Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Discussion Today when you purchase and install (download) software/apps and hard

ID: 3764964 • Letter: D

Question

Discussion

Today when you purchase and install (download) software/apps and hardware for your computer or device, the developer/manufacturer usually asks you to register online so that you can be notified of future upgrades, recalls, etc.... During this registration process, you are usually asked to provide information such as your name, address, email, and perhaps other personal information about your consumer preferences. What ethical issues would be raised if the developer/manufacturer designed the registration process, unaware to the user, to collect additional information during the registration process such as the other software/apps found on your system? What ethical issues would be raised, if during the registration process and unaware to the user, tracking software is installed on your computer/device so that it collects and sends back to the manufacturer continuous data on your consumer operations and website history every time you connect to the Internet? Do you think these practices happen today? Why or why not? Don't forget to cite your Internet resources that support your response!

Explanation / Answer

the various ethical issues that would be raised if the developer/manufacturer designed the registration process, unaware to the user, to collect additional information during the registration process such as the other software/apps found on your system are:

1.security issues of hacking into apps

2. the developer can come to know which apps are what information is being used of the customer.this could be his bank account details ,account numbers.

3. It can lead to fraud as well unauthorised access to the apps.

4. It will lead to breach of confidentiality

The various ethical issues thatbwould be raised, if during the registration process and unaware to the user, tracking software is installed on your computer/device so that it collects and sends back to the manufacturer continuous data on your consumer operations and website history every time you connect to the Internet are following:

1.It will help to hack the system of the customer.

2.tracking software can find account all the transactions performed by the user and the login sessions and can trace the.

3. misuse of private information and breach of faith.

4.secrecy will be breached as personal information will be given to unknown people. Integirty will be hampered.

Yes these can happen anytime. that is why security features like antivirus and firewalls are developed to help customers to save it from that payments are done through SSL on various banking sites.

In order to secure the systems to the best possible ways the above security methods should be used along with encryption to make sure we achieve the security in the best possble way.

examples:

http://webscience.ie/blog/2010/security-issues-in-e-commerce/

->the following attacks can happen and customers should be aware of them:

Denial of Service Attacks

Denial of Service (DoS) attacks consist of overwhelming a server, a network or a website in order to paralyze its normal activity (Lejeune, 2002). Defending against DoS attacks is one of the most challenging security problems on the Internet today. A major difficulty in thwarting these attacks is to trace the source of the attack, as they often use incorrect or spoofed IP source addresses to disguise the true origin of the attack (Kim and Kim, 2006).

The United States Computer Emergency Readiness Team defines symptoms of denial-of-service attacks to include (McDowell, 2007):

• Unusually slow network performance

• Unavailability of a particular web site

• Inability to access any web site

• Dramatic increase in the number of spam emails received

DoS attacks can be executed in a number of different ways including:

ICMP Flood (Smurf Attack) – where perpetrators will send large numbers of IP packets with the source address faked to appear to be the address of the victim. The network’s bandwidth is quickly used up, preventing legitimate packets from getting through to their destination

Teardrop Attack – A Teardrop attack involves sending mangled IP fragments with overlapping, over-sized, payloads to the target machine. A bug in the TCP/IP fragmentation re-assembly code of various operating systems causes the fragments to be improperly handled, crashing them as a result of this.

Phlashing – Also known as a Permanent denial-of-service (PDoS) is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. Perpetrators exploit security flaws in the remote management interfaces of the victim’s hardware, be it routers, printers, or other networking hardware. These flaws leave the door open for an attacker to remotely ‘update’ the device firmware to a modified, corrupt or defective firmware image, therefore bricking the device and making it permanently unusable for its original purpose.

Distributed Denial-of-Service Attacks

Distributed Denial of Service (DDoS) attacks are one of the greatest security fear for IT managers. In a matter of minutes, thousands of vulnerable computers can flood the victim website by choking legitimate traffic (Tariq et al., 2006). A distributed denial of service attack (DDoS) occurs when multiple compromised systems flood the bandwidth or resources of a targeted system, usually one or more web servers. The most famous DDoS attacks occurred in February 2000 where websites including Yahoo, Buy.com, eBay, Amazon and CNN were attacked and left unreachable for several hours each (Todd, 2000).

Brute Force Attacks – A brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, a large number of the possible keys in a key space in order to decrypt a message. Brute Force Attacks, although perceived to be low-tech in nature are not a thing of the past. In May 2007 the internet infrastructure in Estonia was crippled by multiple sustained brute force attacks against government and commercial institutions in the country (Sausner, 2008). The attacks followed the relocation of a Soviet World War II memorial in Tallinn in late April made news around the world.

5. Non-Technical Attacks

Phishing Attacks

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing scams generally are carried out by emailing the victim with a ‘fraudulent’ email from what purports to be a legitimate organization requesting sensitive information. When the victim follows the link embedded within the email they are brought to an elaborate and sophisticated duplicate of the legitimate organizations website. Phishing attacks generally target bank customers, online auction sites (such as eBay), online retailers (such as amazon) and services providers (such as PayPal). According to community banker (Swann, 2008), in more recent times cybercriminals have got more sophisticated in the timing of their attacks with them posing as charities in times of natural disaster.

The e-commerce industry faces a challenging future in terms of the security risks it must avert. With increasing technical knowledge, and its widespread availability on the internet, criminals are becoming more and more sophisticated in the deceptions and attacks they can perform. Novel attack strategies and vulnerabilities only really become known once a perpetrator has uncovered and exploited them. In saying this, there are multiple security strategies which any e-commerce provider can instigate to reduce the risk of attack and compromise significantly.

2.http://findlaw.co.uk/law/small_business/business_operations/e_commerce/securing_your_e_commerce_systems/556.html

Impact of a security incident on the business

If your website is hacked into, it can have a significant impact upon a business running an e-commerce service. The potential business implications of a security incident include the following:

Related Questions

Discussion Question: (Your answer should be in your own words and on US-based co
Question #374924
Discussion Question: (Your discussion should be on US-based company) Multiplatfo
Question #374779
Discussion Question: After watching each video, identify in 150 - 200 words your
Question #389426
Discussion Question: Discuss how and why teams make short run decisions on ticke
Question #1131645
Discussion Question: Does the patent system encourage or discourage technologica
Question #3755212
Discussion Question: How can we see homophobia and stereotypes about sexual iden
Question #3455806
Discussion Question: Multiplatform Promotions: Sponsorships and Event Marketing,
Question #374443
Discussion Question: The following two videos (total watch time ~ 15 minutes) sh
Question #1197236
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Discussion Time How can you help Sheila? Sheila has to get her children and hers
Next
Discussion Topic #2 - Human Resources In this second discussion topic let\'s exp

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.