9-1. Personal Technology 9.1 Truth Issues: Manipulating Digital Data 9.2 Security Issues: Threats...

Personal TechnologyPersonal Technology

9.1 Truth Issues: Manipulating Digital Data

9.2 Security Issues: Threats

9.3 Security: Safeguarding Computers & Communications

9.4 Quality-of-Life Issues

9.5 Economic & Political Issues

Chapte

r99

McGraw-Hill/Irwin © 2007 The McGraw-Hill Companies, Inc. All rights reserved.

9-3

Truth Issues: Manipulating Digital Truth Issues: Manipulating Digital DataData

Digital Images and Sounds can be manipulatedPro: Creates new forms of art

Morphing software makes one image morph into anotherhttp://www.cs.utah.edu/~dejohnso/morph.html

Movies such as “Crouching Tiger, Hidden Dragon” and “Harry Potter” contain many scenes that could never actually happen

Adobe Photoshop allows changes, enhancements to photos Digital technology allows musicians to sing every track of a

song and accompany themselvesCon: Has made photographs & recordings untrustworthy

Famous Yalta summit photo edited: Stallone added in!

9-4


Photographs may not be authenticPhotographs may be deliberately misleading

1994 Time magazine photo of O.J. Simpson was digitally darkened to make him appear sinister Could this have biased potential jury members?

Fashion model photos are routinely elongated to make models appear more slender How many girls become anorexic to try to match those models’

impossible perfection? http://www.etniesgirl.com/blog/2005/11/30/photoshop-101-e

ven-models-have-flaws

http://www.tutorialized.com/tutorial/Basic-Model-Retouching/9547

http://news.bbc.co.uk/1/hi/health/769290.stm

9-5


Techniques to combat digital deceptionProf. William H. Mitchell of M.I.T. wrote the first

systematic, critical analysis of the digital revolution Corbis http://pro.corbis.com/ adds a digital watermark to

its photosHany Farid of Dartmouth College devised algorithms to

detect changes to uncompressed digital photosProf. Jessica Fridrich of S.U.N.Y. at Binghamton is

researching digital cameras that hide a picture of the photographer’s iris inside each digital photo

9-6


Limitations of Public databases You can’t get the whole story

Start with a public database, THEN do more researchThe data is not necessarily accurate

Cross-check against multiple sourcesEach database service has boundaries

Know what those boundaries areDifferent keywords bring different resultsHistory is limited

These databases often begin with data from 1980 or later

9-7

Security Issues: ThreatsSecurity Issues: Threats

Errors and accidentsNatural hazardsComputer crimeComputer criminals

Is my computer safe?I’m concerned about it. What do I need to do to use it safely for work, home, and school?

9-8

Security Issues: ThreatsSecurity Issues: ThreatsErrors & AccidentsErrors & Accidents

Human errorsPeople choose the wrong computer

Too simple or too complexHuman emotions affect performance

People get frustratedHuman perceptions are slower than the equipment

Watch out when you click the OK button! You may have just deleted something important!

9-9


Procedural errorsWhen people fail to follow safe procedures, errors can

occurSoftware errors

Programmers make coding errorsFamous example: Utility billing software:

Customer pays early – software credits account Customer pays late – software credits account, adds late

fee in for next bill Programmer forgot to consider customers who pay exactly

on time – their payments were never credited at all!

9-10


Electromechanical problemsMechanical systems wear outPower failures shut down computers unless you have

battery backupUsing cellphones and Blackberries while driving can

cause people to crashDirty data problems

Incomplete, updated, or inaccurate dataCheck your records – medical, school, and credit to make

sure they are accurateNatural hazards can lead to disasters

9-11

Security Issues: ThreatsSecurity Issues: ThreatsComputer CrimesComputer Crimes

Two types of computer crimeIt can be an illegal act perpetrated against computers or

telecommunicationsIt can be the use of computers or telecommunications to

accomplish an illegal act

9-12


Theft of hardwareTheft of softwareTheft of online music and videosTheft of time and servicesTheft of informationInternet-related fraudTaking over your PCCrimes of maliceComputer criminals

