Archive for July, 2013
In today’s world of hackers, stalkers and cybercriminals, not to mention government spy programs and commercial sites that collect information about you for advertising purposes, is there a way to surf the Web and keep your privacy intact? Or does that mere fact that you have an IP address mean that your identity is out there for the taking?
(7 ways to mask your Internet identity)
Turns out, there’s no easy answer to this question. (Watch the slideshow version.)
Legally, an IP address does not constitute personal identifiable information, according to two recent court cases.
In July 2009, in a case involving Microsoft, the U.S. District Court for the Western District of Washington ruled that IP addresses do not constitute personal identifiable information (PII). And in a separate case in 2011, the Illinois Central District Court also ruled that an IP address does not — by itself — qualify as personal information that can accurately identify a specific Internet user.
Alan Webber, a research analyst at the Altimeter Group, agrees that “with the exception of law enforcement personnel who have other tools and methods to match IP addresses to a variety of sources (which provide additional information); at this time, an IP address, alone, cannot identify a specific person.”
He adds, “However, when combined with other information, such as a user name, then yes, the IP address can reveal your identity.”
Scott Crawford, managing research director at Enterprise Management Associates, explains that an IP address identifies a host on a specific network or subnet. That subnet may identify a set of logical addresses that can, in some cases, be associated with a physical location. For example, there could be an address range associated with ISP subscribers in a certain area.
Crawford emphasizes that when correlated to more specific information (such as address, browsing activity, or other data collected), during the course of online transactions; for example, the IP address can be associated with that activity or with a specific location. Although ISPs often assign addresses dynamically through protocols such as DHCP, it’s not uncommon for a single, physical location (such as a home) to retain the same IP address for a long period of time. “Once the specific personal data is linked to the IP address, the activity associated with that address can be correlated accordingly,” adds Crawford.
It can be done
Andrew Lee, CEO of London Trust Media, Inc./PrivateInternetAccess.com (a VPN service that protects users’ privacy and identity), says linking users to their IP address is not simple, but it can be done. Many email providers, some IRC networks, extreme tracking sites, poorly configured forums and design flaws in applications such as Skype and AOL (among others) have disclosed users’ identities along with their IP addresses.
He adds that email providers have been known to leak IP addresses to advertisers, market researchers, and other such agencies and some emails (like those from mailing lists) are indexed by Google. “Thus, the IP becomes searchable,” Lee says. “Programs such as skypegrab.info (now inactive), which reveals users’ personal data are developed every day by programmers across the globe. Extreme tracking sites link IPs to Google searches and make them public. And business websites including, but not limited to, Facebook, Twitter, Google, etc. — in addition to ad targeting companies — already have your personal info linked to your IP address in their databases. Anyone with access to those databases, including those with legitimate or illegitimate access (such as hackers), can obtain any and all of that information.”
David Gorodyansky, CEO of AnchorFree’s HotspotShield (an Internet security solution that includes anonymous browsing) agrees the IP address can be linked to a specific individual’s name, address, and other personally identifiable information. According to Gorodyansky, hackers and malware programs attempt to compromise user identities by gaining access to their IP address and then tracking them on the web.
“An IP is like your digital address,” Gorodyansky says. “It provides intel on the city and state of the ISP location, which can be linked back to a residential address if accessing a Wi-Fi hotspot from home. Based on the IP address, companies and hackers collect information about individuals without knowing specific details such as their name. Third party websites and hackers can collect this data and, for example, use it to identify your name and steal or resell your identity and/or track your web browsing habits.”
John Kindervag, a security and risk analyst at Forrester, says that the IP address can be tracked, but with some limitations. The IP header should not have any personal information in it. The mapping of the IP address is performed at the ISP level and, since there is no real user information in the headers, the assumption is that since person A lives at the location where the IP address is assigned, then person A created the traffic.
“This is a flawed assumption,” Kindervag says. “Person A’s network could be compromised, especially if it’s wireless, to hide the identity of an attacker. Attackers always spoof their IP address, sometimes by using someone else’s network and sometimes by going through a proxy server located in some other country. The attacker could live next door, but make his/her traffic look like it came from Eastern Europe.”
