Q1. How is computer hacking of data and information be presented?
#1: Phishing Scams
Email phishing is one of the oldest, and most successful, web hacking techniques out there. Perpetrators
send out mass emails that appear to be an authentic communication from a bank, subscription service or
online payment site. The email tells the recipients to verify their account information by clicking on a
special link. Once people click the link and supply their login information, the hackers are able to divert
money away from the account. Approximately 0.4 percent of people targeted fall victim to these
attacks. That might not sound like much, but if just 100,000 people receive a scam email, statistics tell us
that 400 of them are going to fall for the scam.
Within your company, it’s important to provide ongoing training and education about these types of
attacks. This is the best method for keeping employees from unintentionally providing information that
could compromise your business network.
Another common phishing scam involves the hacker contacting a target and advising them that they have
been the victim of a scam. The perpetrator offers to help the target and asks them for the very same
confidential information – such as social security numbers and banking details – they are claiming has
been stolen.
Remind team members to be on the lookout for suspicious e-mail attachments, pop-up screens asking for
personal information, and hackers posing as authority figures looking for personal or confidential data.
#2: Buffer Overflow
Buffer overflow techniques are used by more sophisticated hackers who are able to gain access to
customer data via online forms. The hacker navigates to an online form and proceeds to provide
excessive data in a form field.
Simple security techniques are unable to respond when a large volume of data is input into an
unexpected entry point.
The hacker might for example, be filling out a web form that asks for a zip code. The form is programmed
to expect five to nine characters, but a knowledgeable hacker can actually break through the system with
complex lines of code that are designed to either steal data, cause damage, or provide the hacker with an
alternate point of entry.
Modern subscription-based cloud security services employ unified threat management (UTM) technology
that helps identify and stop such attacks to keep proprietary data safe and sound from these types of
attacks.
#3: Password Hacking
The use of overly simple passwords and/or not changing the password that came with your computer,
modem or Wi-Fi router is one of the easiest ways you can prevent this type of hacking. There are
websites that provide default usernames and passwords for various models of routers, so it’s simply a
matter of trial and error for a motivated hacker to discover which router your company is using, and then
type in the default password. Change all default passwords when you acquire new equipment and
software, and train your team to change network passwords on a regular basis.
The most secure passwords are ones that use a combination of letters, numbers and special characters.
And while it may seem inconvenient, passwords should be changed every 30 to 60 days to keep your
business network safe.
While instituting a strict company password policy is a sound business practice, it is not always enough.
However, using a cloud-based data protection system in addition to this type of policy is usually enough
to keep a business safe. A simple subscription-based service can provide you with worry-free cyber
security protection for a remarkably affordable price per month.
#4: Downloading Free Software
Downloading free software is almost never a good idea for business owners.
Whether you are looking for a freeware or shareware version of Microsoft Office or accounting software,
consider that by going the free route you are potentially introducing malware, viruses, or “buggy”
software into your system.
Teams of programmers that may not have your best interests at heart are usually the ones designing and
offering free or cheap software. So unless you know that software is absolutely safe, it’s best to spend the
money for a tested commercial version.
#5: Fault Injection
Also known as “fuzzing,” fault injection is one of the more complicated web hacking techniques where
criminals research ways to infiltrate your source code and then try inputting different code to see if they
can crash the system. An example would be a hacker using a database query that could erase content, or
typing in a Web URL that delivers a worm into your network.
Some companies choose to pay “white-hat” firms to test their systems using different fault injection
techniques. Prototype-based fault injection tests a system either at the hardware level or the software
level by introducing a corruptive element to your network. “Black-hat” techniques, which are what
hackers use, generally revolve only around attacking software.
These types of attempts can be recognized through analysis by the UTM found in some cloud
services. With a single cyber attack costing businesses an average of $300,000, it’s imperative that all
business owners get ahead of these types of threats with precautionary security measures.
While no company is ever 100% safe against cyber-attacks, there are strong defenses that can be put in
place to either stop a threat in its tracks or deter would-be hackers from spending their time trying to
overcome additional layers of security.
How they can be prevented?
Update your OS and other software frequently, if not automatically. This keeps hackers from accessing
your computer through vulnerabilities in outdated programs (which can be exploited by malware). For
extra protection, enable Microsoft product updates so that the Office Suite will be updated at the same
time. Consider retiring particularly susceptible software such as Java or Flash, especially as many sites and
services continue to move away from them.
