Monday, April 18, 2011

Guest Post - Michael Senatore

Fortalice® Intern:  Michael Senatore
Topic:  Cookies

Since the creation of the internet, “cookies” have been used to monitor the activities of consumers on the web, but what exactly is the need for cookies and how do they work?

Internship Outline:  #3
Version 1.0
Date:  09 April 2011

Cookies were first introduced to the internet as a method for web pages to remember a visitor.  They were used to store things such as passwords, user names, or the contents of an online shopping cart after a browser leaves a certain page.  So when a browser returned to a page, they would not have to re-enter their password or refill their shopping cart.  Through the use of cookies, the web page would remember their previous visit and it would be like they never left the page in the first place.  However, as the internet has continued to develop so have cookies.  Now they are shared amongst linked web pages to help profile users and track their movements over the world wide web.

Cookies are best described as a piece of text stored on a user’s computer by their web browser.  When Lou Montulli, a well known web browser producer, first introduced cookies to the internet in 1994, they were originally intended to make the web browsing experience easier for the user by implementing a virtual shopping cart.  With the ability of a website to remember specific visitors through cookies, the site could store and remember what the visitor was shopping for.  Even after leaving the site, the user could return and pick up right where they had left off, making the internet shopping experience much more user friendly.
As cookies progressed and developed further, they began to take on new tasks, such as remembering the user names and passwords of users, making signing into websites much easier.  However, as the general public became more aware of cookies throughout the late 1990’s, their downside began to surface.  In 1996, cookies began to receive media attention due to their potential privacy issues.  If web sites can store information about specific users, what else are they capable of keeping tabs on?  And furthermore, in what other ways is this information being used?

Strategic Planning Assumptions
-For personal use, people using the internet will have to decide what is more important to them, simplicity or privacy?
-In the near future, companies will undoubtedly make their employees use an internet browser that disables cookies.  For a business, not protecting a customers personal information could lead to major legal problems.  This possibility can be eliminated by disabling cookies.
-If restrictions to cookies become common place on the internet, the Internet Advertising Bureau will be forced to make major changes to the way they obtain information about internet users.  This could potentially alter the entire structure of internet advertising as we know it today.

Throughout the development and advancement of cookies they have continued to take on more tasks and responsibilities.  Where they were originally intended to make the web browsing experience easier, many would now question their impact on privacy.  With the different types of cookies being used by web browsers on the internet today, an individual’s personal preferences are now not only being stored, but also being shared amongst different websites.  For instance, third party cookies are now something that all internet users should be aware.  Third party cookies have introduced the idea of behavioral targeting, by allowing different sites to share the stored information from cookies.  For instance, when users are researching Barrack Obama on one site, and then they visit another site and an ad pops up selling a Barrack Obama biography, they have been the victim of a third party cookie.

The easiest way to get rid of cookies and prevent behavioral targeting is to delete the cookies currently on your personal computer.  Cookies are essentially just a text file that is stored so deleting them is pretty simple.  They do not have the same properties as viruses so they do not replicate themselves, however some new types of cookies do have the ability to fight against being deleted.  Flash cookies for instance, have the ability to spawn new cookies once deleted without the user ever knowing.  Ultimately, the most effective way to minimize cookies on your personal computer is through the settings in your internet browser.  By selecting the option to “disable cookies completely,” a person can rid their personal computer of cookies.  However, this also eliminates the positives of cookies, such as remembering user names and passwords.

-Enabling cookies makes surfing the web much easier and provides a more satisfying user experience.  Cookies help to eliminate the process of repeatedly inputting information to websites that a user frequently visits.

-At the same time these cookies are monitoring the activities and interests of individual users.  Also, personal information such as an address or phone number can be stored and shared through cookies.

-Restrictions on cookies have not gone unchallenged.  The Internet Advertising Bureau, which generated ad spending of about $20.12 billion in 2010, contends that they would not survive with a prior consent rule set in place.

-Other websites such as,, and contend that a prior consent rule would be costly and disruptive “to the detriment of website users.”

Key Findings
-Cookies are continuously being developed and altered to more effectively track the activities of individual internet users.  Flash cookies make deleting cookies off your computer more difficult while third party cookies are shared amongst different advertising websites to more effectively appeal to a person’s interests.

-Currently cookies are a hot button issue.  Most of the major web browsers such as Firefox and Internet Explorer are in the process of developing a regulated “do not track” tool.

-The European Union is also working on a mandate that would force web browsers to obtain consent before tracking users through cookies.  This however is currently still in the court systems due to different countries interpreting the laws differently.  The debate is over whether internet users should have to opt in (agree to cookies) or opt out (deny them.)

-Enable the “disable cookies completely” option for your web browser.  Doing so will eliminate cookies from your personal computer and keep your personal information private.  This will require you to repeatedly enter user names and passwords, but ultimately those extra few seconds are not as important as keeping your personal information private.

