Week 8 Lecture (2).pptx

Full Transcript

Software Issues:
Risks and
Liabilities

BU 1173, WEEK 8, MISS
AMANDA PAANANEN

Definition:
Software
Software is a set of computer
programs made up of a sequence of
short commands called instructions
that tell the computer what to do.
individual or a company.

Normally, software is in two forms:
ROM (read-only
memory): built into the
computer’s more
permanent memory
RAM (random access
memory): loaded on
demand at runtime in less
permanent but more
volatile memory called

Definition: Software Producer
A software producer, or
developer, creates or develops a
set of programs to meet the
specifications of a user, if there is
a contract, or of a specific
problem if it is a general
software.
Developers are either individuals
working alone or companies such
as Microsoft, which employs
hundreds of software engineers
including analysts and
programmers.

Definition:
Software
Buyers
Software buyers, or customers,
obtain the finished software from
the developer to satisfy a need,
basing their decision on developer
claims.

Standards
Software developers must
convey to buyers’ satisfaction
that their products are of high
quality.
The buyer, however, has little
leverage in disputing the
claims of the developer in
these areas because there is
no single universally
acceptable and agreed upon
measure of software
standards.

But!!!
But there are universal basic
standards that a software
product must meet.
Such standards include the
mutually agreed upon criteria
and expectations of the buyer.
In this case, the law imposes
such standards, and if the
product does not live up to
them, the buyer has the right
to pursue legal action.

A quick look back at Intellectual
Property Rights…
Software Piracy! How can you
protect software?
 The act of copying, distributing, or
using privately owned software
 It’s a complex issue because it’s
easy for people to use software
without knowing that their copies
are illegal
 Others are confused by the ways
that they are allowed to use
certain software

Copyright Laws for Software
• Copyright laws that protect creative works can also be used to
protect computer programs and software
• In these cases the creator of the program or software has the
authority to decided how and when others use their work, or
reproduce it
• In order to register software for copyright however, a certain
amount of the creation information needs to be shared, thus
exposing any possible trade secrets

Patent Laws for Software
• Used to protect the creation of an idea, and the implementation
of that idea into actual use
• Patents for technology usually involve hardware of some kind,
and are not usually suitable for software

Trademarks for Software
• Not an effective way to
protect computer
programs
• Useful only if the creator
of the software owns a
company where a
trademark is applicable
• Consider Microsoft
Windows as an
example

Trade Secrets for Software
• Very effective when used to protect the concept that software or
computer programs are based on.

Software Security
Computer software now
stores the majority of the
vital information that
companies, and society, need
to function.
The security of software also
depends on the security of
the hardware being used.

Important
Term!
Security Breach - any
incident that results in
unauthorized access of
data, applications, services,
networks and/or devices, by
bypassing their underlying
security mechanisms.

Risk Assessment & Management
• In order to assess the security of
software, system managers need to
assess potential risks during the
design phase when creating
software, and the use phase
• Two key components of assessing
risk in software are assessment and
control
• Both components must be
evaluated, with documentation to
prove they have conducted the
evaluations, and possible

Glitches, Flaws,
& Weaknesses
• In order to properly assess
risk, software creators
need to try and identify,
and predict, a system’s
vulnerabilities
• This can be difficult to do
when the capabilities of
technology advance
constantly, and in ways
that aren’t always
predictable

Famous Software Breaches: Ashley
Madison
In July 2015, a group calling itself "The Impact Team" stole the
user data of Ashley Madison, a commercial website billed as
enabling extramarital affairs.
The group copied personal information about the site's user
base and threatened to release users' names and personally
identifying information if Ashley Madison would not
immediately shut down.
On 18 and 20 August, the group leaked more than 60 gigabytes
of company data, including user details.
Because of the site's policy of not deleting users' personal
information – including real names, home addresses, search
history and credit card transaction records – many users feared
being publicly shamed.

Infamous Software Breaches
2013-14
500 million Yahoo users had
their names, email addresses,
phone numbers and passwords
taken illegally during a
software breach
Once valued at over $1 billion,
the company lost its value and
was even forced to change its
name to stay in business –
Altaba, Inc.

FriendFinder Network
•Date: November 2016
•Number of affected users: 412 million
•What happened: Over 412 million user accounts
registered across the FriendFinder Network umbrella,
including Adult Friend Finder, were compromised in
October 2016.
•The hack exposed user information including email
addresses, passwords, IP addresses and membership
status. The company stored user passwords in plaintext
or using the weak SHA1 algorithm, meaning 99% of all
passwords could be easily cracked, according to
LeakedSource, a breach notification website.
•FriendFinder Network subsequently released a
statement advising that the company did “...fix a
vulnerability that was related to the ability to access
source code through an injection vulnerability."

