Group Members: Aaron Richards, Jackie Seisman, Jenn McHugh
2. What are viruses (not including trojan horses, malware, adware, spyware, backdoors) and how do they work?
3. What are trojan horses, malware, adware, spyware, baiting, and some scenarios for how this works.
4. Outline of password cracking techniques? What are some recommendations for good password security? Discuss new password methods (picture passwords, etc), password storage software, password lengths, etc.
5. What are some common internet scams? Example: click scams, international modem dialing, paypal fraud, pump-nd-dump stock fraud, advance fee fraud. Nigerian 419, Spanish Prisoner, craigslist pay first scam. How do these scams work? How does the internet/web make this kind of fraud easier to perpetrate?
6. What is spam (not including scams like Phishing, Nigerian 419 or chain letters) and how does it work? Does anyone really buy the products advertised in spam?
7. What are some different techniques for computer surveillance? Consider both "good guy" and "bad guy" perspectives. What is the difference between a good guy and a bad guy in this case? Include packet sniffing, carnivore, keystroke loggers, radiation emanations from monitors, Room 641-A.
8. What is strong cryptography? Why would non-criminal, non-military people need access to strong cryptography? If strong cryptography is considered a "munition" or military technology, then can a web browser like Mozilla Firefox that is made in the US be downloaded by a citizen of another country? Or is the browser not really using strong crypto? If not, are your internet transactions really secure?
Phishing, Pharming and Smishing
Phishing: In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. http://en.wikipedia.org/wiki/Phishing
Pharming: "Pharming isn't completely new. It combines a mix of mainstream threats such as viruses and spyware, plus more esoteric stuff such as domain spoofing and DNS poisoning. In one scenario, a user receives some kind of malware (virus, worm, Trojan or spyware) that rewrites local host filesâ¬
which convert URLs into the number strings that computers use to find and access websites. Then, for example, when the user types a legitimate bank's URL into the browser window, the computer is misdirected to a bogus but authentic-looking website of the same sort that might be used in a phishing attack. In another scenario, a hacker poisons a more public DNS directory cache (at an ISP, for instance), again leading unsuspecting Internet users to phony sites. (For more on this, see "How DNS Poisoning Works," Page 46.) In either case, potentially large numbers of users are drawn to the fraudulent sites or proxy servers (a computer that sits between the user and the real server and captures information as it passes through), where criminals can track activity and gather credit card data and personal identification numbers." http://www.csoonline.com/article/220629/After_Phishing_Pharming_
Smishing: In computing, Smishing is a form of criminal activity using social engineering techniques similar to phishing. The name is derived from "SMsphISHING". SMS (Short Message Service) is the technology used for text messages on cell phones. Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a web site URL, however it has become more common to see a phone number that connects to automated voice response system. http://en.wikipedia.org/wiki/SMiShing
No comments:
Post a Comment