Thursday 31 July 2014
Introduction
If you are an internet user and/or a website creator and are having problems, this blog is here to help you. In this blog I will explain perhaps why you are suffering with slow connecting speeds and will make sure that you are aware of the dangers that threaten your website and how you can protect yourself.
Wednesday 30 July 2014
Factors that influence website performance- User Side
User side factors are factors that the users are in control of, they arise from the users choices such as which software to run, which version of a browser to run and how much memory they choose to use.
Browsers
There are a large range of browsers out there that can be used examples include Internet Explorer, Safari, Google Chrome and Mozilla Fire Fox. There is no specific evidence that each of these browsers effect speed on their own but the version can. Every browser often releases updates and has new versions. Fire Fox releases regular updates while Internet Explorer just brings out new versions. Currently Internet Explorer is on version 11, this means that any new websites being created will be optimised to work in this version. If you are trying to access one of these websites in an older browser the performance will be negatively effected some of the content won't work as your browser will be out and date and will not be able to run the more sophisticated content of Internet Explorer 11.
Connection Speed
In an obvious way a websites performance will be negatively affected if a connection to the internet can't be established, you won't be able to access the website. But in fact it's not just as simple as going and getting an internet connection the type of connection can determine the loading time of the website and if all the content even loads at all. There are a wide range of connection types such as dial up, broadband, mobile broadband and WI-FI. To get the best connection possible it is advised not to use a dial up connection, this involves connecting up a modem to telephone lines in order to communicate with the internet service provider. These can provide a slow service especially when many telephones are connected up to and are being used at the same time. Similar can be said for WI-FI, WI-FI works by a receiver sending out frequencies that are then picked up by smartphones, laptops etc to establish a connection. This type of connection can prove troublesome as it is not possible to always be in a WI-FI hot spot and you could encounter trouble connecting if a large number of people are also trying to connect at the same time.
Another option is Mobile Broadband also referred to as Wireless Wide Area Network. This refers to the internet that is picked up from mobile devices through your providers 3G network. Especially with the invention of 4G and EE networks this type of internet has become very fast but it can still hinder website performance as some websites are optimized for PC only and will contain content that will not work on mobile broadband. The final and most common type of connection is simply broadband, often this is the fastest available connection. this means that websites will be loaded quickly and so will the content, also when loaded the content won't be compromised. Broadband works by a cable carrying large amounts of data at high speeds directly into a computer from a router.
PC Memory
Cache Memory- The purpose of cache memory is to speed up the running and add convenience to using a computer. Cache memory works by storing frequently visited websites, this is why you may find yourself typing a web address and it appears after the first two letters, your cache memory has remembered the web address. This type of memory also enhances website performance by helping it to load faster because all of the files from that site have already been transferred to your browser, this means the next time you visit that site its just a case of displaying them rather than downloading them from the web server again.
RAM- RAM stands for Random access memory, RAM is linked to a computer's hard drive when you open up a program it is loaded from the hard drive to the RAM. This allows the speed of a website to be increased because loading from the RAM is a lot quicker than loading from the hard drive. This is why it is beneficial to have a computer with more RAM this effectively means that a computer can load more from the hard drive. In fact increasing the RAM can have a bigger effect on performance than upgrading a computer.
References:
http://www.webopedia.com/DidYouKnow/Computer_Science/wifi_explained.asp
http://computer.howstuffworks.com/cache1.htm
http://www.techterms.com/definition/ram
http://www.sleepydogmedia.com/blog/what-separates-a-web-design-professional-from-an-amateur/
http://en.wikipedia.org/wiki/Dial-up_Internet_access
http://mobileoffice.about.com/od/glossary/g/mobile-broadband.htm
http://www.techterms.com/definition/broadband
Browsers
There are a large range of browsers out there that can be used examples include Internet Explorer, Safari, Google Chrome and Mozilla Fire Fox. There is no specific evidence that each of these browsers effect speed on their own but the version can. Every browser often releases updates and has new versions. Fire Fox releases regular updates while Internet Explorer just brings out new versions. Currently Internet Explorer is on version 11, this means that any new websites being created will be optimised to work in this version. If you are trying to access one of these websites in an older browser the performance will be negatively effected some of the content won't work as your browser will be out and date and will not be able to run the more sophisticated content of Internet Explorer 11.
