MM College Assignment Submission Cover

Sheet

Student Name: Stuti Shah

Student No: 2672051

Unit Code: CP 795

Unit Name: Emerging technologies.

Assignment No:
if applicable
Assignment Name: Tutor 7

Date Due:

Lecturer Name:

Tutor Name:

Faculty / Staff only

Date Received:

Received by (Name):

Signature or initials:
Case Study Folder Q7.1

Using Internet search tools or other resources such as those

mentioned at the end of Chapter 7 of the text, research network
or web site hacking events that have occurred in the past 10
years.

Create a description of at least three such events.

• Paris Hilton may be victim of T-Mobile Web holes (2005)

The hacking may have exploited the company's Web site. A

flaw in a Web site feature to reset T-Mobile account passwords is
believed to have played a role in the hack of Hilton's T-Mobile
Sidekick account, which resulted in her star-studded address book,
photos, e-mail messages and voice mail being posted for public
consumption on the Internet. The password-reset hole is just one of
hundreds or even thousands of similar flaws in the mobile provider's
Web page that could give malicious hackers easy access to customer
information, according to an analysis by a security expert.

• A cracker has broken into a leading computer security

information website that survives hundreds of attempted
hacks every week. (Oct, 2000)
A cracker has broken into a leading computer security information
website that survives hundreds of attempted hacks every week.

AntiOnline, which has the strapline 'Hackers know the weaknesses in

the system”, and carries security news and information, was defaced
on 30th October 2000 by a hacker known as n1nor. The hacker
replaced the front page of the site with a message boasting about the
security flaw he had found.

• Network Associates hit by cyber criminals (Nov, 2000)

Computer security giant Network Associates has become a victim of

cyber crime, after two of its corporate websites were broken into.

Two of the company's Brazilian websites, www.nai.com.br and

www.mcafee.com.br, were vandalized this week by a group of
crackers called Insanity Zine Corp.

Front pages on both sites were replaced with rants from the crackers
in English and Portuguese. The pages show the Network Associates
logo and state: "And their Anti-virus software is owned too!" and "god
save the script kiddies".

Case Study Folder Q7.2

Using Internet search tools or other resources such as those

mentioned at the end of Chapter 7 of the text, research one
white or black hat hacking event that has happened in the last
5 years.
 Describe the event and the consequences of the event, that is,
was the hacker rewarded for his/her efforts or was he/she dealt
with by the authorities.

Gary McKinnon will likely be sent to the United States to stand trial for
various computer crimes ( April 4th, 2007)

A British hacker accused of breaking into secured government

computers and causing more than $700,000 in computer damages
lost an extradition appeal in the U.K. Last May, McKinnon was
indicted in northern Virginia and New Jersey, at the same time a
British judge decided that the hacker should be extradited to face
charges. This time, two leading British judges rejected the challenge
-- McKinnon now wants his case to be heard in the House of Lords,
England's highest appeals court.

McKinnon compromised around 100 computer systems, some of

which were operated by the Pentagon and NASA. The alleged
intrusions took place from February 2001 to March 2002, leading to
McKinnon's arrest in 2002. He was caught because some of the
software he used in the attacks was later traced back to an e-mail
address his girlfriend used.

McKinnon admitted that he made the intrusions, along with saying the
damage was unintentional and he was looking for evidence of UFOs.
The U.S. government has spent a considerable amount of time
reassuring U.K. prosecutors that McKinnon would be given a fair trial
once in U.S. jurisdiction.

If convicted, the man who carried out "the biggest military hack of all
time" could face up to 70 years in prison along with fines up to $1.7
million.

Case Study Folder Q7.3

Using Internet search tools or other resources such as those

mentioned at the end of Chapter 7 of the text, research at least
one security focussed web site (such as SecurityFocus.com).
Then write a few paragraphs that describe at least three
security issues. One of the issues should be related to
wireless security.

I have chosen UPEK Company for my security focussed website.

UPEK, Inc., the global leader in biometric fingerprint security

solutions, offers integrated end-to-end solutions including
comprehensive design & integration services to the world’s leading
consumer and industrial products companies. UPEK solutions
enable the strongest fingerprint authentication security available and
effortless user convenience. UPEK security solutions are easy to
deploy and integrate with existing infrastructure and network
architectures.
 UPEK biometric security products enable a wide range of
applications including password replacement for PCs and
applications, centralized management for corporate network
security, secure mobile transactions, protection of portable data,
identity verification for government and military applications, and
physical access control.

