------------------------------------------------------------------------------
MC logo
Ch. 12: Computers and Society
[^] Chapter Outlines
------------------------------------------------------------------------------
<<Programming and Python Ch. 13: Privacy and Security>>
  1. Using email.
    1. Problems and properties.
      1. Expressing emotion.
        No voice tone or facial expression to moderate your words.
      2. Emphasis. _this_ not THIS
      3. Slow-paced compared to speaking.
      4. Ambiguity seems to be more of a problem.
      5. Flame wars. Email is too fast for second thoughts.
    2. Netiquette
      1. One topic at a time.
      2. Include some context; let receiver know what you're talking about.
      3. Use automated replies.
      4. Clear a backlog in reverse order.
      5. Don't forward w/o permission.
      6. Minimize recipients; don't send everything to everyone.
  2. Sometimes it breaks. Don't panic.
  3. Passwords.
    1. Most computers resist password guessing.
    2. Usually stored encrypted.
      1. When set, encrypted version is stored.
      2. Login encrypts what you type and compares.
      3. Administrator cannot look up your forgotten password.
    3. Good passwords.
      1. Select passwords from some area of interest.
      2. Choose a memorable phrase.
      3. Twist it with digits and puns.
      4. Use non-alphanumeric characters if the system permits.
      5. Change occasionally.
      6. Don't repeat passwords.
      7. Some matter more than others.
  4. Account security: The bad guy wants to use your account.
    1. Guess a password.
      1. Random guesses can work for short passwords.
      2. Google the user.
    2. Use the lost-password button to change the password.
    3. Talk the help desk out of it. “Social Engineering”
    4. Send a false email asking for credentials: phishing
  5. Host security: The bad guy wants to run programs of his choice on someone else's computer.
    1. On a server.
      1. Just to see if he can do it, and brag to his friends if so.
      2. To download the owner's business data.
      3. To download the owner's customer information: credit card numbers, etc.
      4. Sabotage the business use of the machine.
    2. On your desktop.
      1. Just to see if he can do it, and brag to his friends if so.
      2. To download account numbers and other financial data.
      3. To use your Internet connection.
        1. Launch a flooding (denial-of-service) attack. (Requires many hosts.)
        2. Do something while pretending to be you.
          1. Send spam
          2. Attempt to break into another system.
    3. How can the bad guy manage to do this?
      1. A bug in the software running on the machine.
        1. When a program has a bug, it misbehaves for certain input.
        2. Some of these misbehaviors may be just what the hacker wants.
        3. An exploit is a carefully crafted input which causes the program to serve the hacker.
          1. For a server, an exploit would be a malicious service request.
          2. For a web browser, an exploit might be part of a malicious web page.
          3. For a word processor, an exploit might be an email attachment which needs to be viewed in the word processor.
      2. Trick a user into running the program.
        1. Email attachments.
        2. Web sites.
        3. A program which does something you want, and also what the hacker wants. Trojan
      3. Bootstrapping: Use one of the above to run a small program which can be leveraged.
        1. Change firewall settings or system permissions for later attack.
        2. Run a small server the hacker can connect to later. backdoor.
    4. Spreading the bad news.
      1. Malware: Any destructive software.
      2. Virus: Carried along with other software.
        1. Added to other programs, or to data files as an exploit for the program which reads them.
        2. Travel
          1. On flash keys moved between machines.
          2. On downloaded software.
          3. On email attachments.
      3. Worm: Actively spreads itself over the network.
        1. Email worms.
          1. Spread by emailing themselves.
          2. Worm is usually contained as an attachment.
          3. May be an executable, usually disguised as something else, or an exploit for a word processor or other file viewer.
          4. Usually require a user to the email.
          5. Usually send to addresses in an address so they look like they were sent by a known contact.
        2. Classic worms use a buggy network service.
          An infected machine looks for a vulnerable machine, perhaps by guessing IP addresses, then identifying the software on the target machine.
          When a server with the needed bug is found, the worm makes a copy of itself using an exploit.
          Both copies continue looking for vulnerable machines.
    5. Defenses.
      1. Keeping patched.
        1. Many propagation methods require software bugs.
        2. Software authors regularly issue patches when bugs are found.
          Often called an “update,” since that admits less.