Connection Speed
In an obvious way a websites performance will be negatively affected if a connection to the internet can't be established, you won't be able to access the website. But in fact it's not just as simple as going and getting an internet connection the type of connection can determine the loading time of the website and if all the content even loads at all. There are a wide range of connection types such as dial up, broadband, mobile broadband and WI-FI. To get the best connection possible it is advised not to use a dial up connection, this involves connecting up a modem to telephone lines in order to communicate with the internet service provider. These can provide a slow service especially when many telephones are connected up to and are being used at the same time. Similar can be said for WI-FI, WI-FI works by a receiver sending out frequencies that are then picked up by smartphones, laptops etc to establish a connection. This type of connection can prove troublesome as it is not possible to always be in a WI-FI hot spot and you could encounter trouble connecting if a large number of people are also trying to connect at the same time.
Another option is Mobile Broadband also referred to as Wireless Wide Area Network. This refers to the internet that is picked up from mobile devices through your providers 3G network. Especially with the invention of 4G and EE networks this type of internet has become very fast but it can still hinder website performance as some websites are optimized for PC only and will contain content that will not work on mobile broadband. The final and most common type of connection is simply broadband, often this is the fastest available connection. this means that websites will be loaded quickly and so will the content, also when loaded the content won't be compromised. Broadband works by a cable carrying large amounts of data at high speeds directly into a computer from a router.
PC Memory
Cache Memory- The purpose of cache memory is to speed up the running and add convenience to using a computer. Cache memory works by storing frequently visited websites, this is why you may find yourself typing a web address and it appears after the first two letters, your cache memory has remembered the web address. This type of memory also enhances website performance by helping it to load faster because all of the files from that site have already been transferred to your browser, this means the next time you visit that site its just a case of displaying them rather than downloading them from the web server again.
RAM- RAM stands for Random access memory, RAM is linked to a computer's hard drive when you open up a program it is loaded from the hard drive to the RAM. This allows the speed of a website to be increased because loading from the RAM is a lot quicker than loading from the hard drive. This is why it is beneficial to have a computer with more RAM this effectively means that a computer can load more from the hard drive. In fact increasing the RAM can have a bigger effect on performance than upgrading a computer.
References:
http://www.webopedia.com/DidYouKnow/Computer_Science/wifi_explained.asp
http://computer.howstuffworks.com/cache1.htm
http://www.techterms.com/definition/ram
http://www.sleepydogmedia.com/blog/what-separates-a-web-design-professional-from-an-amateur/
http://en.wikipedia.org/wiki/Dial-up_Internet_access
http://mobileoffice.about.com/od/glossary/g/mobile-broadband.htm
http://www.techterms.com/definition/broadband
Tuesday 29 July 2014
Factors that influence website performance- Server Side
The following factors affect a websites performance at a server level. This means they are problems at the web hosts or Internet Service providers end. This means unlike the user side the user doesn't have the power to resolve these issues on their own.
Server storage space
When you create a website you most likely go to a web host and you ask them to host your website for a fee. The fee you pay is for space on the web host's server, if a website gets close to or exceeds this space the creator will be unable to add content. Depending on the type of website depends on how much the website is affected by this. If the main feature is a forum the website will be compromised if a user is unable to post. Also the page will start to lose favour with the audience if it is unable to be updated/interacted with. To solve this the creator can either pay for more storage space or cut down the size of the website, for example by optimizing images.
Bandwidth Limitations
Bandwidth is determined by the speed of a person's modem which is provided by an ISP. Bandwidth is the rate that a computer can transfer files from one point to another, this is usually expressed in bits per second (bps). If a computer is operating at a low bandwidth the files needed to load a website will take a long time to transfer to the user's browser, meaning the websites performance will be drastically affected e.g. time to load and quality of video/animated content.
Pages with too many scripts
All web pages run scripts, these are a sequence of instructions for the programs on a computer to run. There are many examples of these scripts the most popular being JavaScript. Having a lot of scripts isn't a bad thing, for some websites they need a lot of scripts to run their content. But website creators have to be aware that too many scripts will slow the websites down on the user's side. In order to combat this the creator will have to buy extra space or save space in other areas of the website.
