Module’s Information: Module Session Programme Lecturer ICT2209 COMPUTER ETHICS SEPTEMBER 2009 BGSDI, BIMCI, BNMCI, BITMI Vijayan A/L Venggadasallam Email: vijayan@intimal.edu.my Phone Ext: 2335 Summary of Coursework Breakdown: (as stated in course structure) No Description of coursework Learning Outcomes covered Room: A3-F02

Marks allocated

1 2

Assignment 1 Assignment 2

L01, L02, L04 L01, L02, L03, L05, L06

30% 30% 60% 40% 100%

CONTRIBUTION OF THE COURSEWORK TO THE COURSE FINAL EXAM TOTAL Penalty for late submission: 1 day – minus 20% of total mark awarded 2 days – minus 50% of total mark awarded 3 days – 0 mark for this piece of coursework


Coursework Specifications

Page 1


Coursework #2

Module’s Information: Module Session Programme Lecturer ICT2209 COMPUTER ETHICS SEPTEMBER 2009 BGSDI, BIMCI, BNMCI, BITMI Vijayan A/L Venggadasallam ICT2209 COMPUTER ETHICS Coursework Type Percentage Hand-out Date Due Date Student’s Declaration: Individual Assignment 2 30% out of 100% Week 4 Week 7 Room: A3-F02

I declare that:  I understand what is meant by plagiarism  This assignment is all my own work and I have acknowledged any use of the published or unpublished works of other people.  I hold a copy of this assignment which I can produce if the original is lost or damaged [Name/ID] _______________________________________ [Date] _____________________

[Signature] _______________________

Learning Outcomes Assessed: LO1 LO2 LO3 LO5 LO6
Discuss the computer revolution and highlight the problems of global ethics Explain the computer security and human values Discuss the privacy issues relate it to the Information Age.

Discuss the propriety rights in computer software Apply the ethics in software development project Total Marks
10 20 20 25 25

Assessment Criteria
1. 2. 3. 4. 5. Introduction. Background study. Report format and structure. Specification and Discussion of the Requirements. The overall presentation skills.

Given Marks

100 Penalty

Coursework Specifications

Page 2

Intellectual Property 4.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY Final Mark (30%) Lecturer’s Comments Penalty for late submission: 1 day – minus 20% of total mark awarded 2 days – minus 50% of total mark awarded 3 days – 0 mark for this piece of coursework Description of Coursework #2: Student to do research on topic related to computer ethics and produce report of their research. and body of information. Computer security 3. Issues in computer privacy 2. Spacing: 1. The contents of the report must have a cover page. contents page. 3. and list of references. 2. Students are also required to conduct presentation on the topic. conclusion. Any other suitable topic The following guidelines must be adhered: 1. The report should have 15-20 pages. Font type: Times New Roman.5 End of Coursework #2 Coursework Specifications Page 3 . Proposed topics: 1. Font size: 12.

1. Hackers Attitude Identity Theft 4. Coursework Specifications Page 4 . 2. 5 6 8 8 11 12 14 16 20 21 22 5. 6. Descriptions Introduction Background study Contents Hacking 3.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY TABLE OF CONTENTS No. 8.2. 3. Phishing 4. 4.1. 7. Pharming Prevention Tips Conclusion References Plagiarism Detect Page Page No. 1.

So it will cover about some stealing techniques that the criminal use to steal our confidential information and how to protect our personal information. while allowing the information and property to remain accessible and productive to its users’ needs.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY 1. The terms computer system security. Coursework Specifications Page 5 . The objectives of computer security consist of protection of information and property from theft. My research tells about computer security. corruption. and natural disaster. Computer security is a branch of technology known as information security and usually applied to computers and networks. tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. Introduction Nowadays there are so many computer crimes all over the world. means the whole processes and mechanisms by which sensitive and valuable information and services are protected from publication.

2. breaches of confidentiality range from the embarrassing to the disastrous. Confidentiality means that information cannot be access by unauthorized parties and is also known as secrecy or privacy. but also that they are not refused resources that they legitimately can expect to access. "denial of service‖ are attacks against availability which are sometimes the topic of national news. the forming of concepts reach of computer security is extensive and multifaceted. Nonrepudiation implies that a person who sends a message cannot refuse that he sent it and. Other important concerns of computer security professionals are maintain access control and nonrepudiation. and is Coursework Specifications Page 6 . Authentication means that users are who they claim to be and availability means that resources are accessible by authorized parties. that a person who has received a message cannot refused to receive it. Computer security touches draws from disciplines as ethics and risk analysis. on the other hand. Maintaining access control means not only that users can access only those resources and services to which they are entitled. 3. especially the Internet. 1. Background study The term computer security is often used. In addition to these technical aspects. the concept of computer security has expanded to denote issues refering to the networked use of computers and their resources. but the content of a computer is vulnerable to few risks even less the computer is connected to other computers on a network and as the use of computer networks. and authentication or availability. integrity.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY 2. The most important areas of computer security are usually represented by the initials CIA: confidentiality. Integrity means that information is protected against changes without permission that are not detectable to authorized users and many incidents of hacking expose the integrity of databases and other resources.

a person's information seeking habits. Because of the ease. privacy on the Internet is about protecting one's personal information. While confidentiality. the prevention. and identity and anonymity in cyberspace. it is now very important that individuals are able to maintain control over what information is collected about them. and authenticity are the most important aspects of a computer security. integrity. how it is used. who may use it. Although users may feel that they have nothing to hide when they are registering and filling a form with an Internet site or service.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY referred with topics such as computer crime. and detection. the information in electronic format can be shared among third parties. privacy is perhaps the most important concern of computer security for everyday Internet users. for example. and what purpose it is used for. remediation of attacks. Because small pieces of related information from different sources can be easily linked together to form a unit of. Coursework Specifications Page 7 . even if the information does not seem valuable.

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY 3. They usually reserve cracker refer to the black hat hacker or more generally hackers with unlawful intentions. and they often create and distribute open source software. There are 5 types of hackers that consist of white hat hacker. Some would say that the people that are now considered hackers are not hackers. or try excluding some specific group. Hackers Attitude Several groups of computer underground have different attitudes and aims use different ways to separate distinctly themselves from each other. grey hat hacker. black hat hacker. usually by gaining illegal or unauthorized access to administrative controls. as before the media explained the person who breaks into the computer security as a hacker there was a hacker community. Other uses of the word hacker not only related to computer security. Many people claim that the hackers are motivated by artistic and political ends. 1. but also rarely used by the mainstream media. Hacking Hacking is an action that breaks into computers. They are computer security experts. These computer professionals are employed by companies to ensure that a company’s information systems are secure and they may utilize variety kinds of methods to carry out their tests. including social engineering Coursework Specifications Page 8 . and are unconcerned about the use of illegal means to archive them. who have specialization in penetration testing and other testing methodologies. Nowadays these people in the community refer to the cyber-criminal hackers as ―crackers‖. Nowadays the subculture has evolved around hackers is often related to as the computer underground. White hat hackers White hat hackers are known as ―ethical hackers‖.1. The members of the computer underground should be called crackers. script kiddie and hacktivist. 3. This community was a community that people had a great interest in computer programming.

They are hackers who have specialization in unauthorized penetration and use computers to attack computer systems for profit. internet worms. trial/demo version. is a term used to describe those who use scripts or program developed by other people to attack computer systems or networks. and attempts to evade security to gain entry into secured areas. Coursework Specifications Page 9 . 2. Grey Hat Hackers Grey hat hacker refers to a skilled hacker who sometimes acts illegally or without authorized permission. Black Hat Hackers A black hat hacker is refers to a hacker who breaks into networks or computers illegally or creates computer viruses. sometimes do good things.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY tactics. It is commonly assumed that script kiddies are juveniles who lack of programming ability to write complicated hacking programs or exploits on their own. and sometimes not. Black hat hackers are also called crackers. The penetration usually involves modification or destruction of data. data checks. a script kiddie is sometimes call script bunny. but may or may not occasionally do crimes when the courses of their technological exploits. They are a group of people between white and black hat hackers. for fun. serial number. They never hack for personal gain or have malicious purposes. hardware key. The way may also refer to hackers who crack software to remove protection methods such as copy prevention. 3. and deliver spam through the use of botnets. CD check. 4. use of hacking tools. or for political purposes or as a part of social cause. or software annoyances like nag screens and adware. These crackers may distribute computer viruses. and is done without authorization. and their objective is to try impressing their friends or getting credit in computer-enthusiast communities. Script kiddie In hacker culture.

Some argue it was found to describe how electronic direct action might work toward social change by combining programming skills with critical thinking.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY 5. Some people think that malicious cyber-attacks are an acceptable form of direct action and the other strand thinks that all protest should be peaceful. or information ethics. virtual sabotage. human rights. The loose network of programmers. redirect. and software development. the controversy reflects two divergent philosophical strands within the hacktivist movement. Hacktivism is a controversial way. It is understood as the code writing to promote political – promoting expressive politics. free speech. web site parodies. information theft. refraining from destruction. economic. Freenet is a principal example of translating political thought (anyone should be able to speak) into code. The others use hacktivism as practically synonymous with malicious and destructive acts that undermine the security of the internet as a technical. surveillance and privacy in an era of increased technological surveillance. Hacktivism or Political Hacking Hacktivism (combination of hack and activism) is the nonviolent use of illegal or legal ambiguous digital tools to hack in pursuit of political ends. denial-of-service attacks. Coursework Specifications Page 10 . its beliefs include access to information as a basic human right. Hacktivism is an offshoot of Cult of Dead Cow. These digital tools include web site defacements. Hacktivist activities cause many political ideals and issues. Fundamentally. Acts of hacktivism are brought about in the belief that proper use of code will have increased effects the same to regular activism or civil disobedience. virtual sit-ins. and political platform. artists and radical militants 1984 network liberty alliances more concerned with issues of free speech.

The person whose identity is stolen can suffer various kinds of consequences when he or she is held responsible for the criminal’s actions. Identity fraud is result of identity theft. However. The best example of this is when a data violation occurs. A Government Accountability Office study determined that most violations have not resulted in detected incidents of identity theft. according to an FTC report. the Full Extent Is Unknown". the terms are often used get accidentally exchanged. but Evidence of Resulting Identity Theft Is Limited. However. A later study by Carnegie Mellon University concluded that "the probability of becoming a victim to identity theft as a result of a data breach is .. synthetic ID theft is not always detectable by the consumers whose information was used. However the title of that report is "Data Breaches Are Frequent.around only 2%". resulted in only about 1800 instances of identity theft. Someone can steal or appropriate someone identifying information without actually performing identity fraud. There has been very little evidence to link ID fraud to data violations. according to the company whose systems were breached. Coursework Specifications Page 11 . since it is impossible to steal an identity. Identity theft is a thing that different from identity fraud. accounting for over four million records.. The term is relatively new and is actually like an error in naming. one of the largest data breaches ever. However. only to use it.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY 4. More recently. Identity theft Identity theft is a term used to relate to fraud that involves someone presuming to be someone else in order to steal money or get other benefits. It is a crime to use another person’s personal identity for personal gain in many countries.

Phishers use spam. and phishers are nothing more than tech-intellect con artists and identity thieves. How phishing works In many cases. The web site. sometimes up to millions of messages. and it often tries to provoke an emotional response to a false crisis. account numbers. Phishing Phishing is actually an online con game. such as bank and credit card account details. like the email. While it is impossible to know the actual victim response rates to all phishing attacks. 4. And even sometimes the email provides the recipients to a fake web site. Usually the message contains the company’s name and logo. fake Web sites.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY There are some stealing identity techniques such as phishing and pharming. appears authentic and in some cases its URL has been covered so the web address looks real. Each spam email has contents of a message that appears from a famous and trusted company. crimeware and other techniques to trick people into leaking sensitive information. it is commonly believed that about 1 to 10 percent of recipients are tricked with a ―successful‖ phisher campaign having a response rate around 5 percent. phishers send out a lot of spam email. The fake web site insists the visitor to provide confidential information such as social security numbers. the phisher hopes at least a fraction of recipients are fooled into submitting their personal data. for example by opening up new accounts using the victim’s information or draining the victim’s bank accounts or they sell it on the black market as third party for a profit. they either use the stolen information themselves to deceive the victims.1. Once they’ve captured enough victims’ financial information. passwords. the email often request for the user’s personal or financial information. Coursework Specifications Page 12 . etc. Email contents are looks like business language and couched in urgent. Since the email and corresponding Web site look like the real one.

the phisher can simply steal our confidential information although we do not fill our information and the Trojan or spyware placed onto your machine would capture all of information the next time you visit the legitimate Web site of your bank or other online service. Throughout the past year. a lack in the IRS Web site allowed people to make their ―bait‖ URLs appear to be the IRS’ Web site. criminallyowned Web server. hostile Web sites by increasing common Web browser vulnerabilities to infect victim machines. Symantec recently captured a stereotypical phishing attack in its honey pot network focused on the online auction service eBay. using rootkit and other aggressive stealth techniques to remain hidden on an infected system. Phishing example Symantec operates a group of machines known as honey pots—a network of intentionally vulnerable systems that are used to capture and study real-world attacks. This is one of many potential examples of the steadily advancing skills of online fraudsters.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY Over 2005. Another example of the growing skills of the phishing groups is their use of lacks in Web site design to make their attacks more convincing. EBay become one of the most phished brands on the internet. Coursework Specifications Page 13 . This information is in turn used for research and refinement of Symantec’s products. This trend means that by simply following the link in a phishing email to a fake Website. phishers became much more complicated. even though the victim was headed to a different. They began using crime ware in conjunction with their fraud. this genre of crime ware has become more targeted or capturing just the information the phisher wants and more silent. For example.

DNS cache poisoning is an attack on the Internet naming system that allows users to enter in meaningful names for Web sites (e. 192.mybank. When a pharmer performs a successful DNS cache poisoning attack. Pharmers rely upon the same bogus Web sites and theft of confidential information to perform online scams. they are effectively changing the rules of how traffic flows for an entire section of the Internet! The potential widespread impact of pharmers routing a enormous number of unsuspecting victims to a series of bogus. hostile Web sites is how these fraudsters earned their namesake. www. Instead of relying completely on users clicking on an enticing link in fake email messages.g.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY 4. The difference between phishers and pharmers is phishers drop a couple lines in the water and wait to see who will take the bait but pharmers are more like cybercriminals harvesting the Internet at a scale larger than anything seen before. pharming instead diverts victims to the bogus Web site if they type the right Web address of their bank or other online service into their Web browser. The naming system relies upon DNS servers to handle the conversion of the letter-based Web site names.com) rather than to remember series of numbers (e.1). which are easily recalled by people.1. Pharmers re-direct their victims using one of several methods. Pharming Pharming is another form of online fraud.168. but are more difficult than phishing to detect in many ways because they are not reliant upon the victim accepting a ―bait‖ message. The first method – the one that earned pharming its name – is commonly an old attack called DNS cache poisoning. it is almost similar to its cousin phishing. into the machine-understandable digits that whisk users to the Web site of their choice.2.g. Coursework Specifications Page 14 .

