Internet Security, Facebook & Etc.

I teach these subjects in uni and have been an early adopter of the Net since 1994. I can still remember, it was that year that I started logging on to Jaring (Malaysia’s premier ISP) using my dad’s *secret login info* and entered into a whole new world of digital bits and bytes.

Just the other day, I had an interesting discussion on the integrity of using certain sites for social networking (to some degree this is true). Although I may sound like a proponent of everything Internet (heck, I’ve been blogging since 2002), the reality is, the Internet is as safe as using a handphone. And if you have been mixing with some of the ‘right’ people, you can see how ‘safe’ the use of mobile phones can be. (I digress, but it was in 1999, that I found that some fellow students could actually hijack another line, and thus not charged for a mobile call!).

Problems with Internet? IP spoofing due to raw sockets on Windows. Basically, the identify of a particular IP address can be falsified. Nowadays it is much easier, with freewares like the onion router network (Tor – go google this :P) and hackboxes with nice, simple GUI (Graphical User Interfaces). All this is due to paranoia of privacy. And whatever that is good, is most often exploited. That is why DDOS (Distributed Denial of Service) attacks are getting common, and yet, there is not much that can be done to trace the perpetrators. It is the Wild, wild west of the Net era certainly!

Is there anything that is safe on the Net? Yes and no. Commerce can be done with some degree of security. The fact remains that security increases as transparency increases (a very accounting way of looking at things, surely). How can transparency be increased? By matching the online identity (IP address or even MAC address) with physical evidences (credit card, identification card, bank details, ownership licenses, etc.). But note that nothing is fully secure… all it does is to increase the level of confidence you can have on the particular medium.

Okay, so far so good. It does sound like you are able to do somethings without fear of being messed up by others, as long as the medium of interaction necessitates a high level of transparency. But here is where it all falls down; 2 main disadvantages to this –

One: The onus is on the service provider to ensure that the transaction or exchange is done securely (the increased level of transparency is given to the provider to facilitate this process). Which boils down to, how much can you trust the service provider? Even Paypal has its own anti-paypal sites. These service providers at the end holds all power to validate or invalidate your transactions as they see fit. Surprising, yes? But this is just the way the Net is at the moment. It’s the New Wild, Wild Net!

Two: High level of transparency increases the risk of identity theft. It is a custom for me to google and check for my name, every once a month or two. The amount of information we leave on the net is really huge. And remember that there is such things as packet repackaging (sniffing), where random pieces of information are often found lingering in a place it was not intended for. This is part of the basic structure of how the Net works. Facebook is not a safe medium to hide yourself. If you really don’t want people to know more about you, DON’T PUT ANYTHING ONLINE! Simple logic. You don’t own any of the servers that handles your information, and therefore you cannot trust them. Harvard University just got hacked (as of today, in the news). And the point is, information is as free for anyone on the Net. People can gather information on everything (even your identification card details, courtesy of our government!) and if I want to impersonate another person, it would just take me a day or two of hard online research to get the necessary details. Even fake credit cards can be bought online.

This is not a scare-talk article. I’ve done enough research to know the loop holes. So adequacy is important. Be bold only if you are a company with deep resources to bail you out in problematic situations. If not, I am truly sorry; the Net is just not safe (unless you know of ways to overcome the two main issues highlighted above).

🙂

14 years online and that is my conclusion. For now.

By the way, I have done many online transactions and involved in many nooks of the Net; newsgroups, usenet, IRC (even now, yes!), P2P, private networks, etc.

Advertisements

2 thoughts on “Internet Security, Facebook & Etc.

  1. Sigh. I’ve been online since about the same time as you, and as you know I’ve been working on Internet security for years.

    As much as I like Internet security, I’d rather the field of Internet security did not have the reason to exist. The amount and sophistication of malware these days just show the extent of evil and sin in the human heart.

  2. It is a sad thing. But I guess it is a good thing too, because at least it assures you that your job will NEVER become redundant as long as two things are still in place; Internet usage and Human sin. The latter is assured. The former is for the short term (say next 10 years) is also assured. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s