Scribd
Upload
16 views

Spyware and Trojan Horses: Computer Security Seminar Series (SS1)

This document summarizes a computer security seminar on spyware and Trojan horses. The seminar covered definitions of spyware and Trojan horses, examples of spyware programs, how they work technically on networks and computers, their advantages/disadvantages for users, methods for detecting and removing them, and case studies of spyware programs like GAIN. It also discussed how tracking cookies are used by websites and spyware companies to profile users for targeted advertising.

Uploaded by

VikGashi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
16 views

Spyware and Trojan Horses: Computer Security Seminar Series (SS1)

This document summarizes a computer security seminar on spyware and Trojan horses. The seminar covered definitions of spyware and Trojan horses, examples of spyware programs, how they work technically on networks and computers, their advantages/disadvantages for users, methods for detecting and removing them, and case studies of spyware programs like GAIN. It also discussed how tracking cookies are used by websites and spyware companies to profile users for targeted advertising.

Uploaded by

VikGashi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 53

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Spyware and Trojan Horses


Computer Security Seminar Series
[SS1]

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Your computer could be watching your every move!


Image Source - http://www.clubpmi.it/upload/servizi_marketing/images/spyware.jpg

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Introduction

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Seminar Overview
Introduction to Spyware / Trojan Horses Spyware Examples, Mechanics, Effects, Solutions Tracking Cookies Mechanics, Effects, Solutions Trojan Horses Mechanics, Effects, More Examples Solutions to the problems posed Human Factors Human interaction with Spyware System X Having suitable avoidance mechanisms Conclusions Including our proposals for solutions

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Definitions
A general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to use Spyware to gather data about customers. The practice is generally frowned upon.
Definition from: BlackICE Internet Security Systems - http://blackice.iss.net/glossary.php

An apparently useful and innocent program containing additional


hidden code which allows the unauthorized collection, exploitation, falsification, or destruction of data.
Definition from: Texas State Library and Archives Commission - http://www.tsl.state.tx.us/ld/pubs/compsecurity/glossary.html

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Symptoms
Targeted Pop-ups Slow Connection Targeted E-Mail (Spam) Unauthorized Access Spam Relaying System Crash Program Customisation

SPYWARE SPYWARE / TROJAN

SPYWARE TROJAN HORSE TROJAN HORSE


SPYWARE / TROJAN SPYWARE
http://birmingham.f9.co.uk

Andrew Brown, Tim Cocks and Kumutha Swampillai

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Summary of Effects
Collection of data from your computer without consent Execution of code without consent Assignment of a unique code to identify you Collection of data pertaining to your habitual use Installation on your computer without your consent Inability to remove the software Performing other undesirable tasks without consent

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Similarities / Differences
Spyware
Commercially Motivated Internet connection required Initiates remote connection Purpose: To monitor activity Collects data and displays pop-ups Legal Not Detectable with Virus Checker Age: Relatively New (< 5 Years)

Trojan Horses
Malicious Any network connection required Receives incoming connection Purpose: To control activity Unauthorized access and control Illegal Detectable with Virus Checker Age: Relatively Old ( > 20 Years)

Memory Resident Processes Surreptitiously installed without users consent or understanding Creates a security vulnerability
Source Table derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Spyware

Image Source The Gator Corporation http://www.gator.com

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Software Examples
GAIN / Gator Gator E-Wallet Cydoor BonziBuddy MySearch Toolbar DownloadWare BrowserAid Dogpile Toolbar
Image Sources GAIN Logo The Gator Corporation http://www.gator.com BonziBuddy Logo Bonzi.com - http://images.bonzi.com/images/gorillatalk.gif DownloadWare Logo DownloadWare - http://www.downloadware.net

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Advantages
Precision Marketing
Relevant pop-ups are better than all of them!

You may get some useful adverts!

Useful Software
DivX Pro, IMesh, KaZaA, Winamp Pro (Experienced) people understand what they are installing.