Website content
One of the most obvious components that make a website is the content, there are a wide range of different a website can have. For example text, images, sound, animation and databases. This content can have large file sizes and can cause a website to run slowly and could cause other content not to work. Obviously you can't do without this content so a website creator has to find a way to get the same content but at a smaller file size. A good way to do this is to optimize the it, this means decreasing the file size without decreasing the quality.
References:
http://searchenterprisewan.techtarget.com/definition/bandwidth
http://technet.microsoft.com/en-gb/library/hh831739.aspx
http://compu2learn.co.uk/notes/theory/networks/internet/6180-2/
http://searchenterpriselinux.techtarget.com/definition/script
Server storage space
When you create a website you most likely go to a web host and you ask them to host your website for a fee. The fee you pay is for space on the web host's server, if a website gets close to or exceeds this space the creator will be unable to add content. Depending on the type of website depends on how much the website is affected by this. If the main feature is a forum the website will be compromised if a user is unable to post. Also the page will start to lose favour with the audience if it is unable to be updated/interacted with. To solve this the creator can either pay for more storage space or cut down the size of the website, for example by optimizing images.
Bandwidth Limitations
Bandwidth is determined by the speed of a person's modem which is provided by an ISP. Bandwidth is the rate that a computer can transfer files from one point to another, this is usually expressed in bits per second (bps). If a computer is operating at a low bandwidth the files needed to load a website will take a long time to transfer to the user's browser, meaning the websites performance will be drastically affected e.g. time to load and quality of video/animated content.
Pages with too many scripts
All web pages run scripts, these are a sequence of instructions for the programs on a computer to run. There are many examples of these scripts the most popular being JavaScript. Having a lot of scripts isn't a bad thing, for some websites they need a lot of scripts to run their content. But website creators have to be aware that too many scripts will slow the websites down on the user's side. In order to combat this the creator will have to buy extra space or save space in other areas of the website.
Website content
One of the most obvious components that make a website is the content, there are a wide range of different a website can have. For example text, images, sound, animation and databases. This content can have large file sizes and can cause a website to run slowly and could cause other content not to work. Obviously you can't do without this content so a website creator has to find a way to get the same content but at a smaller file size. A good way to do this is to optimize the it, this means decreasing the file size without decreasing the quality.
References:
http://searchenterprisewan.techtarget.com/definition/bandwidth
http://technet.microsoft.com/en-gb/library/hh831739.aspx
http://compu2learn.co.uk/notes/theory/networks/internet/6180-2/
http://searchenterpriselinux.techtarget.com/definition/script
Monday 28 July 2014
Security risks to a website
If you have created and or run your own website, it is important to be aware of the security risks that pose a threat to the security of your website. These acts will often be carried out by people trying to gain access to your website for malicious reasons, the potential risks are.
Hacking
Hacking is the illegal process of gaining access to a website or a network without authorisation through malicious attacks. In order to gain access to the network the hacker will most likely have to bypass the networks security systems such as firewalls. Once inside the network the hacker will have the same privileges as an administrator they will use this power to try to accomplish goals outside those of the creator. There are a variety of goals hackers can have e.g. to shut down a webpage completely or to post their own content on to the page. Often hackers are computer experts thus can be rewarded with jobs testing the security of websites and networks within an organisation. High profile examples in hacking can be seen in the case studies.
Pagejacking
Pagejacking is the practice of copying content and HTML source code from a legitimate website to a cloned version. This means that the web browser will display to the user the a cloned page which they believe is the real one. This can be used to display either illegal or contradictory content to the actual website. Presumably the user will quite quickly realise the page is cloned and will try to close it. For this reason 'jacked pages' often contains mousetraps which don't allow the user to leave the page by opening a new URL every time the user attempts to close the page.
