[4211] in WWW Security List Archive
Re: WWW TOPIC: protection against invasions?
daemon@ATHENA.MIT.EDU (Jay Heiser)
Thu Jan 30 15:39:23 1997
Date: Thu, 30 Jan 1997 13:28:21 -0500
From: Jay Heiser <Jay@homecom.com>
Reply-To: jay@homecom.com
To: www-security@ns2.rutgers.edu
CC: jay@homecom.com
Errors-To: owner-www-security@ns2.rutgers.edu
I tend to discount these problems. Are you regularly backing up your
hard drives? Are you protecting yourself against viruses with
up-to-date
anti-virus software (I prefer real-time protection vs. scanning at
bootup)?
If you aren't doing this, then you are not demonstrating concern about
security.
The idea that the web will invade the personal sanctity of your home PC
makes
for fun creepy stories, but in practice, it isn't happening. It makes
great press, but in the grand scheme of things, it represents a pretty
low
security risk. Much better to address real security concerns than to
waste
time & resources chasing possible future attacks. I agree that beta
testing
represents a significant risk. I think its exponentially greater than
the
risk of surfing the web from home.
You cannot detect the presence of a sniffer with another sniffer unless
you
catch it communicating with its owner. I have difficulty envisioning a
sniffer attack against a home user, unless they are running a
multi-user,
multi-tasking OS. UNIX and routers are sometimes possessed by
sniffers.
What machines do you have at home? I have difficulty imagining Win95
or
a Mac hosting an unwanted sniffer and I'm unaware of such an attack as
having occured. I can envision NT hosting a parasite sniffer, but I'm
unaware
of it ever having happened.
What kind of data do you have at home that you are concerned about
sniffing?
Typically, sniffers just look for login/password combos that their
owners
can later use to attack a server. Are you concerned about loss of
proprietary or sensitive data from your PC? To steal data from most
home users,
it would be easier to just break into the house & copy disks and/or
install a bug.
Second easiest would be to monitor your electronic emanations from the
street or
another nearby building.
I think it would be easier to e-mail you a trojan horse then to steal
your data
through the web. Don't execute stuff in e-mail and be very careful
with
MS-Word docs.
Speedy wrote:
>
> * Question Topic #1: I've heard that the best way to store private
> data while online and surfing is to partition your hard drive.
>.......
> How many www site out there would really be looking at your data
> files or at programs that you may be developing?
>
> * Question Topic # 2: Is there any such thing as a sniffer detector?
> IN other words, something like a virus protection program except
> that it tries to detect & then warn you about programs (or whatever)
> that might install (without your knowledge) a software sniffer?
> Other than buying an expensive hardware sniffer to monitor the output
> of your PC, is there any way of detecting invasions for the home
> PC user who is always surfing the web and looking to try out
> new applications? (like beta testing - a risk in & of itself) :o
>
> Thanks, from a list lurker who is tring to learn how to protect
> my personal data from those www roaming eyes & ears. :)
>
> Vicki
>
--
Jay Heiser, 703-610-6846, jay@homecom.com
Homecom Internet Security Services
http://www.homecom.com/services/hiss
For company & industry news...subscribe to newsletter@homecom.com
