Data Protection Informatics Practices
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Cyber Threats to Mobile Phones Paul Ruggiero and Jon Foote
Cyber Threats to Mobile Phones Paul Ruggiero and Jon Foote Mobile Threats Are Increasing Smartphones, or mobile phones with advanced capabilities like those of personal computers (PCs), are appearing in more people’s pockets, purses, and briefcases. Smartphones’ popularity and relatively lax security have made them attractive targets for attackers. According to a report published earlier this year, smartphones recently outsold PCs for the first time, and attackers have been exploiting this expanding market by using old techniques along with new ones.1 One example is this year’s Valentine’s Day attack, in which attackers distributed a mobile picture- sharing application that secretly sent premium-rate text messages from the user’s mobile phone. One study found that, from 2009 to 2010, the number of new vulnerabilities in mobile operating systems jumped 42 percent.2 The number and sophistication of attacks on mobile phones is increasing, and countermeasures are slow to catch up. Smartphones and personal digital assistants (PDAs) give users mobile access to email, the internet, GPS navigation, and many other applications. However, smartphone security has not kept pace with traditional computer security. Technical security measures, such as firewalls, antivirus, and encryption, are uncommon on mobile phones, and mobile phone operating systems are not updated as frequently as those on personal computers.3 Mobile social networking applications sometimes lack the detailed privacy controls of their PC counterparts. Unfortunately, many smartphone users do not recognize these security shortcomings. Many users fail to enable the security software that comes with their phones, and they believe that surfing the internet on their phones is as safe as or safer than surfing on their computers.4 Meanwhile, mobile phones are becoming more and more valuable as targets for attack. -
(Fake Websites) Spam, Phishing and Pharming Are All Terms Relating to Dubious
Spam (Junk email and Phishing email) and Pharming (fake websites) Spam, phishing and pharming are all terms relating to dubious online practices, either to sale goods or services online or to gain access to confidential information, often with malicious intent. Spam is the term used to describe unwanted (junk) emails that are typically distributed in bulk. Spam messages will typically contain commercial content – examples include pornography, pharmaceuticals, dubious financial transactions, or ‘too good to be true’ offers. In most cases, spam emails are sent with fraudulent intent, but there are also cases where reputable companies or private users send mass emails too. An example of Junk email: (to many recipients, requesting a response) Spam can also be used to launch phishing attacks where users are sent emails tricking them into ‘updating’ their personal details online via a fake website (imitating a bank or similar). The tricky part is that phishers pretend to be someone you know, like a bank or even a department from right here at Purdue, to make you think they are trustworthy. That’s why it’s so important to keep in mind that CLA-IT or any other Purdue department will NEVER, under any circumstance, ask you for your login information via email or web form. Anyone asking for this type of information via email is undoubtedly a fraud. Spam can also be used as a means of distributing malicious software, which can install key-logging software on your PC without your knowledge. Pharming is the term used to describe the process of redirecting users to a fraudulent copy of a legitimate website, again with the aim of stealing personal data and passwords for criminal intent. -
Image Steganography Applications for Secure Communication
IMAGE STEGANOGRAPHY APPLICATIONS FOR SECURE COMMUNICATION by Tayana Morkel Submitted in partial fulfillment of the requirements for the degree Master of Science (Computer Science) in the Faculty of Engineering, Built Environment and Information Technology University of Pretoria, Pretoria May 2012 © University of Pretoria Image Steganography Applications for Secure Communication by Tayana Morkel E-mail: [email protected] Abstract To securely communicate information between parties or locations is not an easy task considering the possible attacks or unintentional changes that can occur during communication. Encryption is often used to protect secret information from unauthorised access. Encryption, however, is not inconspicuous and the observable exchange of encrypted information between two parties can provide a potential attacker with information on the sender and receiver(s). The presence of encrypted information can also entice a potential attacker to launch an attack on the secure communication. This dissertation investigates and discusses the use of image steganography, a technology for hiding information in other information, to facilitate secure communication. Secure communication is divided into three categories: self-communication, one-to-one communication and one-to-many communication, depending on the number of receivers. In this dissertation, applications that make use of image steganography are implemented for each of the secure communication categories. For self-communication, image steganography is used to hide one-time passwords (OTPs) in images that are stored on a mobile device. For one-to-one communication, a decryptor program that forms part of an encryption protocol is embedded in an image using image steganography and for one-to-many communication, a secret message is divided into pieces and different pieces are embedded in different images. -
