tag:blogger.com,1999:blog-15848348963893644362011-04-21T11:51:59.715-07:00Bonn Louie's BLOG/PORTFOLIObOnnhttp://www.blogger.com/profile/17078740570015794555noreply@blogger.comBlogger11100tag:blogger.com,1999:blog-1584834896389364436.post-51998989268688317742008-05-08T00:46:00.000-07:002008-05-09T06:01:09.227-07:00The E-commerce security issue. there are many<br /> issue of a small and big company right now.<br /> especially when they are using Initernet for their revenue,<br /> transaction and market their product on a global scale. Example of these issues are malicious code, hacking and information gathering.<br /> malicious code or Also known as malware; it includes viruses,<br />Trojan horses, worms and harmful applications. These techniques are used by a number of people on the internet in order to be able<br />to infiltrate the systems of individuals or mostly companies and be able to disrupt or retrieve<br />sensitive information. This is very important,<br />because depending on the transaction<br />conducted online, either credit cards,<br />exchange of information and company data, the i<br />ndividual using the techniques above can use the information to his advantage. This<br />can be often used for corporate espionage, or to disrupt company day to day<br />business.<br /><br />Hacking; Hackers are individuals that use their skills and find weaknesses in web sites and or computer systems to infiltrate and retrieve information often with a criminal intent. Several times hackers destroy archives, web sites, applications and computer systems which this in technological terms is called cybervandalism. Hackers, that post these vulnerabilities of company owned networks, programs and application on the internet, and hackers that vandalise for what ever purpose company data compromise the sensitive information and shake the trust of companies trading in the B2B environment.Information gathering is also a way of compromising<br />corporate transactional or confidential information. This can be done in four ways:<br /><br /><br />•Social engineering. The simplest of attacks. An individual can compromise and find weaknesses in companies by just having casual phone conversations with company staff. A “con-artist” can retrieve information from company staff by asking simple information like, where are your servers, or what database is the company using or operating system is in place. As a result the hackers can better direct their attack and thus increase their chances of success. It vital for companies to ensure that staff is properly educated on the confidentiality of this information.<br /><br />• Dumpster Diving. Even today companies throw away a big number of paper based information without disposing of it correctly (e.g. shredding). Individuals tend to search through the<br />organisations trash and find, sensitive information like, organisation charts,<br />password, directories-mails, and confidential client information such as bank<br />accounts, recent purchases etc.<br /><br />• Network sniffing. A big number of sensitive data travelling on the web and especially between businesses sometimes are not encrypted. This allows an attacker that uses special tools to be able to gain access to the connections made and read the data. This can be from simple e-mails to e-mailcontracts and B2B trading agreements.<br /><br />• Basic Services. Operating systems are installed with default services that attackers can exploit by using the correct tools. These often reveal login information which the attacker can use to gain access to company systems.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/1584834896389364436-5199898926868831774?l=jareilblarsenal.blogspot.com' alt='' /></div>bOnnhttp://www.blogger.com/profile/17078740570015794555noreply@blogger.com0