the query column July 1997

More Computer Insecurity

Last month, I wrote about some low-tech aspects of computer security. Are you worried yet? Becoming more paranoid? Good! Let's continue this month with some Internet-related software security concerns.

Thomas Caldwell

Many of you are users of Microsoft Windows 95, an operating system that, unlike its predecessors, has built-in networking capabilities. This was, and is, a nice idea. However, it doesn't seem to register with as many people as it should that the Internet is a network. When you log into the Net, boys and girls, your computer can be accessed remotely by someone if (and I emphasize the "if" part) they know how and really want to get in.

Unintended sharing
You see, Windows 95 has a shared resources function. If your C drive is set to be "shared" for network use, anyone who knows where it is on the network can read or copy data from it. An evil hacker using a computer running under the Linux operating system (the choice of mad hackers everywhere) would need only know what Internet Service Provider (ISP) you use (easy, since it is on your e-mail address), and about what time you regularly come online (easy, too, since most of us live a life of patterns). With that knowledge, if your PC's drive is set to "shared," the hacker who wants to get in, can.

If you use a stand-alone PC, an easy solution is to go into your Windows 95 setup and ensure your system is not set up for shared network usage. (One of the systems engineers I spoke with while researching this subject told me the Macintosh does not have this particular security problem. But I'm no Mac expert, so you'd better check it out on your own.)

Even if your disks are limited to local access, a hacker who has it in for you can still make your life miserable. If you log onto the Internet at the same time each day, you may be connecting to the same port (or one of its close neighbors), on the ISP's host system. There is a Linux tool that enables someone to find out who is online by querying a port (thankfully, the process is not that easy). If a malevolent hacker finds you, and you haven't taken proper security precautions, you are "toast." And even if you have taken precautions, a hacker could interfere with your connection. This could continue until one of you tires of the game and goes away.

There are a lot of people out there in cyberspace who are technically knowledgeable, who have a lot of time on their hands, and who hate their fellow man. (Just consider the number of viruses around.) Take them very seriously.

Crumbling your cookies
There has been a lot of talk recently about the "cookie" function of Web browsers. At best, the cookie is a tool that helps Net surfers save time and money by storing information about subjects they seem to be interested in. At worst, it is an invasion of privacy that could give others, wherever they are, the wrong (or right) impression of you.

I hate the bloody things, and I consider them a serious breach of privacy. After all, as a journalist I have to research all sorts of subjects, many of which are rather unsavory. I do not want anyone - especially someone I don't know - looking at my connection patterns and trying to guess what my interests are so they can contact me. One does not need a very vivid imagination to understand how cookies can be abused.

However, there is an easy way to kill the cookies function on Netscape Navigator. Locate the cookie.txt file in your Netscape directory, and use a text editor to open it. Then erase all the data in the file, and save it. Now, right click on the file, select "properties", and set the file attribute to "read only." You'll have no more problems with outside programs writing information to your cookie file, and Netscape will continue to function normally. (Sorry, I haven't verified the procedure for disabling cookies in Internet Explorer.)

Cheap ISDN?
If you wait around long enough, a miracle - or at least something that is rational - can happen. Given enough time, the bad guys can become the good guys. Even Darth Vader turned away from "the dark side of the Force" before he died.

This could be the case this month, with the possible introduction of a new service by our favorite telephonic empire: NTT. I have been told by officials at the company that - as of late May, anyway - there are plans for a new pricing scheme for ISDN (intergrated services digital network) lines. Instead of putting up the regular JPY 72,000 to have a phone line installed, a customer will be able to have an ISDN line installed for a higher monthly minimum but much-reduced up-front fee. Wow!

The new system might actually be in place by the time this magazine hits the newsstands. That is, if the Ministry of Posts and Telecommunications gives its approval. (Of all the things in Japan to worry about, though, I wouldn't worry about the government saying no to anything NTT asks for. There has never been a better example of the tail wagging the dog.)

Sniffle.

Thomas Caldwell is online as caldwell@gol.com.

Back to the table of contents