to prevent those actions.

Although technical controls on the reproduction and use of software have been intermittently common since the 1970s, the term DRM has come to primarily mean the use of these measures to control copyrightable artistic content. Some DRM technologies enable content publishers to enforce access policies that go beyond preventing copyright violations, and also prevent legal fair use.

DRM schemes are built on numerous technologies, such as modifications to digital media player software to include cryptographic controls on access. Since such implementations can in principle be reverse engineered, and in practice frequently are, they cannot be fully effective as an inherent part of the design. This fact has resulted in a general move toward Mandatory Access Control systems (as opposed to Discretionary access control) in which use restrictions are enforced by firmware (ie, software permanently embedded in hardware), or especially in recent releases of some operating systems, in the heart of the operating system. These software/firmware/embedded hardware controls interact with operating systems, media player software, or both to achieve their DRM goals. However, some implementations of this DRM type are vulnerable to an additional class of attacks, due to the requirement for running on tamper-resistant hardware. There has also been pressure (successful in some places) for legislation and regulation creating new offenses (ie, controlling or prohibiting examination of DRM schemes, or possession of any tools (e.g., software) which might interfere with the operation of a DRM scheme.) An example is the DMCA.

While digital rights management is most commonly used by the entertainment industry (e.g., films and recording), it has found use in other media as well. Many online music stores, such as Apple's iTunes Store, as well as certain e-books producers, have adopted various DRM schemes in recent times. In recent years, a number of television producers have begun demanding implementation of DRM measures to control access to the content of their shows in connection with the popular TiVo time-shifting recorder system, and its equivalents.

http://en.wikipedia.org/wiki/Digital_Rights_Management

Malware for profit: spyware, botnets, loggers, and dialers

2007-04-03T18:13:00.000-07:00

During the 1980s and 1990s, it was usually taken for granted that malicious programs were created as a form of vandalism or prank. More recently, the greater share of malware programs have been written with a financial or profit motive in mind. This can be taken as the malware authors' choice to monetize their control over infected systems: to turn that control into a source of revenue.

Since 2003 or so, the most costly form of malware in terms of time and money spent in recovery has been the broad category known as spyware. Spyware programs are commercially produced for the purpose of gathering information about computer users, showing them pop-up ads, or altering web-browser behavior for the financial benefit of the spyware creator. For instance, some spyware programs redirect search engine results to paid advertisements. Others often called "stealware" by the media overwrite affiliate marketing codes so that revenue goes to the spyware creator rather than the intended recipient.

Spyware programs are sometimes installed as Trojan horses of one sort or another. They differ in that their creators present themselves openly as businesses, for instance by selling advertising space on the pop-ups created by the malware. Most such programs present the user with an end-user license agreement which purportedly protects the creator from prosecution under computer contaminant laws. However, spyware EULAs have not yet been upheld in court.

Another way that financially-motivated malware creator can monetize their infections is to directly use the infected computers to do work for the creator. Spammer viruses, such as the Sobig and Mydoom virus families, are commissioned by e-mail spam gangs. The infected computers are used as proxies to send out spam messages. The advantage to spammers of using infected computers is that they are available in large supply (thanks to the virus) and they provide anonymity, protecting the spammer from prosecution. Spammers have also used infected PCs to target anti-spam organizations with distributed denial-of-service attacks.

In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously. Botnets can also be used to push upgraded malware to the infected systems, keeping them resistant to anti-virus software or other security measures.

Lastly, it is possible for a malware creator to profit by simply stealing from the person whose computer is infected. Some malware programs install a key logger, which copies down the user's keystrokes when entering a password, credit card number, or other information that may be useful to the creator. This is then transmitted to the malware creator automatically, enabling credit card fraud and other theft. Similarly, malware may copy the CD key or password for online games, allowing the creator to steal accounts or virtual items.

Another way of stealing money from the infected PC owner is to take control of the modem and dial an expensive toll call. Dialer (or porn dialer) software dials up a premium-rate telephone number such as a U.S. "900 number" and leave the line open, charging the toll to the infected user.

http://en.wikipedia.org/wiki/Malware

Capsule history of viruses and worms

2007-04-03T18:11:00.000-07:00

Before Internet access became widespread, viruses spread on personal computers by infecting programs or the executable boot sectors of floppy disks. By inserting a copy of itself into the machine code instructions in these executables, a virus causes itself to be run whenever the program is run or the disk is booted. Early computer viruses were written for the Apple II and Macintosh, but they became more widespread with the dominance of the IBM PC and MS-DOS system. Executable-infecting viruses are dependent on users exchanging software or boot floppies, so they spread heavily in computer hobbyist circles.

The first worms, network-borne infectious programs, originated not on personal computers, but on multitasking Unix systems. The first well-known worm was the Internet Worm of 1988, which infected SunOS and VAX BSD systems. Unlike a virus, this worm did not insert itself into other programs. Instead, it exploited security holes in network server programs and started itself running as a separate process. This same behavior is used by today's worms as well.

With the rise of the Microsoft Windows platform in the 1990s, and the flexible macro systems of its applications, it became possible to write infectious code in the macro language of Microsoft Word and similar programs. These macro viruses infect documents and templates rather than applications, but rely on the fact that macros in a Word document are a form of executable code.

Today, worms are most commonly written for the Windows OS, although a small number are also written for Linux and Unix systems. Worms today work in the same basic way as 1988's Internet Worm: they scan the network for computers with vulnerable network services, break in to those computers, and copy themselves over. Worm outbreaks have become a cyclical plague for both home users and businesses, eclipsed recently in terms of damage by spyware.

http://en.wikipedia.org/wiki/Malware

Malware

2007-04-03T18:06:00.000-07:00

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a portmanteau of the words "malicious" and "software". The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Many normal computer users are however still unfamiliar with the term, and most never use it. Instead, "(computer) virus" is used in common parlance and often in the general media to describe all kinds of malware. Another term that has been recently coined for malware is badware, perhaps due to the anti-malware initiative Stopbadware or corruption of the term "malware".

Software is considered malware based on the perceived intent of the creator rather than any particular features. It includes computer viruses, worms, trojan horses, spyware, dishonest adware, and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of California, West Virginia, and several other U.S. states.

Malware should not be confused with defective software, that is, software which has a legitimate purpose but contains harmful bugs.

