Buy The Journal!
(only $39.95 US)

The Journal: Write, Organize, Remember, Find.
 
Download The Journal's 45-day FREE Trial!

Home

Support/How To

Resources

     Articles

     Newsletter

     Writing Exercises

         Journaling

         Free Writing

         Poetry

         Prose

         Memoir

         Opinion

     Books

     Web Pages

     User Forum

     Sell The Journal

Download

Buy The Journal

100% Risk-Free
30-Day Money Back
Guarantee
If you are unhappy with The Journal for any reason,
just let us know, and you'll receive a prompt, full refund.
No questions asked!

Journaling Software Security:
Levels of Threat

All journaling software, including The Journal, faces the same kinds of "threats" to their security. These threats range from "casual" access by novices to focused attacks by malicious hackers.

Casual or low level threats account for probably 80%-90% of the security issues faced by journaling software. Fortunately, thwarting these requires very little effort from the developer. Medium level threats, however, are a significant step up from low level threats, both in the training and technical knowledge required to present these threats, and in the effort required to thwart them.

If a the journaling software can stop low level threats and medium level threats, then it has protected its users from about 99% of potential "hackers".

High level threats represent dedicated hackers. They have the know-how and the tools necessary to analyze the data and the program, finding weaknesses in one or the other to exploit.

Very high level threats are (mostly) limited to large corporations and governments. Unfortunately, there's very little that can be done to thwart threats of this level.

Low Level Threats

Casual access to journal entries via the software.

This threat is simply someone starting up the software either by double-clicking its icon on the Windows desktop or by selecting it from the Start menu, and then perusing your entries.

This is an easy threat to thwart: Simply require a password.

"Over the shoulder" reading of entries.

If you are working in your journal, and someone walks up behind you, they will often look at your computer screen. This is more out of habit than deliberate attempt to see what you're doing, but it's still a threat.

Most Windows programs have a minimize button on their main title bar, so you can minimize the program quickly. Or you can click on the Windows taskbar and overlay another application's form. Another option is to provide a "hot-key" combination that quickly "hides" the journal program.

Medium Level Threats

Intentional access of journal database files.

This threat requires a bit more understanding of computer software. Simply put, the hacker opens up Windows Explorer and takes a look at the files used by the journal software. If he recognizes the database software that is being used, it's a simple matter of downloading the necessary system utilities and opening up the database.

To thwart this, the journal software can either use a non-standard or proprietary database format, or encrypt all revealing information, storing nothing "in the clear".

Password "hacking" from personal information.

The hacker acquires a few pertinent personal details about you and attempts to guess your password based on that. Most people choose very poor passwords, using the names or birthdays of loved ones--or even their own name and birthday.

Thwarting this threat is more the responsibility of the user than the software. Choose passwords that are not simple words, and that have little or no personal significance. If possible, incorporate one or two non-alphanumeric characters into your password. See "Journaling Software Security: Choosing a Good Password" for more tips about passwords.

High Level Threats

Analysis of data stored in database.

In addition to using the standard database software to examine the user and entry information, the hacker goes one step further and looks at the raw data that is stored using either a "hex viewer" or another piece of specialized software. This type of analysis completely eliminates any advantage that the developer might have gained by using a proprietary database format. In addition, simple encryption schemes will be obvious and, therefore, quickly cracked.

Analysis of program code.

With sophisticated "debugging" and "tracing" software, the hacker examines the inner workings of the software, looking for a way to bypass the entire security system of the software.

"Security by obscurity", which works well for low and medium level threats, is useless to combat high level threats. The software developer has to anticipate this kind of analysis of both data and code.

The nature of journaling software, where you have to be able to get out what you put in, exposes certain points of attack. An analysis of these points of attack is beyond the scope of this article, however. Suffice it to say that it is vitally important for the software developer to be aware these inherent weaknesses and do everything possible to make it difficult to exploit those weaknesses.

Very-High Level Threats

Advanced analysis of program code and data.

At this level, you are now dealing with hackers who have lots of time, top-of-the-line tools, and probably a good amount of funding. The software can be pulled apart and all of its "parts" identified by function. And every bit of data can be extracted and run through state-of-the-art cryptography software.

At this level of threat, there's nothing anyone can really do for you. Any claims to the contrary should be treated with extreme skepticism.

How Does The Journal Stack Up?

So how does The Journal stack up against these different threats?

Against low level and medium level threats, The Journal is more than adequate. The Journal offers password protection and quick-hide hot-keys, as well as automatic hiding after periods of idleness. Also, The Journal compresses and encrypts all entry information, and no potentially sensitive information is stored "in the clear" in the database.

The Journal would give a high level threat a good run for his money, I believe, though it would eventually succumb. The Journal's Extended Security, however, raises the bar significantly higher, possibly beyond the resources most high level threats could bring to bear on the problem.

If you are facing a very-high level threat, then neither The Journal nor any other journaling software currently available will be able to help you. In fact, at this level of threat, it's probably a bad idea to commit anything to electronic form, as nearly all electronic data can be retrieved.

Fortunately, the individuals with the skill and resources sufficient to pose high and very-high threat levels have other things to do than hack someone's journal, unless of course you are an international diplomat, William "Bill" Gates, or have stored National Secrets on your computer. In these cases, your best bet is to contact the CIA's In-Q-Tel program for top-of-the-line electronic systems security items.

All in all, The Journal represents an amazingly secure environment. And if you require an additional level of security, The Journal's Extended Security can give you that.
Copyright © David Michael. All rights reserved.