Secret Service's Little-Known Role: Protecting Citizens as Well as Leaders It may surprise readers to learn that the United States Secret Service is actively engaged in the fight against Internet crime and computer-based fraud.
If asked what they know of the Secret Service, most Americans would likely point to the special agent with the sunglasses and earpiece standing behind the president. They would not imagine that many of those same agents who protect our highest elected leaders are also responsible for protecting consumers against criminal activity on the Internet.
Although the Secret Service has had the statutory responsibility for protecting the president, vice president and other designated officials since 1901, the origins of the Secret Service actually date back to 1865. We were created as a small bureau in the Department of the Treasury to suppress widespread counterfeiting during a time of financial crisis in our country.
Over the years this investigative mission has evolved into a statutory mandate to protect our nation's banking and financial infrastructure. While the Secret Service remains the lead federal agency for investigating counterfeit scams, our investigative jurisdiction has expanded to include credit card fraud, identity theft, bank fraud and telecommunications fraud. Congress has authorized us to protect the president, but it has also authorized us to protect your pocketbook.
As much as the PC has revolutionized our economy and our culture, it has also become the gateway into a new dimension of criminal activity where consumer protections are few and sophisticated methods to steal and defraud are many.
Thursday, January 24, 2002
Information Security URLography
Inforensics: Information Forensics, Reconstructions & Recovery:
the application of forensic techniques to investigate crimes involving, either directly or indirectly, information, computer and/or communication technology.
Inforensics: Information Forensics, Reconstructions & Recovery:
the application of forensic techniques to investigate crimes involving, either directly or indirectly, information, computer and/or communication technology.
ENCRYPTION SOFTWARE with forensic software countermeasures
Forensic software exploits Windows® security leaks for computer evidence recovery and for electronic discovery in litigation. This is usually the real method by which "the suspect's encryption was cracked." It's also commercially available to industrial spies and criminals, who use it to defeat hard drive data encryption by side channel attacks.
Most e-mail encryption software (such as PGP®) is vulnerable to forensic software attacks, if (mis-)used to encrypt files for secure storage rather than for transmission. Most "Windows® encryption software" has no forensic software countermeasures, making the strength of their ciphers (encryption algorithms) or key-sizes irrelevant .
If you're concerned about practicing due diligence in protecting sensitive information, but you're forced to keep it on a Windows® PC, perhaps we can help. We supply standards-compliant cryptosystems with forensic software countermeasures, specifically designed to protect sensitive data on Windows® PCs and laptops.
Forensic software exploits Windows® security leaks for computer evidence recovery and for electronic discovery in litigation. This is usually the real method by which "the suspect's encryption was cracked." It's also commercially available to industrial spies and criminals, who use it to defeat hard drive data encryption by side channel attacks.
Most e-mail encryption software (such as PGP®) is vulnerable to forensic software attacks, if (mis-)used to encrypt files for secure storage rather than for transmission. Most "Windows® encryption software" has no forensic software countermeasures, making the strength of their ciphers (encryption algorithms) or key-sizes irrelevant .
If you're concerned about practicing due diligence in protecting sensitive information, but you're forced to keep it on a Windows® PC, perhaps we can help. We supply standards-compliant cryptosystems with forensic software countermeasures, specifically designed to protect sensitive data on Windows® PCs and laptops.
PGP creator: Surveillance must be curbed
Phil Zimmermann, the creator of the Pretty Good Privacy encryption tool, says that widespread surveillance is leading us into an Orwellian future
Phil Zimmermann, creator of Pretty Good Privacy encryption -- better known as PGP -- was in Italy this week for the InfoSecurity conference. ZDNet Italy caught up with him to discuss the technical, social and politic implications of his encryption tool.
Phil Zimmermann, the creator of the Pretty Good Privacy encryption tool, says that widespread surveillance is leading us into an Orwellian future
Phil Zimmermann, creator of Pretty Good Privacy encryption -- better known as PGP -- was in Italy this week for the InfoSecurity conference. ZDNet Italy caught up with him to discuss the technical, social and politic implications of his encryption tool.
Tuesday, January 22, 2002
Inside Encrypting File System, Part 1
Securing a computer system entails employing measures that protect the computer's data from viewing or manipulation by unauthorized users. Security measures at the network interface prevent intruders from gaining entry to the computer, and file-system security prevents the computer's authorized users from accessing data they're not supposed to access. However, a computer that is isolated from the Internet behind a firewall and that has stringent file-system security policies in place remains unsecured if no strategy exists to guard the computer's physical security. If unauthorized users have physical access to a computer, they can remove the computer's hard disks and perform offline analysis of the disks' data. When users can view a hard disk's contents on a different computer, file-system security (e.g., the kind NTFS ACLs provide on Windows NT or Windows 2000— Win2K—systems) is of no value. This problem is especially acute for laptop computers because two NTFS file-system drivers that ignore NTFS security—NTFSDOS and an NTFS driver for Linux—let even casual thieves easily view NTFS files.