Component 3 Learning Aim B Cyber Security- B1 Threats to Data Why Systems Are Attacked
Component 3 Learning Aim B Cyber Security- B1 Threats to Data Why Systems are Attacked Key Vocabulary Intellectual Property An idea that you invented that belongs to you, for example, an image that is copyrighted. Ransomware A form of malware, usually infecting unprotected digital systems, occurring when users open malicious email attachments. Malware A malicious form of software that is transferred to, and then executed on, a user’s machine to damage or disrupt the system or allow unauthorised access to data. Denial-of-Service (DoS) attacks Attack a remote computer by making it unable to respond to legitimate user requests. Cybersecurity The combination of policies, procedures, technologies and the actions of individuals to protect from both internal and external threats. Organisations have become reliant on digital systems to hold data and perform vital business functions. Data and information theft Many organisations have their digital systems attacked daily. Industrial Espionage Data and information both have value as they can be sold The reasons these attacks may occur are varied Intellectual property (designs, business strategy for financial gain. etc) can be stolen through organised cyberattacks. This can be done by stealing customer payment information and then using it to purchase goods These types of assets can be highly valuable, leading •Fun/ illegally. to cheaper, fake copies of products being sold and Breaches of data and information are a major cause of •challenge the original organisation suffering a loss of income. identity theft. •Data and Financial Gain Fun/ Challenge •Industrial information • Hackers may attack systems for the thrill, adrenaline espionage theft A very simple motive: money. -
Phishing – a Growing Threat to E-Commerce
Phishing – A Growing Threat to E-Commerce M. Tariq Banday* and Jameel A. Qadri** * Department of Electronics & Instrumentation Technology, The University of Kashmir, Srinagar – 190006, email: [email protected]. ** School of Computing, Middlesex University, Hendon, London, UK, email: [email protected]. Abstract: In today’s business environment, it is difficult to imagine a workplace without access to the web, yet a variety of email born viruses, spyware, adware, Trojan horses, phishing attacks, directory harvest attacks, DoS attacks, and other threats combine to attack businesses and customers. This paper is an attempt to review phishing – a constantly growing and evolving threat to Internet based commercial transactions. Various phishing approaches that include vishing, spear phishng, pharming, keyloggers, malware, web Trojans, and others will be discussed. This paper also highlights the latest phishing analysis made by Anti-Phishing Working Group (APWG) and Korean Internet Security Center. Introduction commerce has given a boon to both customers and Electronic Commerce (E-Commerce) is commercial businesses by driving down costs and prices. E- transactions conducted electronically especially commerce allows real-time business across using a computer over a large network like Internet. geographical borders round the clock. In developed It involves exchange of business information using countries almost all business employs e-commerce electronic data interchange (EDI), email, electronic or has e-commerce provisions and in developing bulletin boards, fax transmissions, electronic funds countries like India, it is registering a rapid growth transfer, etc. Internet shopping, online stock and in terms of both popularity among consumers and bond transactions, selling and purchase of soft the revenue generated through e-commerce merchandise like documents, graphics, music, (Vashitha–2005). -
Espionage Against the United States by American Citizens 1947-2001
Technical Report 02-5 July 2002 Espionage Against the United States by American Citizens 1947-2001 Katherine L. Herbig Martin F. Wiskoff TRW Systems Released by James A. Riedel Director Defense Personnel Security Research Center 99 Pacific Street, Building 455-E Monterey, CA 93940-2497 REPORT DOCUMENTATION PAGE Form Approved OMB No. 0704-0188 The public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing the burden, to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704- 0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE (DDMMYYYY) 2. REPORT TYPE 3. DATES COVERED (From – To) July 2002 Technical 1947 - 2001 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER 5b. GRANT NUMBER Espionage Against the United States by American Citizens 1947-2001 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER Katherine L. Herbig, Ph.D. Martin F. Wiskoff, Ph.D. 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. -
Detection of Pharming Attack on Websites Using Svm Classifier
