1 / 17

Data Privacy & Security - 2013 S -

Data Privacy & Security - 2013 S -. Clinton E. White, Jr Professor of Accounting & MIS Lerner College of B&E University of Delaware. Google Privacy. What is the big deal about Google’s new privacy policy?. Google Privacy. What can you do about Google’s new privacy policy?. Mashups.

julian-best
Download Presentation

Data Privacy & Security - 2013 S -

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Privacy & Security- 2013 S - Clinton E. White, Jr Professor of Accounting & MIS Lerner College of B&E University of Delaware

  2. Google Privacy • What is the big deal about Google’s new privacy policy?

  3. Google Privacy • What can you do about Google’s new privacy policy?

  4. Mashups • Greasemonkey: • JavaScript for customizing & mashing up Web sites:

  5. Conficker • Conficker (November 2008) • The holy grail of botnets • Sept 2008 • Chinese hackers create & market a bot • Exploits Microsoft OSs • Uses port 445 • Executes a buffer overflow • Oct 2008 • Microsoft (out-of-band) patch • A flashing neon sign to hackers

  6. Conficker • MS OSs • 65,000 + ports • Listening points in an OS • Port 445 • Triggers RPC (Remote Procedure Call) • Leads to administrator privileges • Buffer overflow technique • Code arrives & execution begins • Execution is interrupted & put in a temp stack with a pointer • The interruption overflows the buffer, overwrites the pointer & calls the malware

  7. Conficker • The holy grail of botnets • Conficker A: • Downloads daily from 250 randomly generated domains • Conficker B: • Downloads daily from 250 domains over 8 TLDs • Disables AutoUpdates • Conficker C: • Conficker D: • Conficker E:

  8. Security • Honeynets • Clusters of computers on the Internet monitoring, capturing, dissecting, and writing code to prevent malware • The Conficker Cabal • MS, Afilias, Neustar, ICANN, McAfee, Semantec, & others

  9. Conficker • The holy grail of botnets • January 2009: • Estimated 15 million infected computers • Damage: • French Navy network … UK Ministry of Defense … Bundeswehr … City of Manchester … UK House of Commons • Mid-2012; • Estimated 1.7 million infected computers

  10. The Crimeware Landscape • Viruses … Worms … Phishing … Identity Theft … Keyloggers … Injections • FBI • Credit card theft, intellectual property theft, net work intrusions - 1 million victims every day

  11. Hacktivists • Hacktivists: • For fun and national pride • Anonymous • Collaborative hactivists • Saudi-Israeli • Credit cards • LulzSec team • Sony Pictures (2011), CIA website • Poison team • Anti-US, Israeli, UN, Facebook, …

  12. TJ Maxx • Jan 2007: • Estimated 94 M credit & debit accounts

  13. TJ Maxx • As internal and external auditors, what can we learn from this debacle?

  14. The Problem • What if? • You could execute a cyberattack that crippled a country’s internet connection? • You could execute a cyberattack that would sabotage specific machines • You could execute a cyberattack to skim bank accounts • You could attack:

  15. The Problem • The black hats • The good guys

  16. Authentication • Question: • How would you authenticate a person doing an important transaction like a large financial transaction from a cell phone?

  17. The “data breach” • Question: • How do you protect your IS from someone getting inside and accessing your data? • What can you do about it?

More Related