Purposes
Many early infectious programs, including the Internet Worm and a number of MS-DOS viruses, were written as experiments or pranks generally intended to be harmless or merely annoying rather than to cause serious damage. Young programmers learning about viruses and the techniques used to write them might write one to prove that they can do it, or to see how far it could spread. As late as 1999, widespread viruses such as the Melissa virus appear to have been written chiefly as pranks.

A slightly more hostile intent can be found in programs designed to vandalize or cause data loss. Many DOS viruses, and the Windows ExploreZip worm, were designed to destroy files on a hard disk, or to corrupt the filesystem by writing junk data. Network-borne worms such as the 2001 Code Red worm or the Ramen worm fall into the same category. Designed to vandalize web pages, these worms may seem like the online equivalent to graffiti tagging, with the author's alias or affinity group appearing everywhere the worm goes.

However, since the rise of widespread broadband Internet access, more malicious software has been designed for a profit motive. For instance, since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for black-market exploitation. Infected "zombie computers" are used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion.

Another strictly for-profit category of malware has emerged in spyware -- programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues to the spyware creator. Spyware programs do not spread like viruses; they are generally installed by exploiting security holes or are packaged with user-installed software.

http://en.wikipedia.org/wiki/Malware

Intercepting

2007-04-03T17:58:00.000-07:00

Many organizations — including corporations, schools, and families — use a proxy server to enforce acceptable network use policies or to provide security, anti-malware and/or caching services. A traditional web proxy is not transparent to the client application, which must be configured to use the proxy (manually or with a configuration script). In some cases, where alternative means of connection to the Internet are available (e.g. a SOCKS server or NAT connection), the user may be able to avoid policy control by simply resetting the client configuration and bypassing the proxy. Furthermore administration of browser configuration can be a burden for network administrators.

An intercepting proxy, often incorrectly called transparent proxy (also known as a forced proxy) combines a proxy server with NAT. Connections made by client browsers through the NAT are intercepted and redirected to the proxy without client-side configuration (or often knowledge).

Intercepting proxies are commonly used in businesses to prevent avoidance of acceptable use policy, and to ease administrative burden, since no client browser configuration is required.

Intercepting proxies are also commonly used by Internet Service Providers in many countries in order to reduce upstream link bandwidth requirements by providing a shared cache to their customers.

It is often possible to detect the use of an intercepting proxy server by comparing the external IP address to the address seen by an external web server, or by examining the HTTP headers on the server side.

Some poorly implemented intercepting proxies have historically had certain downsides, e.g. an inability to use user authentication if the proxy does not recognize that the browser was not intending to talk to a proxy. Some problems are described in RFC 3143 (Known HTTP Proxy/Caching Problems). A well-implemented proxy should not inhibit browser authentication at all.

The term transparent proxy, often incorrectly used instead of intercepting proxy to describe the same behavior, is defined in RFC 2616 (Hypertext Transfer Protocol -- HTTP/1.1) as:

"proxy that does not modify the request or response beyond what is required for proxy authentication and identification."

http://en.wikipedia.org/wiki/Proxy_server

Internet censorship

2007-04-03T17:43:00.000-07:00

Internet censorship is control or suppression of the publishing or accessing of information on the Internet. The legal issues are similar to offline censorship.

One difference is that national borders are more permeable online: residents of a country that bans certain information can find it on websites hosted outside the country. Conversely, attempts by one government to prevent its citizens from seeing certain material can have the effect of restricting foreigners, because the government may take action against Internet sites anywhere in the world, if they host objectionable material.

Total censorship of information on the Internet, however, is very difficult (or impossible) to achieve due to the underlying distributed technology of the Internet. Pseudonymity and data havens (such as Freenet) allow unconditional free speech, as the technology guarantees that material cannot be removed and the author of any information is impossible to link to a physical identity or organization.

Circumvention
Proxy websites
Proxy websites are often the simplest and fastest way to access banned websites in censored nations. Such websites work by being themselves un-banned but capable of displaying banned material within them. This is usually accomplished by entering a URL address which the proxy website will fetch and display. There is also a main stream of distributors who create large masses of proxy sites. They are most closely affiliated with peacefire.

JAP
JAP primarily is a strong, free and open source anonymizer software available for all operating systems. Since 2004, it also includes a blocking resistance functionality that allows users to circumvent the blocking of the underlying anonymity service AN.ON by accessing it via other users of the software (forwarding client).

The addresses of JAP users that provide a forwarding server can be retrieved by getting contact to AN.ON's InfoService network, either automatically or, if this network is blocked, too, by writing an e-mail to one of these InfoServices. The JAP software automatically decrypts the answer after the user did a CAPTCHA. The developers are currently planning to integrate additional and even stronger blocking resistance functions.

Psiphon
Psiphon software allows users in nations with censored Internet such as China to accessed banned websites like Wikipedia. "We're aiming at giving people access to sites like Wikipedia," a free, user-maintained online encyclopedia, and other information and news sources, Michael Hull, psiphon's lead engineer, told CBC News Online.

Sneakernets
Sneakernet is a term used to describe the transfer of electronic information, especially computer files, by physically carrying data on storage media from one place to another. A sneakernet can move data regardless of network restrictions simply by not using the network at all.

The charity relief organization Information Without Borders is attempting to implement a sneakernet routing protocol for providing cheap Internet access to developing and post-conflict regions using donated PDAs and mobile phones, and also for providing free and open Internet access to repressive regimes that restrict free expression by limiting access.

http://en.wikipedia.org/wiki/Internet_censorship

Open proxy

2007-04-03T17:36:00.000-07:00

An open proxy is a proxy server which is accessible by any Internet user.

Generally, a proxy server allows users within a network group to store and forward internet services such as DNS or web pages so that the bandwidth used by the group is reduced and controlled. With an "open" proxy, however, any user on the Internet is able to use this forwarding service.

By utilizing some open proxies (the so-called "anonymous" open proxies), users can conceal their true IP address from the accessed service, and this is sometimes used to abuse or interrupt that service, potentially violating its terms of service or the law; open proxies are therefore often seen as a problem. However, anonymous open proxies are also used to increase anonymity or security when browsing the web or using other internet services: a user's true IP address can be used to deduce information about that user and to hack into his or her computer. Furthermore, open proxies can be used to circumvent efforts at Internet censorship by governments or organizations. Several web sites exist which provide constantly updated lists of open proxies.

