Nowadays, people are busy to do their business, everyday just working from morning to night. Saturday and Sunday is a rest time and enjoy their personal life hours. So, more and more getting using internet to do online banking or payment transaction, apply credit card, and update personnel information through network system. No wonder, now network system is getting popular and more convenient because internet is easy and useful tool that help people to do thing with lesser cost and more efficiency. But, as the internet users display more of their personal information on social networking web sites, and office workers upload more sensitive data to online software programs, computer hackers are employing increasingly sophisticated methods to pry that information loose. In many cases, they are devising small attacks that can go into traditional security software, while exploiting the trust users place in popular business and consumer Web sites.
There are many threats to e-commerce that may come from sources within an organization or individual. The followings are some of the potential security threats that can be found: 1. Tricking the shopper - It is one of the easiest and most profitable attacks, also known as social engineering techniques. These attacks involve surveillance of the shopper’s behavior, gathering information to use against the shopper. For example, a mother’s maiden name is a common challenge question used by numerous sites. If one of these sites is tricked into giving away a password once the challenge question is provided, then not only has this site been compromised, but it is also likely that the shopper used the same logon ID and password on other sites.
2. Snooping the shopper’s computer - Most users’ knowledge of security vulnerabilities of their systems is vague at best. Additionally, software and hardware vendors, in their quest to ensure that their products are easy to install, will ship products with security features disabled. In most cases, enabling security features requires a non-technical user to read manuals written for the technologist. The confused user does not attempt to enable the security features. This creates a treasure trove for attackers.
3. Sniffing the network - Here, the attacker monitors the data between the shopper’s computer and the server. He collects data about the shopper or steals personal information, such as credit card numbers.
4. Using known server bugs - The attacker analyzes the site to find what types of software are
used on the site. He then proceeds to find what patches were issued for the software. Additionally, he searches on how to exploit a system without the patch. He proceeds to try each of the exploits. The sophisticated attacker finds a weakness in a similar type of software, and tries to use that to exploit the system. This is a simple, but effective attack.
0 comments:
Post a Comment