Enhanced Website Interaction


Targeted banner adverts Website customisation
Andrew Brown, Tim Cocks and Kumutha Swampillai

User Perspective - I
http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Disadvantages
Browsing profiles created for users without consent
Used for target marketing and statistical analysis

Unable to remove Spyware programs or disable them


Increased number of misleading / inappropriate pop-ups Invasion of user privacy (hidden from user)

Often badly written programs corrupt user system


Automatically provides unwanted helpful tools 20 million+ people have Spyware on their machines.
Source - Dec 02 GartnerG2 Report
Andrew Brown, Tim Cocks and Kumutha Swampillai

User Perspective - II
http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Example Pop-up
Misleading Pop-up

User Perspective - III


Image Source Browser Cleanser Directed pop-up from http://www.browsercleanser.com/

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Network Overview
Push Advertising Pull Tracking Personal data

Technical Analysis - I
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Client-Side Operation

Technical Analysis - II
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Server-Side Operation
Server-side operation is relatively unknown. However, if we were to develop such a system, it would contain

Technical Analysis - III


Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Spyware Defence
User Initiatives
Issue Awareness Use Legitimate S/W Sources Improved Technical Ability Choice of Browser Choice of OS Legal action taken against breaches of privacy Oct 02 Doubleclick

Technical Initiatives...
Spyware Removal Programs Pop-up Blockers Firewall Technology Disable ActiveX Controls Not Sandboxed E-Mail Filters Download Patches

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

GAIN Case Study


Installed IMesh, which includes Gator Installation We accessed multiple internet sites We simultaneously analyzed network traffic (using IRIS) We found the packets of data being sent to GAIN Packets were encrypted and we could not decrypt them

See Example ->

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Image Source Screenshot of IRIS v3.7 Network Analyser Professional Networks Ltd. See http://www.pnltools.com.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Spyware Removers
Ad-aware (by Lavasoft)
Reverse Engineer Spyware Scans Memory, Registry and Hard Drive for
Data Mining components Aggressive advertising components Tracking components

Updates from Lavasoft Plug-ins available


Extra file information Disable Windows Messenger Service

Image Source Screenshot of Ad-aware 6.0. LavaSoft. See http://www.lavasoft.com

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Vulnerable Systems
Those with an internet connection! Microsoft Windows 9x/Me/NT/2000/XP Does not affect Open Source OSs Non - fire-walled systems Internet Explorer, executes ActiveX plug-ins

Other browsers not affected

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Tracking Cookies

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Cookies
A Cookie is a small text file sent to the user from a website.
Contains Website visited Provides client-side personalisation Supports easy Login

Cookies are controlled by


Websites Application Server Client-side Java Script

The website is effectively able to remember the user and their activity on previous visits.

Spyware companies working with websites are able to use this


relatively innocent technology to deliver targeted REAL TIME marketing, based on cookies and profiles.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Case Study - DoubleClick


Most regular web users will have a doubleclick.net cookie. Affiliated sites request the DoubleClick cookie on the users computer. The site then sends
Who you are

All other information in your cookie file

In return for
All available marketing information on you - collected from other affiliated sites which the you have hit.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Case Study DoubleClick


Site targets banner adverts, e-mails and pop-ups to the user.

If the user visits an affiliated site without a DoubleClick cookie, then one is sent to the user.

The whole process is opaque to the user and occurs


without their consent.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Tracking Cookie Implementation


Protocol designed to only allow the domain who created a cookie to access it. IE has a number of security holes

Up to IE 5, domain names specified incorrectly.


Up to IE 6, able to fool IE into believing it is in another domain. Patches and IE 6 solved a number of problems Since then, tracking cookies are still proving a large problem, there are still a number of holes still open.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Tracking Cookie Implementation

Image Source Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai; partially inspired by a diagram from [16].

