Saturday, March 31, 2007

Privacy, Social Media, Censorship and more

I just read several papers presented last June at the 6th Workshop on Privacy Enhancing Technologies in Cambridge, England. They were fascinating reads and are highly recommended.

Imagined Communities Awareness, Information Sharing, and Privacy on the Facebook focuses upon the quantity of data that is unwittingly shared on Facebook and other social networking sites.

Some [users] manage their privacy concerns by trusting their ability to control the information they provide and the external access to it. However, we find significant misconceptions among some members about the online community’s reach and the visibility of their profiles.

Ignoring the Great Firewall of China examines how governments, not only China's, prevent access to websites. Sometimes there is a bona fide law enforcement aspect of it such as access to child pornography and in counter-terrorism. Regardless of the legitimacy of a particular action, anyone interested in privacy issues ought to be aware of the activity.

The so-called "Great Firewall of China" operates, in part, by inspecting TCP packets for keywords that are to be blocked. If the keyword is present, TCP reset packets (viz: with the RST tag set) are sent to both endpoints of the connection, which then close. However, because the original packets are passed through the Firewall unscathed, if the endpoints completely ignore the Firewall's resets, then the connection will proceed unhindered. Once one connection has been blocked, the Firewall makes further easy-to-evade attempts to block further connections from the same machine. This latter behaviour can be leveraged into a denial-of-service attack on third-party machines.

Friday, March 16, 2007

Trackback Blogger and Spam

I'm a big fan of trackbacks, at least in theory. A trackback, for those who may not be familiar with them, is a widget which automatically lets one reference a blog or webpage and automatically let the owner of the other website know that you have referenced their page.

Trackbacks, as with links, help readers find blogs and websites of like mind and interests. Trackbacks help authors know which of their posts have generated the most interest.

My one fear is that trackbacks will soon be under attack from spamsters and that this wonderful widget will be rendered useless.

Wednesday, March 7, 2007

How to Create a Safe Password

It's easy to come up with hack proof passwords that are easy to remember. The one thing you must keep in mind is that sometimes companies limit the characters that you can use for a password. This is very silly on their part as the longer the password and the more options you have(upper and lower case, numbers, special characters) the more secure your password is.

Too often I've come across sites which limit my password to 8 or less characters, which don't distinguish between upper and lower case and don't allow for special characters. I recommend coming up with a simple alternative password algorithm for these sites.

The following is an example for an 8 characters password. I would recommend having longer passwords - at least 12 characters for those sites you are most concerned about.

1.Select a phrase — "It was the best of times"
3.Take the first letter of each word or number — IWTBOT
3.Change some letters to numbers — 1WTBOT
4.Add special characters — 1WTB@T

And now it is best to make each site's password unique. You can customize it by adding the first two letters of the site in lower case.

5.Customize by adding a prefix or suffix for each site you register with. For example your Blogger account would become 1WTB@Tbl. It makes remembering very simple: "It Was the best of times blogger"