Group items tagged

M12 analysis M13 brief sept 12-13 jen max

1. Identify the scenario. Business 2. Describe a social/ethical concern and the relationship of one primary stakeholder to the IT system in the article. Security is a social/ethical concern because it regards the security of the Database Servers that are used to store the Domain Names and IP addresses. With insufficient security, the database security can be breached by outsiders and be altered. The primary stakeholder is Group NBT, and is the domain name management firm of NetNames and Ascio whose DNS Databases were compromised in this attack. Their SQL commands were infiltrated by the hackers, so that the information stored on their DNS Database was altered, that made website visitors be re-directed to spam websites. 3. Describe the IT concepts and processes. Domain Name System (DNS) - The address book for the website that links the URL of websites to IP address numbers that computers use to visit a website. IP Address - The numbers that are separated by period dots that make up a website's numerical address of its location. (DNS) Database - A database is a massive spreadsheet with numerous data types and forms used to store large amounts of data (in this case, websites' domain names URL and their respective IP addresses.) SQL Injection - SQL stands for Structured Query Language, used for database manipulation. This is a hacking method by using the various layers present in SQL commands, by 'injecting' a hidden command that enables to create a loop hole for access and change the database information. This includes changing strings of commands in the original SQL command into malicious commands, that are executed when the altered SQL command is executed. http://msdn.microsoft.com/en-us/library/ms161953.aspx

4. Explain the relationship between the IT system referred to in the article and the concern presented above. The security of the DNS Databases run by NetNames and Ascio (two subsidiaries of domain name management firm Group NBT) is a concern. Their SQL commands were being altered and compromised, which resulted in the altered domain names and IP address links. Their relationship is that the concern is the IT system's (in this case the Database's) security. The IT system, Group NBT's Database, has a concern over it's security. The DNS Database system has a security concern because the hackers were able to alter the paths of redirecting certain websites to scam websites instead through a SQL Injection attack that manipulates the SQL command used to manipulate the domain name database. 5. Describe and evaluate the impact of a social/ethical issue on the stakeholders The social/ethical issue is security. The stakeholders are Vodafone, the Daily Telegraph, UPS, and four other websites, Turkish hackers (Turkguvenligi), and internet users who visited those seven websites within the hacking duration. This has an impact on their security issue because their database has already been compromised once, and unless they create a new system of security to prevent SQL injections, they will never be able to know when someone is changing their SQL command strings. They need to have someone constantly monitoring their SQL to see if there are any changes. The security issue impacts Group NBT because it makes their customers that use their services doubt the secure service because hackers were able to alter the redirection of customers to scam websites instead of their respective website. Therefore security, to a large extent, has an impact on Group NBT. 6. Explain and evaluate one solution to the issue identified. A solution to the issue identified by NBT was to further review their Database system to ensure customers of a more secure service, since it is impossible for a

Avik and last pass, etc.

Describe the different ways that iphones and android phones are being hacked. all sept 5 soo

Malicious Applications that log details about incoming/outgoing phone calls, as well as recording the calls. They can create unwanted service charges subscriptions to phone users. The users may or may not even receive the "service" that was subscribed, and paid for. They cab intercept text messages, compromise emails, photos and private content. Malicious applications that appear to be games, calculators, or pornographic photos and videos are downloaded to smartphones. Malware that replies incoming text messages with spam links. E-mail based phishing - because the phone screens are smaller than computers, it is harder to tell apart phishing links and scams in the url. iPhone's unencrypted file of location logs for iPhone users. Jailbroken iPhones that run unauthorized content is also a gap where malware can get through. Because these apps are unauthorized, they haven't gone through Apple's authorization process, and can contain malware, and can hack the user's phone. o By Malicious Application= The Applications which Apple and Android offers to customer, sometimes have malicious worms or viruses. Sometimes, malicious applications masquerade to games, calculators, or pornographic photos and videos. Hackers made their own malicious app and phishing people to download. The payment will charge to the victim's phone bills. o By Phishing Texting= Personal texting sometimes contain spam and malicious links which lead to the hacking site o By Advertisement link= Viruses might attach to the advertisement link o By Weak Security= Weak security of iPhone and Android phone therefore, find the weak part of the phone and hack. o By E-mail= Users tend to be less caring on phones, as the words and the screen itself are small

Are any corporate databases and networks safe? Should consumers be wary about providing personal data online? How valuable is data stored online? May 11 soo

Are any corporate databases and networks safe? According to the article, they mentioned that no corporation databases are not completely safe and secure enough to protect personal information. There are too much false which makes network perfectly safe. It is very large storage and contains a lot of personal information. If the network is too big, they can't manage the network well and all the weaknesses will occur. The hackers will aim to hack the corporate databases because it has a lot of information therefore; it is not actually very safe. Should consumers be wary about providing personal data online? Yes, consumers should be wary about providing personal data online, because all services that store the online data are all under risk of being hacked, and the data compromised. Once the sensitive information is compromised, the user is more vulnerable to scam attacks through e-mails, as well as have their bank accounts or other user accounts online hacked. consumers should be a warning to be wary about providing personal data online because no corporate networks are frequently attacked by hackers and no matter how diligently their administrators work to protect them or how many protections are put n place, no network is perfectly secure. Even Sony' security systems are not perfect at all. Therefore, people have to be wary about providing personal data online How valuable is data stored online? Data stored online is very valuable, especially sensitive information such as ID numbers and bank/credit card numbers. Other personal data such as names, passwords, and security question answers are useful for hackers, and can be easily used for impersonation on other sites to hack into user accounts for further bad intentions.

1. ITGS 2. Security 3. Sony 4. Database 5. Network 6. Digital net networking