professional practices- exam 2

Hacking

intentional, unauthorized access to computer system

Hacking - Phase 1

-Hacking was positive

The joy of programming, “hacker” was a creative programmer who wrote clever/elegant code

a “hack was an especially clever piece of code

Hacking: Phase 2

Hacking began taking a negative connotation

-Hackers broke into computers they did not have authorized access to

-still primarily individuals

-included spreading computer viruses

-companies began using hackers to analyze/improve security

Hacking- Phase 3

-viruses could spread rapidly

-political hacking (Hacktivism) began

-denial of series (DoS) attacks shut down websites

-large scale theft of personal/financial info

Harmless hacking- harmless?

responding to nonmalicous or prank hacking uses resources

and hacker could accidentally do serious damage

-almost all forms of hacking is a form of trespass

Hacktivism/political hacking

-Use of hacking to promote political cause

-shutting out opposition leads to first amendment infringement

White hat hacker

uses skills to demonstrate system vulnerabilities to improve security

Black Hat hackers

use their skills to perpetrate harm

Grey hat hackers

use their skills to find vulnerabilities, but publish their findings before informing the owners of the system

Hacking as foreign policy

Hacking by governments has increased

Pentagon will treat some cyber attacks as act of war w/ military force

Stuxnet

Extremely sophisticated worm that targets particular type of control system

-in 2008, it damaged equipment in an uranium enrichment plant in Iran

Hacking is a problem, but so is poor security:

What contributes to security weakness:

-web history

-inherent complexity of system

-application development speed

-economic/business factors

-human nature

firewalls

used to monitor/filter out communications from untrusted sites/sus activity

Security is often playing catch up to….

hackers, as new vulnerabilities are discovere, then exploited

Responsibilities for security

Developers must develop with security in mind

businesses must use security tools to monitor their systems

home users have a responsibility to ask questions/educate themselves on tools to maintain security (like personal firewall, anti-virus, anti spyware)

CFAA- Computer Fraud and Abuse act

• covers government,finacial and medical systems, and activities that involve computers in more than one state

• under cfaa , its illegal to access a computer without authorization

USA Patriot act

expanded the computer fraud and abuse act to the definition of loss including cost of response to an attack/restoring systems

To Catch hackers

law enforcmenet read hacker newsletters, and participate in chatrooms undercover

Honey pots

security professionals set up honey pots, which are websites that attract hackers, to record and study

Computer forensic specialists….

can retiree evidence from computers even if files have been deleted and erased off disk

Penalities of Hackers

Lots of young hackers go on to do more productive things (probation, fines)

sentencing depends on intent and damage done

expansion of cfaa

-cfaa predates social networks and smart phones

Fazio Mechanical

phishing email sent to fazio, data on 40 mill credit cards stolen, 70 mill customer records stolen

Small businesses on hacking

cant afford security, and are gateways to larger systems

-usually go out of business after breach

Security breaches occur:

poor written software

poor configured networks and applications 

for security researchers and cyber security professionals

whistleblowing vs responsible disclosure

identity theft

various crimes in which criminals use the identity of an unknowing, innocent person

18-29 common victims

smishing

text messages phishing

vishing

voice phishing

biometrics

biological characteristics unique to an individual

more difficult to be fooled

digital actions across borders

corporations that do business in other/multiple countries must comply with all laws from every country

-someone who’s actions are legal in their country, may face prosecution in another country where that same thing is illegal

yahoo and French censorship

nazi is illegal in France and germany

yahoo was sued in French court because French citizens could view nazi memorabilia 

unlawful internet gambling enforcement act

prohibits credit card/online payment being bettors and gambling sites

someone from Britain did this where it was legal but on a plane in Dallas he got arrested

libel tourism

traveling to places with strict libel laws to sue them

speech act of 2010

makes foreign libel judgement unenforceable in the us, if doing so would also violate the first amendment

respecting cultural differences is not the same as respecting laws

-countries apart of the world trade org agree that if something is legal in your own country and another one, you should be able to buy that same thing in the other country

-however if its legal in a but not in b ( or vice versa) then you cant

Responsibility to prevent access

publishers must prevent material or services form being accessed in countries where they are illegal

authority to prevent entry

government of country a can act within country a to block illegal material

country a cant apply the laws to people in country b if its legal there

Introduction to computes in the workplace brought fear

mass unemployment due to increased efficiency

need for increased skills widens earning gap

employers use tech to monitor workers

offshoring of jobs = mass unemployment

job creation and destruction

successful technology eliminates/reduces some jobs but creates others

lower prices crearte demand and jobs 

impact of computers and employment

growth of computers is steady, unemployment fluctuates

unemployment has more to do with economy ability to adapt to change

are we earning less?

wages decreased but fringe benefits increased

people work fewer hours post Industrial Revolution

Purchasing power increases as

prices fall

decrease in take home pay due to

increased taxes, etc other factors not only computers!

