Can the government see what Web sites I visit?

Imagine you're shopping at a mall. You browse different stores, make a few purchases and move on. Then, you notice that a man you don't know seems to be following you. You even catch a glimpse of him taking notes on what you're looking at and buying. The entire time you've been shopping, you've been spied on!

Many people fear that a similar thing is happening on the Web. They're worried that someone, usually the government, is recording and analyzing their Web browsing activity. They argue that these acts are an invasion of privacy. Are they right to be worried? Can the government keep track of all the Web sites everyone visits, and would it be able to act on that information?

Laptop Image Gallery

©iStockphoto/Angel Manuel Herrero
Good try, but a ski mask offers little protection from online scrutiny. See more laptop pictures.

It's easy to understand why some people are worried. The United States Patriot Act expands the government's ability to perform searches and install wiretaps. It doesn't seem like a big stretch to add tracking people's Internet activity to the list. These people fear that they'll be spied on whether they've done anything to justify it or not.

Big Brother's Browser People who worry that the government is tracking their Web activities sometimes use the adjective Orwellian. The word means invasive and totalitarian, and it's named after author George Orwell, who wrote the book "1984." In that novel, a government known as Big Brother controls nearly every aspect of citizens' lives.

In some ways, fear about the government's ability to keep tabs on Web activities has reached the level of a conspiracy theory. In the most extreme version of the theory, the government is tracking not only Web site activity, but also is building a database of potential suspects for crimes ranging from corporate sabotage to terrorism. Other theories don't go that far, but still suggest the government is treating everyone like a suspect -- even if people aren't doing anything illegal or questionable.

­

Europe Looks for a Peer-to-Peer TV

An open-source P2P project to compete with BitTorrent, Joost, and IPTV. IEEE Spectrum reports.

content provided by John Blau, IEEE Spectrum

The same kind of peer-to-peer file sharing that made Napster famous -- and infamous -- is being used in a new research project in Europe that aims to pipe TV programs over the Internet.

As part of the P2P-Next project, engineers from several European universities, research institutes, broadcast networks and manufacturers have agreed to pool their expertise to develop a file-sharing system, based on free open-source software.

The system could someday allow users connected to the Internet to deliver videos from anywhere to anywhere -- and to any number of people throughout the world.

The four-year project, which has attracted more than 20 member organizations, including the British Broadcasting Corp., Delft University of Technology, in the Netherlands, and STMicroelectronics, will receive $29 million from the European Union under its Seventh Framework Program, with another $5 million to come from the project partners.

The goal is to develop not only an entirely open P2P platform for delivering video on demand and live webcast streaming services but one that is also legal, secure and reliable, according to Johan Pouwelse, a professor at Delft University and scientific director of the P2P-Next project.

---

More From IEEE Spectrum:
Digital Dilemma
Does China Have the Best Digital Standard on the Planet?
The Dawn of Digital Television

---

Powering Forward with P2P

The project reflects a growing European interest in Internet-based television, including pioneering work by the state-owned Norwegian Broadcasting Corporation, which has launched a hugely successful TV series delivered via P2P.

Internet video companies like YouTube could someday benefit from the new technology, Pouwelse says, "Instead of having every bit come from their own central servers, which is costly, they could use P2P to reduce their bandwidth costs."

Unlike broadcasters, which beam shows from radio masts to home antennas, or cable-TV networks, which send content down a coaxial cable to set-top boxes in a similar broadcast fashion, Internet-based TV providers like YouTube require users to connect to central content servers to fetch programs.

Flipping the Switch from Cable to Internet

Replacing broadcast and cable TV service with the Internet would require many more servers, not to mention strain content suppliers to provide sufficient bandwidth to transmit the content. P2P technology, according to Pouwelse, tackles this problem by sharing storage and transmission tasks with all enabled users.

However, the initiative competes against Joost, a commercial Internet TV start-up that largely uses proprietary P2P technology developed by the same two Scandinavian entrepreneurs who launched the Kazaa music file-sharing exchange and the Skype voice over Internet Protocol (VoIP) service. There are also numerous commercial Internet Protocol TV offerings now available from European telecommunications firms, mostly based on technology from Microsoft. Both services have been off to a bumpy start.

