Saturday, December 5, 2009

Conclusion

As the Internet becomes more of a normal part of every day life and commerce, it will become more frequently used as the means by which thieves attempt to perpetrate their deeds. Users need to be aware of the dangers, understanding the limits on how well they can be protected by others, and the need to defend themselves.

There is good news in this regard, however. The simple fact that I was able to pick up a telephone and talk to someone at a Federal law enforcement agency is a tremendous step forward from where we were even five years ago.

Companies that do business online, particularly with consumers, need to un­derstand that they will be frequent targets for this kind of activity. (In the week following this incident, I was advised of two separate incidents of almost identical nature, targeted at Best Buy customers.) Such companies need to be sure that they are encouraging good security practice, such that an attacker cannot send something that is usual to receive that fools the user into doing something bad.

Successful security will require that we work together thoughtfully to identify and to stop fraud and other electronic crimes. It won't be quick and it won't be easy, but it can be done, reasonably and effectively.^

Matt Curtin, CISSP is the founder ofInterhack Corporation, a professional services firm with information assurance, forensic computing, and information systems prac­tices. His work includes published research in secure systems development, dozens of technical reports, and several books on online privacy and computer security. His information security work is cited by University courses worldwide and NIST. He has given expert testimony given in civil litigation dealing with Internet privacy and computer systems, work which recently led to clearer definition of "protected content" under the Electronic Communications Privacy Act of 1986 (ECPA) by the U.S. Court of Appeals for the First Circuit.

References

[1] Ken Lucke. Reading Email Headers. Web article, 1997. [online] http://www.stopspam.org/email/headers/headers.html.

[2] Doug Muth. The SPAM-L FAQ. Frequently Asked Questions Article, April 2002. [online] http://www.claws-and-paws.com/spam-l/.

[3] Jim Wagner. WHOIS Inaccuracies Hampering FTC. internetnews.com, May 2002. [online] http://www.internetnews.com/bus-news/article.php/1143131.
Google search for "nslookup gateway" will locate many Web interfaces for this utility.

American Registry of Internet Numbers (ARIN) has a Web-based interface to WHOIS at http://www.arin.net/tools/whois_help.html.

on the procedure for getting information reported to InfraGard are available online at http://www.infragard.net/ireporting.htm.

No comments:

Post a Comment