        3. Install the latest patches regularly.
        4. Most recent systems run an automatic patching service to keep updated.
      2. Virus checking software.
        1. Desktop
        2. Email server
        3. Check for known patterns on the computer or in passing email.
        4. Pattern database must be kept up-to-date.
      3. Firewall.
        1. Guards the network connection and blocks traffic that violates some policy.
        2. Prevents exploits of buggy software on your system.
        3. May block back doors or malware attempting to communicate with a server.
    6. Sophos' Top 10 Viruses for 2006
    7. Blaster Worm (2003)
  6. Copyright.
    1. One form of intellectual property. Others:
      1. Patents.
      2. Trademarks.
      3. Trade secrets.
    2. A copyright owner has exclusive right to
      1. Make copies.
      2. Create a derivative.
      3. Distribute or publish.
      4. Publicly perform or display.
    3. To use someone else's copyrighted work in any of those ways, you need permission
      1. Generally called a license.
      2. May (and usually does) come with conditions.
    4. Copyright and computer technology.
      1. Massive violation becomes practical.
        1. Pirating a paper book doesn't pay; pirating electronic media does.
        2. Internet transfers are easy and quickly multiply.
        3. Web pages are easily copied and pasted.
      2. Normal use requires a license.
        1. Most any normal use of copyrighted digital data requires copying.
          1. Copying software to your hard drive.
          2. Copying software to RAM when starting a program.
          3. Loading music files onto an MP3 player.
          4. Playing CDs, DVDs or MP3s requires the data to be copied from the disk or storage to the player.
        2. Using a copyrighted printed book does not require a license.
          1. The printer needed one to make your copy.
          2. Reading it makes no copy.
          3. You can read it wherever you like, under any brand of lamp.
        3. Each use of a copyrighted digital recording does require a license.
          1. The publisher my specify conditions for each use (unlike a book).
          2. May forbid use on multiple machines, with your favorite brand of player, or on Tuesdays.
      3. Technology can be used to attempt enforcement of license restrictions.
        1. Digital Rights Management (DRM).
        2. Prevent or limit copying.
        3. Prevent transfer to or correct operation on unapproved equipment.
        4. Circumvention illegal.
    5. Software Licenses.
      1. Commercial software
        1. Pay for it.
        2. Use the software, usually on one computer.
        3. May not sell or give away the software.
      2. Shareware.
        1. Get it for free.
        2. May distribute copies.
        3. After some period of time, you are asked or required to pay.
      3. Freeware.
        1. No charge, ever.
        2. May do pretty much whatever you want with it, except convert it to a commercial license.
        3. Quite common on servers.
        4. Firefox browser is a leading desktop example.
      4. Public domain.
        1. Strictly speaking, there is very little of this.
        2. Copyright is automatic, but the author may renounce it.
        3. No software is old enough for the copyright to have expired.
    6. Web content.
      1. If it's online
        1. You can presumably browse to it.
          1. Your browser will still have to make a copy in order to display the page.
          2. Posting something on a public web site would seem to imply giving permission to view it with a browser.
        2. You can link to it. (Does not make a copy.)
        3. You cannot make (other) copies of it or reuse it without permission.
      2. A site may have posted a general copyright policy.
      3. You can always ask.
      4. Fair use
        1. You may use copyrighted materials without permission under some fairly vague rules.
          1. What is the nature and purpose of your use? Are you Advancing knowledge, or just swiping?
            1. Education and research purposes are better.
            2. Reviews and satires are favored as free speech matters.
          2. The nature of the copyrighted work. Seems to favor copying from factual works rather than fiction.
          3. How much are you copying? Less is better.
          4. How much damage will you do to the market for the original work? Better not be much.
        2. Fair use is fairly useless because you can't usually know if it applies until after the four-bazillion-dollar trial, and the six-gajillion-dollar judgement if the answer is “no.”
      5. Facts are not copyrightable.
      6. Ideas are not copyrightable, only the particular expression.
      7. Enforcement is generally by suit, or thread of a suit.
  7. Reliability.
    1. Importance.
      1. Critical in medical and some industrial applications.
      2. May be great economic importance in other circumstances.
    2. Hardware: Redundancy.
    3. Software.
      1. Software always has bugs.
      2. Testing is a search: You can find bugs, never their absence.
      3. Easily-found bugs generally means sloppy programming.
      4. Fail-soft: Detect errors and continue with reduced function.
      5. Fail-safe: Detect errors and shut down. Minimize effects.
<<Programming and Python Ch. 13: Privacy and Security>>