Ecommerce Chapter 5
digital signature
"signed" cipher text that can be sent over the internet
Rootkits
A program whose aim is to subvert control of the computers operating system
Bot herder
An external third party that controls computers through a bot
Smishing
Attacks exploiting SMS messages
public key infastructure
CAs and digital certificate procedures that are accepted by all parties
potentially unwanted program
program that installs itself on a computer, typically without the users informed consent
firewall
refers to either hardware of software that filters communication packets and prevents some packets from entering the network based on a security policy
proxy server
software server that handles all communications originating from or being sent to the internet, acting as a spokesperson or body guard for the organization
zero-day vulnerability
software vulnerability that has been previously unreported and for which no patch yet exsists
cipher text
text that has been encrypted and thus cannot be read by anyone other than the sender and reciever
privacy
the ability to control the use of information about oneself
availability
the ability to ensure that an eCommerce site continues to function as intended
nonrepudiation
the ability to ensure that e-commerce participants do not deny their online actions
integrity
the ability to ensure that information being displayed on a web site or transmitted or received over the internet has not been altered in anyway by an unauthorized party
confidentiality
the ability to ensure that messages and data are available only to those who are authorized to view them
authenticity
the ability to identify the identity of a person or entity with whom you are dealing with on the internet
transposition cipher
the ordering of the letters in each words is changed in some systematic way
encryption
the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the receiver. Used to secure stored info and info transmission. Provides four of the six key ecomm security dimensions: integrity, nonrepudiation, authentication, and confidentiality
Virtual private networks
these allow remote users to securely access internal networks via the internet, using PPTP, an encoding mechanism that allows one local netowrk to connect to another using the internet as the conduit
public key cryptograph
two mathematically related digital keys are used: a public key and a private key. Both keys are used to encrypt and decrypt a message, once used the same key cannot be used to unencrypt the message
bot
type of malicious code that can be covertly installed on a computer when attached to the internet. Once installed, responds to external commands sent by the attacker
virtual currency
typically circulates within an internal virtual world community or is issued by a specific cooperate entity, and used to purchase virtual goods
Distrbuted Denial of Service attack
using numerous computers to attack the target network from numerous launch points (DDoS)
cracker
within the hacking community, a term typically used to denote a hacker with criminal intent
cybervandalism
intentionally disrupting, defacing, or destroying a site
browser parasite
a program that can monitor and change the settings of a users browser
spyware
a program used to obtain information such as users keystrokes, email, instant messages, and so on
near field communication
a set of short range wireless technologies used to share information among devices
certification authority
a trusted third party that issues digital certificates
sniffer
a type of eavesdropping program that monitors info traveling over a network
cipher key
any method for transforming plain text into cipher text
Trojan horse
appears to be benign, but then does something unexpected. Often a way for viruses or other malicious code to be introduced into a computer system
symmetric key encription
both the sender and the receiver use the same key to encrypt and decrypt the message Aka: secret key encryption
botnet
collection of captured bot computers; can be used for malicious activities such as sending spam, DDoS attacks, stealing information, and storing network traffic for later analysis
hacktivism
cybervandalism and data theft for political purposes
substitution cipher
every occurrence of a given letter is replaced systematically by another letter
social engineering
exploitation of human flexibility and gullibility to distribute malware
backdoor
feature of viruses, worms, and Trojans that allow an attacker to remotely access a compromised computer
Denial of Service attack
flooding the web site with useless traffic to inundate and overwhelm the network (DoS)
electronic billing presentment and payment system
form of online payment systems for monthly bills
malicious code
includes a variety of threats such as viruses, worms, Trojan horses, and bot.
six key dimensions to ecomm security
integrity, nonrepudiation, authenticity, confidentiality, privacy, availability
drive-by download
malware that comes with a downloaded file that a user requests
worm
malware that is designed to spread from computer to computer
spoofing
misrepresenting oneself by using fake email addresses or masquerading as someone else
SSL and TLS
most common form of securing channels, provides data encryption, server authentication, client authentcatin, and message integrity for TCP/IP connections
data breach
occurs when an organization loses control over its information to outsiders
one-way irreversible mathematical function
once the algorithm is applied the input cannot be subsequently derived form the output; like mixing and baking ingredients from a recipe cannot be reversed
online stored value payment system
permits consumers to make instant, online payments to merchants and other individuals based on value stored in an online account
session key
a unique symmetric encryption key chosen for a single secure session
visual private network
allows remote users to securely access internal networks via the internet, using the Point-to-Point Tunneling Protocol
hash function
an algorithm that produces a fixed length number called a hash or message digest, used between sender and reviever to verify the message has not been altered
digital cash
an alternative payment system in which unique, authenticated tokens, represent cash value
hacker
an individual who intends to gain unauthorized access to a computer system
phishing
and deceptive, online attempt by a third party to obtain confidential information for financial purposes
Internet crime complaint center
IC3 - A partnership between the national white collar crime centre and the Federal bureau of investigation
Madware
Innocent looking apps that contain adware that launches pop up ads and text messages on your mobile device
Exploit
Malicious code designed to take advantage of software vulnerabilities in a computers operating system, web browser, applications, or other software components
digital certificate
a digital document issued by a certification authority that contains the name of the subject or company, the sujbects public key, a digital certificate serial number, an expiration date, an issuance date, the digital signature of the certification authority, and other identifying info
trust
Many companies are hesitant to report cybercrime due to the fear of losing the ______ of their customers and the difficulty quantifying the actual dollar amount of the loss.
Pharming
Spoofing a website
Vishing
Targets gullible cell phone users with a verbal message to call a certain number
adware
a PUP that serves popup ads to your computer
merchant account
a bank account that allows companies to process credit card payments and receive funds from those transactions
secure negotiated session
a client server session in which the URL of the requested document, along with the contents, contents of forms, and the cookies exchanged, are encrypted.
virus
a computer program that has the ability to replicate or make copies of itself, may deliver a payload, and spreads from computer to computer
Client, server, and communications pipeline
Three key points of vulnerability when dealing with e-commerce