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Tracking Cookie Defence


Replace tracking cookies with write protected zero
length files of the same name. DoubleClick offer an opt-out cookie, which can be obtained from their website. Disable cookies
Makes many websites unusable

Delete cookies after session Spyware remover (Ad-aware)

Image Source Screenshot of DoubleClick OptOut Cookie displayed in Microsoft Notepad.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Trojan Horses

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Installation
Secretly installed when an infected executable is run
Much like a virus Executables typically come from P2P networks or unscrupulous websites

ActiveX controls on websites


ActiveX allows automatic installation of software from websites User probably does not know what they are running

Misleading descriptions often given


Not sandboxed! Digital signatures used, signing not necessary
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Installation
Certificate Authority Misleading Certificate Description Who is trusted?

Image Source Screenshot of Microsoft Internet Explorer 6 security warning, prior to the installation of an ActiveX Control from Roings.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Effects
Allows remote access
To spy To disrupt

To relay a malicious connection, so as to disguise the


attackers location (spam, hacking) To access resources (i.e. bandwidth, files)

To launch a DDoS attack

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Operation
Listen for connections
Memory resident Start at boot-up Disguise presence Rootkits integrate with kernel

Password Protected

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Example: Back Orifice


Back Orifice
Produced by the Cult of the Dead Cow Win95/98 is vulnerable Toast of DefCon 6 Similar operation to NetBus

Name similar to MS Product of the time

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

BO: Protocol
Modular authentication
Modular encryption
AES and CAST-256 modules available

UDP or TCP Variable port


Avoids most firewalls

IP Notification via. ICQ


Dynamic IP addressing not a problem
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

BO: Protocol Example (1)


TROJAN

INFECTION OCCURS

Attacker
IP ADDRESS AND PORT ICQ SERVER IP ADDRESS AND PORT

Victim

CONNECTION
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

BO: Protocol Example (2)


COMMAND

COMMAND EXECUTED

Attacker
CONNECTION

Victim

REQUEST FOR INFORMATION

INFORMATION
Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

BO: Protocol Example (3)


CLEANUP COMMAND

EVIDENCE DESTROYED

Attacker

Victim

Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Trojan Horse Examples


M$ Rootkit
Integrates with the NT kernel Very dangerous Virtually undetectable once installed Hides from administrator as well as user

Private TCP/IP stack (LAN only)

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Trojan Horse Examples


iSpyNOW
Commercial Web-based client Assassin Trojan Custom builds may be purchased

These are not found by virus scanners


Firewall circumvention technology
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Trojan Horse Examples


Hardware
Key loggers More advanced? Magic Lantern FBI developed

Legal grey area (until recently!)


Split virus checking world
Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Demonstration

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Vulnerable Systems
Number of trojans in common use

RELATIVELY SAFE

DANGEROUS

MacOS

WinNT refers to Windows NT 4, 2000, XP and Server 2003. Win9x refers to Windows 95, 95SE, 98 and ME.
Information Source: McAfee Security - http://us.mcafee.com/

Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.

Andrew Brown, Tim Cocks and Kumutha Swampillai

MacOS X

Linux/Unix

WinNT

Win 9x
http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Vulnerable Systems
Ease of compromise

RELATIVELY SAFE

DANGEROUS

WinNT refers to Windows NT 4, 2000, XP and Server 2003. Win9x refers to Windows 95, 95SE, 98 and ME.
Information Source: McAfee Security - http://us.mcafee.com/

Image Source Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004.

Andrew Brown, Tim Cocks and Kumutha Swampillai

Linux/Unix

MacOS X

WinNT

MacOS

Win 9x
http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Conclusions

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Security Implications
Short Term
Divulge personal data
Backdoors into system System corruption

Long Term
Mass data collection
Consequences unknown Web becomes unusable

Disruption / Irritation
Aids identity theft Easy virus distribution

Web cons outweigh pros


Cost of preventions More development work

Increased spam

More IP addresses (IPv6)

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Solutions
Short Term
Firewall
Virus Checker Spyware Remover

Long Term
Add Spyware to Anti-Virus
Automatic maintenance Legislation

Frequent OS updates
Frequent back-up Learning problems

Education on problems
Biometric access Semantic web (and search)

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Firewalls
3 Types
Packet Filtering Examines attributes of packet.

