Monday, February 15, 2010

Key Provisions of the USA Patriot Act

Section 201 -- Gives federal officials the authority to
intercept wire, spoken and electronic communications
relating to terrorism.

Section 202 -- Gives federal officials the authority to
intercept wire, spoken and electronic communications
relating to computer fraud and abuse offenses.

Subsection 203(b) -- Permits the sharing of grand jury
information that involves foreign intelligence or
counterintelligence with federal law enforcement,
intelligence, protective,immigration, national
defense or national security officials.

Subsection 203(d) -- Gives foreign intelligence or
counterintelligence officers the ability to share
foreign intelligence information obtained as part
of a criminal investigation with law enforcement.

Section 204 -- Makes clear that nothing in the law
regarding pen registers -- an electronic device
which records all numbers dialed from a particular
phone line -- stops the government's ability to
obtain foreign intelligence information.

Section 206 -- Allows federal officials to issue roving
"John Doe" wiretaps, which allow investigators to
listen in on any telephone and tap any computer they
think a suspected spy or terrorist might use.

Section 207 -- Increases the amount of time that federal
officials may watch people they suspect are spies or
terrorists.

Section 209 -- Permits the seizure of voicemail messages
under a warrant.

Section 212 -- Permits Internet service providers and
other electronic communication and remote computing
service providers to hand over records and e-mails
to federal officials in emergency situations.

Section 214 -- Allows use of a pen register or trap and
trace devices that record originating phone numbers
of all incoming calls in international terrorism or
spy investigations.

Section 215 -- Authorizes federal officials to obtain
"tangible items" like business records, including
those from libraries and bookstores,for foreign
intelligence and international terrorism
investigations.

Section 217 -- Makes it lawful to intercept the wire or
electronic communication of a computer hacker or
intruder in certain circumstances.

Section 218 -- Allows federal officials to wiretap or
watch suspects if foreign intelligence gathering is
a "significant purpose" for seeking a Federal
Intelligence Surveillance Act order. The pre-Patriot
Act standard said officials could ask for the
surveillance only if it was the sole or main purpose.

Section 220 -- Provides for nationwide service of search
warrants for electronic evidence.

Section 223 -- Amends the federal criminal code to provide
for administrative discipline of federal officers or
employees who violate prohibitions against unauthorized
disclosures of information gathered under this act.

Section 225 -- Amends FISA to prohibit lawsuits against
people or companies that provide information to federal
officials for a terrorism investigation.

Monday, January 25, 2010

What is Privacy Protection and the Law?

Privacy protection
Approaches to privacy can, broadly, be divided into two categories: free market and consumer protection. In a free market approach, commercial entities are largely allowed to do what they wished, with the expectation that the consumers will choose to do the business with the corporations that respect the privacy to a desired degree. If some companies are not sufficiently respectful of privacy, they will lose market share. Such an approach may be limited by lack of competition in the market, by enterprises not offering privacy options favorable to the user, or by lack of information about actual privacy practices. Claims of privacy protection made by companies may be difficult for consumers to verify, except when they have already been violated.
In a consumer protection approach, in contrast, it is acknowledged that individuals may not have the time or knowledge to make informed choices, or may not have reasonable alternatives available. This approach advocates greater government definition and enforcement of privacy standards.

What is Computer privacy???

The quality or condition of being secluded from the presence or view of others.
The state of being free from unsanctioned intrusion: a person's right to privacy.
The state of being concealed; secrecy.

Today, many people rely on computers to do homework, work, and create or store useful information. Therefore, it's important for the information to be stored and kept properly. It's also extremely important to protect computers from data loss, misuse and abuse. For example, businesses need to keep their information secure and shielded from hackers. Home users also need to ensure their credit card numbers are secure when participating in online transactions. A computer security risk is any action that could cause loss of information to software, data, processing incompatibilities or damage to computer hardware.

An intentional breach in computer security is known as a computer crime, which is slightly different from a cybercrime. A cybercrime is known as illegal acts based on the Internet and is one of the FBI's top priorities. There are several distinct categories for people that perpetrate cybercrimes, and they are: hacker, cracker, cyberterrorist, cyberextortionist, unethical employee, script kiddie and corporate spy. A hacker is defined as someone who accesses a computer or computer network unlawfully. They often claim that they do this to find leaks in the security of a network.

Monday, January 18, 2010

Who are the computer criminals and what are their objectives?

Computer criminals are also called cybercriminals. Their Obejectives are: hack a system,steal important datas and even installed a virus on your computer. Or they can also hack the government website, or they can even hack bank accounts and steal all the money.

Zero day attack!

Zero day attack, also known as a zero hour takes advantage of computer vulnarabilities that do not currently have a solution. Typically, a software company will discover a bug or problem with a piece of software after it has been released and will offer a patch-another piece of software meant to fix original issue. A zero day attack will take advantage of that problem before a patch has been created. It is named zero day because it occurs before the first day the vulnerability is known.

- For example, there was an zero day attacked on Nov. 09, 2006. It was a part of Windows called the XMLHTTP Activex Control. When an web browser pop up an infected web page in the internet explorer, it called the Activex Control, which would helpep the attacker to cause a buffer overflow. It may able the attackers to download spyware and steal data.

Monday, January 4, 2010

If i was hired an IT security consultant to fix the security problem of a manufacturing company with a budget of $1 million within 90 days. The first thing that im gonna do is to gather the information and data's about the illegal access of the hacker to the company's security. And then i would conduct an investigation about the hacking system being used by the hackers with the help of some person who is knowledgeble about hacking, have a brief discussion for the ways on how to block the used system and may also track down the hacker. If that will worked, it is time to take some action to look for the damage data systems in order to take some action on fixing it.

Friday, December 11, 2009