It is possible for a computer to be running an open proxy server without knowledge of the computer's owner. This can be the result of misconfiguration of proxy software running on the computer, or of infection with malware (viruses, trojans or worms) designed for this purpose.

Many open proxies run very slowly, sometimes below 14400 baud (14.4 Kbps), or even below 300 baud, while other times the speed may change from fast to slow every minute. Some, such as PlanetLab proxies, run faster and were intentionally set up for public use.

Because open proxies are often implicated in abuse, a number of methods have been developed to detect them and to refuse service to them. IRC networks with strict usage policies automatically test client systems for known types of open proxies. Likewise, a mail server may be configured to automatically test mail senders for open proxies, using software such as proxycheck. Increasingly, mail servers are configured out of the box to consult various DNSBL servers in order to block spam; some of those DNSBLs also list open proxies.

http://en.wikipedia.org/wiki/Open_proxy

Trojan horse

2007-04-02T12:56:00.000-07:00

In the context of computer software, a Trojan horse is a program that unlike a virus contains or installs a malicious program (sometimes called the payload or 'trojan'). The term is derived from the classical myth of the Trojan Horse. Trojan horses may appear to be useful or interesting programs (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.

Often the term is shortened to simply trojan, even though this turns the adjective into a noun.

There are two common types of Trojan horses. One is otherwise useful software that has been corrupted by a hacker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.

Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. Just as the Greeks needed the Trojans to bring the horse inside for their plan to work, Trojan horse programs depend on actions by the intended victims. As such, if trojans replicate and even distribute themselves, each new victim must run the program/trojan. Therefore their virulence is of a different nature, depending on successful implementation of social engineering concepts rather than flaws in a computer system's security design or configuration.

However there is another meaning for the term 'Trojan Horse' in the field of computer architecture. Here it basically represents any piece of User Code which makes the Kernel Code access anything it would not have been able to access itself in the first place (i.e making the OS do something it wasn't supposed to be doing). Such security loopholes are called Trojan Horses.

http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29

Chain e-mail

2007-04-02T12:43:00.000-07:00

Chain e-mail is a term used to describe e-mails that encourage recipients to forward them on to someone else, the Internet versions of the chain letter.

Some e-mail service providers prohibit the use of their service for sending chain letters in their abuse policy, including Yahoo! and Comcast.

Chain letters may also qualify under other types of illegal activities, as in the case of a Ponzi scheme asking recipients to send money and forward the e-mail. They may be harmful, and contain trojans.

Chain letters are discouraged by RFC 1855.

Some may seem fairly harmless, for example, a grammar school student wishing to see how many people can receive his e-mail for a science project, but can grow exponentially and be hard to stop. They may contain false information, such as the famous "Forward this to everyone you know and if it reaches 1000 people everyone on the list will receive $1000" type e-mails. They may also be politically motivated, such as "save the scouts, forward this to as many friends as possible". Some recent chain e-mails say that a company "will stop its free email service if you don't send this message to X people". Some threaten users with bad luck if not forwarded.

Forwarding chain e-mail may increase a user's risk of getting viruses, and may also increase the amount of spam received, since participant's e-mail addresses are sometimes visible and may end up in the hands of spammers, either directly or via mailing lists archives on the web.

E-mails that are forwarded simply because they are enjoyed, such as urban legends or jokes or glurges are not necessarily under the chain e-mail category, although some chain e-mail is obviously humorous. Likewise, most spam is not chain e-mail as it doesn't typically ask recipients to forward the e-mail to friends.

http://en.wikipedia.org/wiki/Chain_e-mail

Types of E-mail spoofing

2007-04-02T12:38:00.000-07:00

Man-in-the-middle
In this form of network attack, a hacker will intercept two parties communications, and then alter the communication in any way that he/she sees fit. By using this form of spoof, a hacker can convince the receiver of a message to disclose confidential information, since the message will appear to have come from the supposedly trusted third party (the original sender of the message).

Non-blind spoofing
This occurs when a hacker is using the same subnet. The sequence and acknowledgment numbers are changed which makes it hard to calculate correctly. The largest problem with this type of spoofing is session hijacking, allowing a hacker to bypass any security set it place within the connection.

Blind spoofing
Blind spoofing is a much more difficult attack because the sequence and acknowledgment numbers are not reachable, making them extremely hard to track down and change. This is overcome by sending packets to the system being attacked to provide a sequence of numbers to discover the formula by studying these packets. Once the formula has been discovered, the sequence and acknowledgment numbers can be changed allowing the hacker full access.

http://en.wikipedia.org/wiki/E-mail_spoofing

E-mail spoofing

2007-04-02T12:34:00.000-07:00

E-mail spoofing is a term used to describe fraudulent email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. It is often associated with website spoofing which mimic an actual, well-known website but are run by another party either with fraudulent intentions or as a means of criticism of the organisation's activities.

Methods
As many spammers now use special software to create random sender addresses, even if the user finds the origin of the e-mail it is unlikely that the e-mail address will be active.

The technique is now used ubiquitously by mass-mailing worms as a means of concealing the origin of the propagation. On infection, worms such as ILOVEYOU, Klez and Sober will often try to perform searches for e-mail addresses within the address book of a mail client, and use those addresses in the From field of e-mails that they send, so that these e-mails appear to have been sent by the third party. For example:

User1 is sent an infected e-mail and then the e-mail is opened, triggering propagation
The worm finds the addresses of User2 and User3 within the address book of User1
From the computer of User1, the worm sends an infected e-mail to User2, but the e-mail appears to have been sent from User3

This can be particularly problematic in a corporate setting, where e-mail is sent to organisations with content filtering gateways in place. These gateways are often configured with default rules that send reply notices for messages that get blocked, so the example is often followed by:

User2 doesn't receive the message, but instead gets a message telling him that a virus sent to them has been blocked. User3 receives a message telling him that a virus sent by them has been blocked. This creates confusion for both User2 and User3, while User1 remains unaware of the actual infection.

