Common Security Issues
Malicious software programs are referred to as malware and include a variety of threats, such as computer viruses, worms, and Trojan horses.
A computer virus is a rogue software program that attaches itself to other software programs or data files in order to be executed, usually without user knowledge or permission.
worms, which are independent computer programs that copy themselves from one computer to other
computers over a network. Unlike viruses, worms can operate on their own without attaching to other computer program files
Denial of Service. This is becoming a common networking prank. By hammering a Web site’s equipment with too many requests for information, an attacker can effectively clog the system,
slowing performance or even crashing the site. This method of overloading computers is sometimes
used to cover up an attack.
A distributed denial-of-service (DDoS) attack uses numerous computers to inundate and overwhelm the network from numerous launch points.
Trojan Horse. A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software.
Social Engineering. A tactic used to gain access to computer systems by talking unsuspecting company employees out of valuable information such as passwords.
Back Doors. In case the original entry point has been detected, having a few hidden ways back makes reentry easy—and difficult to detect.
SQL injection attacks have become a major malware threat. SQL injection attacks take advantage of vulnerabilities in poorly coded Web application software to introduce malicious program code into a company’s systems and networks. These vulnerabilities occur when a Web application fails to properly validate or filter data entered by a user on a Web page, which might occur when ordering something online. An attacker uses this input validation error to send a rogue SQL query to the underlying database to access the database, plant malicious code, or access other systems on the network.
Logic Bombs. An instruction in a computer program that triggers a malicious act.
Spamming is the indiscriminate sending of unsolicited e-mail messages ( spam ) to many Internet users. Spamming is the favourite tactic of mass mailers of unsolicited advertisements, or junk e-mail. Spamming has also been used by cyber-criminals to spread computer viruses or infiltrate many computer systems.
Flaming is the practice of sending extremely critical, derogatory, and often vulgar e-mail messages ( flame mail ) or newsgroup postinxgs to other users on the Internet or online services. Flaming is especially prevalent on some of the Internet’s special-interest newsgroups.
Identity theft is a crime in which an imposter obtains key pieces of personal information, such as social security identification numbers, driver’s license numbers, or credit card numbers, to impersonate someone else.
Phishing involves setting up fake Web sites or sending e-mail messages that look like those of legitimate businesses to ask users for confidential personal data.
Pharming redirects users to a bogus Web page, even when the individual types the correct Web page address into his or her browser.
Privacy Issues
Information technology makes it technically and economically feasible to collect, store, integrate, interchange, and retrieve data and information quickly and easily. This characteristic has an important beneficial effect on the efficiency and effectiveness of computer-based information systems. The power of information technology to store and retrieve information, however, can have a negative effect on the right to privacy of every individual. For example, confidential e-mail messages by
employees are monitored by many companies. Personal information is being collected about individuals every time someone visits a site on the World Wide Web. Confidential information on individuals contained in centralised computer databases by credit bureaus, government agencies, and private business firms has been stolen or misused, resulting in the invasion of privacy, fraud, and other injustices.
Some privacy issues under debate include:
- Accessing private e-mail conversations and computer records and collecting and sharing information about individuals gained from their visits to Internet Web sites and newsgroups (violation of privacy).
- Always knowing where a person is, especially as mobile and paging services become more closely associated with people rather than places (computer monitoring).
- Using customer information gained from many sources to market additional business services (computer matching).
- Collecting telephone numbers, e-mail addresses, credit card numbers, and other personal information to build individual customer profiles (unauthorised personal files).
- opt-in versus opt-out is central to the debate over privacy legislation. Consumer protection groups typically endorse an opt-in standard, making privacy the default. An opt-in system automatically protects consumers who do not specifically allow data to be compiled about them.
ETHICAL ISSUES
Information systems have created new ethical dilemmas in which one set of interests is pitted against another. For example, many of the large telephone companies in the United States are using information technology to reduce the sizes of their work forces. Voice recognition software reduces the need for human operators by enabling computers to recognize a customer’s responses to a series of computerized questions. Many companies monitor what their employees are doing on the Internet to prevent them from wasting company resources on non-business activities. Facebook monitors its subscribers and then sells the information to advertisers and app developers In each instance, you can find competing values at work, with groups lined up on either side of a debate.
FIVE MORAL DIMENSIONS OF THE INFORMATION AGE
- Information rights and obligations. What information rights do individuals and organizations possess with respect to themselves? What can they protect?
- Property rights and obligations. How will traditional intellectual property rights be protected in a digital society in which tracing and accounting for ownership are difficult and ignoring such property rights is so easy?
- Accountability and control. Who can and will be held accountable and liable for the harm done to individual and collective information and property rights?
- System quality. What standards of data and system quality should we demand to protect individual rights and the safety of society?
- Quality of life. What values should be preserved in an information- and knowledge-based society? Which institutions should we protect from violation? Which cultural values and practices are supported by the new information technology?
SOCIETAL ISSUES
Internet technology has posed new challenges for the protection of individual privacy. Information sent over this vast network of networks may pass through many different computer systems before it reaches its final destination. Each of these systems is capable of monitoring, capturing, and storing communications that pass through it.
Cookies are small text files deposited on a computer hard drive when a user visits Web sites. Cookies identify the visitor’s Web browser software and track visits to the Web site. When the visitor returns to a site that has stored a cookie, the Web site software will search the visitor’s computer, find the cookie, and know what that person has done in the past.
Web beacons, also called Web bugs (or simply “tracking files”), are tiny software programs that keep a record of users’ online click-stream and report this data back to whomever owns the tracking
file invisibly embedded in e-mail messages and Web pages that are designed to monitor the behaviour of the user visiting a Web site or sending e-mail. Web beacons are placed on popular Web sites by third-party firms who pay the Web sites a fee for access to their audience.
Other spyware can secretly install itself on an Internet user’s computer by piggybacking on larger applications. Once installed, the spyware calls out to Web sites to send banner ads and other unsolicited material to the user, and it can report the user’s movements on the Internet to other computers.
Contemporary information technologies, especially software, pose severe challenges to existing intellectual property regimes and, therefore, create significant ethical, social, and political issues. Digital media differ from books, periodicals, and other media in terms of ease of replication; ease of transmission; ease of alteration; difficulty in classifying a software work as a program, book, or even music; compactness—making theft easy; and difficulties in establishing uniqueness. The proliferation of electronic networks, including the Internet, has made it even more difficult to protect intellectual property.
No comments:
Post a Comment