Friday, May 08, 2009

.

The Internet, in New Scientist, parts 5 and 6

For the next installment in my series of comments on the New Scientist magazine series “Eight things you didn’t know about the internet”, we have two for one. Actually, not really: I’m going to skip part 5, “Is the net caught in the credit crunch?”, because I have nothing to say about it, and move right on to part 6, “Where are the net’s dark corners?”, by Ben Crystall. Here, we get into the discussions of malware and other Internet crime.

There are plenty of places online that you would do well to steer clear of. A brief visit to some unsavoury websites, for instance, could leave your computer infected with worms or viruses. Then there are the “black holes” to worry about.

On the malware side, I’ve said quite a bit already about web sites and email that try to infect your computer. The malware that’s gotten the most press recently, though so far its effects have been benign, is Conficker.

Network “black holes” shouldn’t be of direct concern to you, for the most part. Visiting a particular web site might cause your browser to appear dead, but it won’t affect your online experience beyond that: you can just go to another, legitimate web site and it will work fine. It’s possible, though, for an attacker to get a black-hole site into the Domain Name System or into routing tables, causing more extensive difficulty.

You’re more vulnerable to this sort of thing if you allow your computer (or iPhone) to connect to arbitrary wireless networks, which might themselves be black holes, or which might be attacked using black-hole techniques.

Then there’s the side of the Internet that tries to hide from you: the part that supports illegal activities. There are sub-networks for those engaged in buying and selling stolen credit-card numbers, leasing time on botnets, and the like. Rob Thomas gives an excellent presentation on this, and the corresponding paper, The Underground Economy: Priceless (PDF), is a good read.

For more about Internet crime and online security, let me point to two books:

  • Secrets and Lies: Digital Security in a Networked World, by Bruce Schneier
  • The dotCrime Manifesto: How to Stop Internet Crime, by Phillip Hallam-Baker

No comments: