Security, Social and Legal Issues Regarding Software and Internet

Basic Security Concepts Threats Countermeasures Encryption Decryption

Security Issues: Threats The entire point of computer security is to eliminate or protect against threats. A threat is anything that can cause harm. In the context of computer security, a threat can be a burglar, a virus, an earthquake or a simple user error. By itself, a threat is not harmful unless it exploits an existing vulnerability. A vulnerability is a weakness– anything that has not been protected against threats, making it open to harm.

Countermeasures A countermeasure is any step you take to award off a threat– to protect yourself, your data, or your computer from harm. For example, regularly backing up your data is a countermeasure against the threat of data loss. A firewall is a countermeasure against hackers.

Classes of Countermeasures There are two classes of countermeasures. 1.The first shields the user from personal harm, such as threats to personal property, confidential information, financial records, medical records, and so forth. 2.The second safeguard protects the computer system from physical hazards such as theft, damage, power problems, and natural disasters or attacks on the data stored and processed in computers.

Threats to Users Networks and the internet have created limitless possibilities for people to work, communicate, learn, buy, play games, and interact with others around the world. These possibilities come from the openness of networks– especially the internet, which is available to virtually everyone, for virtually any kind of use. However, the very openness that makes the internet so valuable also has made it a medium for many types of threats. Still, we cannot blame the internet for all computer- related problems. Some issues, such as identity theft, are still accomplished with little or no help from a computer.

Identity Theft Identity theft occurs when someone impersonates you by using your name, social security number, or other personal information to obtain documents or credit in your name. With the right information, an identity thief can virtually “become” the victim, obtaining a drivers license, bank accounts, mortgages and other items in the victim’s name. Identity thieves can use several methods– low tech as well as high tech– to obtain the information they need:

Techniques for Obtaining Personal Information Shoulder Surfing: A trick known as shoulder surfing is as simple as watching someone enter personal identification information for a private transaction, such as an ATM machine. Snagging: A thief can catch information by listening in on the telephone extension, through a wiretap, or over a cubicle wall while the victim shares credit card or other personal information to a legitimate agent.

Techniques for Obtaining Personal Information Phishing: Impersonating a trusted company/institution/organization in an electronic communication to promote revealing of personal information. Advertising Bogus Jobs: Jobs are offered (either full-time or work from home based) to which the victims will reply with their full name, address, curriculum vitae, telephone numbers, and banking details

Encryption and Decryption Encryption is the process of altering readable data into unreadable form to prevent unauthorized access. Encryption is able to use powerful mathematical concepts to create coded messages that are difficult or even virtually impossible to break.

Forms of Encryption There are two basic forms of encryption– private key and public key. 1.Private key: private key encryption means that the same secret key is used by both sender and receiver to encrypt and decrypt a message. 2.Public key: public key encryption means that two keys are used– a public key, which the receiver has made known beforehand to the sender, who uses it to encrypt the message, and a private key, which only the receiver knows and which is required to decrypt the message.

Private Key : Symmetric Encryption This system uses only private keys. This requires the private key (code) to be installed on specific computers that will be used for exchanging messages between certain users. The system works pretty much like two best friends to send secret messages to each other. Both friends know the key to crack and encode secret messages.

Public key : Asymmetric Encryption Uses both the private and public keys. The private key is for yourself and the public key is published on line for others to see. Use the public key to access the encryption code that corresponds to your private key. If you are sending an encrypted message to your friend which you do not want others to see, you would use his/her public key to encrypt it.

Public key : Asymmetric Encryption He/She will be able to decrypt it with his/her own corresponding private key. Likewise, if he/she sends a message to you, he/she uses your public key to encrypt the message and you would use your private key to decrypt it.

Dear Nicole, I have reviewed the new….. Dear Nicole, I have reviewed the new….. Dear Nicole, I have reviewed the new….. Dear Nicole, I have reviewed the new….. $ββ£®€≠µ∞α™ ¥β¥% Original data Scrambled dataOriginal data Scrambled data Original data Public keyPrivate key Encryption Decryption Encryption Decryption Private key encryption Public key encryption

Social Issues: Loss of Privacy Do you know that your buying habits are tracked electronically, in a range of commercial systems? This doesn’t apply just to online transactions either. Any time you rent movies or buy groceries, the purchases are logged in a database. Your medical financial, and credit records are available to anybody authorized to view them. Many of the companies you deal with every day– from your local supermarket to your insurance company– maintain databases filled with information about you. You might expect these firms to know your name and address, but you might be surprised to learn that they know how many times each month you purchase groceries or buy a magazine. And a lot of companies do not keep this information confidential; they may sell it to other companies who are interested in knowing about you.

Online Spying Tools Software developers have created a number of ways to track your activities online. Although many of these tools were created for benign purpose– such as helping legitimate webmasters determine who visits their sites most often– they are also being used in ways most consumers do not appreciate.

Spying Tools: Cookies A cookies is a small text file that a web server asks your browser to place on your computer. The cookie contains information that identifies your computer (its IP address), you (your user name or address), and information about your visit to the web site. For instance, the cookie might list the last time you visited the site, which pages you downloaded, and how long you were at the site before leaving. If you set up an account at a web site such as an e- commerce site, the cookie will contain information about your account, making it easy for the server to find and manage your account whenever you visit.

Spying Tools: Web bugs A web bug is a small GIF-format image file that can be embedded in a web page or an HTML- format message. A web bug can be as small as a single pixel in size and can easily be hidden anywhere in an HTML document. A bug can record what web pages you view, keywords you type into search engine, personal information you enter in a form on a web page, and other data.