1 Imagine you are the owner of an ecommerce Web site a What

1) Imagine you are the owner of an e-commerce Web site.
a. What are some of the signs that your site has been hacked?
b. Discuss the major types of attacks you could expect and the resulting damage to your site.

2)    Given the shift toward mobile commerce,
a. do a search on mobile commerce crime.
a. Identify and discuss in one page the new security threats this type of technology creates.

Solution

1) Imagine you are the owner of an e-commerce Web site.

        a. What are some of the signs that your site has been hacked?

        b. Discuss the major types of attacks you could expect and the resulting damage to your site.

ANS 1 a. The sign that your site is hacked-

If you visit your website, and instead of seeing the page you have created you see something entirely different it’s likely that your page has been “defaced.” Normally, these types of hackers will have a “hacked by…” message displaying to take credit for the hack.

If you cannot access your admin section of your website, it’s possible the hacker has gained access to the administrator account or cpanel and altered the passwords.

Google will watch your site for problems when it scans and report any problems back to you in Google Webmaster Tools. Unfortunately while it is very good at telling you about the problem it is also very good at telling your customers as well. This is what causes the warning boxes to pop up in your browser when visiting a site.

You see a sudden, unexplained decrease in site traffic or conversions. If Google Analytics says your traffic is indeed down, this may be because site visitors are receiving the warnings about your site being unsafe.

Ans 1b The major type of attack we expected and resulting damage are as following-

SQL injection attacks, in their most basic form, are methods of abusing an application’s interaction with its back-end database. These attacks leverage non-validated inputs to modify existing database queries to achieve unintended results and frequently target websites and web applications.

In today’s network environment, content management systems (CMS) are ubiquitous. CMS provide an incredibly wide array of functionality including publishing, modifying content, organizing data and managing users. As with everything else, the more common it is, the more often it is targeted. CMS vulnerabilities that are left unpatched are often targeted and used as a foothold to install backdoor programs. A backdoor can lay in wait for days, months or even years before threat actors return to use it to gain access again.

Ransomware is characterized by malware that prevents users, typically through encryption, from accessing their system, file shares or files. After gaining access and control, threat actors hold the data for “ransom” until the user agrees to pay money to regain access to their data. For this reason, we consider data ransomware as a lethal data breach scenario.

These attacks involve surveillance of the shopper\'s behavior, gathering information to use against the shopper. For example, a mother\'s maiden name is a common challenge question used by numerous sites. If one of these sites is tricked into giving away a password once the challenge question is provided, then not only has this site been compromised, but it is also likely that the shopper used the same logon ID and password on other sites. A common scenario is that the attacker calls the shopper, pretending to be a representative from a site visited, and extracts information. The attacker then calls a customer service representative at the site, posing as the shopper and providing personal information. The attacker then asks for the password to bereset to a specific value. Another common form of social engineering attacks are phishing schemes. Typo pirates play on the names of famous sites to collect authentication and registration information.

2)    Given the shift toward mobile commerce,

        a. do a search on mobile commerce crime.

        a. Identify and discuss in one page the new security threats this type of technology creates.

ANS 2 a

A root kit is a particularly stealthy type of software that installs itself on a user’s device and hides itself from the normal modes of detection, letting it operate in secret to get privileged access to a computer and its user’s information.

QR codes can be a cool way for consumers to find out more about products and find a wealth of information with very little effort, but they’re not always safe. Mobile phone users never quite know where the codes will take them once scanned, and in a growing number of cases, QR codes are leading to sites that download a virus or malware onto the user’s mobile device.

If thieves can bypass a mobile phone’s security they can steal digital certificates.

Like its cousin phishing, smishing tries to trick individuals into revealing personal, private information. Smishers send their victims an SMS (text) message, baiting them into divulging personal details like bank account, credit card, or social security numbers.

Sadly, there’s such a big business built up around this kind of mobile crime that there are even common job titles associated with it (confirmer is one big one). Social engineers scam mobile users by either tricking them into giving them private information or by tricking companies that the individual uses. Sometimes, criminals will hack into bank accounts and change customer contact information.

According to McAfee, a leading antivirus provider, mobile security threats rose by 46% in 2010. Yet a whopping 70% of mobile phone users felt that their smartphones were safe from these kinds of attacks.

App stores open up a wealth of opportunities for criminals to fill your mobile device from crime ware.