Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-07-10 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

zlib Security Vulnerability; Protecting Your Privacy

Published: 2005-07-10
Last Updated: 2005-07-11 02:47:31 UTC
by Scott Fendley (Version: 1)
0 comment(s)

Greetings everyone, I hope you are enjoying this wonderful weekend that has been remarkably quiet. This is overall a good thing as my birthday was over the weekend and it was one of those zero ending ones that appear to be so traumatic to most. Happily, I was able to enjoy this special day with some wonderful friends and even found time to do some desperately needed cleaning of my study/computer room (of which has been called the junk room by friends in recent past). Even so, there are a couple of things that are noteworthy.
<H3> zlib Security Vulnerability

It was noted today on the zlib website today (and other locations over the past 2-3 days) that a new security vulnerability has been discovered. It appears that if one were to have a specially crafted input file, applications using zlib version 1.2.1 and 1.2.2 can crash due to th memory being overwritten. A new version of the zLib is due out soon. Keep an eye on the zlib website located at http://www.zlib.net/ for more information about the new release and how best to protect your systems from this localized form of Denial of Service.
<H3> Protecting Your Privacy

Today while doing some of the afore mentioned house cleaning, I came across the big daunting stack of newspapers that I have been meaning to go through clip items out of (like wedding announcements, funny comics, or recipes to add to my collection usually). While thumbing through one of the more recent ones, I came across an article by a local reporter about protecting your privacy on the computer.

Some of the things in this article are good, some not as much. But one of the key points I gained from this article is that the less technological competent people out do not think the same way the rest of us do. So when communicating with them is always going to be a challenge. (I am going to see if I can find a link for the article online at some point....but it may not happen today.)

In the article, the author discussed some simple steps to prevent the family computer from exposing personal secrets by a little bit of knowledge. Below is the list of steps mentioned.

1) Separate User Accounts -- By having separate user accounts, it is the author's belief that one can segment your sensitive activities in one account, and then switch accounts for general use. Personally I think this is naive to think end users would actually use separate accounts as any type of security measure.

2) Delete Internet History -- I do this regularly, though I am not sure if it is out of paranoia or to just free up disk space on my hard drive. As trained individuals can potentially recover bits of your internet history, I am far from naive to think that this action will actually do much more then clear out some of the tracking cookies on your system (if you have it delete files in the cache as well as the history), and/or keep less computer literate people from snooping as easily.

3) Delete Recent Items -- This refers to the shortcuts left behind in Windows (My Recent Documents) and OS X (Recent Items). For the same reasons in #2, I do not believe this really does much to improve your privacy.

4) Encrypt Sensitive Files -- This is the only really useful tip given in the article. The article encourages the use of the freeware version of PGP and even notes that once a file is encrypted, one cannot easily restore the file without the given password or passphrase.
Thinking through this list, it amazes me how far we still need to go to educate the general public (and those working in the mass media) about the best steps one can do, as a lowly computer user, to protect your computer. It is going to be long long battle to be able to relate some of the complex computer privacy issues to those that need to know it most.

So, I really think we can do better. I think that it is going to be up to those of us with security knowledge to find better ways to communicate things like choosing strong passwords, updating your AntiVirus and Operating System routinely, be wary of phishing emails and similar tactics. If you have some ideas, I plan to drop a note to the local reporter (and through our handlers diary in the near future) which we can use to educate end users.
Keywords:
0 comment(s)
Diary Archives