E-commerce Security Issue (go back »)

      The E-commerce security issue. there are many issue of a small and big company

right now. especially when they are using Initernet for their revenue, transaction and

market their product on a global scale. Example of these issues are malicious code,

hacking and information gathering. malicious code or Also known as malware; it

includes viruses, Trojan horses, worms and harmful applications. These techniques

are used by a number of people on the internet in order to be able to infiltrate the

systems of individuals or mostly companies and be able to disrupt or retrieve

sensitive information. This is very important, because depending on the transaction

conducted online, either credit cards, exchange of information and company data, the i

ndividual using the techniques above can use the information to his advantage. This

can be often used for corporate espionage, or to disrupt company day to day

business. Hacking; Hackers are individuals that use their skills and find weaknesses

in web sites and or computer systems to infiltrate and retrieve information often with a

criminal intent. Several times hackers destroy archives, web sites, applications and

computer systems which this in technological terms is called cybervandalism.

Hackers, that post these vulnerabilities of company owned networks, programs and

application on the internet, and hackers that vandalise for what ever purpose company

data compromise the sensitive information and shake the trust of companies trading

in the B2B environment.Information gathering is also a way of compromising

corporate transactional or confidential information. This can be done in four ways: •

Social engineering. The simplest of attacks. An individual can compromise and find

weaknesses in companies by just having casual phone conversations with company

staff. A “con-artist” can retrieve information from company staff by asking simple

information like, where are your servers, or what database is the company using or

operating system is in place. As a result the hackers can better direct their attack and

thus increase their chances of success. It vital for companies to ensure that staff is

properly educated on the confidentiality of this information. • Dumpster Diving. Even

today companies throw away a big number of paper based information without

disposing of it correctly (e.g. shredding). Individuals tend to search through the

organisations trash and find, sensitive information like, organisation charts,

password, directories-mails, and confidential client information such as bank

accounts, recent purchases etc. • Network sniffing. A big number of sensitive data

travelling on the web and especially between businesses sometimes are not

encrypted. This allows an attacker that uses special tools to be able to gain access to

the connections made and read the data. This can be from simple e-mails to e-mail

contracts and B2B trading agreements. • Basic Services. Operating systems are

installed with default services that attackers can exploit by using the correct tools.

These often reveal login information which the attacker can use to gain access to

company systems.

       I feel really Bad. In this kind of big environment. there are many ways to find income or to have money. whether they do it in a legal way or illegal ways.

In Assisgnment in IT310B