Viruses
Viruses often make there way into systems by appearing to be legitimate programs but instead they contain hidden destructive code that can affect a computer with a virus. In the world today their are hundreds of computer viruses and they each perform different functions for their creator meaning a virus can pose many threats to a website some include:
- Corrupting or deleting data on the hard drive
- Important/confidential details can be stolen
- Harming relationships between partners by displaying malicious content or forwarding them a virus
- Using your computer to carry out further attacks
Phishing
Phishing is an online scam most commonly carried out by email, an email is sent out on a mass scale to a wide range of recipients claiming to be from a legitimate enterprise usually a bank. The email will then take you to a website mimicking the legitimate organisation the email is claiming to be from. From here the user will be asked to enter personal/bank details. If confirmed the users details we be stolen and possibly used for identity theft.
Identity Theft
Identity theft links in with some of the potential risks above and is often a result of them especially phishing and hacking. Some websites have a responsibility to store private and sensitive data about their customers (as set out by the Data Protection Act 1998.) If their secure systems get hacked this information could be stolen and used for identity theft or to steal from the customers. A recent example of this is when Playstation got hacked and the credit card details and details such as address were stolen. Feasibly many customers could have had their identity stolen. It is solely the responsibility of the website's creator/moderator to make sure these details are secure.
References
Sunday 27 July 2014
How to overcome these risks?
As mentioned in the previous post there are a lot of potential risks to a website, for this reason a website creator will have to consider how to protect against all of these eventualities. Below are some of the measures that can be taken to protect a website.
Firewalls
Firewalls can be both hardware and software and are put in place to stop unauthorised access to private networks, they are especially used to protect intranets which have restricted access anyway. A firewall will examine all incoming and outgoing communications and make a decision whether to allow it access or not. This decision will be made on a set of criteria created by the user. An example of this criteria would be the user instructing the firewall to block communications from a certain IP address. Firewalls can be purchased from companies such as McAffe and AVG.
Secure Socket Layers (SSL)
SSL is a protocol that helps ensure that messages sent from a website are sent securely. The securest areas of sites are often protected by SSL for example pages after you have logged in to a site. SSL encrypts the messages being sent so anyone trying to view data not intended for them for malicious reasons can't only the users computer and server can recognise the data. Another example of SSL is online shopping, without SSL it would be too insecure to work as SSL encrypts your personal details such as name, address and bank details so only you and the vender can see it. An easy way to know if the page you are visiting is secure is by looking at the start of the web address, if it says HTTPS the website is secure.
Digital Certificate
Digital certificates are attached to electronic messages to aid security. The most common type of digital certificate is to verify that the sender of a message is who they claim to be. The user then has the chance to send an encoded reply. In order to obtain a digital certificate you have to apply to the CA (Certificate Authority) with ID details. The applicant is then issued with their own key and the CA's public key. The recipient of the message uses the CA's public key to decode the message.
Passwords
In order to stop unauthorised access to a website a person can set up password or word catchers, these can be put on the computer itself and the content of the website for example databases. When setting up a password you should ensure that it is not too obvious i.e. something obviously related to you. The safer passwords contain a mix of lower case letters, capital letters and numbers. Word catchers are good as they will prevent computer programs not being controlled by humans gaining access to your website and spamming it.
Legal Considerations
When dealing with website security there are a series of legal obligations and considerations that a website creator has to implement.
Data Protection Act (1998)- The Data Protection Act was created when computers started to become available to everyone and were being used to store personal data. The main aim of the act is to stop the misuse of personal information held by a company. This is because be serious crimes such as identity theft could be committed with the stolen information. The act has 8 important principles that have to be adhered to when handling personal data.
In order stick to this act an organisation will have to ensure that they restrict access to data so only people that need to can view it and that when it is viewed it isn't taken out of the system. They could do this by creating an intranet/remote network, this will allow users to access information they need anywhere without taking it out of the system and it potentially getting lost or stolen. Along with that an organisation will have to regularly check their information and protocol to ensure they aren't breaching the act.