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 8, ISSUE 11, NOVEMBER 2019 ISSN 2277-8616 Detection Of Pharming Attack On Websites Using Svm Classifier Saloni Manhas, Swapnesh Taterh, Dilbag Singh Abstract: Attackers are constantly trying to con users and organizations to cause financial damage, loss of sensitive information, and ruin their reputation. Pharming attacks are becoming a headache for website users due to its severe consequences. This attack is achieved by stealing user’s credentials and redirect them to malicious websites by using DNS based techniques. Therefore, to give additional safety Transport Layer Security/Secure Sockets Layer (TLS/SSL) was introduced. It operates by authorizing the actual web server for you to the customer, vice a new versa in so doing each party confirming the actual reliability by using digital certificates. However, SSL is still vulnerable to pharming attacks. Results show that the proposed technique provides 97% accuracy along with high performance in F-measure, sensitivity and specificity which is commendable and proves that SVM is an adequate machine learning method to successfully carry out detection of pharming attack. Index Terms: Phishing, Support Vector Machine (SVM), Secure Socket Layer (SSL) attacks, Malicious websites, Pharming, Machine learning, Network attacks. —————————— —————————— 1. INTRODUCTION DNS cache poisoning, pharming attack is executed and It is quite evident that all of the advances seen in the leaves user facing dire consequences like password information technology realm helped both the good guys hijacking, stolen credentials etc. It is often said that HTTP and the bad. Subsequently, we have seen a steep increase should not be used to pass sensitive information. -
Image Steganography: Protection of Digital Properties Against Eavesdropping
Image Steganography: Protection of Digital Properties against Eavesdropping Ajay Kumar Shrestha Ramita Maharjan Rejina Basnet Computer and Electronics Engineering Computer and Electronics Engineering Computer and Electronics Engineering Kantipur Engineering College, TU Kantipur Engineering College, TU Kantipur Engineering College, TU Lalitpur, Nepal Lalitpur, Nepal Lalitpur, Nepal [email protected] [email protected] [email protected] Abstract—Steganography is the art of hiding the fact that Data encryption is basically a strategy to make the data communication is taking place, by hiding information in other unreadable, invisible or incomprehensible during transmission information. Different types of carrier file formats can be used, by scrambling the content of data. Steganography is the art but digital images are the most popular ones because of their and science of hiding information by embedding messages frequency on the internet. For hiding secret information in within seemingly harmless messages. It also refers to the images, there exists a large variety of steganography techniques. “Invisible” communication. The power of Steganography is in Some are more complex than others and all of them have hiding the secret message by obscurity, hiding its existence in respective strong and weak points. Many applications may a non-secret file. Steganography works by replacing bits of require absolute invisibility of the secret information. This paper useless or unused data in regular computer files. This hidden intends to give an overview of image steganography, it’s uses and information can be plaintext or ciphertext and even images. techniques, basically, to store the confidential information within images such as details of working strategy, secret missions, According to Bhattacharyya et al., “Steganography’s niche in criminal and confidential information in various organizations security is to supplement cryptography, not replace it. -
Informational Supplement Best Practices on Spyware Prevention and Detection the Internet Has Become a Popular Method for Both C
Informational Supplement Best Practices on Spyware Prevention and Detection The Internet has become a popular method for both conducting business and managing finances through online banking relationships. While most financial institutions and some individuals have taken steps to protect their computers, many firewall and anti-virus software packages do not protect computers from one of the latest threats, “spyware” – a form of software that collects personal and confidential information about a person or organization without their proper knowledge or informed consent, and reports it to a third party. This informational supplement describes the various challenges and best practices related to spyware. Financial institutions should consider these recommendations to prevent and detect spyware on both bank-owned and customer computers. Spyware Infection Spyware is usually installed without a user’s knowledge or permission. However, users may intentionally install spyware without understanding the full ramifications of their actions. A user may be required to accept an End User Licensing Agreement (EULA), which often does not clearly inform the user about the extent or manner in which information is collected. In such cases, the software is installed without the user’s “informed consent.” Spyware can be installed through the following methods: • Downloaded with other Internet downloads in a practice called “bundling.” In many cases, all the licensing agreements may be included in one pop-up window that, unless read carefully, may leave the user unaware of “bundled” spyware. • Directly downloaded by users who were persuaded that the technology offers a benefit. Some spyware claims to offer increased productivity, virus scanning capabilities or other benefits. -
Drive-By Pharming