The pharmer appears to have duped the personnel at an Internet Service Provider into entering the transfer of location from one place to another by taking advantage of a software lack. complicating the victim company and impacting its business. There were three waves of attacks. two of which attempted to load spyware and adware onto victim machines and the third that appeared to be an attempt to drive users to a Web site selling pills that are often sold through spam email. bogus Web sites. A pharming attack that took place weeks after this incident had more dangerous consequences. Coursework Specifications Page 15 . Using a software flaw as their foothold. pharmers changed out hundreds of legitimate domain names for those of hostile. Once the original address was removed to the new address. the attacker had effectively hijacked the Web site and made the genuine site impossible to reach.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY Pharming example One of the first known pharming attacks was happened in early 2005.

More recent versions of Microsoft Windows and other popular software can be configured to download and apply updates automatically so that you do not have to remember to check for the latest software and taking advantage of "autoupdate" features in your software is a great way to keep yourself safe online. and might be enough to prevent a less-determined attacker to look for a more vulnerable computer elsewhere. One of the best ways to keep hackers away from your computer is to apply patches and other software fixes when they become available. many attacks can be avoided. Prevention Tips Cybercrime prevention can be performed when faced with a little technical advice and common sense.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY 5. Keep your computer security current with the latest patches and updates. Choose strong passwords and keep your information safe. Make sure your computer is managed securely. By evenly updating your computer. If you make their job more difficult. Protect your confidential information. There are some tips below provide basic information on how you can prevent online fraud. online criminals are trying to make their money as quickly and simple as possible. they will leave you alone and move on to an easier target. Protect computer with security software. Coursework Specifications Page 16 . you block attackers from being able to take advantage of software lacks (vulnerabilities) that they could otherwise use to go through into your system.      Keep your computer security current with the latest patches and updates. it only makes it more difficult for hackers to gain access to your system. blocks many basic and automated attacks completely. In general. While keeping your computer up-to-date will not protect you at all.

settings in your Web browser such as Internet Explorer or Firefox will decide what happens when you visit certain Web sites on the Internet. Configuring Internet applications such as your Web browser is one of the most important areas to focus on. Just check it whether it is secure enough and if you are installing your computer at home.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY Make sure your computer is managed securely. Passwords are a fact of life on the Internet today and we use them for everything such as online banking and logging into our favorite airline Web site to see how many miles we have collected. Choose strong passwords and keep your information safe. Don’t think that a newly purchased computer the right level of security for you. Coursework Specifications Page 17 . The strongest security settings will give you the most control over what happens online but may also disturbing some people with a large number of questions when they are searching some things ("This may not be safe. There are some tips can help make your online experiences secure: 1. pay attention not just to making your new system function. # $ %!?).g. For example. are you sure you want do this?") or the inability to do what they want to do. Oftentimes security and privacy settings can be simply configured without any sort of special expert skill by simply using the "Help" feature of your software or reading the vendor's Web site and if you are uncomfortable configuring it yourself call someone that experts in computer that you know and trust for assistance or contact the vendor directly. Choosing the level of security and privacy depends on the individual using the computer. Choose a password that cannot be easily guessed is the first step to keep passwords secure and away from the other people. numbers and symbols (e. but also focus on making it work securely. Strong passwords have eight characters or more and use a combination of letters. Avoid using the following as your password such as your login name.