UPEK has been pioneering biometric fingerprint technology since

1996 and shipping product in volume since 1999. UPEK is
headquartered near Berkeley, California with offices in Prague,
Singapore, Taipei and Tokyo.

UPEK offers premium quality fingerprint authentication solutions

to the world’s largest brands in PCs, portable storage, mobile
phones, access control, and more. UPEK’s “trusted endpoint”
security architecture is designed to provide trust in the untrusted
environments of the PC, the network, and the Internet. UPEK gives
security for PC and Networking, Wireless, Portable storage,
Government ID, Physical Access and many more.

1. PC and Networking:

Securing PC:

UPEK’s secure fingerprint authentication module leverages existing

PC security architecture to protect access to notebook and desktop
PCs. PC users enjoy easy-to-use access to sensitive data with
hardware-based security that counters notebook theft and hacking.
Match-on-chip - Dedicated hardware-based security that protects
user privacy
Pre-boot Authentication - Protect PCs at the BIOS-level during
power-on
Single Sign-on (SSO) Logon to Windows®- One single swipe
authenticates the user at power-on and for the Windows logon
prompt
Integration with Trusted Platform Module (TPM) - “Trusted Path”
with the TPM allows use of strong encryption for protection of data.

Securing Network:

UPEK fingerprint authentication solutions are designed for scalability

and central management by IT managers. Corporate PC users enjoy
simplified access to VPNs and Wi-Fi connections, while corporate IT
departments benefit from reduced help desk costs and the ability to
establish a strong audit trail for regulatory compliance.

• Positive User ID - Identifies the actual user rather than relying

on a MAC address to simply identify a machine
• Unique Hardware Identifier - Unique identifier for each
fingerprint device enables verification of authorized hardware
• Finger-to-Server Match - Secure matching on a centralized
server from any network-connected UPEK device
• User Policy Management and Roaming Passport - Easy-to-
administer user permissions for IT managers and seamless
access to permission-specific applications and credentials for
corporate PC users
 • Active Directory / Microsoft Management Console (MMS) -
Integrates directly with Active Directory for easy setup

2. Physical Access:

UPEK physical access solutions enable access to safes, door locks,

buildings, time and attendance systems and automobiles, obviating
the need for keys and passwords that can be lost or forgotten. By
processing the enrollment and verification processes on a companion
chip, UPEK embedded solutions provide highly secure authentication
that is easy to integrate into physical access devices. For the highest
level of security, biometric fingerprint sensors complement access
control smartcards to provide multi-factor authentication. UPEK
authentication solutions also integrate into time and attendance
systems to verify employee presence and prevent buddy-punching.

3. Wireless

UPEK wireless solutions make your life more convenient by

protecting your privacy and giving you access to your wireless
world with the simple touch of your finger.

UPEK wireless solutions leverage the same award-winning

biometric technology that has made UPEK the leader in the
notebook PC market. Major PC and flash drive brands,
governments and enterprises rely on UPEK technology to
protect physical and digital assets.

UPEK wireless solutions offer these benefits:

Privacy - protect access to your personal information such as
contacts, email, music downloads, mobile wallet credentials and
more.

Authentication - restrict access to mobile enterprise applications and

data, and ensure easy, safe transactions such as mobile banking and
wireless payments.

Menu Navigation - minimize keystrokes needed to access contacts,

browsers and other applications.

Shortcuts - call any contact or launch any application with a swipe of

a single finger.

Case Study Folder Q7.4

Using the Virus Information Library at McAfee.com, the

Antiviral Toolkit Pro Virus Encyclopaedia, Symantec’s Virus
Encyclopaedia note 10 recently identified computer viruses.
Then create a table that identifies the following attributes of
each virus:
• Name
• Date identified
• Type (Trojan, worm etc)
• Destructive behaviour
Name Date Type Destructive
identified Behaviour.
Downloader.MisleadApp 06/11/2007 Trojan Low
Spy-Agent.cj 09/13/2007 Trojan Low
W32.Googbot@mm 09/17/2007 Worm Medium
Trojan.Simpdax!inf 09/15/2007 Trojan Low
Bloodhound.Exploit.161 09/14/2007 Trojan, Virus Low
Verbegon 09/14/2007 Trojan Low
VBS.Runauto.B 09/14/2007 Worm Medium
Exploit-DXMEDIA 09/13/2007 Trojan Low
FrogExer 09/11/2007 Trojan Low
Bloodhound.Exploit.160 09/13/2007 Trojan, Low
Virus, Worm