Setbacks and Challenges

Joost, which introduced commercial service last year, has suffered some technical glitches, resulting in frequent downtimes, particularly in March. Users also complain of excessive advertising, which many view as disruptive. Rumors are afloat that the venture could be on its last legs.

IPTV has also proven a challenge for many telcos in Europe and beyond. Initial hiccups in deploying Microsoft technology forced a few operators in Europe, such as Swisscom, to delay service; others, including Deutsche Telekom, have yet to find the right business model.

"IPTV is a telco approach with dedicated hardware, a closed business environment and walled gardens," Pouwelse says. "And although Joost uses some open-source for minute components, it's largely proprietary technology. P2P-Next is entirely open to all who want to use it. The system offers more choice and a nearly cost-free way for broadcasters to distribute content."

Delft University, for instance, is contributing its Tribler technology as a core component of the planned P2P-Next system, according to Pouwelse. Tribler, which stems from the word "tribe" and refers to its usage of social networks, is a client application based on an open-source implementation of the BitTorrent communications protocol.

Chomping at the BitTorrent

BitTorrent, widely used today for downloading TV shows from the Internet, is designed to distribute large amounts of data without the original distributor having to pick up the entire tab for hardware, hosting and bandwidth costs. Through the protocol, each recipient delivers pieces of data to other recipients, thereby reducing the cost and capacity burdens on any one individual.

Currently, BitTorrent traffic accounts for around 49 percent of traffic on the Internet backbone, of which nearly 50 percent is TV programming, according to Ipoque, a German company that specializes in monitoring Internet traffic.

For years, P2P has been a key technology for content pirates, offering an efficient way for them to share files. Hollywood hated it -- until last year when BitTorrent's co-founders decided to go commercial.

In a move to win over the studios, as well as publishers of videos, games and software, co-founders Ashwin Navin and Bram Cohen added digital rights management technology to protect content and closed the door to open-source development.

Fox, MTV, Paramount and Warner Brothers have since become supporters of BitTorrent's new commercial service.

Pouwelse believes that the move by BitTorrent's founders to sever ties with the open-source community will, in the long run, undermine further development of the technology, and that licensing fees will deter others from using the commercial application. Fortunately, some components of BitTorrent remain open to implement, he adds, and ventures including P2P-Next are using these to build new systems.

From TV, to PC -- and Beyond

Another advantage of P2P-Next over Joost is its "zero use" of servers, according to Pouwelse. The system will allow any type of Internet-connected device to participate, he says, adding that the venture will begin with PCs and expand later to other devices.

"By distributing all functionality, we are aiming for unbounded scalability," Pouwelse says.

What worked for one hugely successful P2P start-up may not work for all. With its largely proprietary and somewhat centralized approach, Skype is arguably the most successful P2P VoIP product in the world. The venture found a niche and successfully exploited it. Its business case is now under attack by telephone companies rolling out national and international flat-rate fees. The verdict on Joost is still out.

It's still too early to assess the chances of success for the P2P-Next initiative. Numerous European collaborative research projects have failed or underachieved because of rigid bureaucracy, cross-border rivalries, intercultural differences, or varying opinions on direction. Pouwelse is also honest enough to admit to the various problems inherent to P2P.

"The challenge of P2P is to turn something that can be unreliable and potentially malicious into something that is reliable and trustworthy and works," he says.

Nevertheless, Pouwelse believes that the initiative's approach -- "open source, open papers and open comments" -- could provide a big boost to the project in particular and to the use of P2P technology in general to deliver next-generation Internet TV services.

Others are equally optimistic.

"It's a test bed for new ideas, allowing us to collaborate with colleagues across Europe and to hone and develop technology that could help shape TV of tomorrow," writes George Wright, executive producer of the Rapid Development Unit within BBC's Future Media & Technology group, in a blog on the BBC Web site.

Pouwelse puts it another way. "This is really about who will define and deliver the TV standard of the future," he says.

John Blau writes about technology from Dusseldorf, Germany. For IEEE Spectrum, he explained German resistance to carbon caps on European cars and for IEEE Spectrum Online he describeda low-power processor for a disposable wireless vital-signs monitor. The views expressed are the author's alone and do not represent the official position of Discovery Communications.