Computer Misuse Act (1990)- This act came into effect in 1990
Privacy and Electronic Communication Regulations 2003- This act was created to stop increasing levels of criminal activity relating to computers, mainly hacking. A large amount of data was being accessed by people who had no right to access it. For this reason the Computer Misuse Act covers
To effectively implement this act companies may have to employ extra staff within the IT department or they will have to train their current ones on what is and isn't permitted under the terms of this act. These staff would also be in charge of monitoring the system to ensure no one is breaching the act to steal material. Along side this they will have to put policies and security mechanisms to stop anyone being able to remove information from the system without authorisation.
http://www.webopedia.com/TERM/F/firewall.html
http://www.techterms.com/definition/ssl
http://www.webopedia.com/TERM/D/digital_certificate.html
Firewalls
Firewalls can be both hardware and software and are put in place to stop unauthorised access to private networks, they are especially used to protect intranets which have restricted access anyway. A firewall will examine all incoming and outgoing communications and make a decision whether to allow it access or not. This decision will be made on a set of criteria created by the user. An example of this criteria would be the user instructing the firewall to block communications from a certain IP address. Firewalls can be purchased from companies such as McAffe and AVG.
Secure Socket Layers (SSL)
SSL is a protocol that helps ensure that messages sent from a website are sent securely. The securest areas of sites are often protected by SSL for example pages after you have logged in to a site. SSL encrypts the messages being sent so anyone trying to view data not intended for them for malicious reasons can't only the users computer and server can recognise the data. Another example of SSL is online shopping, without SSL it would be too insecure to work as SSL encrypts your personal details such as name, address and bank details so only you and the vender can see it. An easy way to know if the page you are visiting is secure is by looking at the start of the web address, if it says HTTPS the website is secure.
Digital Certificate
Digital certificates are attached to electronic messages to aid security. The most common type of digital certificate is to verify that the sender of a message is who they claim to be. The user then has the chance to send an encoded reply. In order to obtain a digital certificate you have to apply to the CA (Certificate Authority) with ID details. The applicant is then issued with their own key and the CA's public key. The recipient of the message uses the CA's public key to decode the message.
Passwords
In order to stop unauthorised access to a website a person can set up password or word catchers, these can be put on the computer itself and the content of the website for example databases. When setting up a password you should ensure that it is not too obvious i.e. something obviously related to you. The safer passwords contain a mix of lower case letters, capital letters and numbers. Word catchers are good as they will prevent computer programs not being controlled by humans gaining access to your website and spamming it.
Legal Considerations
When dealing with website security there are a series of legal obligations and considerations that a website creator has to implement.
Data Protection Act (1998)- The Data Protection Act was created when computers started to become available to everyone and were being used to store personal data. The main aim of the act is to stop the misuse of personal information held by a company. This is because be serious crimes such as identity theft could be committed with the stolen information. The act has 8 important principles that have to be adhered to when handling personal data.
- It has to be fairly and lawfully obtained
- It can't be used for any other reason that the one specified to the client
- Only that is relevant to the purpose is aloud to be stored
- The information can't be held for any longer than necessary and has to be kept up to date
- It has to be correct and not more detailed than it needs to be
- Processed in accordance to the rights of the person it concerns
- The information has to be kept securely
- It can't be transferred out of the European Economic Area without a suitable level of data protection
In order stick to this act an organisation will have to ensure that they restrict access to data so only people that need to can view it and that when it is viewed it isn't taken out of the system. They could do this by creating an intranet/remote network, this will allow users to access information they need anywhere without taking it out of the system and it potentially getting lost or stolen. Along with that an organisation will have to regularly check their information and protocol to ensure they aren't breaching the act.
Computer Misuse Act (1990)- This act came into effect in 1990
Privacy and Electronic Communication Regulations 2003- This act was created to stop increasing levels of criminal activity relating to computers, mainly hacking. A large amount of data was being accessed by people who had no right to access it. For this reason the Computer Misuse Act covers
- Unauthorised access to computer material
- Unauthorised access with intent to commit a criminal offence
- Unauthorised acts with intent to impair the use of the computer
To effectively implement this act companies may have to employ extra staff within the IT department or they will have to train their current ones on what is and isn't permitted under the terms of this act. These staff would also be in charge of monitoring the system to ensure no one is breaching the act to steal material. Along side this they will have to put policies and security mechanisms to stop anyone being able to remove information from the system without authorisation.
Privacy and Electronic Communication regulations (2003) - This act was passed in 2003 because obtaining information about people online was happening in a unregulated way and in ways that were hidden from the consumer themselves. Regulations regarding the following practices were drawn up.