Download up-to-date security programs, including anti-malware software with multiple technologies for
protecting against spyware, ransomware, and exploits, as well as a firewall, if your OS didn’t come prepackaged with it. (You’ll want to check if your OS has both firewall and antivirus built in and enabled by
default, and whether those programs are compatible with additional cybersecurity software.)
Destroy all traces of your personal info on hardware you plan on selling. Consider using d-ban to erase
your hard drive. For those looking to pillage your recycled devices, this makes information much more
difficult to recover. If the information you’d like to protect is critical enough, removing the platters where
the information is stored then destroying them is the way to go.
Do not use open Wi-Fi on your router; it makes it too easy for threat actors to steal your connection and
download illegal files. Protect your Wi-Fi with an encrypted password, and consider refreshing your
equipment every few years. Some routers have vulnerabilities that are never patched. Newer routers
allow you to provide guests with segregated wireless access. Plus, they make frequent password changes
easier.
Speaking of passwords: password protect all of your devices, including your desktop, laptop, phone,
smartwatch, tablet, camera, lawnmower…you get the idea. The ubiquity of mobile devices makes them
especially vulnerable. Lock your phone and make the timeout fairly short. Use fingerprint lock for
the iPhone and passkey or swipe for Android. “It’s easy to forget that mobile devices are essentially small
computers that just happen to fit in your pocket and can be used as a phone,” says Jean-Philippe Taggart,
Senior Security Researcher at Malwarebytes. “Your mobile device contains a veritable treasure trove of
personal information and, once unlocked, can lead to devastating consequences.”
Sensing a pattern here? Create difficult passwords, and never use the same ones across multiple services.
If that’s as painful as a stake to a vampire’s heart, use a password manager like LastPass or 1Password.
For extra hacker protection, ask about two-step authentication. Several services have only recently
started to offer 2FA, and they require the user to initiate the process. Trust us, the extra friction is worth
it. Two-factor authentication makes taking over an account that much more difficult, and on the flip side,
much easier to reclaim should the worst happen.
Come up with creative answers for your security questions. People can now figure out your mother’s
maiden name or where you graduated from high school with a simple Google search. Consider answering
like a crazy person. If Bank of America asks, “What was the name of your first boyfriend/girlfriend?” reply,
“Your mom.” Just don’t forget that’s how you answered when they ask you again.
Practice smart emailing. Phishing campaigns still exist, but cybercriminals have become much cleverer
than that Nigerian prince who needs your money. Hover over links to see their actual URLs (as opposed to
just seeing words in hyperlink text). Also, check to see if the email is really from the person or company
claiming to have sent it. If you’re not sure, pay attention to awkward sentence construction and
formatting. If something still seems fishy, do a quick search on the Internet for the subject line. Others
may have been scammed and posted about it online.
Some websites will ask you to sign in with a specific service to access features or post a comment. Ensure
the login option isn’t a sneaky phish, and if you’re giving permission to an app to perform a task, ensure
you know how to revoke access once you no longer need it. Old, abandoned connections from service to
service are an easy way to see your main account compromised by spam.
Keep sensitive data off the cloud. “No matter which way you cut it, data stored on the cloud doesn’t
belong to you,” says Taggart. “There are very few cloud storage solutions that offer encryption for ‘data
at rest.’ Use the cloud accordingly. If it’s important, don’t.”
Q2. Why are PEOPLE the weakest link in security? Defend your answer.
The weakest link is the People of an organization. According to a report, 78% of the security professional
think the biggest threat to endpoint security is the negligence among employees for security practices. It
also says that theaverage organization experiences 9.3 insider threats per month.
We’re all human; we commit mistakes. But there are a plethora of people who are trying to take
advantage of single silly mistake which can cost your business tremendous financial loss. Advanced
technology and security practices, no matter how sophisticated, will always be constrained by this human
factor. Organizations worldwide are expected to spend close to $100 billion on cybersecurityin 2018, up
from $86.4 billion in 2017. While most companies see their cybersecurity spending as justified because
they believe shiny new technologies can protect them from anything, they are wrong.
