Like many, I often have to give details of a valid email address, to which I will be sent the login details I need for a particular service. I know that many times this will lead to lots of spam as my details are passed or sold on. To that end I have a number of ‘throw away’ email accounts, which I have setup to be used just for this purpose. It works well, but I have often wondered if there is a better alternative – and there is.
I have found Mailinator. This is far from a standard email. To begin with you do not need to register to use the account. You can use any name you wish, they say every possible name has already been registered (of course not). Your choice of name is important, more later. There is no security, none of the email accounts on the system has a password, and you can look at other people’s email. Perhaps I am not selling it to you correctly, lets go through a scenario and see how it works.
I would like to register at a site in order to download a piece of software, let’s call the site Pancea Software. As part of the registration I must provide a valid email address to which they will send my password and link to use the site. No problem, I just give my email address as email@example.com. Having, registered to download the software with Panacea Software I visit http://www.mailinator.com. In the top left of the page I type in the name I used, and click ‘Go’. The system shows me any emails for that account, and I can collect my new password and link to the download area of Panacea Software.
The email address at Mailinator, which you just created and instantly used, will only hold a maximum of ten emails and will automatically delete them after ‘a few hours’. What about your choice of name (I said I would come back to this). This could be a problem if you use the name ‘firstname.lastname@example.org’. There will be several thousand other ‘bob’s out there using the same account. Try to choose something unique, and chances are your emails will be long deleted before anyone else finds them.
So, back to our scenario. When registering your email address with Panacea Software you chose to use email@example.com. It is extremely unlikely that anyone else will be using that name, or will come across it accidentally. But, I hear you cry, your login ID and password for Panacea Software is potentially available for others to see. First, you would not use this system for your bank account or anything which was vital. Second, you now log in to your account at Panacea Software and change the password they sent you.
Three other things to note. All attachments are stripped from incoming emails, other domains can be used (if mailinator becomes better known) and you are unable to send from this account (just receive).
Why use Mailinator ? As they say on their web site, “Give it out. Use it in web forms. Post it on forums. Use it any time you need an email address, but don’t want to be slowed down by the sign-up process or spammed for eternity.” You were able to instantly create an email account, as there was no lengthy registration process, it created an email address which you don’t care what happens to it (you don’t own it after all) and it was a case of create, use and throw away.
Research by Prof Roy Maxion of Carnegie Mellon University claims to be able to tell a great deal about a person by the way they type. His research claims that “As soon as you type ten numbers or letters he can work out your sex, your culture, your age and whether you have any hand injuries.” He believes that this can be achieved with a 95% accuracy.
In the UK, where Prof Maxion is an Associate Professor at the University of Newcastle, it is hoped research based on these findings will be able to identify paedophiles posing as children on social networking sites. Phil Butler, head of the university’s Cyber Crime and Computer Security department and a former Northumbria Police Detective chief inspector, believes the new technique has the potential for being a valuable weapon in their arsenal. He states, “We’re looking at the application of the research, particularly in relation to internet grooming. If children are talking to each other on Windows Live or MSN Messenger, we are looking at ways of providing the chatroom moderators with the technology to be able to see whether an adult is on there by the way they type.”
The university is planning to submit a proposal to the Engineering and Physical Sciences Research Council to fund further research. It is thought the technology could also be used to prevent fraud at devices such as cash machines.
For many years the Swiss Army Knife has been the pocket tool which has everything – including the tool for getting stones out of horses hooves. For some while it has come with a memory stick, but it has now been re-launched with a new version of the memory stick.
Victorinox, who make the Swiss Army Knife, say that their memory stick can not be hacked. Indeed, they go on to claim that if the stick detects an attempt at unauthorised access it will “self destruct”. They must be confident of their claims as they are putting their money ( a “six figure” sum) where their mouth is. Hackers have been invited to visit their London shop and to put the memory stick to the test. The stick employs sophisticated encryption techniques to encode its contents. In addition it uses a fingerprint scanner to gain access to the contents. However, rather creepily it is claimed that it uses an oxygen and heat detector in order to determine if the finger is attached to a live person.
The cheapest version of the new pocket knife, the 8GB version costs £100. The most expensive is the 32GB version and costs £315. Unfortunately, it is compatible with Windows PCs only.
When you are looking for possible weaknesses in your PC’s security you first think of updating your operating system, your ant-virus software, your anti-malware software and your browser. At this point must users will sigh a sigh of relief and sit back with a self-satisfied grin. However, not for the first time Adobe Reader, and dubious PDF files, have been highlighted as posing one of the highest risks.
Last month, ScanSafe of California said that malicious PDF files comprised 80% of all exploits at the end of last year. Now, according to Helsinki-based company F-Secure, Adobe Reader is the software most often exploited in targeted attacks. In the first two months of this year F-Secure tracked 900 targeted attacks. It found that 61% of these attacks exploited a weakness in Reader. This compares to 24% of the attacks exploiting vulnerabilities in Word, and 14% in Excel and PowerPoint combined. Adobe Acrobat Reader has been growing in popularity amongst the criminal hacking community. A similar study showed it represented 28% of the attacks in 2008, and 50% in 2009.
Targeted attacks can have a devastating effect upon the companies chosen. Last year Google was a high-profile victim of such attacks, which it claimed had originated in China. In this case the use of un-patched versions 6 of Internet Explorer was blamed. Earlier this year Intel was attacked, but details are hard to come by.
Adobe are not surprised by these claims. They argue that as their software is cross-platform, it attracts the interest of those seeking to exploit any vulnerabilities for their own ends. Adobe appear to respond quickly to reports of vulnerabilities, patching their software after such a report from Microsoft only last month. Users are urged to update their Adobe software, by visiting Adobe’s own Security Site.
In an interview on the 7th March in the Observer, the UK parliamentary under-secretary for security and counter-terrorism, stated that the UK government’s core networks had been the subject of 300 cyber attacks in the last year. He asserted that many of these were the work of foreign states, but admitted there was little in the way of concrete evidence. He went on to say, not surprisingly, that the number and scope of the attacks would only increase in the future.
Examples were given of intellectual property theft, such as the designs for aero engines. He said “The moment you mention a particular state, they will deny it. The problem with cyberspace is that attribution is extremely difficult. It’s almost impossible to do it in terms of evidence that would be necessary in a court of law.” Whilst no specific country was mentioned, there was a veiled threat of retaliation “If some state sponsor keeps trying to get into your systems, probably for industrial espionage, are you going to go back into their system and bugger it up? We’re all capable of doing these things. At the moment we wouldn’t do that, but maybe this is where we need to have discussions.”
This comes at a time when recently NATO and EU member states have been told they need to strengthen their defences against military cyber attacks. In this example, China was specifically mentioned. Last October, the Rand think tank in the USA urged the US government to develop a policy for dealing with such attacks, in the same way as it has a clear policy of deterrence with regard to nuclear attack. Last year the US Department of Defense began setting up a unified cyber command. The US government is worried that knocking out electricity supplies for a period of time would do the same economic damage as a nuclear war. Experts in energy are concerned that the US is unable to supply key components for generators. Ironically, these are manufactured in China.
However, it’s remains to be seen what the unified cyber command’s cyber warfare policies will look like. It is initially struggling with definitions, ie what constitutes a cyber attack and what constitutes cyber war. It appears that the UK government is starting to think along similar lines, although it has already published its “UK Cyber-security Strategy”, in July last year.