Group items tagged

M12 analysis M13 brief sept 12-13 jen max

1. Identify the scenario. Business 2. Describe a social/ethical concern and the relationship of one primary stakeholder to the IT system in the article. Security is a social/ethical concern because it regards the security of the Database Servers that are used to store the Domain Names and IP addresses. With insufficient security, the database security can be breached by outsiders and be altered. The primary stakeholder is Group NBT, and is the domain name management firm of NetNames and Ascio whose DNS Databases were compromised in this attack. Their SQL commands were infiltrated by the hackers, so that the information stored on their DNS Database was altered, that made website visitors be re-directed to spam websites. 3. Describe the IT concepts and processes. Domain Name System (DNS) - The address book for the website that links the URL of websites to IP address numbers that computers use to visit a website. IP Address - The numbers that are separated by period dots that make up a website's numerical address of its location. (DNS) Database - A database is a massive spreadsheet with numerous data types and forms used to store large amounts of data (in this case, websites' domain names URL and their respective IP addresses.) SQL Injection - SQL stands for Structured Query Language, used for database manipulation. This is a hacking method by using the various layers present in SQL commands, by 'injecting' a hidden command that enables to create a loop hole for access and change the database information. This includes changing strings of commands in the original SQL command into malicious commands, that are executed when the altered SQL command is executed. http://msdn.microsoft.com/en-us/library/ms161953.aspx

4. Explain the relationship between the IT system referred to in the article and the concern presented above. The security of the DNS Databases run by NetNames and Ascio (two subsidiaries of domain name management firm Group NBT) is a concern. Their SQL commands were being altered and compromised, which resulted in the altered domain names and IP address links. Their relationship is that the concern is the IT system's (in this case the Database's) security. The IT system, Group NBT's Database, has a concern over it's security. The DNS Database system has a security concern because the hackers were able to alter the paths of redirecting certain websites to scam websites instead through a SQL Injection attack that manipulates the SQL command used to manipulate the domain name database. 5. Describe and evaluate the impact of a social/ethical issue on the stakeholders The social/ethical issue is security. The stakeholders are Vodafone, the Daily Telegraph, UPS, and four other websites, Turkish hackers (Turkguvenligi), and internet users who visited those seven websites within the hacking duration. This has an impact on their security issue because their database has already been compromised once, and unless they create a new system of security to prevent SQL injections, they will never be able to know when someone is changing their SQL command strings. They need to have someone constantly monitoring their SQL to see if there are any changes. The security issue impacts Group NBT because it makes their customers that use their services doubt the secure service because hackers were able to alter the redirection of customers to scam websites instead of their respective website. Therefore security, to a large extent, has an impact on Group NBT. 6. Explain and evaluate one solution to the issue identified. A solution to the issue identified by NBT was to further review their Database system to ensure customers of a more secure service, since it is impossible for a

brief march 29 kuninari

1. Identify the area of impact the scenario relates to. The area of impact the scenario relates to the company who are selling product on security to the other company that need a security, and they got suffered. Business 2. Identify the main stakeholders to the IT system. The main stakeholders to the IT system are company and government who uses secuID 3. Describe one ITGS social/ethical concern in the article. The Data Breach in this article refers to their security system data being violated by an outside offender, such as it being stolen or copied when it's not supposed to be. The advanced cryptographic system is the security system that has an extra layer of security by an electronic token authenticator that generates a time-based number for the users to input while logging in with their password. It is suspected that the master key for the encryption algorithm was stolen, which is the huge secret number that is part of the system. 4. Describe ITGS terminology and systems. SecurID- a mechanism developed by RSA Security for performing two-factor authentication for a user to a network resource 5. If possible, describe a solution to the concern (issue). The solution for this issue is to update the security system often and try to get against from hackers. Having SecurID make up a new algorithm to be used for the system could reinforce the system's security again, if it's possible to make up a new algorithm. Other than that, SecurID would probably have to make up a whole new security system since their current stolen algorithm is probably going to be published and recopied, and the system not secure anymore.

