84 resultados para hacking
Resumo:
Computer security is becoming a global problem. Recent surveys show that there increased concern about security risks such as hackers. There is also an increase in the growth of Internet access around the world. This growth of the Internet has resulted in the development of new businesses such as e-commerce and with the new businesses come new associated security risks such as on-line fraud and hacking. Is it fair to assume the security practices are the same all over the world? The paper tries to look at security practices from a number of different countries perspective and tries to show that security practices are not generic and vary from country to country.
Resumo:
In an environment where commercial software is continually patched to correct security flaws, penetration testing can provide organisations with a realistic assessment of their security posture. Penetration testing uses the same principles as criminal hackers to penetrate corporate networks and thereby verify the presence of software vulnerabilities. Network administrators can use the results of a penetration test to correct flaws and improve overall security. The use of hacking techniques, however, raises several ethical questions that centre on the integrity of the tester to maintain professional distance and uphold the profession. This paper discusses the ethics of penetration testing and presents our conceptual model and revised taxonomy.
Resumo:
The aim of the paper is to look at the way hackers act and ways in which society can protect itself. The paper will show the current views and attitudes of hackers in an Australian context. The paper will also include a case study to show how a hacking incident can develop and how technology can be used to protect against hacking.
Resumo:
This paper presents a case study of a compromised Web server that was being used to distribute illegal 'warez'. The mechanism by which the server was compromised is discussed as if the way in which it was found. The hacker organisations that engage in these activities are viewed as a Virtual Community and their rules and code of ethics investigated.
Resumo:
In an environment where commercial software is continually patched to correct security flaws, penetration testing can provide organisations with a realistic assessment of their security posture. Penetration testing uses the same principles as criminal hackers to penetrate corporate networks and thereby verify the presence of software vulnerabilities. Network administrators can use the results of a penetration test to correct flaws and improve overall security. The use of hacking techniques, however, raises several ethical questions that centre on the integrity of the tester to maintain professional distance and uphold the profession. This paper discusses the ethics of penetration testing and presents our conceptual model and revised taxonomy.
Resumo:
Examines the attitudes of Australian IS/IT managers to the concept of cyber-vigilantism. Also, it explores the policies and procedures which have been set in place by various organisations to cope with concerted attacks on their systems. It finds that although a majority of managers do approve of the concept of “striking back”, only a minority are prepared for this eventuality. There appears to be complacency about the threats posed by organised, offensive attackers.
Resumo:
The synthetic control (SC) method has been recently proposed as an alternative method to estimate treatment e ects in comparative case studies. Abadie et al. [2010] and Abadie et al. [2015] argue that one of the advantages of the SC method is that it imposes a data-driven process to select the comparison units, providing more transparency and less discretionary power to the researcher. However, an important limitation of the SC method is that it does not provide clear guidance on the choice of predictor variables used to estimate the SC weights. We show that such lack of speci c guidances provides signi cant opportunities for the researcher to search for speci cations with statistically signi cant results, undermining one of the main advantages of the method. Considering six alternative speci cations commonly used in SC applications, we calculate in Monte Carlo simulations the probability of nding a statistically signi cant result at 5% in at least one speci cation. We nd that this probability can be as high as 13% (23% for a 10% signi cance test) when there are 12 pre-intervention periods and decay slowly with the number of pre-intervention periods. With 230 pre-intervention periods, this probability is still around 10% (18% for a 10% signi cance test). We show that the speci cation that uses the average pre-treatment outcome values to estimate the weights performed particularly bad in our simulations. However, the speci cation-searching problem remains relevant even when we do not consider this speci cation. We also show that this speci cation-searching problem is relevant in simulations with real datasets looking at placebo interventions in the Current Population Survey (CPS). In order to mitigate this problem, we propose a criterion to select among SC di erent speci cations based on the prediction error of each speci cations in placebo estimations
Resumo:
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)
Resumo:
L’avanzare delle tecnologie ICT e l’abbattimento dei costi di produzione hanno portato ad un aumento notevole della criminalità informatica. Tuttavia il cambiamento non è stato solamente quantitativo, infatti si può assistere ad un paradigm-shift degli attacchi informatici da completamente opportunistici, ovvero senza un target specifico, ad attacchi mirati aventi come obiettivo una particolare persona, impresa o nazione. Lo scopo della mia tesi è quello di analizzare modelli e tassonomie sia di attacco che di difesa, per poi valutare una effettiva strategia di difesa contro gli attacchi mirati. Il lavoro è stato svolto in un contesto aziendale come parte di un tirocinio. Come incipit, ho effettuato un attacco mirato contro l’azienda in questione per valutare la validità dei sistemi di difesa. L’attacco ha avuto successo, dimostrando l’inefficacia di moderni sistemi di difesa. Analizzando i motivi del fallimento nel rilevare l’attacco, sono giunto a formulare una strategia di difesa contro attacchi mirati sotto forma di servizio piuttosto che di prodotto. La mia proposta è un framework concettuale, chiamato WASTE (Warning Automatic System for Targeted Events) il cui scopo è fornire warnings ad un team di analisti a partire da eventi non sospetti, ed un business process che ho nominato HAZARD (Hacking Approach for Zealot Attack Response and Detection), che modella il servizio completo di difesa contro i targeted attack. Infine ho applicato il processo all’interno dell’azienda per mitigare minacce ed attacchi informatici.
Resumo:
La natura distribuita del Cloud Computing, che comporta un'elevata condivisione delle risorse e una moltitudine di accessi ai sistemi informatici, permette agli intrusi di sfruttare questa tecnologia a scopi malevoli. Per contrastare le intrusioni e gli attacchi ai dati sensibili degli utenti, vengono implementati sistemi di rilevamento delle intrusioni e metodi di difesa in ambiente virtualizzato, allo scopo di garantire una sicurezza globale fondata sia sul concetto di prevenzione, sia su quello di cura: un efficace sistema di sicurezza deve infatti rilevare eventuali intrusioni e pericoli imminenti, fornendo una prima fase difensiva a priori, e, al contempo, evitare fallimenti totali, pur avendo subito danni, e mantenere alta la qualità del servizio, garantendo una seconda fase difensiva, a posteriori. Questa tesi illustra i molteplici metodi di funzionamento degli attacchi distribuiti e dell'hacking malevolo, con particolare riferimento ai pericoli di ultima generazione, e definisce le principali strategie e tecniche atte a garantire sicurezza, protezione e integrità dei dati all'interno di un sistema Cloud.
Resumo:
Questo scritto mira a fare una panoramica dei problemi legati alla sicurezza della comunicazione tra componenti interne dei veicoli e delle soluzioni oggigiorno disponibili. Partendo con una descrizione generale del circuito interno dell’auto analizzeremo i suoi punti di accesso e discuteremo i danni prodotti dalla sua manomissione illecita. In seguito vedremo se ´è possibile prevenire tali attacchi dando un’occhiata alle soluzioni disponibili e soffermandoci in particolare sui moduli crittografici e le loro applicazioni. Infine presenteremo l’implementazione pratica di un protocollo di autenticazione tra ECUs e una dimostrazione matematica della sua sicurezza.
Mutations in the cofilin partner Aip1/Wdr1 cause autoinflammatory disease and macrothrombocytopenia.
Resumo:
A pivotal mediator of actin dynamics is the protein cofilin, which promotes filament severing and depolymerization, facilitating the breakdown of existing filaments, and the enhancement of filament growth from newly created barbed ends. It does so in concert with actin interacting protein 1 (Aip1), which serves to accelerate cofilin's activity. While progress has been made in understanding its biochemical functions, the physiologic processes the cofilin/Aip1 complex regulates, particularly in higher organisms, are yet to be determined. We have generated an allelic series for WD40 repeat protein 1 (Wdr1), the mammalian homolog of Aip1, and report that reductions in Wdr1 function produce a dramatic phenotype gradient. While severe loss of function at the Wdr1 locus causes embryonic lethality, macrothrombocytopenia and autoinflammatory disease develop in mice carrying hypomorphic alleles. Macrothrombocytopenia is the result of megakaryocyte maturation defects, which lead to a failure of normal platelet shedding. Autoinflammatory disease, which is bone marrow-derived yet nonlymphoid in origin, is characterized by a massive infiltration of neutrophils into inflammatory lesions. Cytoskeletal responses are impaired in Wdr1 mutant neutrophils. These studies establish an essential requirement for Wdr1 in megakaryocytes and neutrophils, indicating that cofilin-mediated actin dynamics are critically important to the development and function of both cell types.
Resumo:
A majority of national governments across the EU have long tried to cordon off their practices of mass interception of communications data and cyber-hacking of foreign companies and diplomats from supranational scrutiny by the EU institutions and courts, arguing that they remain within the remit of their ‘exclusive competence’ on grounds of national security. In light of the revelations that some EU member states (namely the UK, France, Germany and Sweden) are running their own secret interception programmes, however, the question of whether the EU can and should intervene becomes more pressing. This commentary, by a team of JHA specialists at CEPS, offers four important legal reasons why the covert surveillance programmes of member states should not be regarded as falling outside the scope of EU intervention.
Resumo:
This article analyses security discourses that are beginning to self-consciously take on board the shift towards the Anthropocene. Firstly, it sets out the developing episteme of the Anthropocene, highlighting the limits of instrumentalist cause-and-effect approaches to security, increasingly becoming displaced by discursive framings of securing as a process, generated through new forms of mediation and agency, capable of grasping inter-relations in a fluid context. This approach is the methodology of hacking: creatively composing and repurposing already existing forms of agency. It elaborates on hacking as a set of experimental practices and imaginaries of securing the Anthropocene, using as a case study the field of digital policy activism with the focus on community empowerment through social-technical assemblages being developed and applied in ‘the City of the Anthropocene’: Jakarta, Indonesia. The article concludes that policy interventions today cannot readily be grasped in modernist frameworks of ‘problem solving’ but should be seen more in terms of evolving and adaptive ‘life hacks’.