Securing a computer system entails employing measures that protect the computer's data from viewing or manipulation by unauthorized users. Security measures at the network interface prevent intruders from gaining entry to the computer, and file-system security prevents the computer's authorized users from accessing data they're not supposed to access. However, a computer that is isolated from the Internet behind a firewall and that has stringent file-system security policies in place remains unsecured if no strategy exists to guard the computer's physical security. If unauthorized users have physical access to a computer, they can remove the computer's hard disks and perform offline analysis of the disks' data. When users can view a hard disk's contents on a different computer, file-system security (e.g., the kind NTFS ACLs provide on Windows NT or Windows 2000— Win2K—systems) is of no value. This problem is especially acute for laptop computers because two NTFS file-system drivers that ignore NTFS security—NTFSDOS and an NTFS driver for Linux—let even casual thieves easily view NTFS files.
Encrypting File System Primer: Basics and Best Practices
With the introduction of Windows 2000, Microsoft implemented a number of security-based improvements aimed at making their flagship operating system (OS) more robust and attractive for enterprise deployment. They’ve built on existing technology from NT 4.0 and added several features, which take advantage of standards that for years have been proven effective in the industry. The result is an OS less dependent of flawed proprietary standards, such as NTLM and WINS, which have been plagued with numerous vulnerabilities and over the years have made the job of system security an even more difficult task.
Among the many improvements in Windows 2000, one of the more notable ones is the addition of the Encrypting File System (EFS). EFS is a means of protecting user data which takes advantage of two well known industry standards: Data Encryption Standard X (DESX) and RSA public key exchange. It is supported in all versions of Windows 2000, and works transparently (without user input) to encrypt and decrypt files for user access. In the past, a user would have to encrypt and decrypt files using a third party application which had to be purchased and installed separately on their system, and which most often depended on the user entering a correct password. With EFS, this is no longer a necessity. As always however, most security measures are only effective if your users are properly informed, and EFS is no exception. As such, we’ll take a look at EFS, what it is how it works, and more importantly, what you need to know to make it work effectively for you.
With the introduction of Windows 2000, Microsoft implemented a number of security-based improvements aimed at making their flagship operating system (OS) more robust and attractive for enterprise deployment. They’ve built on existing technology from NT 4.0 and added several features, which take advantage of standards that for years have been proven effective in the industry. The result is an OS less dependent of flawed proprietary standards, such as NTLM and WINS, which have been plagued with numerous vulnerabilities and over the years have made the job of system security an even more difficult task.
Among the many improvements in Windows 2000, one of the more notable ones is the addition of the Encrypting File System (EFS). EFS is a means of protecting user data which takes advantage of two well known industry standards: Data Encryption Standard X (DESX) and RSA public key exchange. It is supported in all versions of Windows 2000, and works transparently (without user input) to encrypt and decrypt files for user access. In the past, a user would have to encrypt and decrypt files using a third party application which had to be purchased and installed separately on their system, and which most often depended on the user entering a correct password. With EFS, this is no longer a necessity. As always however, most security measures are only effective if your users are properly informed, and EFS is no exception. As such, we’ll take a look at EFS, what it is how it works, and more importantly, what you need to know to make it work effectively for you.
Monday, January 21, 2002
Turning Snooping Into Art
It’s a privacy-busting boogeyman to civil libertarians, an anti-terror panacea to lawmakers. And now Carnivore, the FBI’s infamous Internet surveillance program, has become an inspiration to a group of the Web's leading artists.
In a collaborative art project called, creatively enough, "Carnivore," Flash guru Joshua Davis and digital artist Mark Napier, along with other artists, have crafted programs that create audiovisual representations of data traffic that’s observed and hijacked from a local area network.
It’s a privacy-busting boogeyman to civil libertarians, an anti-terror panacea to lawmakers. And now Carnivore, the FBI’s infamous Internet surveillance program, has become an inspiration to a group of the Web's leading artists.
In a collaborative art project called, creatively enough, "Carnivore," Flash guru Joshua Davis and digital artist Mark Napier, along with other artists, have crafted programs that create audiovisual representations of data traffic that’s observed and hijacked from a local area network.
Virtual lies face foolproof software
Software that can detect when people are lying in their e-mails sounds a bit far-fetched, but its manufacturers declare it is true.
SAS Institute, which makes fraud-detection systems for banks and phone companies, will on Monday announce a product that can sift through e-mails and other electronic text to catch elusive nuances such as tone.
Software that can detect when people are lying in their e-mails sounds a bit far-fetched, but its manufacturers declare it is true.
SAS Institute, which makes fraud-detection systems for banks and phone companies, will on Monday announce a product that can sift through e-mails and other electronic text to catch elusive nuances such as tone.
Subscribe to:
Posts (Atom)
