E-business - 6

Threats to eBusiness

Intellectual Property Threats

Three problem related to intellectual

property:
Cybersquatting
Name changing
Name Stealing

Cyber squatting
Is practice of registering a domain name that is the

trademark of another person or company in the hopes

that the owner will pay huge amount of money to
acquire the URL
The U.S anticybersquating Consumer protection Act

Also know as the trademark cyberpiracy Prevention Act.

Protects the trademarked names owned by corporations
form being registered as domain names by other parties
Any parties found guilty of cybresquanting can be held
liable for damages of up to $100,000 per trademark.

Name Changing
Occurs when someone registers purposely

misspelled variations of well-known domain name

These variants sometime lure consumers who make
typographical errors when entering URL
There is no law to govern this issue
A companys best defense is to register as many as
variations in product and company spellings as
possible with Anticybersquatting Consumer
Protection Act.

Name Stealing
Occurs when someone posing as a sites

administrator changes the ownership of the sites

assigned domain name to another site and owner.
Usually happens only when safeguards are not in
place
The ownership changes occur without notice
because it is automated
Occur when domain names registrars security
procedures can be faulty

Protecting Intellectual Property

U S Department of justice maintains the

cybercrime site to provide information and update

on

Hacking
Software piracy
Latest security information
On cyber crime
Protecting intellectual property right

Digital watermark
Watermark is a digital code embedded in a

digital image to protect content

Blue Spike produces a watermarking system
called Giovani
Authenticates the copyright
Provide copy control

Copy

control electronic mechanism for limiting the

number of copies that one can make of a digital work

Threats to the Security of Client

computer
1. Active Content

Refers to programs that are embedded in web

pages and that cause action to occur
Cracker intent on doing mischief to client
computers by embedding malicious active
content in web page
Called Trojan Horse

Program hidden inside another program or web

page that masks its true propose

Active Content Cont..

A Trojan horse can

Send private information of the clients computer

Could alter or erase information on the clients
computer

To avoid Trojan horses do not download and install

software from sources that you do not trust; also

make use of firewalls to block illegitimate
ingoing/outgoing traffic

Cont..
2. Cookies

Cookies do not harm client machine directly

they can lead to security violation
Either user can disable cookies entirely but
then user required to enter information each
time they revisit a website
And sometime to get full access of any web
site cookies are required
That is why we cannot disable cookies

Cookies cont..
Another approach is to use cookie blocker
Which prevents cookies storage selectively by
Allowing user to block cookies from the web servers
that load advertising into web page
Allowing good cookies and denying all other

Cont..
3. Steganography

Process of hiding information within another

piece of information
This information resides in the background and
is undetectable by anyone without the correct
decoding software
Many security analysts believe that the terrorist
organisation Al Qaeda use steganography to
hide information regarding their activity in
images.

Client Computer Security

A virus is software that attaches itself to another

program
A worm is a type of virus that replicates itself on the
computer it affects
Email attachments may include word processing
files, spreadsheets, databases, images which may
contain viruses

Cont..
To counteract viruses

Ensure you have installed the latest security

patches
Also ensure that you are running the latest
Antivirus software with the latest virus updates

Protecting Client Computer

Digital certificate

Known as digital ID, is an attachment to an

email message or program embedded in a web
page that verifies that sender or website is who
or what it claim to be
Serve the same function as a photo on passport
Certificate authority issues a digital certificate
Oldest and famous CA is VeriSign

Cont..
A signature on a message is some data that

validates a message and verifies its origin

a receiver can keep as evidence
a third party can use to resolve disputes

Six main element of digital certificate

Certificate owners identification information

Owners public key
Validity date
Serial number
Name of issuer
Digital signature of certificate issuer

Communication Channel Security

Confidentiality ensures that only owners of the

shared key can decrypt the message

Authentication ensures the identity of the person at
either end of a communication line are who they say
they are
Integrity ensures the message is not changed
during transit
Nonrepudiation ensures that the sender can not
deny sending the message

Cont..
These assurances are provided through the

following methods:
Public/Private keys ensure confidentiality
Digital signatures ensure non-repudiation and
authentication
Message authentication codes ensure data
integrity

Communication Channel Security

Communication channel threats come from

various sources including:

Sniffer Programs
Backdoors
CyberVandalism
Masquerading or Spoofing
Denial-of-Service

Cont..
Sniffer Programs

These programs provide a means of recording packets

passing through a computer or router
It is similar to telephone line tapping

Sniffer programs can

Read email messages

Read user logins and passwords
Read credit card numbers

Cont..
Backdoors

Some e-commerce programs contain backdoors

These backdoors are left intentionally or
unintentionally by software developers
Backdoors provide a way for an unauthorised user to
gain access to protected information including:
Credit

card information
Proprietary company information (which could be sold for
millions to competitors)

Cont..
CyberVandalism

This is the electronic defacing of Web site pages

By

replacing regular content

It is parallel to the spraying of graffiti on public

property

Cont..
Masquerading or Spoofing

This is when a person impersonates someone else

E.g. pretending that a Web site belongs to someone
else, when it does not
Any order entered on this new page could then be
modified (e.g. change the shipping address of the
goods) and sent to the original Web site.

Cont..
Denial-of-Service Threat

This threat disrupts normal computer

processing
For example a zombie computer could be used
to flood a Web site with packets
This prevented legitimate users from using the
Web site
This also may lead to a loss in business