Ethics final review

1. SQL Injection

2. DDOS attack (distributed denial of service)

3. social engineering

4. computer virus

5. computer worm

6. trojan horse

7. sniffer

a type of attack often used against data driven applications.

Code injection technique that might destroy database.

It is a technique that exploits an application security weaknesses.

Takes advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a backend database

Used to steal databases full of credit card information, passwords, or personal details

• Use prepared statements

• Use stored procedures (that can be saved and used over again)

• Validate user input

1. Make a machine or network resource inaccessible to users.

2. Its a cyberattack that causes the servers to refuse to provide services to genuine clients

Flooding and crash attack

the hacker sends a huge amount of traffic to the server which the server can not handle. And hence, the server stops functioning. This type of attack is usually executed by using automated programs that continuously send packets to the server

the hackers exploit a bug on the server resulting in the system to crash and hence the server is not able to provide service to the clients

botnets

A number of devices connected to the internet where each device has one or more bots running on it. The bots on the devices and malicious scripts used to hack a victim. Can be used to steal data, send spams and execute a DDOS attack

1. Use Anti-DDOS services

2. Configure Firewalls and Routers

3. Use Front-End Hardware (or application front-end hardware)

4. Use Load Balancing: efficient distribution of network or applications across servers

5. Handle Spikes in Traffic

any hardware that optimizes or protects network traffic. It is placed on the network's outward-facing frontend or boundary

the art of manipulating people into divulging personal and confidential information

Requires very little technical skill, relies heavily on human interaction, most often used with other exploits, sim hijacking

• Used by an attacker to steal data, disrupt operations or access a private network.

• Used to describe many different types of software including viruses, worms, Trojans, key loggers, spyware and others

• Any hostile computer program that can replicate itself and spread from one computer to another without input from its creator.

• Needs to attach itself to an existing program in order for it to work.

• They are used to deliver many different payloads

• A program similar to a virus; it can replicate itself and spread from one computer to another.

• Unlike a virus a worm does not need to be attached to an existing program in order to function.

• Always cause harm to the network, even if it is just increased bandwidth consumption, whereas a virus will always corrupt and/or modify files on a computer.

• A program that pretends to do one thing, but in reality does something else. May appear to be a normal program, but in fact does something malicious.

• Used to record keystrokes input by a user. Can be used to steal usernames, passwords, credit card information, personal details and so on.

• They do not replicate as viruses do, nor make copies of themselves as worms do.

• They simply give access to some hacker or a cracker.

Install firewalls

• Program network security system used to monitor (allows/block) network traffic.

• Have a set of predetermined security rules to filter packets trying to enter the network.

• Usually placed between (on the boundary of) a trusted and untrusted networks.

• A program and/or service that monitors data travelling over a network. Sniffers are used to steal information off a network.

• Unauthorized sniffers can be extremely dangerous to a network’s security because they are virtually impossible to detect.

• Used especially in the Wi-Fi connection.

• Used to prevent access to computer systems by unwanted programs.

• Utilizes many different methods to protect the computer.

• Often search for signs of viruses on every website that is visited and do regular scans of the computer to check for infections

1. password cracking

2. brute forcing

3. dictionary hack

4. packet sniffing

5. phishing

6. pharming

7. spear phishing

8. key loggers

9. spoofing

10. IP spoofing

Attempting to guess a password using a program

A program that guesses a password by inputting as many randomly generated passwords using the computer’s processing power

A program that guesses passwords based on words in a dictionary or the program’s vocabulary

Sniffing packets sent over the internet to gain security details over unsecured connections

Is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by pretending as a trustworthy entity in an electronic communication. Legitimate looking sites designed to lure users. Ex. An email sent.

Another technique used to steal confidential access code. It works by redirecting users to a rogue server. Example: malicious website that resembles a legitimate website – used to gather username/pwd

when criminals obtain information about you from websites or social networking sites, and customize a phishing scheme to you

records keystrokes and can be software or hardware

can be define as misrepresenting the sender of a message (e-mail, IM, letter, resume, etc.) in a way that causes the human recipient to behave a certain way

Masks the IP address of a hacker and prevents them from being found. ◼ When a hacker spoofs an IP address through a Web site, it is known as IP / Web spoofing

1. Domain Name Server Tunneling

2. Eavesdropping

3. Jailbreaking

4. Business email compromise

5. Cross site scripting

6. drive by attack

an attack designed specifically with the intension of providing hackers with continual access to the target. ◼ Enables the hacker to insert (or tunnel) malware into DNS request coming from the client to the server by tempering with the HTTP (protocol)

Involves a hacker intercepting and accessing \n the data traveling across a network by \n exploiting unsecured communication

Involves a hacker “rooting your device to allow the installation of software that has not been verified by vendors or made available in official app stores. This leaves the device vulnerable to incoming malware.

attack involves hacker targeting employees with authorization privileges for various transactions.

An XSS infects users by inserting malicious scripts when a user visits a website, thereby infecting device, stealing cookies, credentials, etc

1. Do not enter sensitive information in the webpages that you don’t trust

2. Verify the site’s security

3. Use Firewalls

4. Use Antivirus Software that has Internet Security

5. Use Anti-Phishing Toolbar

Know the Domain, Study the Data (Data Mining), Cleanse and Normalize Data, Choose a Model, Test and compare with other models, Short List optimum models, Fine Tune

Correct and Modify, Monitor Errors, Record Learning.

