IT Security Ask the Experts: Top Queries for November, 2009

Find out what IT security quandries plagued readers last month.

Michael Goodwin on December 2, 2009

This Site was designed to be a clearing house for technical IT security queries. However, readers continue to submit a broad range of fascinating questions exploring the interface between technology, morality, security, ethics and sexuality - let alone employment opportunities within the IT security field, and requests for secret hacking tools. (Sorry, we do not give those out.)

Here are our top five queries for November, 2009:

Windows security center doesn't recognize my AV: Sean recently installed an anti-virus application, but Windows Security Center insists that his virus protection is turned off. Sean is not the only reader with this problem. We get variations in this query each month. The unhappy fact is that typically Windows Security Center fails to properly register third-party anti-virus apps and firewalls. The Experts advise that if you are sure your anti-virus protection is operating properly, do not be concerned about warnings from Windows Security Center. In case you are unsure, contact tech support to your AV app. Join the conversation here.

Facebook break in: Someone recently logged into Becky's Facebook account, posted defamatory statements and adjusted her password. How can she discover who did it? Facebook has not been helpful. Becky was ready to change her password but that's it. She also thinks that this person was reading her macmail. Is there any option to discover who last logged into her mobileme account or her Facebook page? She has a concept who may need done it, but no proof. Up to now there were no replies to Becky's query - and that is no surprise. Security for social networking sites is notoriously sloppy, and plenty of users are careless about creating and maintaining a "good" password. For instance, Becky notes that she "changed her passwork back." Bad idea, Becky. That password was already cracked; why restore it? The best way to maintain online security is to use a serious password (long, random alphanumerics) and make sure nobody learns it. Once the damage is done, don't expect much help from the site; if you're really serious about pursuing a hacker, you'll do best to hire a private investigator. Add comments here.

Biometrics: Allysia wonders whether biometrics is a fine technology for maintaining online security. Expert Robert Schifreen votes aye. Biometrics such as fingerprint recognition is generally considered quite secure, he observes, since it's much harder to imitate someone's fingerprint than it is to guess their password. The only problem with biometrics is that it's expensive to implement since it requires hardware capable of reading fingerprints, retinal patterns and other biometric input. Add your two cents here.

So nice you got to encrypt it twice: "Inquisitive" proposes an interesting scenario. Suppose you encrypt something with private key privA, then encrypt the result with private key privB, using PGP. Then you send it to a friend, and she decrypts with public key pubB then pubA. Will this make it impossible for people to crack the code since they won't know it's been encrypted twice? Even if they DO know it's been encrypted twice, wouldn't it still be a lot harder for them to decrypt? We've had a number of interesting replies on this one. As an example, Expert Luther reminds us that encrypted data isn't just a bunch of encrypted bits. It's stored in a well-defined, structured way so that it can be decrypted by the person with the right key. Encrypting twice may not add anything useful, he said. After all, in case you are assuming that someone can break PGP then it's reasonable to assume that they're exploiting some sort of flaw in the implementation in order that they could probably break it twice. Double-encyption might decelerate the method, but that's all. Cryptographers (amateur and professional) can join this thread here.

DDOS attack: Some queries raise more questions than they answer. Ben wrote recently to tell us that "lots of people" have threatened him with a DDOS (distributed denial of service) attack - but they do not follow through. He wonders if someone DOES follow through on it, whether his router will take the autumn rather than his computer? Our Experts are puzzled. How do these threats arrive? Who're these “many people” who're threatening Ben? And why are they bothering to threaten him in any respect? Why would they provide him a warning, in place of simply attacking him? And why would such a lot of people need to invest effort and time to get him off the web? While we look forward to enlightenment, you are able to read the comments and add your personal here.