Network / Internet

Application Layer Hides the network by impersonating the server (proxy). Stateful Inspection Examines both the state and context of the packets.

Regardless of type; must be configured to work properly. Access rules must be defined and entered into firewall.

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Firewalls
http - tcp 80

Network / Internet

http - tcp 80 telnet - tcp 23 ftp - tcp 21 Web Server Firewall Allow only http - tcp 80
Internet

Packet Filtering

192.168.0.10 : 1020

202.52.222.10: 80 202.52.222.10: 80 Firewall


Internet

Stateful Inspection

192.168.0.10 : 1020 PC

Only allow reply packets for requests made out Block other unregistered traffic

Image Source Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai; partially inspired by a diagram from [4].

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Intrusion Detection Systems

Network

Server

Internet
Switch Server

Firewall

IDS

Intrusion Detection A Commercial Network Solution An Intelligent Firewall monitors accesses for suspicious activity Neural Networks trained by Backpropagation on Usage Data Could detect Trojan Horse attack, but not designed for Spyware

PC

Put the IDS in front of the firewall to get maximum detection In a switched network, put IDS on a mirrored port to get all traffic. Ensure all network traffic passes through the IDS host.

Image Source Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai; partially inspired by a diagram from [4].

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

System X
Composed of
Open Source OS

Network / Internet / Standalone

Mozilla / Opera / Lynx (!) Browser (Not IE) Stateful Inspection Firewall Anti-Virus Software

Careful and educated user


Secure permissions system Regularly updated (possibly automatically)

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Questions

Image Source Penny Arcade - http://www.penny-arcade.com/view.php3?date=2002-07-19&res=l

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

Spyware and Trojan Horses Computer Security Seminar

12th February 2004

Bibliography / Links
[1] "Spyware" Definition - BlackICE Internet Security Systems - http://blackice.iss.net/glossary.php [2] "Trojan Horse" Definition Texas State Library and Archives Commission - http://www.tsl.state.tx.us/ld/pubs/compsecurity/glossary.html [3] Zeinalipour-Yazti, D. Exploiting the Security Weaknesses of the Gnutella Protocol, University of California. [4] Joshi, R. Network Security Applications, Merchantile Communications, CANIT Conference 2003. [5] CERT Advisory CA-1999-02 http://www.cert.org/advisories/CA-1999-02.html [6] Spyware Guide http://www.spyware-guide.com [7] Trojan Horses - http://www.mpsmits.com/highlights/trojan_horses.shtml [8] Trojan Horse - Back Orifice - http://www.nwinternet.com/~pchelp/bo/bo.html [9] NetBus - http://www.nwinternet.com/~pchelp/nb/netbus.htm [10] BBC News - http://news.bbc.co.uk/1/hi/technology/3153229.stm [11] Wired News Judge takes bite out of Gator www.wired.com/news/politics/0,1283,53875,00.html [12] Tracking Cookies Demonstration at http://www.irt.org/instant/chapter10/tracker/index4.htm [13] BonziBuddy - http://www.bonzi.com/bonzibuddy/bonzibuddyfreehom.asp [14] Unwanted Links (Spyware) http://www.unwantedlinks.com [15] Andersen, R. "Security Engineering", First Edition, J. Wiley and Sons, 2001. [16] Scacchi, W. Privacy and Other Social Issues, Addison-Wesley, 2003. http://www.ics.uci.edu/~wscacchi/Tech-EC/Security+Privacy/Privacy.ppt

Andrew Brown, Tim Cocks and Kumutha Swampillai

http://birmingham.f9.co.uk

You might also like