Drive-By Pharming Sid Stamm1, Zulfikar Ramzan2, and Markus Jakobsson1 1 Indiana University, Bloomington IN, USA 2 Symantec Corporation, Mountain View CA, USA Abstract. This paper describes an attack concept termed Drive-by Pharm- ing where an attacker sets up a web page that, when simply viewed by the victim (on a JavaScript-enabled browser), attempts to change the DNS server settings on the victim’s home broadband router. As a result, future DNS queries are resolved by a DNS server of the attacker’s choice. The attacker can direct the victim’s Internet traffic and point the victim to the attacker’s own web sites regardless of what domain the victim thinks he is actually going to, potentially leading to the compromise of the victim’s credentials. The same attack methodology can be used to make other changes to the router, like replacing its firmware. Routers could then host malicious web pages or engage in click fraud. Since the attack is mounted through viewing a web page, it does not require the attacker to have any physical proximity to the victim nor does it re- quire the explicit download of traditional malicious software. The attack works under the reasonable assumption that the victim has not changed the default management password on their broadband router. 1 Introduction Home Networks & Drive-by Pharming. Home broadband routers are becoming more popular as people wish to share broadband Internet access with, or provide wireless access to, all computers in their homes. These routers typically run a web server, and configuration of the router is done through a web-management interface. -
The Fourth Amendment's National Security Exception: Its History and Limits L
Vanderbilt Law Review Volume 66 | Issue 5 Article 1 10-2013 The ourF th Amendment's National Security Exception: Its History and Limits L. Rush Atkinson Follow this and additional works at: https://scholarship.law.vanderbilt.edu/vlr Part of the Fourth Amendment Commons Recommended Citation L. Rush Atkinson, The ourF th Amendment's National Security Exception: Its History and Limits, 66 Vanderbilt Law Review xi (2019) Available at: https://scholarship.law.vanderbilt.edu/vlr/vol66/iss5/1 This Article is brought to you for free and open access by Scholarship@Vanderbilt Law. It has been accepted for inclusion in Vanderbilt Law Review by an authorized editor of Scholarship@Vanderbilt Law. For more information, please contact [email protected]. The Fourth Amendment's National Security Exception: Its History and Limits L. Rush Atkinson 66 Vand. L. Rev. 1343 (2013) Each year, federal agents conduct thousands of "national security investigations" into suspected spies, terrorists, and other foreign threats. The constitutional limits imposed by the Fourth Amendment, however, remain murky, and the extent to which national security justifies deviations from the Amendment's traditional rules is unclear. With little judicial precedent on point, the gloss of past executive practice has become an important means for gauging the boundaries of today's national security practices. Accounts of past executive practice, however, have thus far been historically incomplete, leading to distorted analyses of its precedential significance. Dating back to World War II, national security investigations have involved warrantless surveillance and searches-conduct clearly impermissible in the traditional law-enforcement context- authorized under the theory of a "national security" or "foreign intelligence" exception to the Fourth Amendment. -
An Introduction to Computer Security: the NIST Handbook U.S
HATl INST. OF STAND & TECH R.I.C. NIST PUBLICATIONS AlllOB SEDS3fl NIST Special Publication 800-12 An Introduction to Computer Security: The NIST Handbook U.S. DEPARTMENT OF COMMERCE Technology Administration National Institute of Standards Barbara Guttman and Edward A. Roback and Technology COMPUTER SECURITY Contingency Assurance User 1) Issues Planniii^ I&A Personnel Trairang f Access Risk Audit Planning ) Crypto \ Controls O Managen»nt U ^ J Support/-"^ Program Kiysfcal ~^Tiireats Policy & v_ Management Security Operations i QC 100 Nisr .U57 NO. 800-12 1995 The National Institute of Standards and Technology was established in 1988 by Congress to "assist industry in the development of technology . needed to improve product quality, to modernize manufacturing processes, to ensure product reliability . and to facilitate rapid commercialization ... of products based on new scientific discoveries." NIST, originally founded as the National Bureau of Standards in 1901, works to strengthen U.S. industry's competitiveness; advance science and engineering; and improve public health, safety, and the environment. One of the agency's basic functions is to develop, maintain, and retain custody of the national standards of measurement, and provide the means and methods for comparing standards used in science, engineering, manufacturing, commerce, industry, and education with the standards adopted or recognized by the Federal Government. As an agency of the U.S. Commerce Department's Technology Administration, NIST conducts basic and applied research in the physical sciences and engineering, and develops measurement techniques, test methods, standards, and related services. The Institute does generic and precompetitive work on new and advanced technologies. NIST's research facilities are located at Gaithersburg, MD 20899, and at Boulder, CO 80303.