-Educate yourself with the current state of cookies.  Currently the issue of cookies and internet privacy is up for debate amongst all of the major web browsers.  By staying up to date you can ensure that you will not fall victim to the latest version of cookies.

-Know your web browser.  Get familiar with its options and capabilities.  Apple’s newest web browser, Lion, which will be released this summer will have a “do not track” privacy tool.  Internet Explorer and Firefox on the other hand, are still implementing a similar option.


“Apple Adds Do Not Track Tool To New Browser.”  Nick Wingfield.  April 14, 2011

“EU Chews On Web Cookies.”  Paul Sonne and John W. Miller.  November 22, 2010.

“A Guide To Cookies.”  Christina Tsuei.  July 30, 2010.

“Cookies Cause Bitter Backlash.”  Jennifer Valentino-Devries and Emily Steel.  September 19, 2010.

Guest Post - Michael Senatore

Intern:  Michael Senatore
Topic:  Mac OS vs. PC

Viruses and malware infecting Apple computers are on the rise and becoming increasingly problematic, leaving many asking the question, “Are Mac’s really more secure than PC’s?”

Internship Outline:  #2
Version 1.0
Date:  05 March 2011

For years there has been an ongoing debate between not only Mac and PC users, but security analysts alike about which platform is more safe and secure.  Up until the past few years 99.9% of people would have said hands down, it was Mac that was the safest.  However over the last three to four years, the tides have changed to say the least.  Many would now argue that PC’s have surpassed the Mac in terms of security.  Naturally, the truth of the matter lies somewhere in the middle, as Macs are more safe but PCs are more secure.  Never the less, the debate continues to rage on.

For starters I think it is necessary to establish exactly what the difference is between safety and security.  Most people would think there wasn’t one; that the two go hand in hand, which actually is true.  However at the same time, there is a discernible difference.  The easiest way to examine the difference is to give an example.  What is more secure, a Honda Accord or an Army tank?  Obviously the Army tank is more secure in every way imaginable.  But what is safer, a Honda Accord driving through Nowhere Town, USA or an Army tank in the midst of a battle in Afghanistan?  In this instance you can forget about the security of the tank because undoubtedly the Honda Accord is the safer of the two vehicles.  In both examples, the Honda is the Mac and the tank is the PC.
This issue is currently at the forefront of the internet securities field, which is why I feel it is a pertinent matter to discuss.  With the current success of Apple and their products, the debate between Mac and PC continues to pick up steam.  As a consumer, the ability of an operating system to protect itself is a major topic of concern.  It is also one of the major selling points when a person is deciding to buy a computer.  For the casual home computer, the customer wants a secure platform that will help them to avoid the constant headaches of malware and other infectious viruses.

-According to Charlie Miller, a principle analyst at Independent Security Evaluators, “Technologically speaking, PCs are a little more secure than Macs.  Macs have a larger attack surface out of the box.  This means Macs have more vulnerabilities, and it’s easier to turn a vulnerability into an exploit on the platform.  Despite the fact it is less secure, paradoxically, Macs are actually safe to use for most people.”
-Due to their insufficient security protocols compared to Microsoft, Apple products may show their vulnerability in the upcoming years.
-Where Microsoft has been lauded for their concerted efforts towards improved security, Apple is often criticized for ignoring these issues.

Thanks to the fact that Macs still lack some anti-exploitation technologies found in PCs, like full ASLR (Address Space Layout Randomizaton), they are not quite as secure.  ASLR randomizes the location where system executables are loaded into memory, which prevents malware looking for certain files in specific memory locations from being able to run its exploit.  This is just one example of a vulnerability of the Mac OS X, and to a hacker, vulnerabilities are almost like an invitation.  Microsoft has simply done more in terms of inherent security features than Apple.  Also, in the development of Internet Explorer 8, Microsoft is showing an extremely diligent commitment to security.  They have brought in teams of security professionals to look at their codes, leading to a more secure product.
Furthermore, the Mac OS X has a large attack surface consisting of open source components, closed source third party components, and closed source Apple components.  Viruses and bugs in any of these areas can lead to remote compromise.  Charlie Miller claims, “Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town.”  Once again there is a very fine line between the ultimate successes of these two operating systems when it comes to warding off security issues.

-57% of Mac users feel they can safely navigate the web without a need for anti virus protection.
-According to an ESET (Essential Security against Evolving Threats) survey, both Mac and PC users perceive Macs to be a more secure operating system.
-The same ESET survey showed that Mac users are victims of cyber crime just as frequently as PC.
- Although the Mac OS may be safer to use at the present time, this mentality is very problematic and will most likely fester into a bigger problem for Mac users in the next three to five years.
-If you gave a teenager a Mac for a week and a PC for a week, most likely the PC would come back with more security issues.  This is an example of why the most influential contributor to this issue is the person using the computer.

-The bottom line is that although PC’s may be more secure, Mac’s are currently the safer platform when it comes to surfing the web.
-PC operating systems have utilized ahead of the curve technologies such as ASLR to make their platform more secure.
-PC has made a concerted effort in the fight against malware by hiring outside security consulting firms to test their codes and systems for vulnerabilities.

