What is privacy protection and the Law?

Privacy protection

Approaches to privacy can, broadly, be divided into two categories: free market and consumer protection. In a free market approach, commercial entities are largely allowed to do what they wished, with the expectation that the consumers will choose to do the business with the corporations that respect the privacy to a desired degree. If some companies are not sufficiently respectful of privacy, they will lose market share. Such an approach may be limited by lack of competition in the market, by enterprises not offering privacy options favorable to the user, or by lack of information about actual privacy practices. Claims of privacy protection made by companies may be difficult for consumers to verify, except when they have already been violated.

In a consumer protection approach, in contrast, it is acknowledged that individuals may not have the time or knowledge to make informed choices, or may not have reasonable alternatives available. This approach advocates greater government definition and enforcement of privacy standards.



Privacy Law

Privacy law is the area of law concerning the protecting and preserving of privacy rights of individuals. While there is no universally acceptes privacy law among all countries, some organizations promote certain concepts be enforced by incividual countries. For example, the Universal Declaration of human Rights, article 12, states:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.

source:(http://en.wikipedia.org)

What is privacy?

Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. It sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. When something is private to a person, it ussually means that there is something within them that is considered inherently special or personally sensitive. The degree to which private information is exposed therefore depends in how the public will receive this information, which differs between places and over time. Privacy can be seen as an aspect of security- one in which trade-offs between the interests of one group and another can become particularly clear.

source:(http://en.wikipedia.org)

Who are the computer criminals and what are their objectives?

Some computer criminals are mean and sinister types. But many more wear business suits, have university degrees, and appear to be pillars of their communities. Some are high school or university students. Others are middle-aged business executives. Some are mentally deranged, overtly hostile, or extremely committed to a cause, and they attack computers as a symbol. Others are ordinary people tempted by personal profit, revenge, challenge, advancement, or job security. No single profile captures the characteristics of a "typical" computer criminal, and many who fit the profile are not criminals at all. Whatever their characteristics and motivations, computer criminals have access to enormous amounts of hardware, software, and data; they have the potential to cripple much of effective business and government throughout the world.

OBJECTIVES:

Computer criminals have different objectives. An underground network of hackers helps pass along secrets of success; as with a jigsaw puzzle, a few isolated pieces joined together may produce a large effect. Others attack for curiosity, personal gain, or self-satisfaction. And still others enjoy causing chaos, loss, or harm. Criminals seldom change fields from arson, murder, or auto theft to computing; more often, criminals begin as computer professionals who engage in computer crime, finding the prospects and payoff good. Electronic spies and information brokers have begun to recognize that trading in companies' or individuals' secrets can be lucrative. A hacker wants a score, bragging rights. Organized crime wants a resource; they want to stay and extract profit from the system over time.

(www.informit.com)

Zero-day attack

A zero day attack, also known as a zero hour attack, takes advantage of computer vulnerabilities that do not currently have a solution. Typically, a software company will discover a bug or problem with a piece of software after it has been released and will offer a patch — another piece of software meant to fix the original issue. A zero day attack will take advantage of that problem before a patch has been created. It is named zero day because it occurs before the first day the vulnerability is known.

(www.wisegeek.com)

For example, On November 09, 2006, there was a zero-day attack on a part of Windows called the XMLHTTP 4.0 ActiveX Control. When a web browser opened an infected web page in Internet Explorer (IE), it called the ActiveX control, which then helped the attacker to cause a buffer overflow. Attackers were then able to download spyware and steal data.

(www.mysecurecyberspace.com)

What would you do?

If ever my friend had told me that he is developing a worm which will attack the administrative systems at our college, I'll definitely tell him to stop what he had planned because although it is harmless, in a way it will still cause disturbance as it will cause a message saying _"Let's Party!"_ which is really not appropriate in a place where everyone is working hard such as the said college institution. This kind of activity shows nothing but only foolishness. It might even drive him to the point wherein the college would file a case.

What would you do?

If I was hired as an IT security consultant to fix the security problem of a manufacturing company with a budget of $1 million within 90 days, I'll begin with gathering information about the illegal access of that certain person to the company's security. After that, I would conduct a private investigation about the hacking system being used by the hackers with the help of some personalities that possesses a wild knowledge about hacking, have a consultation for the ways on how to block the used system and may track the hackers. If that step worked, it is the time to look for the damaged or destroyed systems and data in order to immediately fix and undo anything that has changed.