Newer variants of these worms have built on this technique by randomising all or part of the e-mail address. A worm can employ various methods to achieve this, including:

Random letter generation
Built-in wordlists
Amalgamating addresses found in address books, for example:

User1 triggers an e-mail address spoofing worm, and the worm finds the addresses user2@efgh.com, user3@ijkl.com and user4@mnop.com within the users Outlook address book

The worm sends an infected message to user2@efgh.com, but the e-mail appears to have been sent from user3@mnop.com

Protection against spoofing
There are a couple preventative measures that can be used to protect spoofing from occurring.

Router filtering
Putting a filter on your router is the first preventive step. By using an Access Control List, you can block private IP addresses.

Encryption and authentication
By using encryption and authentication, you can reduce spoofing attacks. Ensuring the right authentication procedures are in place with a secure network will make it much more difficult for an attack to take place.

http://en.wikipedia.org/wiki/E-mail_spoofing

E-mail privacy

2007-04-02T12:22:00.000-07:00

The Internet is an expansive network of computers, much of which is unprotected against malicious attacks. From the time it's composed to the time it's read, e-mail travels along this unprotected Internet, perpetually exposed to electronic dangers.

Many users believe that e-mail privacy is inherent and guaranteed, psychologically equating it with postal mail. While e-mail is indeed conventionally secured by a password system, the one layer of protection is not secure, and generally insufficient to guarantee appreciable security.

Businesses are increasingly relying on electronic mail to correspond with clients and colleagues. As more sensitive information is transferred online, the need for e-mail privacy becomes more pressing.

Need for E-mail privacy
The Internet is an expansive network of computers, much of which is unprotected against malicious attacks. From the time it's composed to the time it's read, e-mail travels along this unprotected Internet, perpetually exposed to electronic dangers.

Many users believe that e-mail privacy is inherent and guaranteed, psychologically equating it with postal mail. While e-mail is indeed conventionally secured by a password system, the one layer of protection is not secure, and generally insufficient to guarantee appreciable security.

Businesses are increasingly relying on electronic mail to correspond with clients and colleagues. As more sensitive information is transferred online, the need for e-mail privacy becomes more pressing.

Risks to user
Because e-mail connects through many routers and mail servers on its way to the recipient, it is inherently vulnerable to both physical and virtual eavesdropping. Current industry standards do not place emphasis on security; information is transferred in plain text, and mail servers regularly conduct unprotected backups of e-mail that passes through. In effect, every e-mail leaves a digital papertrail in its wake that can be easily inspected months or years later.

The e-mail can be read by any cracker who gains access to an inadequately protected router. Some security professionals argue that e-mail traffic is protected from such "casual" attack by security through obscurity - arguing that the vast numbers of e-mails make it difficult for an individual cracker to find, much less to exploit, any particular e-mail. Others argue that with the increasing power of personal computers and the increasing sophistication and availability of data-mining software, such protections are at best temporary.

Intelligence agencies, using intelligent software, can screen the contents of e-mail with relative ease. Although these methods have been decried by civil rights activists as an invasion of privacy, agencies such as the U.S. Federal Bureau of Investigation conduct screening operations regularly within the bounds of the law.

ISPs and mail service providers may also compromise e-mail privacy because of commercial pressure. Many online e-mail providers, such as Yahoo! Mail or Google's Gmail, display context-sensitive advertisements depending on what the user is reading. While the system is automated and typically protected from outside intrusion, industry leaders have expressed concern over such data mining.

The receivers of e-mail can compromise e-mail privacy by indiscrimate forwarding of e-mail. This can reveal contact information (like e-mail addresses, full names, and phone numbers), internal use only information (like building locations, corporate structure, and extension numbers), and confidential information (trade secrets and planning).

In the United States and some other countries lacking secrecy of correspondence laws, e-mail exchanges sent over company computers are considered company property and are thus accessible by management. Employees in such jurisdictions are often explicitly advised that they may have no expectation of a right to privacy for messages sent or received over company equipment. This can become a privacy issue if employee and management expectations are mismatched.

http://en.wikipedia.org/wiki/E-mail_privacy

GNU Privacy Guard

2007-04-02T12:17:00.000-07:00

The GNU Privacy Guard (GnuPG or GPG) is a free software replacement for the PGP suite of cryptographic software, released under the GNU General Public License। It is a part of the Free Software Foundation's GNU software project, and has received major funding from the German government. GnuPG is completely compliant with RFC 2440, the IETF standard for OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems. Although some older versions of PGP are also interoperable, not all features of newer software are supported by the older software.

http://en.wikipedia.org/wiki/GNU_Privacy_Guard

IP address

2007-04-02T12:14:00.000-07:00

An IP address (Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP)—in simpler terms, a computer address. Any participating network device—including routers, computers, time-servers, printers, Internet fax machines, and some telephones—can have their own unique address.

An IP address can also be thought of as the equivalent of a street address or a phone number (compare: VoIP (voice over (the) internet protocol)) for a computer or other network device on the Internet. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network.

An IP address can appear to be shared by multiple client devices either because they are part of a shared hosting web server environment or because a proxy server (e.g., an ISP or anonymizer service) acts as an intermediary agent on behalf of its customers, in which case the real originating IP addresses might be hidden from the server receiving a request. The analogy to telephone systems would be the use of predial numbers (proxy) and extensions (shared).

IP addresses are managed and created by the Internet Assigned Numbers Authority (IANA)। The IANA generally allocates super-blocks to Regional Internet Registries, who in turn allocate smaller blocks to Internet service providers and enterprises.

http://en.wikipedia.org/wiki/IP_address

Digital signature

2007-04-02T12:11:00.000-07:00

digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form. Digital signature schemes normally give two algorithms, one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key. The output of the signature process is called the "digital signature."

Digital signatures, like written signatures, are used to provide authentication of the associated input, usually called a "message." Messages may be anything, from electronic mail to a contract, or even a message sent in a more complicated cryptographic protocol. Digital signatures are used to create public key infrastructure (PKI) schemes in which a user's public key (whether for public-key encryption, digital signatures, or any other purpose) is tied to a user by a digital identity certificate issued by a certificate authority. PKI schemes attempt to unbreakably bind user information (name, address, phone number, etc.) to a public key, so that public keys can be used as a form of identification.

Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature, but not all electronic signatures use digital signatures। In some countries, including the United States, and in the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear their applicability towards cryptographic digital signatures, leaving their legal importance somewhat unspecified.

http://en.wikipedia.org/wiki/Digital_signature

Encryption

2007-04-02T12:07:00.000-07:00

Encryption is the process of obscuring information to make it unreadable without special knowledge, sometimes referred to as scrambling. Encryption has been used to protect communications for centuries, but only organizations and individuals with an extraordinary need for secrecy had made use of it. In the mid-1970s, strong encryption emerged from the sole preserve of secretive government agencies into the public domain, and is now used in protecting widely-used systems, such as Internet e-commerce, mobile telephone networks and bank automatic teller machines.

Encryption can be used to ensure secrecy, but other techniques are still needed to make communications secure, particularly to verify the integrity and authenticity of a message; for example, a message authentication code (MAC) or digital signatures. Another consideration is protection against traffic analysis.

Encryption or software code obfuscation is also used in software copy protection against reverse engineering, unauthorized application analysis, cracks and software piracy used in different encryption or obfuscating software.

http://en.wikipedia.org/wiki/Encryption

Privacy software

2007-04-02T12:01:00.000-07:00

Privacy software is software built to protect the privacy of its users. The software typically works in conjunction with internet usage to control or limit the amount of information made available to third parties. The software can apply encryption or filtering of various kinds.

Privacy software can refer to two different types of protection। One type is protecting a users Internet privacy from the World Wide Web. There are software products that will mask or hide a users IP address from the outside world in order to protect the user from identity theft. The other type of protection is hiding or deleting the users Internet traces that are left on their PC after they have been surfing the Internet. There is software that will erase all the users Internet traces and there is software that will hide and encrypt a users traces so that others using their PC will not know where they have been surfing.

http://en.wikipedia.org/wiki/Privacy_software

Data logging

2007-04-02T06:43:00.001-07:00

Many programs and operating systems are set up to perform data logging of usage. This may include recording times when the computer is in use, or which web sites are visited. If a third party has sufficient access to the computer, legitimately or not, this may be used to lessen the user's privacy. This could be avoided by disabling logging, or clearing logs regularly.

http://en.wikipedia.org/wiki/Internet_privacy

ISPs

2007-04-02T06:41:00.000-07:00

Consumers obtain Internet access through an Internet Service Provider (ISP). All Internet data to and from the consumer must pass through the consumer's ISP. Given this, any ISP has the capability of observing anything and everything about the consumer's (unencrypted) Internet activities; however, ISPs presumably do not do this (or at least not fully) due to legal, ethical, business, and technical considerations.

ISPs do, however, collect at least some information about the consumers using their services. From a privacy standpoint, the ideal ISP would collect only as much information as it requires in order to provide Internet connectivity (IP address, billing information if applicable, etc). A common belief exists that most ISPs collect additional information, such as aggregate browsing habits or even personally-identifiable URL histories.

What information an ISP collects, what it does with that information, and whether it informs its consumers, can pose significant privacy issues. Beyond usages of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. In the US and other countries, such a request need not involve a warrant.

An ISP cannot know the contents of properly-encrypted data passing between its consumers and the Internet. For encrypting web traffic, https has become the most popular and best-supported standard. Note however, that even if users encrypt the data, the ISP still knows the IP addresses of the sender and of the recipient. (However, see the IP addresses section for workarounds.)

General concerns regarding internet user privacy have become a concern enough for a UN agency report to on the dangers of identity fraud.

http://en.wikipedia.org/wiki/Internet_privacy

Browsing profiles

2007-04-02T06:40:00.000-07:00

The process of profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. On the Internet, certain organizations employ profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles may or may not link with information that personally identifies the people who did the browsing.

Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of 'typical Internet users'. Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.

Profiling becomes a more contentious privacy issue, on the other hand, when data-matching associates the profile of an individual with personally-identifiable information of the individual.

Governments and organizations may set up Honeypot (computing) websites - featuring controversial topics - with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals.

http://en.wikipedia.org/wiki/Internet_privacy

Cookies

2007-04-02T06:38:00.000-07:00

Cookies have become perhaps the most widely-recognized privacy risk, receiving a great deal of attention. Although HTML-writers most commonly use cookies for legitimate, desirable purposes, cases of abuse can and do occur.

An HTTP cookie consists of a piece of information stored on a user's computer to add statefulness to web-browsing. Systems do not generally make the user explicitly aware of the storing of a cookie. (Although some users object to that, it does not properly relate to Internet privacy, although it does have implications for computer privacy, and specifically for computer forensics).

The original developers of cookies intended that only the website that originally sent them would retrieve them, therefore giving back only data already possessed by the website. However, in actual practice programmers can circumvent this intended restriction. Possible consequences include:

the possible placing of a personally-identifiable tag in a browser to facilitate web profiling (see below), or,

possible use in some circumstances of cross-site scripting or of other techniques to steal information from a user's cookies.

Many users choose to disable cookies in their web browsers. This eliminates the potential privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) have an option to have the system clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper application (for example, PrivacyView) that will redirect cookies and cache data to some other location. The Private Internet Browsing feature found in the CryptoStick Software Suite redirects all Internet Explorer information to a USB flash memory device. This prevents the storing of browsing information on the actual computer: the information goes off-system when the user removes the USB flash memory device from the computer.

http://en.wikipedia.org/wiki/Internet_privacy

Internet privacy

2007-04-02T06:35:00.000-07:00

Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. Many people use the term to mean universal Internet privacy: every user of the Internet possessing Internet privacy.

Internet privacy forms a subset of computer privacy. Experts in the field of Internet privacy have a consensus that Internet privacy does not really exist. Privacy advocates believe that it should exist.