Presentation: Explain the issue of mobile security. Provide a detailed explanation of how to provide mobile security. nov 14 champ az

Mobile devices can be occupied by malware that are no longer only exist in the computer. With the growing population of smart phones, it also increases chance of getting viruses, worm, or Trojan. These viruses can invade by number in fonts, SMS or MMS messaging, downloadable content, public Wi-Fi or Bluetooth connections. Mobile malware can cause serious problems. They can drain your phone's battery very fast, delete your important information such as contacts or messages, and also it can destroy your phone's function completely. The worst thing it could do is to display your personal images online. How to provide mobile security? Use anti-virus software You can keep your mobile phone secured by using mobile security software such as Kaspersky Mobile Security. This software is a complete protection that will keep away malwares and block threatening network connections. It also has many features such as control of private contacts and phone numbers, blocking accession of other people, and an mobile phone locator application in case it get lost or stolen. Works Cited http://www.cellphonebeat.com/10-security-software-smart-phone.html http://linestechnology.blogspot.com/2011/06/overcoming-mobile-virus.html http://expertitgurus.blogspot.com/2011_05_01_archive.html

M13 List and describe the guidelines for PC security. M12 Describe additional guidelines that should be considered for PC security. August 31 Chut Jenny

Additional Guidelines: Password locking/encrypting important, sensitive information containing files and folders. Using a proxy or a VPN, to access the internet through the tunnel that can also include encryption. A Proxy and a VPN can scramble your IP address so the website cannot track you.

Types of Securities. Firewall is a program that protects against intrusions and it helps ensure privacy. Anti-virus protects against computer viruses. A computer virus is a program that can multiply itself and infect a computer without the owner of the computer knowing or permissions. Anti-whatever else, malware, adware, spyware, Trojans etc. Why do you need it? People should have security programs to protect their computer from viruses or hackers. If you don't have any type of protection for your computer for your computer, your valuable information maybe stolen by hackers or erased by viruses. If you get viruses on your computer, you may need to take it to shops to repair it and need to pay for it. When do I need to use security programs? It depends on the activities that you do on your computer. How can I get viruses? There are several ways that you can get viruses. Opening attachments from anonymous emails, downloading torrents, movies, pictures, music and porn can give you viruses. Where can I get the right programs for my computer? download.com sourceforge.net majorgeeks.com Computer forums

article analysis march 25 soobin

1. Identify the area of impact the scenario relates to. -- Leisure, Business 2.Identify all ITGS terminology and phrases (IT and Social/Ethical) -- Twitter, Trojan, Facebook, E-mail spamming, Botnet, messaging service, social inbox, spam, e-mail, networks, online-security firms, junk e-mails, blacklisted addresses, output, domain names, .cn, internet registrars, fraud, web-hosting, cybercrime, hard drives. 3.Describe one ITGS social/ethical concern in the article. --Security is a concern in this article where users and spam is concerned. The security of the users' sensitive information is at risk when users click on spam links no matter from what source, from e-mails (which are decreasing now) to Twitter tweet links. By clicking onto these harmful links, users set free spam that can infiltrate the user's hard drive in search for sensitive information for example bank account numbers. 4.Describe the relationship of the main stakeholders to the IT system. ---The main stakeholder will be hackers and people who are using e-mail and social networking. The relationships between them are, normally hackers used spam mail to spend virus or hack their computer with Trojan horse, but as the email security develop hackers slowly moved to social network which is Facebook, and other many programs. They know that people are currently using social networking a lot and their privacy is open and they could easily get people's email too. Therefore by using Koobface, they could hack people's computer and information 5. Explain the relationship between the IT system and the social/ethical issue identified in question 3. -- The problem with the security is that the security of the users of their personal and public communications are at risk where spam is concerned. Spam is nowadays being planted in almost every corner of the internet, no matter where, in order to try and trick users into clicking on the harmful links in order to spread malware, such as Trojans. Spam is comm

San Francico based mobile security vendor announced that there is a lack of android security issues which increases malware and web atatcks.

What does Java do?  Explain the security issue. sept 12-13 kong rock

Describe IT Jason Oct 4

Google have transfer you automatically to its "encrypted" service, one designed to prevent potential "eavesdropping" on your searches. Google have use SSL( secure socket layer) to protect your search. Is can also be use when you are logging on to your bank account online. Google have introduce the SSL search, with the SSL search you can do your searches on Google with more secure and you are in private so no one can see what are you searching. Before Google URL was HTTP/www.google.com but now it is HTTPS/www.google.com. Its secure now. Google have use SSL to help protect your data from unwanted access. So what you are connected to internet café, local hotspots or hotel your data will be secure. But Google is not responsible for any viruses you get over the internet searches. The SSL will only protect your personal information.

Mobile apps provided by mobile operators and handset manufacturers could put expose phone users to fraud, according to research that as many as 64 per cent of manufacturer added applications were exposing users to serious security issues.

"Bank app users warned over Android security" Describe at least four types of vulnerabilities. Describe mobile point-of-sale devices. Explain why card fraud could endanger the payment chain.

Describe the kinds of attacks. Explain the security measures. all feb 9 kevin

Describe the kinds of attacks. - First attack is called "Upgraded Security System." On the webpage of the bank, this kind of trick is shown. and when the user is attracted by the offer, money is moved out of the account but this hidden from the user without knowing owner. Second attack is called "Man in the Browser." A malware sticks between the connections of the user and the webpage. It shows the users false pages. Explain the security measures. - Secure keys are used these days. For an example, in order to log in on a website, you have to insert correct numbers or letters shown not really clearly on the side. It prevents other softwares to use your account.

Describe the following terms and explain possible solutions: drive-by downloads clickjacking targeted brand attacks on social networks MitB (Man-in-the-Browser) MitMo (Man-in-the-Mobile) advanced on-the-fly SSL hacking may 23 soo

drive-by downloads Drive-by downloads are downloads to the computer that are harmful, and are downloaded because the user doesn't know that the download took place, what was downloaded (virus, malware) or downloaded something, but didn't know it was malware. When a malicious website is visited, malware may be downloaded to the computer without users even knowing. Solutions to prevent drive-by downloads include having the internet security suite (like Norton Internet Security) installed and kept up to date. Also, using a proxy can filter the web content (like Vidalia). The user's antivirus firewall should always be turned on. http://www.softwarenewsdaily.com/2010/12/drive-by-downloads-malware-installed-without-your-knowledge http://www.associatedcontent.com/article/794101/how_to_prevent_driveby_downloads_.html Clickjacking Clickjacking, also known as user-interface (UI) redressing, is one of the most common attacks against users by creating malicious pages that tricking users to click on buttons and links which reveal sensitive information, or can allow the attacker to take over control of the user's computer. The true function of the button is hidden under an opaque layer that shows something different to trick the users. A possible solution to clickjacking is the "walled garden" that iPhone has. It has a closed or exclusive set of information services provided for users, instead of allowing open access to apps and content. https://www.owasp.org/index.php/Clickjacking Targeted brand attacks on social networks Targeted brand attacks on social networks is attacking the big brand names, and attacking its reputation, currently common through attacks on social networks and phishing. Scammers that hijacked a social networking account can add random people to their friends list, and link them to malicious sites. Or an attacker would disguise themselves as the "official" profile of the brand company, and make friends and trick them into revealing sen

Explain the meaning of the following guidelines: Do you check the validity of site certificates when sending sensitive information to another website? Do you check for locks (bottom right browser status line) or the notation that the site is secure (https:// = secure = lock in status line) prior to entering sensitive information to that site? You must safeguard your information if you are going to store it on your computer. However, if you must store personal information on your computer, encryption is necessary. may 9 cream