According to BakerHostetler’s 2017 Data Security Incident Response Report, which incorporated data
from 450 breaches, 32 percent of all cybersecurity incidents are initiated by human error, 25 percent of
attacks involve phishing and 23 percent were initiated via ransomware. Finally, 21 percent of
cybersecurity incidents occurred due to lost or stolen devices and internal theft.
“No matter what technology we put in place, no matter how much money we spend on protections for
the organization, we still have people, and people are fallible,” said Theodore Kobus, leader of
BakerHostetler’s Privacy and Data Protection team. “Companies should really ask their workers if they
realize they are walking around with sensitive corporate data,” advised Niklas Savanda, Nokia’s Senior
Vice President of Enterprise Solutions.
But addressing the true weakest link in cybersecurity – employees – poses a significant challenge for
organizations as there is no one-size-fits-all approach to cybersecurity readiness. For example, companies
should teach their employees that modern phishing scams have many different and often highly intricate
forms, none of which mentions the Nigerian prince or a large inheritance.
Q3. What is computer virus? Where did the virus coming from?
In more technical terms, a computer virus is a type of malicious code or program written to alter the way
a computer operates and is designed to spread from one computer to another. A virus operates by
inserting or attaching itself to a legitimate program or document that supports macros in order to
execute its code. In the process, a virus has the potential to cause unexpected or damaging effects, such
as harming the system software by corrupting or destroying data. Viruses don’t occur in cyber space
naturally like biological viruses do, of course. A programmer has to create them. So, we are at fault for
all of the headaches we deal with when trying to prevent or remove viruses infected on our systems. So
why do we do it? Or maybe I should say, “Why do THEY do it.” Here are a few reasons why:
– Identity Theft/Restricted Data Theft
– Bragging Rights
– To Gain Remote Control of Your PC
– To damage organizations or competing business entities
I’ll explain a bit more in detail.
Q4. What is the short name of telefacsimile? Give 3 uses of this gadget?
Fax (short for facsimile), sometimes called telecopying or telefax (the latter short for telefacsimile), is the
telephonic transmission of scanned printed material (both text and images), normally to a telephone
number connected to a printer or other output device.
The original document is scanned with a fax machine (or a telecopier), which processes the contents (text
or images) as a single fixed graphic image, converting it into a bitmap, and then transmitting it through
the telephone system in the form of audio-frequency tones.
Here are the different uses of fax:
Communication
Faxes are used by some companies to communicate with their vendors, suppliers, customers and
contractors. Given that, fax technology is less expensive compared with computer networks, many
companies work with vendors or suppliers who only communicate with fax.
Cost
Home-based business operators and several companies may not have made the large investment in a
computer network. They rely on inexpensive fax machines to send and receive hard copy documents. An
instance is a signature page that often gives confirmation of acceptance.
Prospecting and Marketing
Faxes are used by local and international businesses or office-equipment dealers to send out exciting
deals, promotions. Faxes are used to spread the word. Broadcast faxes are mostly used for offering
discounts or announcing sales to a selected database. Faxes work especially well for selling rapidly
changing offerings like real estate, daily rate changes as well as trade show reminders. Newsletters and
press releases, updates about your products and services can also be sent by fax.
Q5.
Internet is a global system of interconnected computer networks that use the standard Internet protocol
suite (often called TCP/IP, although not all protocols use TCP) to serve billions of users worldwide. It is a
network of networks that consists of millions of private, public, academic, business, and government
networks, of local to global scope, that are linked by a broad array of electronic, wireless and optical
networking technologies. The Internet carries an extensive range of information resources and services,
such as the inter-linked hypertext documents of the World Wide Web (WWW) and the infrastructure to
support email. Internet has been the most useful technology of the modern times which helps us not only
in our daily lives, but also our personal and professional lives developments. The internet helps us achieve
this in several different ways.
For the students and educational purposes the internet is widely used to gather information so as to do
the research or add to the knowledge of various subjects. Even the business professionals and the
professions like doctors, access the internet to filter the necessary information for their use. The internet
is therefore the largest encyclopedia for everyone, in all age categories. The internet has served to be
more useful in maintaining contacts with friends and relatives who live abroad permanently.
Q6.
I strongly believe COMELECT lasck IT expertise and with that, cheating may arise from this scenario.
Critics of the Comelec have warned that the automated polls—only less than three months away—could
end up like a “train-wreck" because of numerous delays and setbacks in the poll body’s preparations.
Akbayan Rep. Walden Bello said time is running out for Comelec to make the voters trust the automated
elections system.
“We honestly do not know where the Comelec is going to. Voter education is lagging. Fear of participating
in the polls is widespread among those unfamiliar with the voting system and the Comelec is unable to
assuage people’s fears," Bello told reporters at a press conference in Quezon City on Thursday.
Seven out of 10 Filipinos say they have no or little knowledge about the Philippines’ first nationwide
automated elections, according to a recent Pulse Asia survey.
Delays in the delivery of thousands of Precinct Count Optical Scan (PCOS) machines, the incomplete
training of the precinct-level boards of election inspectors, and the pending review of the source code by
individual stakeholders are complicating the Comelec’s problem, according to Bello.
“The election is a train-wreck waiting to happen," he said.
‘Fossilized’ website
Akbayan legal counsel Ibarra Gutierrez claims that the Comelec’s “fossilized" website is itself an indication
that the poll body “is at a loss" on how to smoothen out possible chokepoints in the voting system.
The content of the website has not been updated, according to Gutierrez. He said the site should have
contained a timeline for automated election preparations and a comprehensive continuity plan.
In recent days, the Comelec website has either been very slow to load or ends the connection attempt
with this error message: “ERROR: The requested URL could not be retrieved; Connection failed; (110)
Connection timed out."
Q7.
The Department of Information Technology is the central IT organization that oversees the technology
infrastructure for government, the risks, and innovations.. It is this infrastructure that enables to deliver
vital services to residents and businesses. The Department is responsible for providing the following:
Technology standards and policies.
Election system
A secure information technology infrastructure that supports local and wide area network access.
Technology recommendations and assistance related to streamlining Department and Agency internal
work processes to increase efficiencies and improve service to the public.
A support team responsible for providing day-to-day support for our clients to ensure that services are
continuously operational and align with their requirements.
Data center services
Telecommunications services (voice and data solutions)
Information Security
Network and desktop administration and management
Application software
Wireless network design and management
Graphical Information Systems (GIS)
Remote data interfaces
Disaster Recovery
Contract and project management services
Intranet and associated productivity tools
Q. 8
IT experts overall in the Philippines are relatively low and behind due to the slow innovations and
political hindrances to improve it. I would say improving the IT education and internet strength will
greatly make a difference. You can see that just at the public high school setting. Good programs like
additional facilitates would be developed and provided. The government is trying but still behind. The
Philippine is one of developing countries in which you can find typical developmental problems, such as
unemployment, poverty, pollution and other life threatening issues. One of these problems is a digital
divide between the urban and rural schools. While the twelve million students at public elementary
school have no government-implemented access to ICT, the some one million pupils at private schools
may have access through community and voluntary initiatives. For example, the Catholic Church is
working to wire some of its elementary schools while private charities such as the Ayala Foundation
provide some schools with computers. The government of the Philippines planed to set up a peoplecentered inclusive and development-oriented information society, where everyone can create, access,
utilize and share information and knowledge. In 2002, the Department of Education started to
implement the Basic Education Curriculum (BEC) where ICT was
integrated. The BEC encourages ICT to focus on the following areas: school computerization, teacher
training,
IT curriculum development, multimedia content development, financing, and monitoring-evaluation.
Thus,
latest movement in the Department of Education, ICT is introduced as a subject Home Economics and
Livelihood Education (HELE) in the elementary levels, and as Technology and Home Economics (THE) in
the
secondary level (Magno, 2006). The following policies on the use of ICT in education are mentioned by
the
Department of Education.
・ Technology must be studied as a separate subject, and then applied to other learning areas as a tool
for
learning how to learn.
・ Teaching-learning must not be textbook-driven but should include the application of ICT, whenever
appropriate.
・ An education modernization program will equip schools with facilities, equipment, materials and
skills, and
introduce new learning and delivery system, capitalizing on recent technological developments.
Even the government enforces the strict policies, there are still extensive gaps between urban and rural
areas. In urban area, schools can easily receive various support and merit, such as Internet connection,
system
support, and cooperation with universities. On the other hand, in rural area schools cannot so easily
receive
those supports