Levels of privacy
People with only a casual interest in Internet privacy need not achieve total anonymity. Regular Internet users with an eye to privacy may succeed in achieving a desirable level of privacy through careful disclosure of personal information and by avoiding spyware. The revelation of IP addresses, non-personally-identifiable profiling, and so on might become acceptable trade-offs for the convenience that such users would otherwise lose in using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may use Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information of the Internet user.

http://en.wikipedia.org/wiki/Internet_privacy

Arguments against government monitoring

2007-04-02T05:30:00.000-07:00

Surveillance infringes on civil liberties - there is a lack of anonymity if facial recognition systems can be used, for example, to identify protestors in a demonstration.
CCTV cameras displace crime, rather than eliminate it - criminals move to areas where CCTV is not in place.
Due to the enormous manpower required to operate and monitor, many crimes (even if recorded) go unnoticed for hours, days, or even months, while costing money for upkeep and wages.
Monitoring can be used in committing crime, for example police officers have been caught using cameras to invade the personal privacy of women walking through airports.
Gathering data about many people in one place (the monitoring centre) provides a valuable source of data which would fuel illegal activities if the integrity of the operators were ever compromised.
The same technology used for disclosing networks of terrorists and criminals can be used by repressive regimes for finding dissidents, and allows easy blackmailing, blacklisting or prosecuting of people for their guilt by association (see the Second Red Scare for a set of historical examples). Its presence itself can provide a considerable chilling effect for political dissent.
An increase in methods to track individuals and their movements could create a large distrust in the government.

http://en.wikipedia.org/wiki/Privacy

Arguments for government monitoring

2007-04-02T05:29:00.000-07:00

Increased crime detection - due to the placement of CCTV cameras, the success rate of conviction is increased as criminals are more likely to be convicted due to the increased ability to prove a suspect committed an offence.

Prevention of terrorism - terrorist activities need coordination and this is often done using electronic equipment. If communications between devices can be monitored, the activities of terrorists can be prevented before any terrorist attacks are carried out, and their networks can be disclosed by network analysis and traffic analysis.

http://en.wikipedia.org/wiki/Privacy

Privacy from government interference

2007-04-02T05:28:00.001-07:00

As a human right, privacy primarily relates to government actions, not private actions. Human rights guarantees do not impose broad obligations on governments to protect individuals against possible invasions of their privacy by other individuals. However Constitutional and international guarantees require that restrictions on freedom of expression, even in the interests of privacy, must meet a very high standard of legality and necessity. Governments in many countries are given powers to breach privacy. This is often the case in criminal investigations, where police are permitted to search for and seize private property from places where they would otherwise be prohibited from entering without probable cause to do so. Telephone tapping, where all information being transmitted over a phone line is secretly monitored, is often permissible for Law Enforcement Agencies, although it usually requires permission from a court. This can then be used as evidence in trials where it is used to secure convictions against criminals. However, in the past, numerous cases have been overturned in the United States because the wiretap was not legally allowed. Other ways to monitor individuals or conduct mass surveillance include closed-circuit television cameras, which are placed in public and forward looking infrared cameras which are mounted on police helicopters.

The desirability of the government monitoring communications, whether permitted by law or not, is a common debate. Organizations such as the Electronic Frontier Foundation argue that the right to privacy from the government is an inalienable human right and that it is up to the person whether they should have to disclose information. Other groups, including government agencies like the National Security Agency, maintain that the ability to monitor all communications aids in the prevention of criminal activity and terrorism.

http://en.wikipedia.org/wiki/Privacy

Internet privacy

2007-04-02T05:27:00.000-07:00

Many companies exist with a goal to obtain as much information about customers as possible, through loyalty cards and other kinds of customer schemes. This data is immensely valued by other companies, which may pay large amounts of money for access to this information for marketing purposes (often telemarketing). A huge public backlash against telemarketers led to the introduction of the National Do Not Call Registry in the United States, and similar systems in other countries.

With the increasing amount of e-mail spam being sent, often advertising products for sale, solutions to prevent the loss of privacy (as the spammers use social engineering and other similar practices to keep an up-to-date list of email addresses) have been developed. See e-mail spam for more information.

Laws regulating the use of personal information by companies have diverged significantly between Europe and the United States, with strong regulation in the European Union and requirements for explicit permission before personal information can be reused. Conversely, this area is largely unregulated in the USA. In the USA, the free speech provision of the First Amendment provides many protections against regulating the sharing and use of personal information.

http://en.wikipedia.org/wiki/Privacy

Genetic privacy

2007-04-02T05:26:00.000-07:00

The concept of “genetic discrimination” and the associated need for confidentiality of genetic information, or "genetic privacy," have only recently entered our vocabulary. In numerous cases around the world, individuals and family members have been barred from employment or lost their health and life insurance based on an apparent or perceived genetic abnormality.[citation needed] Many of those who have suffered discrimination are clinically healthy and exhibit none of the symptoms of a genetic disorder. Often, genetic testing results in uncertain probabilities rather than clear-cut predictions of disease. Even in the most definitive genetic conditions, which are few in number, there remains a wide variability in the timing of onset and severity of clinical symptoms. Employers have access to medical/genetic information, which may be used to discriminate against their employees.

http://en.wikipedia.org/wiki/Privacy

Medical privacy

2007-04-02T05:25:00.000-07:00

Information concerning a person's health is kept confidential to the patient. In most countries, the patient must consent before anyone other than the staff of medical institutions may view the information. The reasons for keeping medical information private may include possible discrimination against people with a certain medical condition. However, it may be illegal to fail to disclose medical information in certain cases (for example, in the United Kingdom in 2001, Stephen Kelly was found guilty of "culpable and reckless" conduct for failing to tell his girlfriend he was HIV-positive before having unprotected sex with her [1]). Also see remarks on the Roe v Wade abortion decision below.

http://en.wikipedia.org/wiki/Privacy

Political privacy

2007-04-02T04:48:00.000-07:00

People may wish to keep their political viewpoints secret for a variety of reasons - political groupings may be able to commit violence either when successful (using the powers of the state) or when defeated (using their own militias for example). This may be used to punish those who disagree with them. Many people have been tortured or killed for their political views by, for example, dictators, terrorist groups, and often forces linked to democratically elected politicians.

The secret ballot, which is common in democratic elections worldwide, is designed to maintain political privacy to limit any discrimination against people voting according to their political views. Such discrimination does not always target minorities and losers of the election: in many cases, influential minorities (e.g. a group of businessmen) might possibly force the majority (the employees) to vote according to their needs, if the vote were open.

Outing of individuals can be done for several political reasons; either as a negative campaigning tactic designed to lower the outed person's reputation, or by others of a similar sexual orientation who seek openness over privacy.

Privacy is an issue of autonomy, at the Constitutional level in the United States. States are constrained in matters pertaining to privacy by the U.S. Constitution, as well as their own. In 1969 the Supreme Court made the right to privacy explicit in Griswold v Connecticut. The Court found the right to privacy implied in the Constitution in the First, Third, Fourth, Fifth, Ninth and Fourteenth Amendments. The Constitutional right to privacy continues to be recognized by the courts in accordance with that decision, but only with respect to certain classes of information.

The First Amendment states:

"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances."

The First Amendment's implications for privacy are that people under surveillance are not likely to express views, or go to assemblies or religious meetings of which the agencies of surveillance are likely to disapprove. The Court has ruled that the right to privacy covers the right to read --- unobserved --- material that the federal government finds objectionable. Specifically, in Lamont v Postmaster General the Court stated that "any addressee is likely to feel some inhibition in sending for literature which Federal officials have condemned." The freedom to read is actually the freedom to read without fear of surveillance Cohen, 96. The Court has also found a right to privacy in association and political activities. In addition, the right to privacy covers memberships and personal associations NAACP v Alabama, 1964, confirming the "right of members to pursue their lawful private interests privately and to associate freely with others."

The Third Amendment states:

"No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law."

The Fourth Amendment states:

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

Together the Third and Fourth Amendments create a region of privacy -- the home -- a space inviolable by the government except in constrained circumstances. These amendments suggest that what one does in one's own home is not the business of the government. Note that members in the case cited above of the NAACP were found to have not only the First Amendment right to associate, but also the right to "pursue private interest privately," as one might in one's own home.

The Fifth Amendment states:

"No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a grand jury, except in cases arising in the land or naval forces, or in the militia, when in actual service in time of war or public danger; nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation."

Just as the government cannot imprison citizens without charge, government cannot require that citizens speak. The implication is that the government has no right to hear all that a person could know and might say, thereby intruding into personal thoughts. As the Fourth Amendment limits the government's right to search papers, the Fifth Amendment denies it the right to search thoughts .

The Ninth Amendment states:

"The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."

Without the Ninth Amendment, the right to privacy could not be found in the Constitution. Since the Constitution nowhere specifically identifies the right to privacy explicitly. If the Ninth Amendment's did not specify the disposition rights other than those it explicitly mentions, the right to privacy as implied by the other Amendments could not exist.

Section 1 of the Fourteenth Amendment states:

"All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the state wherein they reside. No state shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any state deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws."

According to Section 1of the Fourteenth Amendment of the rights set forth in the Constitution can be abridged by the States. If the federal government has no right to your home, speech, or papers, neither do the state governments. The rights that together provide privacy from the federal government provide privacy from state and local governments as well. (Sections 2-5 of the Fourteenth Amendment address apportionment of representatives, Civil War disqualification and Civil War debt, and thus are not of interest here.)

The Constitutional right to privacy differs from state civil laws in that it is focused on individual autonomy rather than the communications of others. The right to privacy allows individuals to take certain actions without fear of retribution, rather than prevent the publication of certain types of information as state laws governing privacy do. In fact, privacy rights prohibiting intrusion into seclusion and publication of private information have been limited at the federal level precisely because of the First Amendment's protection of speech rights.

The Supreme Court has determined that there is no constitutional right to privacy or expectation of privacy in financial matters in US v Miller which is NOT the same as there being no statutory right to privacy. Consumer's voluntarily supply financial information to financial institutions, the information is owned by those institutions, and there is no reasonable expectation of privacy for such information because by its nature it must be shared in the course of business. Some advocates of privacy rights propose a property law, whereby individuals would be construed to own information about themselves. Thus far property laws have been used primarily to limit privacy by declaring information about one person to be the property of another and not properly subject to the oversight of the subject.

Constitutional protections of privacy have been applied inconsistently. Often a delay extends between the introduction of new technologies and the extension of privacy rights to the users of those technologies. Consider the case of telephony. In 1928 the Supreme Court determined that no person has a right to privacy in telephone conversations (Olmstead v United States, 1928) ruling that recording telephone conversations was not a search under the Fourth Amendment because the conversation left the defendant's home on lines that could not be secured. The Court stated that since the technology was inherently without security, people knowingly sacrificed privacy when they communicated using the telephone. The Court reasoned that telephone correspondents knew that the signals went outside their homes and only the most naive would expect privacy. Olmstead reads: "There was no searching. There was no seizure. The evidence was secured by the use of the sense of hearing and that only. There was no entry of the houses or offices of the defendants. . . . The language of the amendment cannot be extended and expanded to include telephone wires, reaching to the whole world from the defendant's home or office. The intervening wires are not part of his house or office, any more than are the highways along which they are stretched." Brandeis' incomparable dissent rings true today.

http://en.wikipedia.org/wiki/Privacy

Types of privacy

2007-04-02T04:46:00.000-07:00

Bodily privacy
Privacy may include preserving modesty and preventing embarrassment by preventing a person seeing someone else while naked or in underwear, or while using a toilet or urinal, having sex, etc. For that purpose a person, a couple, or a larger group of people, may seek temporary seclusion.

http://en.wikipedia.org/wiki/Privacy

Reasons for not maintaining privacy

2007-04-02T04:40:00.000-07:00

It has been reasoned that privacy discourages information sharing between individuals which in turn can lead to mistrust and intolerance amongst people and perpetuate false information. If information can be shared widely then facts can generally be verified through many different sources and there are less chances of inaccuracies. It has also been reasoned that Privacy can perpetuate stigma and intolerance. The reasoning behind this is that restrictions on information about people can inhibit and discourage collection and finding of data that is required for an accurate analysis and discussion on the causes and root of the stigma and intolerance. Philosophers often ask how people can learn to accept each other if they cannot know about each other. Issues have also been raised that privacy can encourage criminal activity as it makes it easier for criminals to hide their unlawful activities.

More pragmatically, privacy sometimes is not maintained because there is a benefit provided by disclosure. For example, a potential employer is given a résumé/CV in order to evaluate someone's appropriateness for employment. Or, contact information, e-mail addresses most often, are provided in exchange for access to some useful information, like a "white paper".

List of some court cases in the United States that reviewed the issue of privacy:

In a unanimous ruling justices at the Supreme Court of New Hampshire ruled: "A generalized concern for personal privacy is insufficient to meet the state's burden of demonstrating the existence of a sufficiently compelling reason to prevent public access." The state Supreme Court ruled that financial information people disclose in divorce cases is not entitled to sweeping privacy protections. The court said the right of access to court proceedings and records predates both the state and federal constitutions. The decision relied heavily on the New Hampshire Constitution, which says power comes from the people. "To that end, the public's right of access to governmental proceedings and records shall not be unreasonably restricted," the Constitution says. The Associated Press v. New Hampshire.

In Davis v. Freedom of Information Commission, 259 Conn. 45 (2001) The Connecticut Supreme Court ruled that the DPPA does not apply to other government agencies who receive personal information from the State DMV in the course of their normal government functions. Therefore, records compiled by the office of the tax accessor, which were based on state motor vehicle records, were publicly accessible.

Excerpt of a ruling by Judge Kenneth Johnson, Indianapolis, Indiana, "The great public interest in the reporting, investigation and prosecution of child abuse trumps even the patient's interest in privileged communication with her physicians because, in the end, both the patient and the state are benefited by the disclosure," Johnson wrote.

In Las Vegas Review v. Board of County Commissioners, August 18, 2000., Nevada's highest court ruled that Records showing the telephone numbers of incoming and outgoing calls on publicly owned cellular telephones are not confidential or private.

In Erwin Eastmond v. Canadian Pacific Railway & Privacy Commissioner of Canada (June 11, 2004) The Court found that CP could collect Eastmond's personal information without his knowledge or consent because it benefited from the exemption in paragraph 7(1)(b) of PIPEDA, which provides that personal information can be collected without consent if "it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement.

http://en.wikipedia.org/wiki/Privacy

Reasons for maintaining privacy

2007-04-02T04:39:00.000-07:00

If "information is power", then it follows that personal information in whatever form, or of whatever nature, confers power to the owner of that information.

Few individuals, organizations or governments refrain from making judgements based on their own self interest and the information gained through the loss of privacy, tends towards ultimately being used to wrestle power and autonomy away from the individual.

The loss of privacy, in a modern and evolving technological age, risks putting intolerable strains on existing democracies by empowering governments beyond their ability to contain their natural inclinations towards totalitarian actions and recurring dictatorial political forms.

Until the corrosive effects of power on the human psyche can be understood and sympathetically managed, it seems likely that increasing losses of privacy will inevitably lead to corresponding losses of personal freedoms, if only through the psychological effects on the individual, from the perception that they are being continuously and relentlessly scrutinised. This has been referred to as a 'technique of mass submission'.

The political effects of sustained and expanding losses of privacy also risks the eventual perception that even the secret ballot of the democratic vote is compromised. In an increasingly paranoid and totalitarian state this becomes a relevant factor. Also see Totalitarian democracy.

It has been reasoned that privacy encourages information sharing between individuals, because it creates an environment in which any perpetuated information that does not reference a source can be identified as rumor. If information is shared voluntarily, then facts can generally be approved by references to one or several identified sources, and there are fewer chances for the perpetuation of mistrust. The reasoning behind this is that the intention of a privacy violation does not matter for its effect to perpetuate the environment of rumors that is the root cause of intolerance. Philosophers often ask how people can choose to trust each other if they cannot hide from each other.

One may also wish to maintain privacy by withholding information from others because of stigma (as in the case of some "closeted" homosexuals), or for protection from the law (as when criminals hide information to prevent others from catching them). Often, information (such as bank account numbers or, in the USA, the Social Security Number) may be used against the owner of the information, for example to commit fraud. By maintaining privacy, information owners hope to avoid this fraud or limit effects from it.

http://en.wikipedia.org/wiki/Privacy

Privacy and security trade offs

2007-04-02T04:37:00.000-07:00

Privacy and security can be in conflict, requiring trade-offs between the two, or privacy can enhance security. For the collection of taxes it is in the interests of government if one's earnings and income are well known. On the other hand, that same information may be used to select someone or his family as a good target for kidnapping. In these narrow terms, one group's interest is to keep the information private. One of the goals of computer security is confidentiality. Identity theft, for example, is a security problem that is created from a lack of privacy or failure of confidentiality.

Privacy can also have free speech ramifications. In some countries privacy has been used as a tool to suppress free speech. One person's speech can sometimes be considered a violation of another's person's privacy. In various cases the US Supreme Court has ruled that the First Amendment trumps privacy. In Bartnicki v. Vopper, 532 U.S. 514 (2001) Docket Number: 99-1687, US Supreme Court ruled 6-3 that someone cannot be held liable in court for publishing or broadcasting intercepted contents of information, as long as that information is of public concern. Conversely, the Constitutional right to privacy is built in part on the First Amendment.

Census data is another area where such trade-offs become apparent. Accurate data are useful for planning future services (whether commercial or public sector), on the other hand, almost all censuses are released only in a way which does not allow identification of specific individuals. Often this is done by randomly altering the data and directly reducing accuracy.

On the other hand some trade-offs may be regarded as false by some observers. Identity card systems, which may reduce privacy, are often presented as a method of increasing security. However, Bruce Schneier and others have argued that these systems may reduce security.

http://en.wikipedia.org/wiki/Privacy

Privacy

2007-04-02T04:36:00.000-07:00

Privacy is the ability of an individual or group to keep their lives and personal affairs out of public view, or to control the flow of information about themselves. Privacy is sometimes related to anonymity although it is often most highly valued by people who are publicly known. Privacy can be seen as an aspect of security—one in which trade-offs between the interests of one group and another can become particularly clear.

The right against unsanctioned invasion of privacy by the government, corporations or individuals is part of many countries' laws, and in some cases, constitutions or privacy laws. Almost all countries have laws which in some way limit privacy, for example taxation normally requires passing on information about earnings. In some countries individual privacy may conflict with freedom of speech laws and some laws may require public disclosure of information which would be considered private in other countries and cultures.

Privacy may be voluntarily sacrificed, normally in exchange for perceived benefits, but often with little benefit and very often with specific dangers and losses. An example of voluntary sacrifice is entering a sweepstakes or competitions. A person gives personal details (often for advertising purposes) in order to have a chance of winning a prize. Another example is where information voluntarily shared is later stolen or misused such as in identity theft.

http://en.wikipedia.org/wiki/Privacy

I finally created a Blogger account

2007-03-31T01:10:00.000-07:00

I finally created a Blogger account. Expect many more postings from me in the future as I have a lot to say.