Sality.AO, a virus that takes us back to the future

Sality.AO is a virus that combines the features of traditional viruses (infecting files and damaging as many computers as possible to achieve notoriety for creators) with the objectives of new malware, i.e. generating financial returns for cyber-criminals. PandaLabs, Panda Security’s malware detection and analysis laboratory, has noted an increase in the number of infections caused by this malware over recent days, as well as new variants using the same techniques. It is therefore advising users to be on their guard against a possible massive attack.

Sality.AO uses some techniques which haven’t been seen for years, such as EPO or Cavity. These techniques relate to the way in which the original file is modified in order to infect it, making it more difficult to detect these changes and to disinfect it. EPO allows part of a legitimate file to be run before infection starts, making it difficult to detect the malware. Cavity involves inserting the virus code in blank spaces within the legitimate file’s code, making it both more difficult to locate and to disinfect infected files.

These techniques are far more complex than those that can be achieved with automatic malware creation tools, which have been responsible for much of the increase in the number of threats in circulation recently. They require much greater skill and knowledge of malicious code programming.

In addition to these techniques related with early malware, Sality.AO includes a series of features associated with new malware trends, such as the possibility to connect to IRC channels to receive remote commands, potentially turning the infected computer into a zombie. Such zombie computers can be used for sending spam, distributing malware, denial of service attacks, etc. Similarly, infections are not just restricted to files, as was the case with old viruses, but also look to propagate across the Internet, in line with new trends. To this end, it uses an iFrame to infect PHP, ASP and .HTML files on the computer. The result is that when any of these files are run the browser is redirected, without the user’s knowledge, to a malicious page that launches an exploit against a computer in order to download more malware. But that is not all. If any of the infected files are posted on a Web page –and bear in mind these file types are typically uploaded to the Web-, any users downloading the files or visiting the Web pages will become infected.

The file downloaded through this technique is what PandaLabs refers to as hybrid malware, as it combines the functions of Trojans and viruses. The Trojan, in addition, has downloader features for downloading other strains of malware to the computer. The URLs used by this downloader were still not operative at the time of the PandaLabs analysis, but they could become active as the number of infected computers increases, according to Panda Security’s laboratory.

“As we forecast in our annual report, the distribution of classic malicious code such as viruses will be a major trend in 2009. The use of increasingly sophisticated detection technologies like Panda Security’s Collective Intelligence, capable of detecting even low-level attacks and the newest malware techniques, will make cyber-crooks turn to old codes, adapted to new needs. This means they won't be viruses designed simply to spread or damage computers, as they were 10 years ago, but will be designed, such as in this case, to hide Trojans or turn computers into zombies”, warns Luis Corrons, Technical Director of PandaLabs.

Source: www.pandasecurity.com

What is a Web Forgery? What is Phishing?

Web Forgery (also known as “Phishing”) is a form of identity theft that occurs when a malicious Web site impersonates a legitimate one in order to trick you into giving up sensitive information such as passwords, account details, or credit card numbers. Phishing attacks usually come from email messages that attempt to lure the recipient into updating their personal information on fake, but very real looking, Web sites. More information on phishing can be found at the Anti-Phishing Working Group, and there are a number of examples and resources available at the Wikipedia Phishing page.

Default gateway

A gateway is a node (a router) on a computer network that serves as an access point to another network.
A Default Gateway (Def.GW) is the node on the computer network that is chosen when the IP address does not belong to any other entities in the Routing Table.
In homes, the gateway is usually the ISP-provided device that connects the user to the Internet, such as a DSL or cable modem.
In enterprises, however, the gateway is the node that routes the traffic from a workstation to another network segment. The default gateway is commonly used to be the node connecting the internal networks and the outside network (Internet). In such a situation, the gateway node could act as a proxy server and a firewall. The gateway is also associated with both a router, which uses headers and forwarding tables to determine where packets are sent, and a switch, which provides the actual path for the packet in and out of the gateway.
In other words, it is an entry point and an exit point in a network.
Usage
A default gateway is used by a host when an IP packet's destination address belongs to someplace outside the local subnet (thus requiring more than one hop of Ethernet communication). The default gateway address is usually an interface belonging to the LAN's border router.

