Security, Social and Legal Issues Regarding Software and Internet

Basic Security Concepts Threats Countermeasures Encryption Decryption

Security Issues: Threats The entire point of computer security is to eliminate or protect against threats. A threat is anything that can cause harm. In the context of computer security, a threat can be a burglar, a virus, an earthquake or a simple user error. By itself, a threat is not harmful unless it uses an existing vulnerability. A vulnerability is a weakness– anything that has not been protected against threats, making it open to harm.

Countermeasures A countermeasure is any step you take to award off a threat– to protect yourself, your data, or your computer from harm. For example, regularly backing up your data is a countermeasure against the threat of data loss. A firewall is a countermeasure against hackers.

Classes of Countermeasures There are two classes of countermeasures. The first shields the user from personal harm, such as threats to personal property, confidential information, financial records, medical records, and so forth. The second safeguard protects the computer system from physical hazards such as theft, damage, power problems, and natural disasters or attacks on the data stored and processed in computers.

Threats to Users Networks and the internet have created unlimited possibilities for people to work, communicate, learn, buy, play games, and interact with others around the world. Some issues, such as identity theft, are still accomplished with little or no help from a computer.

Identity Theft Identity theft occurs when someone impersonates you by using your name, social security number, or other personal information to obtain documents or credit in your name. With the right information, an identity thief can virtually “become” the victim, obtaining a drivers license, bank accounts, mortgages and other items in the victim’s name.

Techniques for Obtaining Personal Information Shoulder Surfing: A trick known as shoulder surfing is as simple as watching someone enter personal identification information for a private transaction, such as an ATM machine. Snagging: A thief can catch information by listening in on the telephone extension, through a wiretap, or over a cubicle wall while the victim shares credit card or other personal information to a legitimate agent.

Techniques for Obtaining Personal Information Advertising Bogus Jobs: Jobs are offered (either full-time or work from home based) to which the victims will reply with their full name, address, curriculum vitae, telephone numbers, and banking details

Encryption and Decryption Encryption is the process of altering readable data into unreadable form to prevent unauthorized access. Encryption is able to use powerful mathematical concepts to create coded messages that are difficult or even virtually impossible to break.

Forms of Encryption There are two basic forms of encryption– private key and public key. Private key: private key encryption means that the same secret key is used by both sender and receiver to encrypt and decrypt a message. Public key: public key encryption means that two keys are used– a public key, which the receiver has made known beforehand to the sender, who uses it to encrypt the message, and a private key, which only the receiver knows and which is required to decrypt the message.

Private Key :Symmetric Encryption This system uses only private keys. This requires the private key (code) to be installed on specific computers that will be used for exchanging messages between certain users. The system works pretty much like two best friends to send secret messages to each other. Both friends know the key to crack and encode secret messages.

Public key : Asymmetric Encryption Uses both the private and public keys. The private key is for yourself and the public key is published on line for others to see. Use the public key to access the encryption code that corresponds to your private key. If you are sending an encrypted message to your friend which you do not want others to see, you would use his/her public key to encrypt it.

Private key encryption Dear Nicole, I have reviewed the new….. $ββ£®€≠µ∞ᙥβ¥% Dear Nicole, I have reviewed the new….. Encryption Decryption Private key Private key Original data Scrambled data Original data Public key encryption Dear Nicole, I have reviewed the new….. $ββ£®€≠µ∞ᙥβ¥% Dear Nicole, I have reviewed the new….. Encryption Decryption Public key Private key Original data Scrambled data Original data

Social Issues: Loss of Privacy Do you know that your buying habits are tracked electronically, in a range of commercial systems? This doesn’t apply just to online transactions either. Any time you rent movies or buy groceries, the purchases are logged in a database. Your medical financial, and credit records are available to anybody authorized to view them. Many of the companies you deal with every day– from your local supermarket to your insurance company– maintain databases filled with information about you.

Online Spying Tools Software developers have created a number of ways to track your activities online. Although many of these tools were created for benign purpose– such as helping legitimate webmasters determine who visits their sites most often– they are also being used in ways most consumers do not appreciate.

Spying Tools: Cookies A cookies is a small text file that a web server asks your browser to place on your computer. The cookie contains information that identifies your computer (its IP address), you (your user name or e-mail address), and information about your visit to the web site. For instance, the cookie might list the last time you visited the site, which pages you downloaded, and how long you were at the site before leaving.

Spying Tools: Web bugs A web bug is a small GIF-format image file that can be embedded in a web page or an HTML-format e-mail message. A bug can record what web pages you view, keywords you type into search engine, personal information you enter in a form on a web page, and other data.

Spying Tools: SPAM SPAM is the abuse of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages accidentally.

Hacking Hacking is unauthorized use of computer and network resources. A hacker is someone who uses a computer and network or internet connection to impose into another computer or system to perform an illegal act.

Software Piracy Software piracy refers to the unauthorized duplication and use of computer software. Software developers work hard to develop solid software programs. If those applications are pirated and stolen, the software developers will often be unable to generate the revenue required to continue supporting and expanding those applications. The effects of software piracy impact the entire global economy.