1.2+++Security


 * 1.2 Security **

** Security ** refers to the protection of hardware, software, machines and networks from unauthorized access. Security measures include restricted access to machines and networks for certain employees or to prevent access by hackers. The degree of security of information systems largely determines society’s confidence in the information contained in the systems.   Sony suffered a hack on their PC games network, which lead to theft of online user’s data from its PlayStation video game network. The theft involved 77 million user information. Sony is now hiring various outside firms to investigate on the matter, and try to find the offenders to this hacking. Cyber-security detectives from Guidance Software and consultants from Robert Half International Inc’s subsidiary Protviti were brought in to help with the clean-up. 2. Describe the issues. Issues from this includes the reliability and integrity, as well as the security of Sony’s protection system and online user’s sensitive information which include credit card numbers as well as passwords. The reliability is the reliability of Sony’s software. It might have failed to function properly, thus being a loop hole of the hackers to get through. The integrity is keep users’ data complete and unaltered without their permission by the hackers. There is also a privacy issue because user’s sensitive data was stolen. || 1.2_security 2.1_online_bus 3.7_databases 3.6_multimedia_digital_media || Business 2. Identify all ITGS terminology and phrases (IT and social/ethical). Botnets, worm, malware, 3. Describe one ITGS social/ethical concern in the article. Security is the main issue in this article since it is dealing with worms, which infects and damage computer files. 4. Describe the relationship of the main stakeholders to the IT system. The main stakeholder, Facebook, is combating Koobface worm, which is, a malware (malicious software) to prevent it from infecting its users PC. 5. Explain the relationship between the IT system and the social/ethical issue identified in question 3. Koobface worm is a malware that could infect Facebook’s users’ computer, which is a security issue. It is estimated that the group earned more than $2 million from June 2009 to June 2010 by delivering the victims of its worm to unscrupulous marketers and makers of fake antivirus software.
 * Strand 1.2 Security ||
 * Date || Article || Comments || Tags ||
 * 5월.11 || Sony suffers second major user data theft | Reuters || 1. Explain what happened.
 * 11월.10 || Koobface Worm Sharpens Facebook Security - NYTimes.com || 1. Identify the area of impact the scenario relates to.

6. Discuss at least one problem that relates to the impacts of the social/ethical issue. A Koobface attack starts with an invitation to watch a video and a message about updating the computer’s Flash software. Clicking to get the update begins the download of Koobface, which gives criminals control of the computer, while the worm tries to spread itself further through the victim’s social network contacts. This is a security breach to Facebook’s users computer. When the criminals have control of the computer, they can do anything they want with it like, stealing personal information, etc.

7. Evaluate one solution that addresses the problem identified. Facebook need to step up their security for their users safety. To halt Koobface, Facebook uses algorithms that can detect suspicious posts and hijacked accounts, looking for unusual behavior like log-ins from odd places and a surge in messages sent. Facebook also keeps a blacklist of malicious Web links to prevent them from being shared on the site. When Koobface posts find a way through, members of the operations team remove them. Facebook also has systems to detect the fake profiles the group uses to seed attacks. Facebook developers have created roadblocks that can help halt the attacks. For instance, if Facebook detects malicious activity and suspects a user’s PC has become infected, it will temporarily suspend the account and require that the user run a free McAfee antivirus scan and remove infections. || 1.2_security 2.5_social_networking 3.4_internet || Google says that Chinese customers and advertisers have increasingly been complaining about their Gmail service in the past month. Attempts by users to send messages, mark messages as unread and use other services have generated problems for Gmail customers. Google shows potential signs that the Chinese government is increasing their censorship by revealing that Gmail’s e-mailing system features have been disrupted for Gmail users as well as other Gmail interfaces such as sending e-mails. Google also reveals that the users who filed in these complaints are mostly potential threats to the Chinese government such as the activist accounts also with financial, technology, media and chemical companies users’ accounts. Thus, even though there is no concrete evidence, there are signs that are most likely to be linked to the Chinese government.
 * 3월.10 || Identity Theft Resource Center ITRC Fact Sheet 102 || 1) Select and list 5 guidelines you think are reasonable.
 * Provide cross-cut paper shredders at each workstation or cash register area or uses a locked wastebasket and shredding company for the disposal of credit card slips, unwanted applications or documents, sensitive data or prescription forms.
 * Use an alternate number instead of Social Security Numbers (SSN) for employee, client and customer ID numbers.
 * Encrypt or password protect all sensitive data stored on computers and allow access only on a "need-to-know" basis.
 * Notify consumers and employees in advance as to the purposes of the data collection, to whom it will be distributed and the subsequent use after the fulfillment of the original purpose.
 * Keep sensitive information of consumers or employees on any item (timecards, badges, work schedules, licenses) out of view in public areas. That may include home addresses or phone numbers, SSN and driver's license numbers. || 1.2_security1.3_privacy2.1_business3.4_internet ||
 * March 20, 2011 || Google accuses China of interfering with Gmail email system || 1. What evidence does Google present for Chinese government censorship?