These regulations have caused companies to check that they are only sourcing information form valid and trusted sources, this will help them as they may be questioned to see if they really are following the regulations. Companies now have to make it obvious to consumers that they will be advertising them especially through the use of cookies, in an advertising sense cookies track what a user visits and use this information to suggest adverts for them on other websites that they may be interested in. Now companies are obligated to inform the user if their website runs cookies.
References: - Spam
- Cookies
- Location and Traffic Data
- Publicly available directories
These regulations have caused companies to check that they are only sourcing information form valid and trusted sources, this will help them as they may be questioned to see if they really are following the regulations. Companies now have to make it obvious to consumers that they will be advertising them especially through the use of cookies, in an advertising sense cookies track what a user visits and use this information to suggest adverts for them on other websites that they may be interested in. Now companies are obligated to inform the user if their website runs cookies.
http://www.webopedia.com/TERM/F/firewall.html
http://www.techterms.com/definition/ssl
http://www.webopedia.com/TERM/D/digital_certificate.html
Saturday 26 July 2014
Case Study 1 (Hackers)- Adrian Lamo
Adrian Lamo is a former computer hacker, his crimes took place in 2002, up until then he would try to break into computer systems of major companies such as Worldcom in order to help them fortify their own systems.. But in February 2002 he illegally broke in to the computer network of the New York Times through a wrongly configured proxy server. He then threatened the security of personal information of high profile associates of the Sunday Times as he added his name to their internal database and conducted his own research. He was able to do this as one of the employees who had the authority to create new accounts had not changed their password from the company default. The validity of the Sunday Times data was also jeopardized as Lamo accessed and modified confidential databases.
Impact
Employees and 3,000 contributors at the Sunday Times were negatively affected as personal information was given out about them, Information such as their names and social security numbers were viewed. This means that the risk and chance of their identities being stolen became very high. Other information taken was logs of customer home delivers, lists of business contacts and a series of passwords. All of this meant that the Sunday Times came in for heavy criticism as all of this information was taken because of their weak password system. That in turn meant the contacts whose identities were revealed lost a lot of trust in the Sunday Times and they ultimately lost business.
Resolution
After a 15 month investigation by the prosecutors in New York Lamo was tracked down and surrendered to the FBI on September 11th 2003. He pleaded guilty to one count of computer crimes against Microsoft, LexisNexis and The New York Times. He was sentenced to 6 months detention in his parents house, during this time he had limited access to computers and all emails were monitored by probation officers, he was also sentenced to 2 years probation and fined $64,900. As a result the Sunday Times strongly tightened up their security systems. Lamo is no longer a hacker and in 2010 he proved his hacking days are behind him because he reported a former soldier to the authorities for leaking secret US documents to the website Wikileaks.
References
http://www.computerworld.com/s/article/94600/_i_New_York_Times_i_hacker_Adrian_Lamo_gets_home_detention
http://www.geek.com/news/adrian-lamo-hacks-new-york-times-548405/
Friday 25 July 2014
Case Study 2 (Hackers)- Kevin Mitnick
Kevin Mitnick was one of America's most notorious hackers so much so it was once said he was so dangerous if he was allowed access to a phone he could start a nuclear war by whistling into it. Mitnick threatened the privacy and jeopardized the operations of many of America's most powerful companies such as Sun Microsystems, Digital equipment corporation, Motorola, Netcom, Nokia and even the FBI. Mitnick gained even more notoriety considering these were some of the most well guarded computer networks in America. Mitnick was able to gain access to all of the information housed in these systems by bypassing the security systems and he was even able to wiretap the FBI (connecting a device allowing you to listen into private telephone conversations. Mitnick even toyed with McDonald's for a bit of fun.
Impact
Through his use of wiretapping the FBI's telephone systems the FBI's confidentiality promise and the right for a person to remain anonymous was jeopardized as Mitnick knew what exactly was being reported and who it was by. Mitnick was also able to disadvantage the FBI, this is because he was able to always keep on top of any evidence the FBI had on him. This in turn enabled him to cover his tracks if he felt the FBI were getting close to a conviction. He also had an impact on McDonald's and its customers, he hacked into the frequency of a local McDonald's drive-through. He would either insult the customers who drove in or would make up offers such as your order is free. This meant that a lot of customers left feeling very offended and annoyed so have maybe chosen not to go back to McDonald's.
