Posted by Luzon,Maynard Jake T. on Monday, February 15, 2010
/ Comments: (0)
KEY PROVISION OF THE U.S.A. PATRIOT ACT SUBJECT TO SUNSET

Sixteen provisions of the USA Patriot Act are set to expire Dec. 31 if not renewed. The Senate voted Wednesday night to extend them six months. That still has to be approved by the House.

The provisions are:

Section 201 - Gives federal officials the authority to intercept wire, spoken and electronic communications relating to terrorism.

Section 202 - Gives federal officials the authority to intercept wire, spoken and electronic communications relating to computer fraud and abuse offenses.

Subsection 203(b) - Permits the sharing of grand jury information that involves foreign intelligence or counterintelligence with federal law enforcement, intelligence, protective, immigration, national defense or national security officials

Story Continues Below

Subsection 203(d) - Gives foreign intelligence or counterintelligence officers the ability to share foreign intelligence information obtained as part of a criminal investigation with law enforcement.

Section 204 - Makes clear that nothing in the law regarding pen registers - an electronic device which records all numbers dialed from a particular phone line _ stops the government's ability to obtain foreign intelligence information.

Section 206 - Allows federal officials to issue roving "John Doe" wiretaps, which allow investigators to listen in on any telephone and tap any computer they think a suspected spy or terrorist might use.

Section 207 - Increases the amount of time that federal officials may watch people they suspect are spies or terrorists.

Section 209 - Permits the seizure of voicemail messages under a warrant.

Section 212 - Permits Internet service providers and other electronic communication and remote computing service providers to hand over records and e-mails to federal officials in emergency situations.

Section 214 - Allows use of a pen register or trap and trace devices that record originating phone numbers of all incoming calls in international terrorism or spy investigations.

Section 215 - Authorizes federal officials to obtain "tangible items" like business records, including those from libraries and bookstores, for foreign intelligence and international terrorism investigations.

Section 217 - Makes it lawful to intercept the wire or electronic communication of a computer hacker or intruder in certain circumstances.

Section 218 - Allows federal officials to wiretap or watch suspects if foreign intelligence gathering is a "significant purpose" for seeking a Federal Intelligence Surveillance Act order. The pre-Patriot Act standard said officials could ask for the surveillance only if it was the sole or main purpose.

Section 220 - Provides for nationwide service of search warrants for electronic evidence.

Section 223 - Amends the federal criminal code to provide for administrative discipline of federal officers or employees who violate prohibitions against unauthorized disclosures of information gathered under this act.

Section 225 - Amends FISA to prohibit lawsuits against people or companies that provide information to federal officials for a terrorism investigation.


File source: http://archive.newsmax.com/archives/articles/2005/12/22/113858.shtml
Posted by Luzon,Maynard Jake T. on Monday, January 11, 2010
/ Comments: (1)

-Cybercriminals

  • Hack into corporate computers and steal
  • Engage in all forms of computer fraud
  • Chargebacks are disputed transactions
  • Loss of customer trust has more impact than fraud
  • To reduce the potential for online credit card fraud sites:

- Use encryption technology
- Verify the address submitted online against the issuing
bank
- Request a card verification value
- Use transaction-risk scoring software

  • Smart Cards

- Contain a memory chip
- Are updated with encrypted data every time the card
is used
- Used widely in Europe
- Not widely used in the U.S.

Posted by Luzon,Maynard Jake T.
/ Comments: (0)
ZERO-DAY ATTACK

  • A zero-day attack is a virus or other exploit that is used to take advantage of a vulnerability in a computer application before a fix for the vulnerability has been released, or even before the vulnerability has been announced. Generally, when software is released for use, it is fully functional, but some backdoor vulnerabilities may be undiscovered. When computer security researchers discover such bugs, they tend to announce them so that the company can start creating a patch. Within the relatively short period between announcement and patch, however, attackers may be able to exploit the vulnerability. Such attacks are few in number but increasing.

Some examples of zero-day attacks:

1. On November 09, 2006, there was a zero-day attack on a part of Windows called the XMLHTTP 4.0 ActiveX Control. When a web browser opened an infected web page in Internet Explorer (IE), it called the ActiveX control, which then helped the attacker to cause a buffer overflow. Attackers were then able to download spyware and steal data.

2. An attack took place against Microsoft Word around May 2006. In this case, the exploit was in the form of a Word document attachment to an email. When a user opened a Word document attached in an email, the vulnerability created a backdoor able to mask itself from anti-virus scanners. The Symantec DeepSight Threat Analyst Team confirmed this vulnerability.