2. How does this impact the Jasmine revolution? The move follows extensive attempts by the Chinese authorities to crack down on the Jasmine revolution, an online dissident movement inspired by events in the Middle East. The censorship was supposed to prevent people from getting too much information but instead, this can provoke people to go against the government since people are aware that they have been treated unfairly.

3. Describe LinkedIn. LinkedIn is a business-oriented social networking site. LinkedIn operates the world's largest professional network on the Internet with more than 100 million members in over 200 countries and territories. The purpose of the site is to allow registered users to maintain a list of contact details of people they know and trust in business. The people in the list are called Connections. Users can invite anyone to become a connection.

4. Why was LinkedIn disrupted? LinkedIn is business-social networking and Chinese can use this site as the means of evoking opposition against the government. China's president Hu Jintao called for tighter internet controls to help prevent social unrest. Much of the unrest in the Middle East has gone unreported in China, where the internet is already heavily censored. LinkedIn was disrupted in China in order for the government to censor the news during the political unrest in the Middle East. This is done to prevent the people in China from knowing the news about the successful protests, so they will not be encouraged to do one for themselves in China. Facebook and YouTube are blocked in China as well.

5. What are the 7 International Safe Harbor Privacy Principles?  Notice - Individuals must be informed that their data is being collected and about how it will be used.  Choice - Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.  Onward Transfer - Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.  Security - Reasonable efforts must be made to prevent loss of collected information.  Data Integrity – The data must be kept the way it is and correct, and should be deleted if incorrect  Access – Users have to be able to access the data that is collected about them, correct or deletethem  Enforcement – the firm should enforce these rules with an effective system

6. Explain the major criticism of this system (International...)? Companies that claim to have been following the principles but in fact many are not doing. Especially principles regarding privacy are easily violated. The problems are that this system is voluntary and doesn’t really enforce companies to follow strictly. The major criticism of this system is how the various agencies actually follow these privacy rules as well as enforce them properly. They might say they will follow this privacy rules, but in practice, are breaking the rules for economic profit. Thus the enforcement wouldn’t be present, because the agencies aren’t following the rules.

7. Explain "self-censorship is a non-negotiable legal requirement". Google discovered a sophisticated attack that originated in China, which was designed to steal Google intellectual property and access the Gmail accounts of Chinese human rights activists. Chinese government says they cannot give up on self-censorship and is required. Self-censorship here is considered to be non-negotiable, and it is a legal requirement for the citizens of China. Thus, the people of China should self censor themselves for what they will do or say on the internet, and it can’t be negotiated to have few works around this requirement in China. Or either China has control and tells Google what to censor on the internet content available in China. China doesn’t plan to change their censorship soon, so they’re going to keep the censorship up in China, just so the government can stay in control without risking a protest that may erupt from Google coming into China. Therefore Google proposed a new approach of providing uncensored search in simplified Chinese from Google.com.hk.

