itsecurityideas

It's been a while since I've posted anything; so here's some recent expierences I've had. Recently I recieved a call from my bank, they had an automated attendant a recording advising me that my PIN had been comprimized; and I should visit my branch and have it changed as soon as possible. This plague had struck my significant other not even a month previsoulsy so I half expected it to hit me sooner or later. I've noticed a trend lately; within the realm of security, espcially where merchants are concernd. PIN Skimming is defined as making a copy of the IDE card (your debit or credit card is called an IDE card, not to be confused with Integrated Drive Electronics; which are inside most old computers as a hard drive interface bus!). Debit card fraud is on the rise; as are credit card fraud and various other forms; however this second version of fraud is interesteing in it's methods. http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/1105142446966_16/?hub=WFive T...

Javascript is client based and although it’s useful for AJAX and relies on the browser to be executed the use of Javascript makes the website and it’s developer depend on the client’s system (an unknown) to determine website performance. The Post Hypertext Processor (PHP) is a server side language programmed initially as a bunch of CGI scripts complied in C/C++, as such it’s a very efficient language.(Echo3) [i] The primary platform for web-development with PHP Is LAMP (Linux, Apache, PHP and MySQL);(Dougherty) [ii] (NetCraft) [iii] As with any programming language and website more than just the language must be considered to determine overall system performance with respect to the website expierence. An example of this is if we have the world most powerful supercomputer but only a dial-up connection no one will host web-sites on said computer. There are far more factors in performance than just the language; how many users are there? How much Bandwidth is there? What’s the loca...

The Document Object Model is defined by the W3C as: “The Document Object Model is a platform- and language-neutral interface that will allow programs and scripts to dynamically access and update the content, structure and style of documents. The document can be further processed and the results of that processing can be incorporated back into the presented page. This is an overview of DOM-related materials here at W3C and around the web.” (W3C) i The DOM is a form of advanced programmer interface (API), designed to allow web-developers access to fuctions and objects within the page via javascript. This allows the flexible creation and update of page and site elements in manners that most programmers would already understand. Since the DOM uses Javascript; it is executed within the Client Browser, it may also be executed by any language including but not limited to VBScript, C#, ASP.NET et cetera, ad nosium.(W3Schools) ii Since the DOM Model is Platform independent it may be ma...

The international standards organization (ISO) refers to a “business workflow” as “A sequence of Operations and or Work for an individual or group of persons either itself or as a process”.(ISO) [i] The origins of business workflows and workflow analysis are rooted in Operations Management. ( Pilkington et al. ) [ii] Requirements Analysis and Engineering is a method utilized within software engineering to elicit conditions and needs of the clients for a proposed software solution to a business issue in a structured manner as to facilitate the primary development stages of...

The web is growing at an exponential rate as the result of Moore’s Law (Moore) [i] , this creates an inverse proportion to the given “Cost” of information. Ie; as processing power doubles so too does storage, bandwidth, and all other related technology. A result of this is the reduction in cost of all technology; thus what once could host only 1000 web pages may now host 10,000, and thus the ability to host increases exponentially every 18 months. Information and Knowledge wants to be free as a result of its very nature as stated by Stwart Brand (Clarke) [ii] This results in instantaneous availability of mass amounts of information. This is the reason we now refer to the present as the “Information Age”. (Ulmer) [iii] We may easily fill volumes in regards to what is now available and how this impacts everyday life however for a look to the future and a prediction I foresee is the advent of wearable computing and communications as seen here with MIT’s Media Lab’s sixth sense.(Maes...

Insider Attacks Insider attacks are defined as security breaches where a person with access to a corporate system and or network misappropriates information from that system; or when an internal employee of a given company commits a security violation against that company. (Einwechter) [i] The NIST articulates that the most prevalent and common threat to any company is the insider attack as it is the least monitored and most difficult to detect; this was as of 1994 and has remained a constant fixture in network and systems security throughout the years. (Bassham et al.) [ii] Forensic Techniques The forensic techniques available currently include local system analysis, network traffic analysis and log file reporting and analysis; however these techniques are primarily used to detect and compile evidence where a case is known or where an external and foreign entity has compromised an internal system or network. Insider attacks may compromise a system but they may do so with user a...