According to Andrew Lewman, executive director at the Tor Project (a free anonymity online service), lots of companies use GeoIP databases to determine where a potential or actual customer is located in the world and then directs the marketing pitches appropriately. “Criminals also use GeoIP databases to target geographic areas for various malware attacks (English vs. French vs. Spanish languages, donation scams based on localized events). Child molesters and kidnappers can also use the IP address to track where a potential victim is located and further convince the victim that they are local and friendly,” Lewman says.
“The greatest danger here, in my opinion, is from malware such as toolbars and other downloaded utilities that can secretly and systematically collect information and interfere with communications,” cautions Andrew Frank, research vice president at Gartner. “IT professionals should prioritize malware prevention and home users should enforce basic rules about not opening unknown email attachments, how to identify suspicious sites, and regular use of a virus protection service. IT professionals concerned about this should talk to their ISP about proxy services and other privacy protection methods that may be available. And last, concerned citizens should support common-sense privacy options that give them choice and control over tracking and targeting, but should recognize that illegal tracking is unlikely to be curtailed by any new privacy laws.”
How to mask your IP address
In addition to caution regarding how much personal information you disclose on the Internet, you can further protect your privacy by hiding or masking your IP address. The easiest and most effective solutions are anonymous proxy servers or VPN software and services. An anonymous proxy server functions as a liaison between your home network or computer and the Internet. It requests information, on your behalf, using its own IP address instead of yours, so only the proxy’s IP address is revealed instead of your home IP address.
VPN protection generally requires that you download a software product that works with the company’s VPN services, which bounce your connections around the globe through various distributed networks. These ‘virtual’ tunnels burrow through the Internet landscape creating a random path, which thwarts traffic analysis.
If you search for ‘proxy servers,’ ‘VPN services,’ or ‘hide my IP address,’ note that dozens of products are available; some free and some with fees. The Tor Project is a free “onion routing project” that was originally designed for the U.S. Naval Research Laboratory, which provides multiple privacy services including IP protection. Fee-based VPN products include Private Internet Access, Hotspot Shield, Banana VPN, Black Logic, and Unblock Us. Free proxy services include Hide My Ass and Mega Proxy, and fee-based services include Proxy Solutions and AllAnonymity.
Microsoft reorganization: A quick look at who’s in charge now
Microsoft business reshuffling puts the spotlight on four execs
In a sweeping corporate reorganization to focus on the company’s shift from a software provider to a products and services business, Microsoft CEO Steve Ballmer has announced changes to his executive team to support a new structure that divides the company into four divisions.
SECURITY: Microsoft: Windows 8, Internet Explorer, Office, Visual Studio, Lync are all vulnerable]
The new groups are Operating Systems Engineering, Devices and Studios Engineering, Applications and Services Engineering and Cloud and Enterprise Engineering.
Heading up these groups are:
Executive Vice President of Devices and Studios Julie Larson-Green (former Corporate Vice President of Windows Engineering);
Vice President of Operating Systems Terry Myerson (former corporate vice president Windows Mobile);
Executive Vice President of Applications and Services Qi Lu (former president of Microsoft Online Services);
Vice President, Cloud and Enterprise Satya Nadella (former president of the Server & Tools Business).
previous role is trimmed back a bit, pulling away her responsibility for Windows and limiting her to running Microsoft hardware programs and development of games. That means she’ll head up the Surface tablets and Xbox, filling the void left by Don Mattrick when he left Microsoft last week to head up Zynga. Image Alt Text
Larson-Green was vice president of program management for the Windows experience when then-president of Windows and Windows Live, Steven Sinofsky quit right after launching Windows 8 and introducing Microsoft’s Surface tablet. In the aftermath, she was promoted to head up Windows Engineering.
Until then her experience had been all in software, having worked on the user experience for Internet Explorer and managing programs, UI design and R and D for Windows 7 and Windows 8. In the past Ballmer has praised her technical expertise, design skills and communication abilities.