Resolution
Mitnick was finally arrested on February 15th 1995 and in 1999 he confessed to 4 counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication. Mitnick was sentenced to 46 months plus and extra 22 months for violating the supervised release sentence for computer fraud. After serving 5 years in prison he was released and at first the only piece of communication technology he was aloud to use was a landline. Nowadays he runs Mitnick Security Consultaants Ltd a company specialising in testing and advising on how to improve a companies computer network.
References
http://www.forbes.com/sites/singularity/2013/04/11/kevin-mitnick-the-hacking-hamburglar/
http://gizmodo.com/5925114/kevin-mitnick-the-worlds-most-notorious-hacker-is-here-to-talk-about-what-got-him-started
Thursday 24 July 2014
Case Study 3 (Hackers)- Mafia Boy
Michael Demon Calce or as he is better known as Mafia Boy is a hacker that was famous in 2000 or launching a series of denial of service attacks on some of the internet's most popular websites. He posed a serious threat through Project Rivolta meaning riot in Italian he threatened the websites of Yahoo!, Amazon, Dell Inc, E*TRADE, eBay and CNN. His aim was to 'establish dominance for himself and his group TNT. The two main threats that Project Rivolta posed were firstly to shut down the previously mentioned websites and if that was to happen those websites would lose perhaps thousands/millions of pounds combined in revenue.
Impact
The project did have a large impact on 7th February 2000 Mafia Boy managed to shut down Yahoo for 1 hour by overloading the servers with different types of communications up to a point they shut down completely. Over the next week the same fate befell CNN, Amazon, Dell and eBay. It is estimated that the shutting down of these websites caused a combined $1.7 billion in damages almost crippling the websites in question.
ResolutionThe suspicions of the FBI were raised when Calce started to claim he was responsible for the attacks over Internet Relay chat (IRC) chat rooms. After at first denying responsibility he later pleaded guilty to all of the charges brought against him and on September 12th 2001 the Montreal Youth Court sentenced him to 8 months of custody, one year of probation, restricted access to the internet and a fine.
References
http://hackstory.net/Mafiaboy
http://news.bbc.co.uk/1/hi/sci/tech/1541252.stm
Wednesday 23 July 2014
Case Study 4 (Identity Theft)- Abraham Abdallah
Abraham Abdallah was a serial identity thief who stole the identities of some of the richest people in America in order to raid their bank accounts. His crimes were described as 'the biggest identity theft in internet history.' His potential victims included the likes of Steven Spielburg and Oprah Winfrey. He consulted Forbes magazine to find a list of the richest celebrities and then he would use the internet to illegally gain access to the confidential information such as social security numbers, addresses and dates of birth along with bank and credit card accounts of the celebrities. He also hacked into smart phone services to track the packages in the celebrities name and to be able to pick up their messages anywhere he was in America.
Impact
In the end the crimes of Abdallah posed a large threat but in the end they had little impact, it was reported at the time that he attempted to steal $22m (£14m) but he was unsuccessful for the most part. One of his main targets was Steven Spielburg and his representatives said 'his client's funds had never been violated.'
Resolution
Upon his arrest in 2002 Abdallah admitted 12 separate counts of fraud including wire fraud, credit card fraud and identity theft. Upon pleading guilty he was sentenced to 11 years in prison.
References
http://news.bbc.co.uk/1/hi/entertainment/2298661.stm
http://www.theguardian.com/technology/2001/mar/21/hacking.security
http://archives.jrn.columbia.edu/2009/thebrooklynink/brooklyn/busboy-arrested-for-80-million-identity-theft-attempt.html
Friday 18 July 2014
Case Study 5 (Hackers)- The Thomas Deacon Academy
On Saturday 29th March 2014 the computer systems of the Thomas Deacon Academy were hacked into/breached. The person behind the attack gained access to the Head Teacher's account and sent out lists of confidential documents that were stored on the account. This threatened the privacy of the staff that trusted the school to keep their information safe and also the school's promise to adhere to the principles of the Data Protection Act 1998.