9-13


Theft of hardware can range fromShoplifting an item from a computer storeStealing an entire PC or laptop

Theft of softwarePirated software is software obtained illegallyThis includes “softlifting” - buying one copy of the

software and using it on multiple computersSoftware makers have prosecuted both companies and

individuals including students for software piracy

9-14


Theft of online music and moviesEntertainment industry takes this seriously and

prosecutes offendersStealing music

Illegal file swapping services Damages can be up to $150,000 per song

Stealing movies The film industry has taken aggressive aim at pirated

movies 11-nation crackdown announced in 2005

9-15


Theft of time and servicesTheft of computer time at work

Surfing or playing games when you should be working Some employees violate policy by conducting personal

business online such as online auctions from work Most employers have policies against viewing X-rated web

sites at workTheft of phone services

Phone phreaks use company phone systems to make “free” unauthorized long distance calls

Why break the law, when you can get free long distance over the internet using skype www.skype.com

9-16


Theft of InformationA common crime todayCan include theft of personal information, medical

information, or credit card and financial informationLegislation to make it a crime to steal someone’s identity

was the 1998 Identity Theft and Assumption Deterrence Act

The U.S. Department of Justice discusses their approach to this crime at http://www.usdoj.gov/criminal/fraud/idtheft.html

If you are a victim of identity theft, you may file a report online at the Federal Trade Commission’s website at https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03

9-17


Internet-related FraudBecause it lends itself to anonymity, internet-related

fraud is becoming more commonWell-known examples include:

Nigerian letter scam Letter says you can get a lot of money out of Nigeria if you pay

a “money transfer fee” first Evil twin attacks

A cracker sets up an attack computer as a duplicate public access point in a public location

Phishing Sending emails that appear to come from a trusted source that

links you to a website where you type in personal information that is intercepted by the phisher

9-18


Internet-related Fraud (continued)Pharming

Malicious software is implanted in your computer that directs you to an imposter web page

Trojan horses A program such as a “free” online game or screensaver that

loads hidden programs that take over your computer or cause mischief without your knowledge

For example, Windows users who install the phony MSN Messenger Version 8 "beta" are actually installing an IM worm that spreads to their IM contacts, and connects their computer to a remote control "bot" network run by malicious hackers

9-19


Crimes of Malice: Crashing entire computer systemsSometimes criminals are more interested in vandalizing

systems than they are in gaining control of themIn 2003, an entrepreneur with a grudge because he lost a

sale retaliated by shutting down the WeaKnees websiteCrackers regularly attempt to crash Microsoft’s websiteSecurity specialists monitor for possible cyber-attacks on

electrical and nuclear power plants, dams, and air traffic control systems

Crackers have attacked the internet too and brought down large sections of it

9-20


Computer criminals may includeIndividuals or small groups who

Use fraudulent email and websites Steal peoples’ identities for monetary gains Show off their power for bragging rights

Employees who Have a grudge against their current or former employers Have a grudge against another employee Sell their company’s secrets for personal profit

Outside partners and company suppliers

9-21


Computer criminals may also includeCorporate spiesEnemy foreign intelligence services Organized crimeTerrorists

Computer criminals do not include your employer, who is legally allowed to monitor the computers at workCheck your company’s computer usage policyMake sure you follow the rulesKnow that any data you store in the computer at work –

including emails – is company property

9-22

Security: SafeguardingSecurity: SafeguardingComputers & CommunicationsComputers & Communications

Security is A system of safeguards for protecting information

technology against disasters, system failures, and unauthorized access that can result in damage or loss

Computer Security’s Five ComponentsDeterrence of computer crimeIdentification and accessEncryptionProtection of software and dataDisaster recovery plans

9-23


Deterrents to computer crimeEnforcing lawsCERT: The Computer Emergency Response Team

Provides round-the-clock information on international computer security threats

The CERT website is www.cert.org For example, on December 15, 2005 announced a partnership

between the US and ictQatar, the Qatar Supreme Council for Information and Communications Technology, to conduct and coordinate cybersecurity activities