Myerson’s shift to head up engineering of operating systems gives him authority over not just Windows Phone but also Windows 8, which could help advance Microsoft’s goal of making it easier to write applications that run on both platforms. He is also in charge of operating systems for Xbox.
He led the Microsoft
Exchange team for eight years before running the Windows Phone division.
Lu is very important to business customers as his job puts him in charge of research and development for Microsoft Office, Office 365, SharePoint, Exchange, Yammer, Lync, Skype, Bing, Bing Apps, and MSN. He also heads up the Advertising Platforms and Business group. Image Alt Text
His previous responsibility was for search, portal and online advertising efforts, which included Bing. Before coming to Microsoft he worked for 10 years at Yahoo, where he also worked on search and advertising.
remains pretty much the same, building and running the company’s computing platforms, developer tools and cloud services. He deals closely with developers and promotes Microsoft’s concept of the Cloud OS – a blend of Windows Server and Windows Azure cloud services to provide flexible cloud resources and support hybrid clouds.
Windows Server, SQL Server, Visual Studio, System Center and Windows Azure fall under his purview.
Testing of eight Windows 8 ultrabooks reveals that users looking for the slimmest, lightest devices will have to accept tradeoffs
While finding a touchscreen for a desktop computer is nearly impossible, and finding a touchscreen notebook computer takes some searching, touchscreen ultrabooks are readily available. These thin, light and relatively compact computers are intended to be portable and to be used at a moment’s notice. Adding touch seems a natural thing to do.
Nearly every maker of an ultrabook offers a touchscreen, and nearly all of them offer Windows 8 as the default OS. While most Windows users aren’t accustomed to a touchscreen on their computers, the rise of smartphones and tablets has introduced most users to the idea. In fact, by the time I was finished with this review, my non-touchscreen Windows 7 laptop had become frustrating because I kept touching the screen and expecting something to happen.
Intel created and defined the ultrabook market, but we didn’t exclude products simply because they didn’t meet all of Intel’s specs. If the vendor called their product an ultrabook, we reviewed it. (Watch the slideshow version of this story.)
In order to adhere to the visualization requirements, what user role should you sign to the ABC1
group when you implement the delegation of the virtual environment?
A. You should consider utilizing the Activity Implementers user role profile for the ABC1 group.
B. You should consider utilizing the Problem Analyst and Self-Service User role profiles for the ABC1 group.
C. You should consider utilizing the Administrators User Role Profile.
D. You should consider utilizing the Incident Resolvers and Administrators user role profiles for the ABC1 group.
User role profiles – http://technet.microsoft.com/en-us/library/ff461011.aspx
In order to adhere to the visualization requirements, which of the following should be utilized when
you implement the virtual machine template which will be utilized by the Web server which hosts
the ABC Engineers applications?
A. You should consider utilizing a .bin file with the accompanying .cue file.
B. You should consider utilizing virtual hard disk (VHD) files.
C. You should consider utilizing a virtual machines and Windows PowerShell scripts.
D. You should consider utilizing .iso images and virtual machines.
In order to adhere to the visualization requirements, which optional Microsoft System Center 2012
features should you add when you implement Microsoft System Center 2012 Virtual Machine
Manager (VMM) to the network infrastructure?
A. You should consider adding the Microsoft System Center Orchestrator.
B. You should consider adding the Microsoft System Center App Controller.
C. You should consider adding the Microsoft System Center Data Protection Manager.
D. You should consider adding the Microsoft System Center Operations Manager.
Explanation: System center products – http://www.windowsitpro.com/article/systemcenter/system-center-2012-suite-141827
In order to adhere to the visualization requirements, how would you update the virtualization hosts?
A. You should consider using WSUS and System Center Updates Publisher 2011.
B. You should consider using Microsoft System Center Operations Manager.
C. You should consider using Cluster-Aware Updating.
D. You should consider using Cluster-Aware Updating and Microsoft System Center App
Explanation: System center products – http://www.windowsitpro.com/article/systemcenter/