-The safest way to navigate the web is to play it safe and use common sense.  Do not download programs and files from unknown sources.
-Stay educated on the issue of operating system security. Knowledge of the signs of unsafe internet sites will go a long way.  Being able to recognize these signs is another key aspect of keeping your operating system clean.
-Keep your computer up to date with security protocols and anti virus programming.  Take advantage of the updates that your operating system will provide for you.


“In their own words:  Experts weigh in on Mac vs. PC security.”  Elinor Mills.  February 1, 2011.

“Mac OS X backdoor Trojan, now in beta?”  Chester Wiesnewski.  February 26, 2011.

“Mac OS X:  ‘safer, but less secure.’”  Dave Courbanou.  March 18, 2010.

Guest Post - Intern Stephanie Graziano

Intern: Stephanie Graziano
Topic:  Identity Theft

It’s strange to think that there could be another you in this world, but in today’s world it’s not impossible.
The FTC (Federal Trade Commission) estimates that approximately 9 million Americans have their identify stolen each year.

Internship Outline #3
Version 1.0
Date: 8 April 2011

Identity theft occurs when someone uses your own identifying information as their own. They can use a social security number or a credit card number without your permission to commit a crime or fraud. The FTC (Federal Trade Commission) estimates that approximately 9 million Americans have their identify stolen each year.

I myself was a victim of identity theft last summer. I received a strange letter in the mail from a local banking chain, that I had no affiliation with, telling me that I was overdue on payments. I spoke with my Dad about the letter and we decided we needed to look into this letter further. After speaking with a bank representative the next day, I found out that someone living two hours north of me in Connecticut used my social security number to withdraw a loan from the bank. I proceeded to go online and check my credit statements to see what actions had been taken. I used the three credit report companies, Equifax, Experian and Transunion. When I printed out the credit statements there was about fifty pages worth of actions under my social security number that in fact were not mine, and a total debt of $76,000. The most shocking of all the actions was where it said I took out a $40,000 college loan… I was 8 years old at the time the loan was taken. It took about two months, working with my father and our local police department, to restore my credit statements to the way they should be.

  I feel that it is important for every person to keep updated on their own personal credit check. If I had not caught this issue last summer, I would have had a very hard time applying for jobs after graduating or even taking out a loan if needed. I now receive weekly emails from Experian, Equifax and Transunion making me aware if there have been any strange actions in my accounts.

Creating accounts with the three leading credit check companies to receive annual credit reports and records. (Equifax, Transunion and Experian)
When hiring, do elaborate backgrounds checks on possible employees.
When at work, companies should not allow employees to explore Internet sites which are not affiliated with the company tasks. Limit Internet access to restrain employees from getting into trouble.

Identity thieves can take another person’s information and rent apartments, open credit cards and establish telephone records under the victim’s name. Some victims can resolve their identity theft quickly, while other can spends up to two years, as well as hundreds of dollars, clearing their records. Many victims of identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of fraudulent charges on their credit reports. In rare cases, victims even are arrested for crimes they did not commit.

It has been researched that young people are more vulnerable to identity theft because they are online more, share more information often and are less careful with their information. For example, college students living in school housing such as dorm rooms and apartments may be at fault for leaving their information vulnerable without knowledge. Their information and personal belongings make be unsecured and an easy target.

Financial histories and credit records can suffer from identity theft. 85% of Identity theft victims report loss or misuse of one or more accounts.
The amount of time and money needed to re-establish identity, credit and clear your name.
Businesses, particularly in credit and financial fields, also suffer financial losses from ID theft. A business can suffer from lost time and productivity when the victim is an employee.
Re-establishing a legal identity, including social security number, passport, tax records and even military records.
Once your identity is out on the “black market” you are more vulnerable to following attacks.

Stealing someone's identity to acquire -- and use -- new credit cards has become one of the most popular white-collar crimes today, according to fraud investigators from across the country.
This year alone more than 500,000 Americans will be robbed of their identities...with more than $4 billion stolen in their names.
Experts report that a victim can spend anywhere from six months to two years recovering from identity theft.
Most people don't find out they have been a victim of a stolen identity until they are turned down for a loan or credit card. A copy of their credit report explaining the denial may unveil weeks or months of fraud.

When setting up Internet accounts, be sure to create “strong” passwords with more characters (combinations of letters, numbers, special symbols, upper and lower cases). It will help protect your information if you create a password that is hard for others to know.
Always ensure that the URL of the site you are using is the correct URL. If you are ever not sure of the exact URL, type it into Google and then enter the site with the link from Google. This will help ensure that you do not enter a hacker’s site.
Never enter any financial information or other sensitive information into any website that does not use the secure “https” protocol (note the “s” added to “http”). When buying over the Internet with a credit card or otherwise, if a site does not use https, do not use it.

“ID Theft Red Flags” By: Lankford, Kimberly. July 2010