On December 13, 2005 CERT issued alert SA05-347A documenting Windows Explorer vulnerabilities

9-24


More deterrents to computer crimesTools to fight fraudulent and unauthorized online uses

Rule-based detection software Predictive-statistical-model software Employee internet management software Internet filtering software Electronic surveillance

Verify legitimate right of access Use cards, keys, signatures, and badges Use PINs and passwords Use physical traits and personal identification

9-25


Encryption The process of altering readable data into unreadable form to

prevent unauthorized access Advantage: encrypting data that is available over the internet

keeps thieves and crackers from reading it On Dec. 7, 2005, Guidance Software, a maker of Computer Forensics

software, informed their customers that criminals had stolen their credit cards because Guidance had FAILED to encrypt a database that was accessible over the internet

Disadvantage: encrypting data may prevent law-enforcement officials from reading the data criminals are sending to each other

Discussion Question: Does information privacy outweigh law enforcement’s needs to track down and prosecute criminals? Should we all encrypt our information to prevent crackers and criminals from stealing it?

9-26


4 ways to protect software & dataEducate employees in backing up data, virus protection,

and not sharing passwordsControl of access to restrict usageAudit controls to document who used what programs and

computers and whenPeople controls include screening applicants,

background checks, monitoring internet, email, and computer usage

9-27


Disaster-recovery plans A method of restoring information-processing operations that

have been halted by destruction or accident Reinforced by 2001 World Trade Center attack Reinforced by company data losses incurred during 2005 Hurricane

Katrina Plans range in price and complexity from

Backing up data from disk to tape, CD, or zip disk, with a UPS Automatically storing data redundantly in two places, with a

generator Having an off-site computerized data storage center with

independent power supply Having a complete “hot” redundant data center that can instantly be

used if there is a disasterMore $$$

9-28

Quality-of-Life IssuesQuality-of-Life Issues

Information Technology misuse can result in Environmental problems

Manufacturing computers and circuits can cause pollution Computer component manufacturing employees may be

exposed to toxic substances Used computers/monitors contain chromium, cadmium,

lead, mercury, PVC, and brominated flame retardants – all toxic substances that must be disposed of properly

Exacerbation of Mental-health problems Proliferation of pornography Workplace problems

9-29


Information Technology misuse can result in Environmental problemsExacerbation of mental-health problems

Isolation; computer gamers may substitute online games for interpersonal interaction

Online gambling can be addictive Many users find PCs stressful Internet usage by children can expose them to online

predatorsProliferation of pornography Workplace problems

9-30


Information Technology misuse can result in Environmental problemsExacerbation of Mental-health problems Proliferation of pornography

Online pornographers use pop-up ads and internet search engines to troll for new customers

This means that children may be exposed to porn when involved in innocent online searches

Parents may use online blocking software like Cybersitter, Cyber Patrol, or Net Nanny to prevent this

Workplace problems

9-31


Parental Responses to protecting children from online pornOnline blocking softwareDVD filtersVideogame rating systemsThe V-chipSupport legislation to require pornographers to use

certain web addresses, such as .xxx domainMonitor internet useBe candid to your children about the threatsSave evidence and block messages to prevent

cyberbullying

9-32


Information technology misuse can result in Environmental problemsExacerbation of mental-health problems Proliferation of pornographyWorkplace problems

Misuse of technology Fussing with computers can waste time Information overload

9-33

Economic & Political IssuesEconomic & Political Issues

Technology may affect the gap between the rich and the poor Most jobs require employees who are tech-savvy People who are not tech-savvy won’t qualify for those jobs Technology is being used to replace employees in traditional

jobs, traditionally filled by untrained workersInternet is not controlled

This means that information moves freely on the internet Nondemocratic governments can’t control internet political

activism Internet is only loosely policed, so criminals take advantage

9-1. Personal Technology 9.1 Truth Issues: Manipulating Digital Data 9.2 Security Issues: Threats...

Documents

Transcript of 9-1. Personal Technology 9.1 Truth Issues: Manipulating Digital Data 9.2 Security Issues: Threats...