1. Consider how a hacker might trick people into giving him or her user IDs and passwords to their Amazon.com accounts. What are some of the ways that a hacker might accomplish this? What crimes can be performed with such information? How?
* Social engineering (For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password. The goal is always to gain the trust of one or more of your employees) * Phishing (criminal, fraudulent process of attempting to acquire confidential information such as user names, passwords, and credit card details by masquerading as a trustworthy entity such as well-known bank, credit card company, a friend, a large social network, or a telecommunication company. Done thru email or IM. Enter details at a fake website * Keystroke logging (the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. Want shoppers money, confidential information
2. B2C EC sites continue to experience DoS attacks. How are these attacks perpetrated? Why is it so difficult to safeguard against them? What are some of the things a site can do to mitigate such attacks? Attacker uses specialized software to send flood of data packet to the target computer, with the aim of overloading its resources. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately. IP addresses are not useful as an identification credential. Because there is no reliable way to tell where an HTTP request is from, it is very difficult to filter out malicious traffic. For distributed attacks, how would an application tell the difference between a true attack, multiple users all hitting reload at the same time (which might happen if there is a temporary problem with the site), or getting 'slashdotted'? 3. How are botnets, identify thefts, DoS attacks, and website hijackings perpetrated? Why are they so dangerous to e-commerce? Botnets - The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it. Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet. Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals. Identity theft - Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The victim of identity theft (here meaning the person whose identity has been assumed by the identity thief) can suffer adverse consequences if they are held accountable for the perpetrator's actions. Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes. DoS attacks - In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts...
Please join StudyMode to read the full document