CISC280 project 7

docx

School

Northampton County Area Community College *

*We aren’t endorsed by this school

Course

280

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

Uploaded by UltraTurtle1405

CISC280 – Project 7 1. Kalamazoo College requires that all computers connected to the campus network be running up-to-date antivirus software. When a student’s computer is discovered to have a virus, its network connection is cut until a staff member can remove the virus. If it turns out that the computer was not running up-to-date antivirus software, the student is fined $100. Is this an ethically justifiable policy? Yes it is, because the student not having up-to-date AV software put the entire campus network at risk. If ransomware is introduced to the network, everyone on the network will be affected regardless of whether or not they have up-to-date AV software installed on their computers. 2. Millions of American homes are equipped with wireless networks. If the network is not made secure, any nearby computer with a wireless card can use the network. The range of home wireless networks often extends into neighboring homes, particularly in apartment complexes. If your neighbor’s wireless network extends into your home, is it wrong to use that network to get free Internet access? No, I don’t believe it is wrong, but in doing so, you take on all the risks associated with using an unsecured network, including having your information stolen (just as the owner of the unsecured network does). 3. The University of Calgary offered a senior-level computer science course called “Computer Viruses and Malware.” The course taught students how to write viruses, worms, and Trojan horses. It also discussed the history of computer viruses and taught students how to block attacks. All course assignments were done on a closed computer network isolated from the Internet. Some computer security experts criticized the University for offering the course. One researcher said, “No one argues criminology students should commit a murder to understand how a murderer thinks.” What is your position on whether the University of Calgary was right or wrong to offer the course? I believe they were right to offer the course. Learning how to write malware helps tremendously in learning how to block malware. There is a huge difference between teaching someone that 1 + 1 = 2 and teaching them WHY 1 + 1 = 2. Teaching the why provides the building blocks to apply the concept to other scenarios. To put learning how to write malware on par with committing a murder is comparing apples and alternators. 4. East Dakota has decided to allow its citizens to vote over the Web in the presidential election, if they so desire. Thirty percent of the eligible voters choose to cast their ballots over the Web. The national election is so closely contested that whoever wins the electoral votes of East Dakota will be the next president. After the election, state elections officials report the vote tally and declare candidate X to be the winner. Two weeks after the inauguration of President X, state officials uncover evidence of massive electoral fraud. Some voters were tricked into connecting to a phony voting site. The organization running the phony site used the credentials provided by the duped voters to connect to the actual voting site and cast a vote for candidate X. State officials conclude the electoral fraud may have changed the outcome of the election, but they cannot say for sure. They have no evidence that candidate X knew anything about this scheme to increase his vote tally. Discuss the proper response to this revelation. For guidance, consult Article II, Section 1, and Amendment XII to the United States Constitution (see copy at the end of the project). The United States Constitution does not provide clear procedures for how to handle questions of legitimacy after the fact — especially when those questions involve the presidency. The standard for invalidating an election result and holding another vote is quite high. According to University of Memphis law professor Steven Mulroy, courts will usually entertain this option only if they determine a violation of rules that would change the election outcome. In this particular case, this would likely require proving tampering where the vote was close enough to change the result in the Electoral College. In that case, East Dakota would vote again, not the entire country. But

CISC280 – Project 7 this is new territory, and there is no legal precedent for this particular situation. As an election worker, the only proper response I can state with certainty is that online voting should not be allowed. 5. The US and Israel cooperated to unleash the Stuxnet worm, which apparently slowed down Iran’s nuclear program by damaging centrifuges processing uranium. Was unleashing the Stuxnet worm morally justifiable? Why? I do not believe it was. While it did delay Iran’s ability to enrich uranium to weapons-grade, the US is grossly unprepared to have an attack on par with Stuxnet turned back around on ourselves. Angering a country with the nuclear abilities of Iran isn’t exactly conducive to human longevity. 6. Do you support the actions of Anonymous? [ https://en.wikipedia.org/wiki/Anonymous_(group) ] Why or why not? Would you consider becoming an Anon? I support Anonymous’ exposing of critical security flaws. While I support their doxxing of pedophiles, I would never consider becoming an Anon. They’re not organized enough as a group to have much credibility in my eyes. Anyone with the tech savvy to do so can cause a DDoS attack and call themselves Anonymous. 7. Why is it dangerous for an email program to open attachments automatically, without waiting for the user to select them? Malware can be embedded in email attachments, and having them open automatically can cause them to damage your computer and spread to others. 8. If converting SCADA systems to the Internet Protocol increases the risk of a hacker taking control of an industrial process, why are companies doing just that? Internet Protocol saves companies money and allows them to do remote maintenance and monitoring. 9. In a study done in London, people in subway stations were offered a cheap pen in return for disclosing their passwords. About 90 percent offered their passwords in return for the pen [119]. What can be done to get people to take security more seriously? Public awareness campaigns could be conducted to alert people to how easy it is for someone to obtain your information and use it for malicious purposes. These campaigns could inform people about such things as those Facebook “getting to know you” games, the “first letter of your first name, month you were born” memes, and the games where you figure out what your stripper name is (name of your first pet and the street you grew up on), which are used to gather personal information which people most likely use as their security question answers. 10. The default administrator password on many, if not most, home network routers never gets changed, making these computers vulnerable to malware. What would be the advantages and disadvantages of requiring the manufacturers of network routers to create a unique password for every unit they sell? An obvious advantage to every router having its own unique password is that it would make it quite difficult for the router to be hacked. A possible disadvantage is that, if you needed to access your router and can’t find your router password, you couldn’t look it up online. Other than that, I really can’t imagine a disadvantage to requiring every router to have its own unique password. 11. Describe three “low-tech” methods that hackers have used to obtain login names and passwords.

