Professional Documents
Culture Documents
MODULE 3
INFORMARTION AS RESOURCE WITH CONTROL AND PRIVACY
INTRODUCTION:
This module presents the physical, conceptual and information
resourcesthat an organization need to operate. You will gain awareness of
the pros and cons in the internet world. It talks about the importance of
Intellectual Property rights and Data Privacy of the Philippines.
LEARNING OBJECTIVES:
After studying the module, you should be able to:
DIRECTIONS/MODULE ORGANIZER:
There are three lessons in the module. Read each lesson carefully
then answer the activities. For instructions about submission, you will be
guided by your instructor.
LESSON 2
In this lesson we are going to learn about the threats to our online
security, privacy and information and become aware so that we can minimize
the threats brought by misuse and unwanted behaviors. We will also learn
about the proponents involved in breaking our security and privacy.
Information Security
Hackers
We defined hackers in our previous lesson as people who use
Information Technology in unconventional or unusual way. As a threat,
hackers are labeled as bad people with bad intentions. However, not all
hackers are consideredbad. To show us what this means, we will learn more
about the different types of hackers.
into systems and will often deface the website as a protest. They
usually hack into government websites.
• Script kiddies or script bunnies find hacking code on the Internet
and click-and-point their way into systems to cause damage or
spread viruses.
• White-hat hackers work at the request of the system owners to find
system vulnerabilities and plug the holes. Sometimes they are
given other titles such as penetration testers and ethical hackers.
Viruses
One of the most common forms of computer vulnerabilities is a virus.
• A virus is software written with malicious intent to cause
annoyance or damage. Some hackers create and leave viruses,
causing massive computer damage.
• A Malware (malicious software) is a software that is intended to
damage or disable computers and computer systems.
• A worm spreads itself not only from file to file but also from
computerto computer.
Hacker Weapons
Going online makes everything easy, but with it comes online security
threats. Some of these threats employed by hackers are the following.
3. Application Vulnerabilities
Application vulnerabilities are usually bugs and errors found in the code of a
specific program which can be taken advantage of by cybercriminals or
hackers to access and steal user data. These are what hackers try to exploit to
gain access to private data. These issues are normally solved with a software
update.
Bugs are part of apps that were problems not resolved or seen by the app
creators which hackers use to gain access to private data.
4. Scams
Scammers have been preying on people before the Internet was a
thing. Now, they’re more active and successful than ever since scamming
people out of their money and personal information is much easier.
Usually, scammers will employ all sorts of tactics to deceive online users and
trick them into revealing sensitive information (like their Social Security
Number, credit card details, bank account details, email login credentials,
etc.) so that they can either steal their money or their identity.
Online scams will usually involve phishing attempts, but they can also
involveother methods:
• Ponzi schemes
• Pyramid schemes
• Catfishing (Fake Profiles)
Watch videos
Pyramid Scheme: https://bit.ly/2TZQgZ6
Ponzi Scheme: https://bit.ly/2I3lADv
1. Man-in-the-Middle Attack
Man-in-the-Middle (MITM) attacks involve a cybercriminal intercepting or
altering communications between two parties.
2. Spamming
Spamming can be defined as the mass distribution of unsolicited messages
on the Internet. The messages can contain anything from simple ads to
pornography. The messages can be sent through email, on social media, blog
comments, or messaging apps.
3. WiFi Eavesdropping
WiFi eavesdropping normally takes place on unsecured WiFi networks
(usually the free ones you see in public), and it involves cybercriminals taking
advantage of the lack of encryption to spy on your online connections and
communications. They could see what websites you access, what email
messages you send, or what you type into a messaging application.
4. Social Engineering
Hackers don’t only resort to exploiting computers. They also exploit social
trust. Hackers cannot hack into computers that are not connected to the
internet, so one way to hack into it is to hack into people’s minds. Phishing is
aform of social engineering because its primary method is to exploit social
trust.Dumpster diving, or looking through people’s trash, is another way for
hackers obtain information. Pretexting is a form of social engineering in
which one individual lies to obtain confidential data about another individual.