Explain the meaning of the following guidelines: Do you check the validity of site certificates when sending sensitive information to another website? It is about checking the validity of site certificates for guarantee myself that I sent sensitive information to real and Safety Company. Do you check for locks (bottom right browser status line) or the notation that the site is secure (https:// = secure = lock in status line) prior to entering sensitive information to that site? This action is when you see a green lock in the URL space of web browser such as hotmail.com, which it says about US privacy and stuff. Https codes help you know that you are transmitting via a safe system. If the padlock is open, do not transmit sensitive information! You must safeguard your information if you are going to store it on your computer. However, if you must store personal information on your computer, encryption is necessary. It is best to ere on the side of caution and use encryption to not only protect the data but also protect yourself

1.3 Privacy and anonymity 3.3 Networks 3.4 Internet 3.5 Personal and public communications

Are any corporate databases and networks safe? Should consumers be wary about providing personal data online? How valuable is data stored online? May 11 soo

Are any corporate databases and networks safe? According to the article, they mentioned that no corporation databases are not completely safe and secure enough to protect personal information. There are too much false which makes network perfectly safe. It is very large storage and contains a lot of personal information. If the network is too big, they can't manage the network well and all the weaknesses will occur. The hackers will aim to hack the corporate databases because it has a lot of information therefore; it is not actually very safe. Should consumers be wary about providing personal data online? Yes, consumers should be wary about providing personal data online, because all services that store the online data are all under risk of being hacked, and the data compromised. Once the sensitive information is compromised, the user is more vulnerable to scam attacks through e-mails, as well as have their bank accounts or other user accounts online hacked. consumers should be a warning to be wary about providing personal data online because no corporate networks are frequently attacked by hackers and no matter how diligently their administrators work to protect them or how many protections are put n place, no network is perfectly secure. Even Sony' security systems are not perfect at all. Therefore, people have to be wary about providing personal data online How valuable is data stored online? Data stored online is very valuable, especially sensitive information such as ID numbers and bank/credit card numbers. Other personal data such as names, passwords, and security question answers are useful for hackers, and can be easily used for impersonation on other sites to hack into user accounts for further bad intentions.

1. ITGS 2. Security 3. Sony 4. Database 5. Network 6. Digital net networking

Android is widely accepted as being iOS' greatest rival, but, according to Dell SecureWorks security researcher Timothy Vidas, it has a host of issues that have made it a target for malware authors. Poor permissions: the huge host of permissions that users must understand are driving them into information paralysis; they are choosing to ignore the warnings presented to them, and not considering whether they may be dangerous or unnecessary. Open marketplace: Google Play does have an automated scanning program called Bouncer, but its effectiveness is as yet unknown. Therefore many Russian and Chinese alternative markets basically distribute 100 per cent malware Inexperienced or malicious developers: if they don't have any malicious intent, the developers could introduce new vulnerabilities into the target device, or create features that have unintended side effects.

People are worried about Android's security problems which have been gradually getting bigger and bigger. The security firm has found out that more than 5,000 malicious applications designed to target Google's Android mobile operating system, and it has risen to about 20,000 recently.

Mobile device security requires persistence, diligence and, of course, common sense. In recent months, iOS and Android security have been hot topics of discussion in response to major breaches that impacted both operating systems this summer. their data breaches a legitimate but avoidable threat. In addition, software updates a necessity

This talks about how vulnerable the current update is with security in IOS. Apple is trying to fix this with a new update. 

Eun Young  October 17th  BAA

1. Identify the area of impact the scenario relates to. The area of impact the scenario relates to is 'business and employment'. 2. Identify the main stakeholders to the IT system. The main stakeholders to the IT system from this article are the RBA (Reserve Bank of Australia) and customers. 3. Identify and describe one ITGS social/ethical concern in the article. The social/ethical concern that has been identified in this article is 'security'. Security refers to the protection of hardware, software from unauthorized access. Security tries to prevent the access by hackers. In this article, the RBA has been hacked (cyber attacked). For an example, the malware has embedded in the emails. They think it is China to blame because they thought that China has already been through a similar cyber attack, which aimed to get the information out of it. The staffs in the RBA have opened several malware emails. This malware application has managed to go through the computer system. 4. Describe ITGS terminology and systems. * Malware: Malware refers to software programs that are designed to damage or do other unwanted actions on a computer system. * Cyber Attack: Cyber attackers use malicious code to alter computer code,logic or data, resulting in disruptive consequences that can compromise data and lead to cyber-crimes (information and identity theft). * Computer Viruses: Small but insidious piece of programming-code that attacks computer and network systems through infected data files, introduced into a system via disks or Internet. 5. Describe the solution stated in the article or find a solution to the concern (issue) discussed in the article. Even though the RBA did not lose any of their information, it's better to have a safe security system/software to protect their information. The RBA needs to be more careful when opening email files, and for a better protection, they would need to find a better way to secure. I would suggest them to have an encryp

Analysis Read 2 pages March 25 Azman

1. Identify the area of impact the scenario relates to. Business 2. Identify all ITGS terminology and phrases (IT and social/ethical). Botnets, worm, malware, 3. Describe one ITGS social/ethical concern in the article. Security is the main issue in this article since it is dealing with worms, which infects and damage computer files. 4. Describe the relationship of the main stakeholders to the IT system. The main stakeholder, Facebook, is combating Koobface worm, which is, a malware (malicious software) to prevent it from infecting its users PC. 5. Explain the relationship between the IT system and the social/ethical issue identified in question 3. Koobface worm is a malware that could infect Facebook's users' computer, which is a security issue. It is estimated that the group earned more than $2 million from June 2009 to June 2010 by delivering the victims of its worm to unscrupulous marketers and makers of fake antivirus software. 6. Discuss at least one problem that relates to the impacts of the social/ethical issue. A Koobface attack starts with an invitation to watch a video and a message about updating the computer's Flash software. Clicking to get the update begins the download of Koobface, which gives criminals control of the computer, while the worm tries to spread itself further through the victim's social network contacts. This is a security breach to Facebook's users computer. When the criminals have control of the computer, they can do anything they want with it like, stealing personal information, etc. 7. Evaluate one solution that addresses the problem identified. Facebook need to step up their security for their users safety. To halt Koobface, Facebook uses algorithms that can detect suspicious posts and hijacked accounts, looking for unusual behavior like log-ins from odd places and a surge in messages sent. Facebook also keeps a blacklist of malicious Web links to prevent them from being shared on the site. When Koobface posts find a

brief all sept 7 Az

1. Identify the area of impact the scenario relates to. Business, Goverment 2. Identify the main stakeholders to the IT system. Mozilla, Google, DigiNotar, CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter, and Microsoft's Windows 3. Identify one ITGS social/ethical concern in the article. Security 4. Describe ITGS terminology and systems. SSL- Secure socket layer certificates used for transmitting private documents via the Internet. It creates an encrypted connection between your web server and you web browser that will protect transmitted private information from eavesdropping, data tampering, or message forgery. Man in the Middle- is the type of attack where attackers intrude into an existing connection to intercept the exchanged data and inject false information. It involves eavesdropping on a connection, intruding into a connection, intercepting messages, and selectively modifying data. DigiNotar= DigiNotar is registered by the OPTA as a CSP that delivers qualified certificates that comply with the Dutch act on electronic signatures with respect to the European directive on electronic signatures. Sinces 2004 DigiNotar has entered the PKI hierarchy of the Dutch Government: PKIoverheid. This allows DigiNotar as Certificate Services Provider (CSP) to issue certificates complying with PKIoverheid specifications to government organisations. HTTPS: Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol (HTTP) with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. 5. If possible, describe a solution to the concern (issue). Increase the security of the data for issuing a digital certificate to websites, and have updates of digital certificate periodically to check whether or not it has been compromised. Delete mo