Impact
The security breach led to a whole range of negative impacts for both the school itself and it's staff.When the email with confidential documents were sent out to all students personal information was leaked, this included information about staff salaries, addresses and bank details of staff and information about previous convictions members of staff have had. There was also an effect on the students, the leaked documents were sent over the email system (Microsoft Office Outlook) it had to be shut down before the safety of the system could be guaranteed again. This mainly meant that students got behind on work because they couldn't contact teachers to get help and they also couldn't sent their coursework to them so a lot of deadlines were missed leading to more pressure to get the work finished later in the year. The final impact it had was on the IT department and the finances the IT department had to work over time to call and call in a specialist to work on reestablishing the defences. New defences had to be purchased and a series of new password policies had to be put in place to ensure a breach could never happen again, all of this costing a large amount of money to implement.
Resolution
After around a week of emails being down a new firewall system was built to protect the system so emails and all of the areas of the VLE were opened back up because the system was considered safe enough not to be breached. When the culprit was found there was no public statement made , this means that many of the outcomes are speculated. It is widely speculated that the culprit was one of the students at the school and that the student excluded from the school.
Thursday 17 July 2014
Case Study 6(Page jacking)- eToys/Barnes and Noble
.jpg)
.jpg)
Threat
In 2000 the US Federal Trade Commission received a complaint from Greg Boser from search engine optimization company Web Guerrilla. It was alleged that some of his clients such as Disney CNET and The Discovery Channel had had their pages 'jacked.' It was claimed that the pages were 'jacked' and used to try to generate sales and traffic for online retailers eToys and Barnes and Noble Booksellers. It worked by locating highly searched websites matching relevant keywords on eToys nad Barnes and Noble's websites. They then copied the pages to its server and used a cloaking system to display the stolen pages. Anyone who clicked on the 'jacked' pages websites were redirected to the web sites of Green Flash's clients.
Impact
The impact was that until it was discovered eToys and Barnes and Noble benefited significantly, there websites received a large amount of extra traffic and it is likely that they may have experienced extra sales than they would have usually. This also had negative effects on the websites of the websites 'jacked.' They received less traffic and may have lost out on sales or reputation. People may have been trying to access the rightful websites but as they were redirected they refused to try to reconnect to the page and visit it in future.
Resolution
The investigating company Web Guerilla took the owners of the websites Green Flash to court. Due to the nature of the investigation Green Flash were forced to cease operations while the case was being investigated. If any employees of Green Flash were found guitly they were liable to terminate the contract of the individuals.
Rescources
Tuesday 20 May 2014
Case Study 7 (Virus)- The Concept Virus
Threat
The Concept Virus was a virus that was first discovered in 1995, it was a macro that was found to infect Microsoft Word products. The virus got into the systems because it was found to be pre-installed on discs sold by many high reputation companies such as Microsoft. The virus offered a serious threat to any computer because it is a macro written in Word Basic that will run on any operating system as long as you are running Microsoft Word. The virus would then spread whenever a document is loaded up with an infected template. The macro in the template then copies the virus to the master template on the system and every Microsoft Word document will carry along an infected template.
Impact
The concept virus had major implications, mainly because the concept virus became the most common virus of its time. In the first half of 1996 it accounted for 20% of all computer viruses reported, this figure then jumps up to 1/3 for the second half of the year. At its height Concept accounted for half of all viruses reported in 1997 and by February had infected over 35,000 computers. The virus also raised fears that word documents with viruses on them could be sent and transferred to other computers, when this started to happen even more disruption was caused as people were afraid to open attachments on emails as they didn't know whether the attachment was infected or not.
Resolution
At the end of 1997 the virus was in steep decline and was no longer seen as a threat. This was mainly due to Microsoft creating discs without the virus on that could be installed, this means potentially infected documents could be destroyed from a person's computer.
References
http://virus.wikidot.com/concept
http://www.chebucto.ns.ca/~af380/ConceptMacro.html
http://www.softpanorama.org/Malware/Malware_defense_history/Ch05_macro_viruses/Zoo/concept.shtml
Subscribe to:
Posts (Atom)