1.2+Security


 * 1.2 Security**

Security refers to the protection of hardware, software, machines and networks from unauthorized access. Security measures include restricted access to machines and networks for certain employees or to prevent access by hackers. The degree of security of information systems largely determines society’s confidence in the information contained in the systems. Here are some concerns when it comes to computers: malware, physical security, password security (which we will discuss more in the section on authenticity), encryption, data backup.

Read chapter 10 in "Tomorrow's Technology and You" on Security.


 * Briefly describe each concern**

Physical security of your property - To prevent property from being stolen or unwanted access and even destruction.

Password Security of your hardware and software - To protect them from unwanted or random modification.

Encryption of electronic data you want kept safe - To prevent any personal or confidential work information being revealed or shared to everyone else by encrypting the information into unreadable characters.

Data backup - A process of saving data onto hard disks or online storage as an insurance against any data loss.


 * Define the following malware:**

Viruses - Virus copies itself in an uninfected program and will quickly replicates itself when other computer users open the program and destroy their computer data or erase disks.

Trojans - It creates programs that might cause damage or data loss to computer users and hides them in attractive games or utilities to attract users to download them from website while some saboteurs might pass secret data to unauthorized users with Trojans.

Worms - Capable to travel independently throughout the computer networks and reproduce itself until the computer freezes from lack of disk space or memory.

Phishing - An internet fraud technique where spammers often trick people to fill out their information such as credit card numbers by sending emails that appear to be from certain services and recommend consumer to update their information that they need to steal.

Good definitions. Now for each one:


 * 1) Find a recent (within the past month or two) example of a virus, trojan, worm, and phishing scam.
 * 2) Add a link for each article in the news section
 * 3) Describe each
 * 4) What affect did it have on people? Business? society as a whole?
 * 5) How can someone help protect themselves from installing a virus, trojan, worm, or phishing?


 * Example of malware and phishing scam:**

Recently, many MobileMe users are planning to switch to Apple's new service, iCloud. Scammers saw this as a great opportunity to target the user's transition. They have started to send fake e-mails regarding the MobileMe to iCloud transition, the e-mail requested users to sign up for iCloud to extend their subscriptions for another year. Scammers usually make their e-mail appear to be authentic, they link the e-mail to a scam Web page that looks similar to Apple Store and suggest users to supply credit card information to extend. Phishing allows scammers to steal money from people easily by tricking people to supply details of their credit cards. This affect individuals as they will suddenly receive a huge debt that will take ages for them to pay. Phishing also causes businesses in a country to lose reputation of their brands and huge amount of money as their clients become victims. The whole society will be facing huge threats of identity theft and loss of financial support.
 * Phishing scam - MobileMe to iCloud transition**
 * (August 29, 2011 New iCloud phishing scam targets MobileMe users)**

SpyEye is known as a malicious software that steals money from online bank accounts. it has the ability to harvest credentials for online accounts and make transactions as if a person is logged into their account. According to Trusteer's CEO, Mickey Boodai, SpyEye had designed a new code to avoid advanced systems that banks have these days. Banks suspected that IP address might be the way they used to make transaction from another area. Besides, SpyEye authors start to show normal user patterns in making transaction because this software works faster than an average person speed. SpyEye is literally making individuals to watch their bank balance drop right away. It also affect financial institutions to increase their spending to increase their security level. Also, SpyEye toolkit is spreading across the countries, allowing more criminal groups to purchase and target more financial institutions. More citizens will be facing the risk of losing their money.
 * SpyEye Trojan - Defeats online banking defenses**
 * (July 26, 2011 SpyEye Trojan defeating online banking defenses)**

Microsoft stated that Ramnit is one of the four parasitic viruses out of the top 10 detected threat families. Ramnit used older generation of malicious method to infect computers' files and causes machine to crash. It supports man-in-the-browser attacks, allowing to bypass two-factor authentication and modify Web pages or insert banking transactions. It has the ability to drain bank accounts and remain "invisible to both the user and host application" according to Trusteer Senior Malware Reseacher Ayelet Heyman. Individuals and business companies are mainly affected as they have the risk of losing a huge amount of money in investments. Also, the society will be filled with victims facing financial issues.
 * Ramnit worm**
 * (August 25, 2011 Ramnit worm variant now dangerous banking malware)**


 * Viruses -**


 * How to protect yourself from phishing or installing malware:**


 * Phishing***
 * 1) Change your browsing habits. Pay attention on the spellings of the sentences.
 * 2) Do not reply e-mail when they request to submit your personal informations.
 * 3) Check the authentic websites before you reply the e-mail.
 * 4) Check the sender of the e-mail.


 * Malware***
 * 1) Strengthen server-side fraud detection. Look for anomalous patterns.
 * 2) Smartphone security.


 * Read the 4 articles:**


 * August 29, 2012 - Nokia's developer network hacked
 * August 26, 2012 - iPhone hacker Comex says he's landed an internship ... at Apple
 * August 26, 2012 - Tips For College-Bound Students To Prevent Identity Theft
 * August 25, 2012 - Canadians lax about cellphone security

For each article:


 * 1) Give a brief (one paragraph) summary of the article.
 * 2) Who are the stakeholders? That is, who is affected?