-http://www.mysecurecyberspace.com/encyclopedia/index/zero-day-attack.html


Posted by Luzon,Maynard Jake T. on Monday, January 4, 2010
/ Comments: (0)
SITUATION 1:

I was hired as an IT Security Consultant of a manufacturing company, this company was been hacked mercilessly and I was the one to fix the problem. The Company gave me 90 days and a budget of 1 million dollars to fix the problem.

The procedures I'll do in order for me to solve/fix the problem are the following:

1. Investigate regarding the incident.
2. Identify those persons that have the motives of doing the crime.
3. Identify what kind of system used by the one who committed the
crime to enter/invade the security system of the company.
4. Study the system used.
5. Make a security system that is stronger than the company's old security system.
6. Make the hacker pay for the crime he made.

SITUATION 2:

Even though the "worm" is harmless otherwise it can cause disturbance, still it is illegal because you are not licensed to make such things like that.
You are entering a private system,...and it is impossible that you cannot be traced because your professors are better than you. So I say NO.
Posted by Luzon,Maynard Jake T. on Wednesday, December 2, 2009
/ Comments: (0)
Owl City - Fireflies lyrics | LyricsMode.com
Posted by Luzon,Maynard Jake T. on Monday, November 23, 2009
/ Comments: (0)
Are IT workers professional? Yes or No? Why?
Information technology (IT), as defined by the Information Technology Association of America (ITAA), is "the study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware."[1] IT deals with the use of electronic computers and computer software to convert, store, protect, process, transmit, and securely retrieve information.

Today, the term information has ballooned to encompass many aspects of computing and technology, and the term has become very recognizable. IT professionals perform a variety of duties that range from installing applications to designing complex computer networks and information databases. A few of the duties that IT professionals perform may include data management, networking, engineering computer hardware, database and software design, as well as the management and administration of entire systems.

When computer and communications technologies are combined, the result is information technology, or "infotech". Information technology is a general term that describes any technology that helps to produce, manipulate, store, communicate, and/or disseminate information. Presumably, when speaking of Information Technology (IT) as a whole, it is noted that the use of computers and information are associated.

In recent days ABET and the ACM have collaborated to form accreditation and curriculum standards for degrees in Information Technology as a distinct field of study separate from both Computer Science and Information Systems. SIGITE is the ACM working group for defining these standards.

YES! IT workers are professionals, because just like some other professions they have a big contributions in the development of many countries, they are professionals because they know their limitations regarding their knowledge in the information technology.

There are some IT graduates that practicing their skills in a bad manner or in an improper way just like those IT's that are hacking files, producing pornography videos through Internets and many more. But those people are the one that do not have the capability or not practicing their skills professionally, but were talking about IT workers here, workers that willing to share their knowledge and practicing it in a good way so that they can help to their respective countries.☺☻♥


Situations that you can use the Seven Ethical Decision Making and 4 Philosophical theories

Posted by Luzon,Maynard Jake T. on Monday, November 16, 2009
/ Comments: (0)

7 Ways of Ethical Decision Making:
1. Getting the Facts
2. Identify Stake Holders
3. Consider the Consequence of your decision
4. Way Various Guideline and Principles
5. Develop and Evaluate options
6. Review your Decision
7. Evaluate the Decision

4 Philosophical Theories:
1. Virtue Ethics Approach
2. Utilitarian Approach
3. Fairness Approach
4. Common Good Approach


Situation:

--->For me the situation that you can apply the 7 ways of Ethical Decision making and the 4 philosophical theories is how to manage business.

For 7 ways of Ethical Decision Making:

Get the Facts: First you must gather information about the business you will take up and the location where you will put the business.
Identify Stake Holder: If the business you will take up has a stake holders you must consider their ethical values and not only their capability to produce money and you must identify who will be the Leader and the members.
Consider the Consequence of your Decision: If you decided to put up a business you must consider all the consequences that your business will to face so that you will be prepared in case the time comes.
Way Various Guidelines & Principles: When you put up a business you must have guidelines and principles to follow so that your business runs good.
Develop and Evaluate Options: When you are to put up a business you must have options of kind of businesses you will have so that you can choose the one that suits you.
Review Decision: If all are set, review again your plan or decision for some additional or correction of Ideas.
Evaluate the Decision: If all are set and clear evaluate or test your decision so that you can see if your decision is right or wrong.

For 4 Philosophical Theories:

Virtue Ethics Approach: Virtue is an acceptable behavior or good doings, in order to have a good business you must approach virtue ethics.
Utilitarian Approach: In putting up a business you must consider all the things that makes your consumers happy and contended in terms of your services and products.
Fairness Approach: You must be fair and with your employees regarding your decisions.
Common Good Approach: In putting up a business you must be good to your costumers and your employees, so that your business will succeed.

♠Maynard Jake T. Luzon♠