Types of Computer System Attacks
Penetration
• Involves breaking into a
computer system to gain illegal
access to cyberspace content
and resources
• Gives the intruder the ability to
alter data files, change data,
plant viruses, or install
damaging programs
• Can be done from within a
network, or from outside
(hacking!)

Denial of Service Attacks
• DOS for short – newer form of
attack
• This type of attack does not
alter or destroy data; they affect
a systems ability to function
• Computer systems that are
attacked in this manner can
then be used to attack other
computer systems
• Can also be accomplished from
within or outside a network

Baby Monitor Breach

Another look at cybercrime
motives…
• Political Activism
• Vendetta
• Joke/Hoax
• Hacker’s Ethics
• Terrorism/Extortion
• Espionage
• Political & Military
• Business & Industrial

• Hate
• Personal Gain/Fame/Fun

Top 10 Infamous Anonymous Hacks

How are cybercrime victims
affected?
• Psychological Effects
• Fear, hate, seclusion and
isolation

• Moral Decay
• Bad behavior being accepted
as “normal”

• Loss of Privacy
• Tighter network security = less
privacy

• Loss of Trust
• Loss of faith in people,
systems, organizations, etc.

CYBER CRIME

Canadian Cybercrime Laws
(Cyber Law)
• We are still relying
heavily on the Canadian
Criminal Code, which
predates the internet!
• https://laws-lois.justice.g
c.ca/eng/acts/C-46/index.
html
• These leaves many gaps
in how applicable our
legal system is to cyber
crime

Making Cyber Law more Effective
• Local and country-wide laws should be
created specifically for computer crimes. Ex.
Computer tampering, computer fraud, etc.
• Standardized legal sentences should be
created for all computer crimes. Ex. Costly
fines, or set jail time.
• More computer ethics education needs to be
introduced into society. Ex. Public school
curriculum for grades 5-12

How can we prove that a
cybercrime has occurred?

DIGITAL CRIME

Digital Evidence

Important Term!
Digital Evidence
- digital footprints, or digital sequences, that
prove the cyber trail that has taken place
- can be provided in a court of law to establish
whether the accused is guilty or not

How to find digital evidence:
• Every electronic activity leaves a sequence of
‘footprints’ behind
• Digital evidence of a specific activity can be difficult to
find in the high volume of similar data that exists for
all electronic activities
• Sometimes this data can be found in hardware such as
CD’s, memory sticks, hard-drives, etc.
• Sometimes there is physical evidence like folders and
letters that provide evidence as well
• Monitoring a computer system, or person, who is
suspected of committing computer crimes can also
provide evidence of criminal actions
• You have to be very careful when collecting digital
evidence, because it can be volatile – previewing or
acquiring data may disturb or change the data

The Infamous Pirate Bay
A very popular website that is used for illegally
downloading movies, television shows, music, etc.
It has been around for 15 years! Despite several raids,
criminal prosecutions, dozens of website blockades, and
other anti-piracy measures, the site continues to thrive
Was founded by Fredrik Neij, Gottfrid Svartholm, and
Peter Sunde, who were imprisoned for about a year and
charged with a $3.5 million fine
Even with the charges and allegations, the site was
never caught red-handed in an offense that entails
tougher punishments

How is it possible that more digital
evidence doesn’t exist?
• Instead of receiving a shared file from a single
uploader, torrents have decentralized
downloads, as data from various users are put
together
• They do this with over 25 servers, that are not
centrally located geographically
• If one of the servers keeping track of shared files
goes offline, users can still keep swapping data
• Their computer network also initiates database
backups whenever authorities attempt to raid
them and stop the torrent services

Week 6:
Required
Readings
•Textbook: Kizza, J. M. (2017).
Ethical and social issues in the
information age. 6th Edition.
ISBN 978-3-319-70712-9
•Chapter 8 Kizza,

References

IMAGES
https://pixabay.com/
https://www.freepik.com
/
wikipedia.com
psychologytoday.com

PPT adapted from:
Kizza, Chapter 8
https://en.wikipedia.org/wiki/
Ashley_Madison_data_breach
https://www.csoonline.com/article/2130877/thebiggest-data-breaches-of-the-21st-century.html