Having security software that gives you control over software you may not want and protects you from online threats is essential to staying safe when you are going online. If you notice something weird with one of your online accounts. at least every 90 days. 2.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY anything based on your personal information such as your last name. This can decrease the damage caused by someone who has already gained your password to access to your account. your birthday and words that can be found in the dictionary. Most recent versions of antivirus software. The next line defense is your antivirus software. 3. one of the best steps you can take is to change your password immediately. Trojan horse and other type’s malicious programs. A firewall is usually your computer's first line defense. Your antivirus and antispyware software should be set to update itself. and it should update by itself every time you connect to the Internet. Protect your computer with security software. Change passwords regularly. Keep your passwords in a safe place and do not to use the same password for every service you use online. Several types of security software are necessary for basic online security and security software includes firewall and antivirus programs. Try to select especially strong and unique passwords for protecting important activities like online banking. You could think of a firewall as a sort of "policeman" that controls all the data that flow in and out of your computer on the Internet and allows communications that it knows are safe and blocking bad traffic such as attacks from ever reaching your computer. such as Norton Antivirus. which monitors all online activities such as email messages and Web browsing and protects an individual from viruses. also protect from spyware and potentially unwanted programs. worms. Coursework Specifications Page 18 . Firewall controls who and what can communicate and have access with your computer online.

Additionally. Real companies will not use email messages to ask for your personal information. phishing messages will often insist you that you have to act quickly to keep your account open. phone number.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY Organized security suites such as Norton Internet Security combine firewall. poor grammar. update your security. or urge you to provide personal information immediately or else something bad will happen. Web site addresses that are entirely numbers where there are normally words. Things that indicate a message may be deceitful are misspellings. Coursework Specifications Page 19 . Web site addresses with strange formats. the following list contains some tips for how to share personal information safely when going online: Keep an eye out and be careful for bogus email messages. Don't respond to email messages that ask for confidential information. and anything else out of the ordinary. and email address online and to take advantage of many online services. Since not leaking any personal information is rarely possible. home address. Protect your confidential information. Many people find using a security suite an attractive alternative to installing and setting several different types of security software as well as keeping them all up-to-date. malicious Web site. contact the certain company by phone or by typing in the company Web address into your Web browser and don't click on the links in these messages as they make take you to a fraudulent. When in hesitant. odd phrasings. you will inevitably have to provide personal information in order to handle billing and shipping of purchased goods. antivirus. Be careful when sharing personal information such as your name. antispyware with other features such as antispam and parental controls have become very popular as they offer all the security software needed for online protection into one package.

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY 6. with networks being used to carry out important transactions. Good software security practices can help ensure that software performs properly. Coursework Specifications Page 20 . We must have knowledge about that and how to keep our computer and confidential information safe so we can minimize damages or even we can prevent all unauthorized attacks. The environment in which machines must survive has changed fundamentally since the popularization of the Internet. The goal of my research is to familiarize you with the current best practices for keeping security flaws out of your software. We can avoid the Band-Aid-like penetrate-and-patch approach to security only by considering security as a important system property. Safety-critical and high-assurance system designers have always taken great damages to analyze and to track software behavior and security-critical system designers must follow suit. This requires integrating software security into your entire software engineering process is a topic that we take up in the next chapter. Conclusion Nowadays computer security is a vast topic that is becoming more important because the world is becoming highly interconnected. Cybercrime can happen anytime and anywhere.

html>  Computer security .ehow.jsp > Coursework Specifications Page 21 . References  Science and Technology Resources on the Internet-by Jane F.com/identity-theft/ >  Online Fraud: Phishing 10th October 2009 URL :< http://www.Wikipedia. Kinkus-11th October 2009 URL :< http://www.symantec.org/02-fall/internet.org/wiki/Hacker_(computer_security) >  Identity theft – eHow.Wikipedia.jsp > Online Fraud: Pharming 10th October 2009 URL :< http://www.com/norton/cybercrime/prevention.wikipedia.jsp>   Prevention tips 11th October 2009 URL :< http://www.com/norton/cybercrime/pharming.symantec.symantec.istl.com 10th October 2009 URL :< http://www.wikipedia.FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY 7.org/wiki/Computer_security>  Hacker (computer security) . the free encyclopedia 9th October 2009 URL :< http://en. the free encyclopedia 11th October 2009 URL :< http://en.com/norton/cybercrime/phishing.

FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY 8. Plagiarism Detect Page Coursework Specifications Page 22 .

Sign up to vote on this title
UsefulNot useful