A machine trying to fool a human into thinking that it is human

a complete immersion experience with lenses, 3D visualizations

an interactive experience of a real world environment where the objects that reside in the real world are enhanced by computer generated perceptual information, sometimes across multiple sensory modalities

combines elements of both AR and VR, real world and digital objects interact

Completely Automated Public Turing test to tell Computers and Humans Apart

Protection against intentional harm

Protection against accidental harm

regards ‘duty’ as most important for morality. There are absolute rights and wrongs

shooting an intruder (killing is wrong) to protect your family (protecting them is right).

regards consequences as most moral. The end justifies the mean

An obligation of some people to provide certain things for \n others. Ex: safe workplace; access to a free public education. Provide a good or service

The right to act without interference. Ex: freedom of speech; right \n to strike. Requires other to abstain from your actions

Intelligent individuals with computer skills and an ability to explore the system details. For some, hacking is a hobby. Their intention can either be to gain knowledge or to explore and do illegal things

• black hat

• white hat

• grey hat

• blue hat

• hacktivist

• script kiddie

• elite hacker

• bots

Penetrating into someone’s system without their permission just for fun or to harm that system and get some crucial data.

Malicious hacker

A hacker with the main intention of improving computer security. Also called an Ethical hacker

(Mixture of white and black, offers their services to improve the system for a fee). A hacker who will identify but not exploit discovered vulnerabilities, yet may still expect a reward for not disclosing the vulnerability openly

(consults firms, perform system tests before launch). Invites professionals to find vulnerabilities.

Utilizes technology

(Skiddie) – non-expert in technology lacking knowledge, immature, trying to crack into systems by using products created by others. Early hackers

The most skilled hacker. Master of deception

Software tools that hackers use

It helps to fight against cyber terrorism and national security breaches.

➢ It helps to take preventive actions against other hackers.

➢ Detects the weaknesses and closes the gaps in a system or a network.

➢ Prevents gaining access from malicious hackers.

➢ Provides security to banking and financial settlements

➢ Might use the data against malicious hacking activities.

➢ May corrupt the files of an organization.

➢ Possibility to steal sensitive information on the computer system.

1. reconnaissance

2. scanning

3. gaining access

4. maintaining access

5. covering tracks

the process of sorting through large data sets to identify patterns and relationships that can help solve business problems through data analysis

supervised, unsupervised, and reinforcement learning

semi supervised is a combination of supervised and unsupervised

Privacy, Control, and Agency (or lack thereof, i.e. Surveillance)

Internet of things

processing speed,

cloud computing,

wireless communication,

light weight OS,

small footprint protocols,

research,

reducing cost and memory

overs all of the various technologies that enhance our senses, whether they’re providing additional information about the actual world or creating totally unreal, simulated worlds for us to experience. It includes Virtual Reality (VR), Augmented Reality (AR) and Mixed Reality (MR) technologies

cars (tesla), selfie fridge

1. Purpose (explain):

• Could be for healthcare [training in surgical operations

• media/entertainment [movies and shows to create unique experiences]

• Virtual travel [trips to museum, or different planet]

• Professional sports [training programs]

• Gaming [first person shooters]

2. Delivery method

• Head mounted or smart device

3. Operate independently as well as often blended together

study of what it means to “do the right thing”

A rational agent or rational being is a person or entity that always aims to perform optimal actions based on given premises and information. (could be an entity of action)

Formula for agents: f:P*→A

A vulnerability is a weakness, flaw or other shortcoming in a system. a threat is anything that could exploit a vulnerability, which could affect the confidentiality, integrity or availability of your systems, data, people and more. Finally, risk is the probability of a negative (harmful) event occurring as well as the potential of scale of that harm.

1. planning

2. learning

3. problem solving

4. knowledge representation

5. Perception motion

6. Reasoning social intelligence /creativity

Legal activities done trying to \n improve technology

illegal activities, hacking with a malicious intent

1. reconnaissance

2. scanning

3. gaining access

4. maintaining access

5. covering tracks

Human Genome \n Project (HGP) coordinated by Department of Energy and \n National Institute of Health \n  Goal is to identify all of the approximately 100,000 genes \n in human DNA \n  Store and analyze the data \n  Address the ethical, legal, and social issues 33

Understand the functions of genes and proteins. This \n knowledge will have a major impact in the fields of \n medicine, biotechnology, and the life sciences. \n  It could help with the diagnosis and prevention of \n human disease. \n  It would allow us to modify medication for more \n effective treatment cycles. \n  -ve: It could develop a trend in “designer” humans. \n  -ve: could create classes of individuals - only be \n accessible to the wealthy. \n  -ve: health and environment threats 35

1. Awareness

2. Exploration

3. Expansion

4. Commitment

5. Dissolution

Sampling error and Non-sampling error

Arises when only a part of the population is used to represent the whole population

occurs at any stage of a sample survey and can also occur with censuses.

Improve their performance (P), at some task (T), with experience (E)

1. Reveal identity

2. Reveal value hidden attribute

3. Reveal link between two entities

4. Reveal group membership