2. Something the user has, such as a smart card or token. Tokens are
small electronic devices that change user passwords automatically. A
smart card is a device about the size of a credit card containing
embedded technologies that can store information and small amounts of
software to perform some limited processing. Today we have our phones
which has our unique contact numbers to be used as an authenticator. If
you have experienced using OTP (One-time Pin / One-time Password),
that is an example of this. For example, when sending money through
mobile banking, the banks send an OTP to your phone which you can
enter to the mobile banking app to authenticate whether it is really you
who is doing the transaction. OTPs usually are in the form of 4 to 6- digit
numbers.
3. Something that is part of the user, such as a fingerprint or voice
signature. This is by far the best and most effective way to manage
authentication. Biometrics are devices that are used for this type of
authentication. It recognizes one or more of your physical features such
as fingerprints, face, iris, voice, and others which are unique to every
person.
Single-factor authentication is
the traditional process which
requires a username and
password. Some websites have
only this level of authentication.
10. Educate yourself and the people around you about online security
LEARNING ACTIVITY 8
Give a long answer. Your answers can be short and direct to the point.
Article was excerpted from Wired.com:
https://www.wired.com/story/facebook-security-breach-50-million-
accounts/
The bugs that enabled the attack to have since been patched, according to
Facebook. The company says that the attackers could see everything in a
victim's profile, although it's still unclear if that includes private messages or if
any of that data was misused. As part of that fix, Facebook automatically
logged out 90 million Facebook users from their accounts Friday morning,
accounting both for the 50 million that facebook knows were affected, and an
additional 40 million that potentially could have been. Later Friday, Facebook
also confirmed that third-party sites that those users logged into with their
Facebook accounts could also be affected.
Facebook has yet to identify the hackers, or where they may have originated.
“We may never know,” Guy Rosen, Facebook’s vice president of product, said
on a call with reporters Friday. The company is now working with the Federal
Bureau of Investigation to identify the attackers. A Taiwanese hacker named
Chang Chi-yuan had earlier this week promised to live-stream the deletion of
Mark Zuckerberg's Facebook account, but Rosen said Facebook was "not
aware that that person was related to this attack."
“If the attacker exploited custom and isolated vulnerabilities, and the attack
was a highly targeted one, there simply might be no suitable trace or
intelligence allowing investigators to connect the dots,” says Lukasz Olejnik, a
security and privacy researcher and member of the W3C Technical
ArchitectureGroup.
“This is a really serious security issue, and we’re taking it really seriously,” he
said. “I’m glad that we found this, and we were able to fix the vulnerability
and secure the accounts, but it definitely is an issue that it happened in the
first place.”
The social network says its investigation into the breach began on September
16, when it saw an unusual spike in users accessing Facebook. On September
25, the company’s engineering team discovered that hackers appear to have
exploited a series of bugs related to a Facebook feature that lets people see
what their own profile looks like to someone else. The "View As" feature is
designed to allow users to experience how their privacy settings look to
another person.
The first bug prompted Facebook's video upload tool to mistakenly show up
on the "View As" page. The second one caused the uploader to generate an
access token—what allows you to remain logged into your Facebook account
on a device, without having to sign in every time you visit—that had the same
sign-in permissions as the Facebook mobile app. Finally, when the video
uploader did appear in "View As" mode, it triggered an access code for
whoever the hacker was searching for.
That also explains Friday morning's logouts; they served to reset the access
tokens of both those directly affected and any additional accounts “that have
been subject to a View As look-up” in the last year, Rosen said. Facebook has
temporarily turned off "View As," as it continues to investigate the issue.
“It’s easy to say that security testing should have caught this, but these types
of security vulnerabilities can be extremely difficult to spot or catch since they
rely on having to dynamically test the site itself as it’s running,” says David
Kennedy, the CEO of the cybersecurity firm TrustedSec.
…
Prepared by: