Privacysense

Many people are worried about their privacy and security when using the Internet. A lot of security scares have been penned by clueless individuals who simply wanted to make a name for themselves by hitting the headlines. There are, though, legitimate security concerns every Internet user should be aware of. But how to tell the important information from the scaremongering?

I hope you will find some answers here on Privacysense.

Questions we will be answering over the coming weeks (if there is a link, the answer is already here!):

Are cookies dangerous? Can someone trace where I live when I am connected to the Internet? Are my children safe when they are using the computer at school? I don't understand computers, so how can I tell if I'm protected? Are my credit card details at risk? What's "nanny software" and does it really protect children? What do I install on my computer? How do I know who's got my personal details?

As well as security/privacy issues, I also offer help with UK consumer matters such as your rights when buying goods, etc.:

Do I have the same rights shopping on the Internet as I do in the High Street? What if I buy something and change my mind when I receive it? How can I tell if a company is legitimate? What details must UK online shops display?

Lately, I've been swamped with requests for help, so I thought it was about time that all the information and tips I have are put into one website. I hope Privacysense will address all your concerns and questions to do with Internet privacy, security and e-commerce. If you have a technical query, please feel free to ask for help, as The Minstrel, one of the top consultants on network security working in the UK, is also a contributor to Privacysense.

Further to the news article IFRAME Vulnerability in Microsoft Internet Explorer (3 November 2004), two variants of the MyDoom virus are now known to be exploiting this vulnerability. A working exploit has also been published on public mailing lists.

The MyDoom variants arrive via e-mail and contain a link to an infected machine. If you click on the link, a file will be downloaded to your computer, which then transforms your machine into a server for the virus, propagating itself through outbound e-mails from your system.

Another 'buffer overflow' exploit, but this time the problem is with Microsoft Internet Explorer (IE). Please note that, because the vulnerability is with an HTML tag (specifically the SRC and NAME attributes of the <IFRAME> tag), any product that renders HTML could potentially be affected. You should therefore be careful when accessing mail in HTML format as well as when using IE to access websites.

The vulnerability allows programs to be executed remotely, within the confines of the affected user's security priviledges. The exploit is currently unpatched, but IE 6 on Windows XP with Service Pack 2 is confirmed not vulnerable.

If you have gone to the trouble of setting up an online identity to protect your real world privacy, you may soon wonder if it was all a pointless exercise. The government is proposing to set up a system whereby users could enter your telephone number to find out your e-mail address or, more worringly, they could enter your e-mail address to find out all your 'phone numbers.

Would you want some of your online acquaintances ringing you up? How about the user who didn't like the point of view you expressed on the forums the other day? Once they have your telephone number, could they use it to access other systems and pick up more details about you and your family?

It's a chilling thought, isn't it.

You may have noticed that there are quite a few companies trading on the Internet that do not give out contact details, apart from an e-mail address. In many cases, this is because the trader has not fully researched his/her legal obligations; be wary if information is missing, though, as you may be about to send money to a company that will disappear in a fortnight without ever sending your goods.

In the UK, there is a strict checklist that traders must follow in order to ensure that consumers are given enough information about the person(s) or company selling the goods and/or services, so watch out for the following points when deciding whether or not to trust the site.