CISC280 – Project 7 Three "low-tech" methods that can be used to obtain login names and passwords are eavesdropping, dumpster diving, and social engineering. Eavesdropping is looking over someone’s shoulder to gain their login information. Dumpster diving is particularly effective because many people don’t put documents with sensitive information through a shredder, allowing hackers to gain access to social security numbers, account numbers, phone numbers, addresses, etc. Social engineering can be used to gain someone’s trust and trick them into divulging their confidential information, such as passwords or banking information. Examples of this are sending an email with a link that the recipient “just has to see” or asking the victim to donate to a fraudulent relief fund after a major disaster. 12. Carnegie Mellon University, Harvard University, and the Massachusetts Institute of Technology denied admission to more than 100 business school applicants because they took an online peek at the status of their applications. These students learned how to circumvent the program’s security, and they used this knowledge to view their files and see if they had been accepted. Students could see information about their own application, but could not view the status of other students’ applications. In many cases the students learned that no admission decision had yet been made. Do you feel the response of these universities was appropriate? No, I do not feel the universities’ responses were appropriate. The applicants weren’t trying to hack into the database and alter their application status. They weren’t trying to alter anyone else’s application status. Also, this scenario doesn’t state that checking application status was expressly prohibited; therefore, I don’t see any wrongdoing on the part of the applicants. If the universities didn’t want people to be trying to view their application status, they should have had stronger admissions database security. 13. Is it morally acceptable to use a denial-of-service attack to shut down a Web server that distributes child pornography? Explain. It is definitely morally acceptable to use a DoS attack to shut down a Web server that distributes child porn. Child pornography is morally reprehensible. There is absolutely no way to ever justify the possession, production, or distribution of child pornography. Freedom of speech and freedom of the press do NOT mean freedom from consequence. (Questions like these are very personal to me; my nephew was a victim of a child sexual predator – his father – and his photos will be out there for eternity.) US Constitution. Article II. Section 1. The executive Power shall be vested in a President of the United States of America. He shall hold his Office during the Term of four Years, and, together with the Vice President, chosen for the same Term, be elected, as follows Each State shall appoint, in such Manner as the Legislature thereof may direct, a Number of Electors, equal to the whole Number of Senators and Representatives to which the State may be entitled in the Congress: but no Senator or Representative, or Person holding an Office of Trust or Profit under the United States, shall be appointed an Elector. The Electors shall meet in their respective States, and vote by Ballot for two Persons, of whom one at least shall not be an Inhabitant of the same State with themselves. And they shall make a List of all the Persons voted for, and of the Number of Votes for each; which List they shall sign and certify, and transmit sealed to the Seat of the Government of the United States, directed to the President of the Senate. The President of the Senate shall, in the Presence of the Senate and House of Representatives, open all the Certificates, and the Votes shall then be counted. The Person having the greatest Number of Votes shall be the President, if such Number be a Majority of the whole Number of Electors appointed; and if there be more than one who have such Majority, and have an equal Number of Votes, then the House of Representatives shall immediately choose by Ballot one of them for President; and if no Person have a Majority, then from the five highest on the List the said House shall in like Manner choose the President. But in

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

CISC280 – Project 7 choosing the President, the Votes shall be taken by States, the Representation from each State having one Vote; A quorum for this Purpose shall consist of a Member or Members from two thirds of the States, and a Majority of all the States shall be necessary to a Choice. In every Case, after the Choice of the President, the Person having the greatest Number of Votes of the Electors shall be the Vice President. But if there should remain two or more who have equal Votes, the Senate shall choose from them by Ballot the Vice President. The Congress may determine the Time of choosing the Electors, and the Day on which they shall give their Votes; which Day shall be the same throughout the United States. Amendment XII The Electors shall meet in their respective states, and vote by ballot for President and Vice-President, one of whom, at least, shall not be an inhabitant of the same state with themselves; they shall name in their ballots the person voted for as President, and in distinct ballots the person voted for as Vice-President, and they shall make distinct lists of all persons voted for as President, and all persons voted for as Vice-President and of the number of votes for each, which lists they shall sign and certify, and transmit sealed to the seat of the government of the United States, directed to the President of the Senate. The President of the Senate shall, in the presence of the Senate and House of Representatives, open all the certificates and the votes shall then be counted. The person having the greatest Number of votes for President, shall be the President, if such number be a majority of the whole number of Electors appointed; and if no person have such majority, then from the persons having the highest numbers not exceeding three on the list of those voted for as President, the House of Representatives shall choose immediately, by ballot, the President. But in choosing the President, the votes shall be taken by states, the representation from each state having one vote; a quorum for this purpose shall consist of a member or members from two-thirds of the states, and a majority of all the states shall be necessary to a choice. And if the House of Representatives shall not choose a President whenever the right of choice shall devolve upon them, before the fourth day of March next following, then the Vice-President shall act as President, as in the case of the death or other constitutional disability of the President . The person having the greatest number of votes as Vice-President, shall be the Vice-President, if such number be a majority of the whole number of Electors appointed, and if no person have a majority, then from the two highest numbers on the list, the Senate shall choose the Vice-President; a quorum for the purpose shall consist of two-thirds of the whole number of Senators, and a majority of the whole number shall be necessary to a choice. But no person constitutionally ineligible to the office of President shall be eligible to that of Vice-President of the United States.

CISC280 project 7

Related Documents