 * Summary**

Nokia's online community pages used by developers of Nokia phone apps has been hacked. The company stated that their database table was attacked by SQL Injection where hackers usually hit their target on an open part of the website system such as log-on screen and injecting harmful code into the system. Nokia did not reveal the scale of the attack, however, they claimed that all the members' personal information and additional contact details such as Skype addresses may have been stolen but has not yet appeared elsewhere on the internet. Developers of Nokia phone apps and Nokia phone users are affected by this hacking attack because all of their personal information and additional contact details are in great danger of being misused by the hackers for unknown purposes. Very good response. (Nokia company will have a bad reputation to the public and consumers may choose to purchase other company's phone that they are trusted in.)
 * Nokia's developer network hacked**

A 19 years old iPhone hacker who is famously known for his website jailbreak.me was unmasked by Forbes. Nicholas Allegra (Comex) created jailbreak.me that allow iPhone users to have free access to all the apps and wireless networks that are not yet approved by Apple. At Forbes, Greenberg stated that there are risks for company to hire hackers because they don't always go well and may result in more hacking attacks. But Greenberg argued that Apple hiring Comex may be a good decision because he understands Apple products' weaknesses and will make Apple a much safer product in the future. Apple Company is affected in a good way in this case. Even though this is not their first time hiring a hacker but having Comex who understands so well about their product will create a whole new level security system for Apple that may take years for other hackers to access. Comex will undoubtedly help them with their security flaws. But there could be a repercussion of hiring an ex-hacker, such as allowing the hacker to have absolute free access to the database that may let the hacker to make more destruction in the future.
 * iPhone hacker Comex**

Identity theft had increased by 7% last year according to Javelin Strategy and Research report. Young adults who are college-aged students often fell victim to such crime. College students are usually vulnerable to identity theft as they need to manage their school or work and social lives. BBB had recommended some tips for college student to protect their identity. The general idea and steps are by securing all your important mail and documents safely and make sure all the sensitive financial statements are shredded or kept safely. Also, checking financial reports monthly or yearly is recommended as they help to look for any suspicious activities. Young adults and their family are mainly affected in this crime because once their identity is stolen, their financial support might be at risks. Very good response!
 * Tips for College-Bound Students to prevent from Identity Theft**

Canada's privacy commissioner has found that less than half of Canadian cellphone users apply passwords or adjust privacy settings on their devices. The results from a poll and other surveys found that mostly older Canadians ignore the concerns of their privacy and younger Canadians (aged 19 to 34) are more likely to take precautions. Besides cellphone, people also start to concern about their privacy is fully protected in social networks, Internet and communication technology. They also concerned about the information they provided to airport might be shared with other foreign authorities. The overall survey has also found the majority people in Canada want tougher laws in Canada and enforcement for company who break privacy laws or refuses to go along with privacy protections for their customers. Canadians are affected in this event as they realized the security of their personal information are more weakly protected compared to the previous decade.
 * Canadians lax about cellphone security**

>
 * Questions for each article:**
 * Similar to Nokia, Sony'swas recently hacked on April 17 and 18, 2011. Read Chapter 10 (p. 358) on security. Do you think that it is possible for a company to completely protect itself from being hacked? Why or why not? Justify your response.
 * No, because nothing is perfect. Everything has errors no matter how great we change or improve them. For example, Apple company has been trying to improve their products as perfect as they can but they still found problems and weaknesses in the end. Same to the security systems, even if a company hired many hackers to improve their security level, there will be other weaknesses that can be found by other hackers. Human errors may also cause the information of some database to be shared by everyone, such as logged in screens left opened. Very true this reminds me of wikileaks and the person who leaked top secret information and is now in prison.
 * Comex, a notorious iPhone hacker has been hired by Apple. He has now joined the "good" side and has become an ethical hacker . What is an ethical hacker?
 * When a group of people hired by companies or industry to hack into other computer system in order to access for information and expose certain weakness before other hackers started to have evil-intentioned attack but they do not carry out malicious attack.


 * From the information about identity in your text book and the article, are you at risk of identity theft? Why or why not?
 * Not yet, because I am still a minor so it will be difficult to use my identity for many purpose since minor have more restrictions. Most of the time targets are usually set to college students as they just started to manage their own life and school/work with very little experiences. Very good.


 * Evidently older Canadians do not secure their phones. Ask 5 of your friends if they secure their phones and/or computers. Ask them, why or why not? What are some of the potential dangers of not securing your phone or computer?
 * My friends secured their phones and computer with passwords because their want to prevent their personal information and other data to be stolen. The main danger of not securing your phone or computer is the loss of data or personal information. Besides losing data, there are possibilities where saboteurs misuse your personal information or other contacts for unethical purpose, such as using credit card information to purchase anything they want and allow the bank to send all the debt statements back to you and create many financial problems.