changing skills and levels

-new products and services based on tech create jobs in design, marketing, manufactures, sales, computer service, repair, and maintence

the new jobs created by computers

are different from the jobs eliminated

ex- new jobs like cse software engineer require a degree

bank tellers or customer services dont

companies are more willing to hire people without specific skills because…

they can train new people quickly and use automated support systems

Telecommuting

Working at home using a computer linked to the persons place of unemployment

telecomuting pros

reduces employers ovehead

reduces large office needs

employees more satisfied loyal and productive

reduces traffic, pollution, stress, and gas use

reduces commuting expenses

allows work to continue after blizzards or hurricanes

telecommuting cons

employers see resentment from the people who cant telecommute

corporation loyalty can weaken

odd work hours

cost of office space shifted to the employee

security risks when work and personal stuff are on same computer

Outsourcing

company pays another company for services instead of doing it themselves

offshoring

moving business services to another country to reduce costs

inshoring

when offshoring happens (ex - German moves business to America) insphoring is the process of this german company hiring a bunch of americans

when a country employs thousands of people from another country (5 percent of Americans employed by foreign work)

cons of offshoring

customers cant understand the new accents

employees need new skills to match the different country

increased demand in high skill workers force higher salaries

employee monitoring

roughly have of major companies in the us monitor their employees (most infrequently, some routinely)

time clocks and logs

started in blue colar (factory) and pink color (telephone, clerical) hobs

posses patrolled aisles to watch workers

outputs counts at the end of the day

separating work and home communications

-jobs tend to ban employees for using work emails for personal use

-sometimes employees use personal emails for work

monitoring at work occurs because

• training/productivity

• checking rule compliance

• worrying over security threats

• inappropriate activities by employees being monitored

Electronic Communication Privacy ACT (ECPA)

prohibits interception of emails and reading stored email without court order, makes exception of business systems

National Labor Relation Board (NLRB)

sets rules and decides cases about worker-employer relations

-courts ruled against monitoring done to snoop on personal and union activities, or to track down whistle blowers

court decisions sometimes depend on whether an employee had a…

reasonable “expectation of privacy”

-many employers have their own privy policies regarding emails and voice mail

Legal reasons to monitor employee communications

1. protect company intellectual property

2. prevent criminal activity

3. checking for violation to company policy

4. investigation of harassment cases

5. complying with regulatory reqs

6. prevent personal use of employer facilities by company policy

7. locate employees

8. find business info when employees not available

personal social media

basing disciplinary action on personal social media is controversial because it extends employer control beyond work place

however social media is widespread in comparison to a private convo, making impact bigger

employees restrictions on nonwork social media do ….

NOT violate freedom of speech

gps tracks an employee location

used in hospitals for nurses for emergency purposes

used to track long haul trucks to reduce theft/optimize delivery

-employees complain of lost of privacy

expert info vs wisdom of the crowd

wisdom of the crowd - ratings by public of website 

lots of info online, lots of it is wrong

-search engines replacing libraries, but websites aren’t expert evaluation, they are ranked by popularity

however, if millions participate, the results will be useful

the need for responsible judgement

wikipedia is written by volunteers, biased and unaccurate

although anyone can write, most people do not

those that do usually are educated experts

what is the downside to filtering/tailoring software

we do not know what we missed when it is automatically filtered

the convenience of using a computer system and abdicating responsibility to exercise judgement can encourage…

mental laziness with serious consequences

Abdicating responsibility

people willing to let computers do their thinking

computer models

allow companies to play out “what-if” scenarios

allows for verification that design of product works before deployed

why models may not be accurate

-might not have complete knowledge of system we are modeling’

-the data describing the current conditions may be incomplete/inaccurate

-computing power may be inadequate for the complexity of the model

-difficult to numerically quantify variables that represent human values, choices

tends in tech

new tech only available to the wealthy

the time it takes for new tech to make its way to common people is decreasing

-government funds tech in school

entrepreneurs provide low cost options for people who cant afford it

As technology becomes more prevalent

the issues shift from the has the product/does not, to levels of service

The digital divide

5 billion people do not use the internet

non profits/computer companies are spreading computer access to people in developing countries

bringing tech to poor countries means pcs and laptops must work in extreme environments

people trying to shrink digital divide emphasize this access in appropriate ways to the local culture

Neo-luddite

a person who is critical/resists pace of modern technology

Neo-luddite views

-cause deskilling of jobs

-computers cause massive unemployment

-”manufacturing needs” we use them because they are there, not because they satisfy real needs

-cause social inequity

cause social disintegration (dehumanizing) cause communities to isolate 

neoluddite views

-seperate humans form nature, destroy environment

-usage in schools thwarts development of social skills, human values, and intellectual skills

-computers dont solve real problems

Luddites vs non-luddites, whats the purpose of technology 

luddites: eliminates jobs to reduce cost of productions (massive unemployment suggested)

non-luddites: reduce effort needed to produce good or service (improving wealth and standard of living )

both kinda say the same thing, but one has negative connotations, the other one has positive

pros of tech

increased life expectancy

elimination/reduction of many diseases

increased standard of living

assistive tech for those who have disabilities

the difficulty of prediction

each new tech finds new and unexpected uses

history of rich is full of wildly wrong predictions 

ex-weizenbaum argued against developing speech recognition tech.

because of expectations of cost vs benefit 

-new tech is often expensive, but costs drop as tech advances and the demand increases

technological singularity 

point at which artificial intelligence advances so far that we as humans ant comprehend whats on the other side

Making designs about technology::

-we cannot prepare for aftermath, but we can prepare for more gradual developments

so we select a decision making process to most likely product what people want

(where quiz stops) making decisions about tech

decentralize the design making process, and make it non-coercive, to reduce impact of mistakes and avoid manipulation by entrenched companies who fear competion

-prevents violations of liberty