Articles published by Microsoft this week
All on computer security

This week many interesting articles about security have been published by Microsoft. I just write this little post to let you know about them. The most important publishing was the MSDN magazine issue of November 2004. All articles are about computer security. Articles cover a wide range of subject from cryptography to .NET technology. After this, there was another really interesting article called The Security Risk Management Guide. It was written to help Microsoft?s client to type, build and maintain a security risk management program.

Always on the computer security subject but on another topic: passwords and pass phrases. There are 2 articles written by Jesper M. Johansson: Part 1 and Part 2, and another to come soon.

Finally there is the Security Application section of the .NET framework on MSDS that is always a good reading.

This is all I have to say on this today. Then good reading on Microsoft!

Google used by terrorists
The search engine that can save lives

Google is an information gathering engine; everybody knows the fact (it’s the definition of a search engine, but Google is a bit more). In the past, US Army had sensitive document leaks on Google. Theoretically terrorists were able to use it and get access to those same documents. Do they do it? No demonstrations of this have been done for the moment. We can think that they did, but I never had any confirmation of this.

But yesterday terrorists used Google to find information on a hostage. They used it to confirm his identity. By confirming his real identity, they saved his live. It seems that we can use Google to destroy things (by gathering information about bomb making or critical infrastructure information) but also to save lives. Is that true? Possibly. It demonstrates the new power of internet as an ease information gathering system that can be used for anything, by anybody, all around the world.

Google Desktop Part 2
The AIM logs problem

I was wandering around Google Desktop for another day. I was questioning myself of pros and cons of the usage of this product. The fan of my laptop is crying to death. Indexing finish after 3000 hits. If I reinstall the thing it stops after 10000 hits. It seems to have a problem of indexing; normal it’s a beta version.

I came along a new thing that I didn’t saw before. It’s in relation with the AIM. I’m not normally using it, I prefer MSN Messenger. Everybody knows that Google Desktop index all messages from AIM. It’s not really news in itself. The thing that most people don’t know is that if you turn off the logging property of your AIM it seems that Google Desktop index your messages anyway. Is anyone can confirm me this? It seems that there is no solution to the problem and that the only way to get rid of this bug is to uninstall Google Desktop.

There are some excerpts that I took on the webpage of the Google Desktop that seems to confirm this observation:

“…An AIM chat window for that person opens. If you’re not signed on to AIM, Google Desktop Search will try to sign you on…”

“…When you look at a web page, read an email, open or edit a file, or have an AIM chat, Google Desktop Search does two things. It indexes that item’s content so it can find the item later. It also copies the item’s content into its cache, so that you’ll be able to find and see long-finished chats and older versions of files and web pages…”

This is a problem because you don’t have any power on this. If you use Google Desktop you bypass the ability of AIM to don’t log conversations.

So, if they are doing this for AIM, they’ll probably also does it for MSN Messenger and further products that they will support.

There is a last question pending in my mind: Why are they doing this? Is this for future plans or only because they didn’t see this like this?

U.S. Spies on Chat Rooms
Probably a new way to get defense budgets

There are some thoughts I had when I read this article:

“Trying to monitor the sea of traffic on all the chat channels would be like assigning a police officer to listen in on every conversation on the sidewalk — virtually impossible.”

Sure that it’s virtually impossible but the question is: Is this legal? It’s another question with many more sense.

“The $157,673 grant comes from the National Science Foundation’s Approaches to Combat Terrorism program. It was selected in coordination with the nation’s intelligence agencies.”

Is the program will only be used for terrorists? Let me doubt about this.

“Security officials know al-Qaida and other terrorist groups use the internet for everything from propaganda to offering tips on kidnapping. But it’s not clear if terrorists rely much on chat rooms for planning and coordination.”

Will they put a “carnivore” program on every chat server of every programs availed on the internet and private ones programmed by Joe in his basement? Or will they put a bot on every channel they know of? If so, how will they intercept private conversations? If so, what will stop terrorists to create their own protocols and programs (possibly encrypted) to communicate between them? It’s a non-sense

“Because they are focusing on public chat rooms, authorities are not violating constitutional rights to privacy when they keep an eye on the traffic, experts said. Law enforcement agents have trolled chat rooms for years in search of pedophiles, sometimes adopting profiles making it look like they are young teens.”

In this case it’s probably a better idea to do cyber-infiltration of some terrorist groups than filtering traffic.

Seriously, do they really think that terrorists are as silly as they wish? Two things, or they take their dreams for reality (what I doubt) or they put another thing on the shoulders of terrorists to get budgets. It’s sure that terrorists are a world wide problem, but what I see now is that they use them to try to resolve other problems by the side. What thinker of law enforcement agencies are thinking about? Probably not what you think…

Seriously, they can’t think of things like this to arm terrorist organizations, it’s impossible. Go Infiltrate them; return back in the playground; stop losing your time in the cyberspace to try to stop terrorists…

Google Desktop
A new technology from Google; potential privacy issue for you

Today a great tool has been release by Google: The Google Desktop.

Now think about it. Someone do a program (legitimate or not). This program gets an access to the search index of the Google Desktop. He builds a distributed network with theses indexes. This distributed network can be browsed like the Kazaa network or any other distributed network. Think about the implication of such a network. Think about the information that you can search for. The perspective is awesome but also fearful. It’s probably an overview of the future world, fully networked and searchable.

Okay, comeback on earth. One problem is that it centralizes de information and made search really easy and fast. Problems can arise if anybody can have a physical access to your computer station. Then, your coworkers, boss or any other person can really easily search for a specific thing on your desktop. Have in mind that they need a physical access. It’s why doing a WindowsKey-L to lock your computer when you are not at your desktop station is a good security/privacy habit to have. As long as your computer is secure, you’ll not have any problem with the software.

One good point for your privacy is that you can choose what you want to include in the index. Go to your preference page and read the help to know how. Another one is that when he cache files he get a reference on it and don’t duplicate the information so if you delete the file he is no longer in the index file. It’s sure that there is possibly some information in the index but I doubt that this can cause problems. Finally you can manually remove individual items of the index when you perform search on it. Take in mind that Google add the information of the search result of google.com and the search result of your desktop when the browser gets the information back from Google. This said, Google never know what the search result was for your desktop, and then your privacy is safe.

I’ll do the same advice as the one I provided with the A9 post, be aware of what you are using on your computer. By the why I’m already converted to the Google Desktop and I’ll use it for sure (for the moment a less).