Chapter 4: E-commerce security

Question 1

Describe the 6 most important E-commerce security dimensions and explain both from a customer and from a merchant´s perspective!

Answer 1

1. Integrity:
   Customer = Has information been altered?
   Merchant = Has the site been altered?
2. Nonrepudiation:
   Customer = can a party take action with me to later deny taking the action? (ex. saying they didn’t receive payment).
   Merchant = Can a customer deny ordering products?
3. Authenticity:
   Customer = Who am I dealing with? Are they who they say they are?
   Merchant = What is the real identity of customers?
4. Confidentiality:
   Customer = Can someone else read my messages?
   Merchant = Does anyone without authorization access to confidential information?
5. Privacy:
   Customer = Can I control the use of my information by the merchant?
   Merchant = What use (if any) can be made with the personal information collected in a transaction?
6. Availibility:
   Customer = can I get access to the site?
   Merchant = Is the site operational?

Question 2

Provide 4 examples of malicious code and explain what they may do!

Answer 2

1. Ransomware = a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.
2. Exploits and exploit kits = worms and virusses that target the vulnerable points of the system, eploit kits are a collection of several worms and virusses of different exploits.
3. Maladvertising = advertisements that contain malware.
4. Trojan Horse = malware that misleads the users of its intents.
5. Backdoors = features of virusses and worms that makes it so that hackers can have remote access to your computer

Question 3

Explain the concepts of spoofing, pharming and “hactivism” ? How are they related to one another ?

Answer 3

Spoofing = Attempting to hide true identity by using someone else’s e-mail or IP address.

Pharming = Automatically redirecting a web link to a different address, to benefit the hacker.

Hacktivism = Hacking as a form of civil disobedience to promote a political agenda or social change.

Spoofing and pharming are generally more directed to benefit the hacker directly, while hacktivism has a more public concern.

Question 4

Explain the concept of Trojan horses, exploits and Distributed denial of Service Attacks ? What type of e-commerce security dimension(s) could be impacted here ?

Answer 4

Trojan Horse = malware that misleads the users of its intents.
–> Security dimension hit: integrity, nonrepudiation, authenticity, confidentiality, (privacy depending on the intents of the hackers)

Exploits and exploit kits = worms and virusses that target the vulnerable points of the system, eploit kits are a collection of several worms and virusses of different exploits.
–> Security dimension hit: integrity, nonrepudiation, authenticity, confidentiality, (privacy depending on the intents of the hackers)

Distributed denials of service (DDOS) = Multiple computers attack the same target at simultaneous moments with the intent of making it difficult for intented customers to reach a website, computer or network of computers.
Security dimension hit: Primairly availibility.