Applications affected by NAT

Some Application Layer protocols (such as FTP and SIP) send explicit network addresses within their application data. FTP in active mode, for example, uses separate connections for control traffic (commands) and for data traffic (file contents). When requesting a file transfer, the host making the request identifies the corresponding data connection by its network layer and transport layer addresses. If the host making the request lies behind a simple NAT firewall, the translation of the IP address and/or TCP port number makes the information received by the server invalid. The Session Initiation Protocol (SIP) controls Voice over IP (VoIP) communications and suffers the same problem . SIP may use multiple ports to set up a connection and transmit voice stream via RTP. IP addresses and port numbers are encoded in the payload data and must be known prior to the traversal of NATs. Without special techniques, such as STUN, NAT behavior is unpredictable and communications may fail.
Application Layer Gateway (ALG) software or hardware may correct these problems. An ALG software module running on a NAT firewall device updates any payload data made invalid by address translation. ALGs obviously need to understand the higher-layer protocol that they need to fix, and so each protocol with this problem requires a separate ALG.
Another possible solution to this problem is to use NAT traversal techniques using protocols such as STUN or ICE or proprietary approaches in a session border controller. NAT traversal is possible in both TCP- and UDP-based applications, but the UDP-based technique is simpler, more widely understood, and more compatible with legacy NATs. In either case, the high level protocol must be designed with NAT traversal in mind, and it does not work reliably across symmetric NATs or other poorly-behaved legacy NATs.
Other possibilities are UPnP (Universal Plug and Play) or Bonjour (NAT-PMP), but these require the cooperation of the NAT device.
Most traditional client-server protocols (FTP being the main exception), however, do not send layer 3 contact information and therefore do not require any special treatment by NATs. In fact, avoiding NAT complications is practically a requirement when designing new higher-layer protocols today.
NATs can also cause problems where IPsec encryption is applied and in cases where multiple devices such as SIP phones are located behind a NAT. Phones which encrypt their signaling with IPsec encapsulate the port information within the IPsec packet meaning that NA(P)T devices cannot access and translate the port. In these cases the NA(P)T devices revert to simple NAT operation. This means that all traffic returning to the NAT will be mapped onto one client causing the service to fail. There are a couple of solutions to this problem, one is to use TLS which operates at level 4 in the OSI Reference Model and therefore does not mask the port number, or to Encapsulate the IPsec within UDP - the latter being the solution chosen by TISPAN to achieve secure NAT traversal.
The DNS protocol vulnerability announced by Dan Kaminsky on 2008 July 8 is indirectly affected by NAT port mapping. To avoid DNS server cache poisoning, it is highly desirable to not translate UDP source port numbers of outgoing DNS requests from any DNS server which is behind a firewall which implements NAT. The recommended work-around for the DNS vulnerability is to make all caching DNS servers use randomized UDP source ports. If the NAT function de-randomizes the UDP source ports, the DNS server will be made vulnerable.

NAT and TCP/UDP

"Pure NAT", operating on IP alone, may or may not correctly parse protocols that are totally concerned with IP information, such as ICMP, depending on whether the payload is interpreted by a host on the "inside" or "outside" of translation. As soon as the protocol stack is climbed, even with such basic protocols such TCP and UDP, the protocols will break unless NAT takes action beyond the network layer.
IP has a checksum in each packet header, which provides error detection only for the header. IP datagrams may become fragmented and it is necessary for a NAT to reassemble these fragments to allow correct recalculation of higher level checksums and correct tracking of which packets belong to which connection.
The major transport layer protocols, TCP and UDP, have a checksum that covers all the data they carry, as well as the TCP/UDP header, plus a "pseudo-header" that contains the source and destination IP addresses of the packet carrying the TCP/UDP header. For an originating NAT to successfully pass TCP or UDP, it must recompute the TCP/UDP header checksum based on the translated IP addresses, not the original ones, and put that checksum into the TCP/UDP header of the first packet of the fragmented set of packets. The receiving NAT must recompute the IP checksum on every packet it passes to the destination host, and also recognize and recompute the TCP/UDP header using the retranslated addresses and pseudo-header. This is not a completely solved problem. One solution is for the receiving NAT to reassemble the entire segment and then recompute a checksum calculated across all packets.
It may be wise for the originating host to do MTU Path Discovery (RFC 1191) to determine what MTU will go to the end without fragmentation, and then set the "don't fragment" bit in the appropriate packets. There is no totally general solution to this problem, which is why one of the goals of IPv6 is to avoid NAT.