Sección 3 – Cierre de encuesta TIPO DE MUESTREO: Aleatorio
8. CONOCE OTRA IMAGEN DIFERENTE A LA VIRGEN DE CARMEN QUE SE ENCUENTRE DENTRO DEL TEMPLO?
What used to be considered esoteric technology in years past is now com- mercially available to anyone. The know-how is openly available on the Internet worldwide, and the hardware and software are just as openly avail- able. It was not too long ago, for example, that global positioning system (GPS) receivers and miniature cameras were considered esoteric devices; yet today they are built in most cellular phones sold worldwide.
A conventional phosphor-tube computer screen or TV [known as a cath- ode ray tube (CRT) as distinct from a flat panel display] is, in fact, painted by a single beam, which paints the screen sequentially (but rapidly) left to right and top to bottom. Although the eye cannot perceive this and only sees the end result of the entire screen, the fact remains that the instantaneous light intensity coming out of a CRT screen over time is made up of the instanta- neous brightness of each dot on the screen as it is being painted by that beam. Granted, the persistence of the fluorescence by the pixel is such that the eye cannot see the flicker if the refresh rate is fast enough, but the flicker is there nonetheless and would be readily sensed by any sensor faster than the eye. This is the essence of interceptable optical emanations and is amply documented in the professional literature, especially in some excellent work from Cambridge University in the United Kingdom.
In simple terms, the security threat amounts to this: If a sensor can look at anything illuminated by a conventional computer CRT screen, such as the user’s white shirt, the image of the CRT screen seen by the user can also be reconstructed in many cases by the persons operating that sensor. The reader is referred to the two excellent technical references on this listed at the end of this chapter.
4.8
Being on a network, cable modem, or xDSL
modem
Equally serious is the security threat that results from merely being online. Unless one has taken drastic steps to defend against a wide assortment of hacking attacks (see Chapters 7 through 9), one is highly likely to become the target of trolling hackers who delight in identifying and exploiting the security weaknesses of anyone who stays online long enough. Such attacks can be minimized by doing the following:
1. Using a good firewall (see Section 9.18).
2. Not staying online for long. Hacking attacks probe one’s weaknesses based on one’s dynamically assigned (meaning: changing every time one goes online) Internet Protocol (IP) address. An IP address is the unique identifying address of anyone connected to the Internet; it is the equivalent of one’s telephone number. Because there are more Internet users than there are IP addresses, an ISP has a pool of such IP addresses from which it selects one at random to assign to each user
when that user goes online. The ISP then reuses that address for someone else when the first user goes offline and someone else needs an IP address. The longer one stays online with a single IP address, the longer a hacker has to probe for weaknesses. Users of high-speed connections (cable modems and xDSL lines) would be well advised to disconnect their computers from the network when not actually using them.
3. Using virus/Trojan/worm protection software and keeping it cur- rent. This means checking for updates once a day or, if one uses a computer sparingly, prior to each new use.
4.9
Other means
The commercially available techniques and equipment discussed for van Eck radiation interception are basically passive. Yet, the commercial sector is full of devices that transmit information fed into them. As such, an intercep- tor who has somehow obtained physical access to someone else’s premises (or just to that someone else’s computer, such as when it was taken for repair) could combine data interception with a small radio transmitter and transmit the intercepted data out to wherever the receiver is.
The only limits on how to send out data collected from a targeted com- puter are imposed by one’s imagination, nerve, and pocketbook.
4.10
Insertion of incriminating data in your computer
by others
It is almost as easy for a remote entity to retrieve information from one’s computer online as it is to place files on it. Given that mere possession of some kinds of material by individuals is strictly illegal in some regimes (e.g., subversive files, bomb-making files, files marked as classified, and even erotic imagery), one should be particularly careful about the possibility that incriminating evidence may find its way in one’s computer. Similarly, defense attorneys must also be aware of this possibility. This incriminating evidence can be intentionally inserted by a remote party; it can also be unknowingly received, in the following ways, by an innocent user who never solicited it:
1. One is accessing an Internet Web site and either mistypes the URL or the correct URL takes one to the wrong site (say, a pornographic one) as a result of DNS3
problems or DNS hijacking.
3. DNS servers are the telephone directories of the Internet. When one types www.somename.com, a DNS server is queried to produce the IP address (e.g., 123.456.789.012) that corresponds to that name. Time and again, hackers have managed to poison select DNS servers to deny access to numerous Web sites.
2. One is accessing a legitimate Internet site on the Web, which is also supported by advertising revenue (as most are today) obtained by flashing unsolicited images and windows on the user’s screen. Those images end up getting saved on the user’s computer despite no active clicking or other act by the user.
3. One receives unsolicited e-mail (spam) with attachments. While most of us will delete the e-mail (which really does not delete it at all), hardly anyone deletes, let alone overwrites, the attachments to unsolicited e-mail.
4. Most everyone who has installed a Wi-Fi (802.11b,a,g) access point at home, or even just a Wi-Fi card in his or her laptop, is vulnerable to having total strangers insert/remove/alter files on their computers unless specific preventive steps have been taken (see Section 13.2).
5. Most anyone allows others to use his or her computer at one time or another or installs software with a function that is hidden from the user.
In these cases, one is very vulnerable to incriminating files finding their way onto the computer without the user’s knowledge, let approval or solicitation.