8. Explain "China's political elite have a love hate relationship with the internet". It means that China’s political group, or the government, love and hate the internet. They both like it for the information they can get from the internet—-such as last month’s anonymous calls for a ‘jasmine revolution’; Chinese authorities made sure that no protests like those in the Middle East could occur by stationing security forces in Beijing, Shanghai, and elsewhere They love the internet because of all the information bits and pieces that they can censor as well as keeping a surveillance of sensitive information for their various target users. They can also track down activists as well as criminals through the internet tracking system. Thus, they love the internet. On the other hand, they hate the internet because of the users who have access to it. Since it is a communist country, they don’t want their citizens suddenly rebelling and protesting on them like the Middle East protests - ‘extremely concerned by the threat they perceive it presents to their authority.’ From the internet, their people can gain access to the international news of what’s happening around the world at the moment. This can motivate the people to revolt against the government. Also, the internet is a platform that can host the mobilization of such protests, thus the government hates the internet. Therefore, China’s political elite have a love hate relationship with the internet. || 1.2 Security, 2.6 Government control, 3.4 Internet || iPhones are tracking people and recording their geodata and location in order to send to location service databases in order to provide a better service for customers. Apple is probably using the file, even though it seems to be tracking people, it may actually be used to track the location of available WiFi hotspots and networks around their location area. By doing this, Apple would be able to have a database of information on the network locations. || 1.2_security 1.4_intellectual_property 2.1_bus_emp 3.10_IT_sys_organizations || The experts say that what you would know when your iphone is being hijacked is when one giveaway is if you receive a text message containing a single square character. If that happens, he suggests you immediately turn off your iPhone. The iPhone can be hijacked through a series of invisible SMS message bursts that hijacks the iPhone. The attacker would then be able to control all the functions on the iPhone, as well as continue to send messages to hijack more phones.
 * 4월.11 || Former Gucci Employee Indicted For $200,000 Hack - International Business Times || 1. Why are Iphones tracking people?
 * July 29 2009 || Text-Message Exploit Can Hijack Every iPhone, Researchers Say || 1. How can iphone be hijacked?

2. How can a user tell if she is being SMS attacked? The researchers said the hack involves sending a series of mostly invisible SMS bursts that effectively hijack an iPhone. From thereon, a hacker could control all the functions on the iPhone, such as e-mailing, dialing contacts - and, most alarmingly, sending more text messages to hijack even more iPhones. A user can tell if she is being SMS attacked if they receive a message containing a square character. Prevention measures include immediately turning off your iPhone. || 1.2 Security, 3.1 Hardware || Business and employment 2. Identify the main stakeholders to the IT system. Gucci, employees 3. Identify one ITGS social/ethical concern in the article. Security 4. Describe ITGS terminology and systems. Virtual private network- a network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internetas the medium for transporting data. These systems use encryption and othersecurity mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. http://www.webopedia.com/TERM/V/VPN.html
 * 4월.11 || Yes, your iPhone is tracking you -- the question's why || 1. Identify the area of impact the scenario relates to.

Hacking- the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose. http://www.wisegeek.com/what-is-computer-hacking.htm

Virtual servers- a Web server, that shares computer resources with other virtual servers. Instead of requiring a separate computer for each server, dozens of virtual servers can co-reside on the same computer. http://www.webopedia.com/TERM/V/virtual_server.html

E-mail Server – A computer server that acts as the supplier and sender of e-mails in the network.

Ecommerce – Electronic commerce, business to sell and buy online electronically.

Identity Theft – The stealing of and ID, or impersonating a fake person.

5. If possible, describe a solution to the concern (issue). Gucci needs to be stricter to their employees. They need to closely monitor anyone that can access the company’s financial system and any vital part. By doing so, employees would not even think of hacking the system. Moreover, educating their workers into not being tricked to activate any other fraud employee accounts. Also, improving the authorization system of employees to access information with biometrics may be helpful to increase the security of their data and network system. || 1.2_security ||