I'm NOT an authority on online security. However, I have a pretty strong knowledge of how the internet works and how you are tracked because I work in online marketing. In fact, I'm tracking you right now. If you view the source of this page (view>source) you will notice a snippit of code at the bottom enclosed in script tags and containing the term "google-analytics". That code tells me where you're surfing from, what your IP address is (the digital equivalent of your home address), every page you viewed on my site and many other things. I will know how you got to my page, where you left and when you come back. You could block this script but my server logs it anyway and I can find you in the log files.
The media has cultivated a certain terror among online shoppers, centered around words like Javascript, cookies and IP address. That's a bunch of crap. While merchants and other online entities do track what you're doing, it's not on an individual level. They are building marketing statistics to find out how to please their customers. If you want to see what hacking, tracking and identity theft are really about read on.
People need to understand that there is no more anonymity on the web then in real life. Stores have video cameras, your credit card purchases are tracked. You have a social security number, a license plate number and many other things that make it easy to find out where you've been and what you're doing. Right down to the fingerprints you leave on anything you touch. Only foil-hat-wearing, conspiracy theorists believe they are being watched all the time. There are some 6 billion people in the world and chances are, nobody cares about you individually.
That being said, a healthy level of paranoia is a good idea when using the internet. Credit card fraud and identity theft mean that someone just might care about you individually. At least enough to "be" you for awhile at your expense. How can you be safe? It helps to understand how hackers work and what the dangers really are.
The reason a blog is dangerous is that people tend to publish quite a few details about their personal life. Let's say that Jaime Smith operates a blog for her friends. She posts about the car they just bought and talks about how they are going on vacation. She mentions her husband's name, Bob, maybe her maiden name and details about their house. She posts pictures of their family that could be used to create spoof IDs. A potential net predator now knows that Jaime will be gone from December 1st through January 15th, will be traveling to Jamaica with her husband and her maiden name was Jones. If he knows her birthdate (birthday post or a post about how hard it was to turn 30 back in 2002) he now knows enough information to guess some passwords.
The hacker runs a password script begining with terms that include her spouse and childrens' names and her birthdate (right now you are blushing because you thought you came up with a very clever password). Now he has full access to her poorly secured hotmail account and maybe even her bank accounts. At this point his access to Jaime's life is only limited by his imagination. He could lock Jaime out of her own email account and send mail to her friends and coworkers stating that they have hired a house sitter (so don't worry about the cars parked at the house). If Jaime has made this collection of mistakes she probably has vast amounts of personal info, maybe including bank statements and account numbers in her email. She also probably uses the same passwords for her online banking as her email and maybe even her blog. If Jaime's lucky all she gets is some porn posted on her blog and locked out of her email as a lesson from a benevolent (and I'm not being sarcastic there) hacker. If she's unlucky she will be stuck in Jamaica for an extra month while she figures out why their bank account is empty, as the hacker methodically cleans out their house.
Hopefully that illustration will show you what the "hacker" is capable of. How much hacking did you read about in that? IP Addresses? Cookies? None. The so-called hacker took advantage of the tools that Jaime handed him. He wouldn't even have to hack her email account. He could just start surfing blogs and guessing email passwords manually until he hits the jackpot.
The point of all this is that if you want a bunch of rules you can find the safety advice for blogging, emailing, surfing etc all over online. Problem is, the rules keep changing and the media is cut from the same block as our digitally-retarded government. There's some old saying (with about a dozen variations) about outrunning a tiger...you don't have to outrun the tiger, you just have to outrun the guy beside you. Welcome to the online world. Now, just be smart, make yourself a hard target and let some other sucker be the victim.
PS: Thousands of people potentially know who I am online. My name is all over the online marketing materials I work on. High profile folks like Matt Cutts from Google and Jeremy Zawodny from Yahoo run blogs where everyone knows who they are. Their blogs are hacked occasionally but they fix it and keep going...
Posts
7 comments:
JDJ- that was a very informative piece of writing. Is there any chance you would grant reprint permission? I often include information for the technology-challenged in the publications I work on.
Thanks brother...I guess that answered my question!
Kosha, you are free to reprint. As someone in the industry I like to try to educate people about the REAL dangers on the internet. A lot of what you see going around is media sensationalism revolving around meaningless buzzwords. Please include in any reprints the fact that I am NOT a security specialist. I just wanted to illustrate how a hacker thinks. And that often a hacker doesn't have to do any hacking to get what he/she wants!
That was a lot of good information! Wish I knew where this kid got all his brains! :)
Like I've said before...he got you and Dad's brains combined, and I got left with nothing!
Hey J-
I had a thoughtful and articulate comment all written up but I was signed in on Candy's computer and when I logged in as me I lost it. Anyways..the upshot was that I'm becoming a fan of your blog. Keep up the nerd-related postings.
Can I hire you as my tech consultant?
Post a Comment