Two Examples of Poor Security Measures

 

Provide two examples of how you have been impacted by someone else’s poor security measures. Please perform some basic research on each example – including twoadditional sources explaining the attack. Follow-up responses should either explain how the attack could have been prevented and identify the type of attackers (cyber criminals, script kiddies, brokers, insiders, cyberterrorists, hactivists, state-sponsored attackers, or unknown). If both of these questions have been answered, a response should explore the long-term consequences of the security breach.

Points Breakdown –

  • Two examples of poor security measures. 
  • Two additional sources for each attack explaining why they were poor security measures.
  • Two features you have installed on your computer to protect you.
  • Prevention and identification  
  • AND/OR 
  • Long-term consequences of the security breach

 

 

First Example

An individual in my college initiated a public networking site. When it comes into my attention, I strived to investigate it as well as making an account of my investigation. Within one week the site was able to obtain more than 1200 reports. As the days passed by the working site was becoming well known to a lot of new individuals. At one juncture there was an individual who managed to log in into my account and to end up distorting my date of birth as well as my names. When I realized that this had happened, I made it known the person who was operating the site. I explained to him all that that has taken place. It took him three days to be able to understand what exactly happened and the information that I received from him after the three days was that his networking site was defenseless to the injection of SQL. The attacker managed to change my credentials since he used the SQL injection in my login form and obtained access into my account (Johnston, 2017). The owner of the site later on apologized due to lack of enough security and made sure to me that such an occurrence will never happen again in the future. The owner of the networking site could have avoided such an incident if he was able to secure the not only the password box but as well as the form that is used to login through managing escapes succession characters.

The second Example represents

Monetary data of an employee as well as details regarding their tax and number associated with their accounts were sent through the email by an accountant to his boss through plain text. The boss managed to obtain the text, and after that, he forded the same text to his secretary. It is evident that the data can be easily mishandled or even the information can be obtained easily in between by anyone so quickly and this is a clear indication of breaching our information. Such an occurrence can be prevented through sending such information in a format that it is encrypted (Din, 2015).

 

In our first example, it is evident that the invader was a hacktivist.

 

In our second instance, no hacking had taken place. But there was a mistake which was performed by our organization accountant, and this can be avoided through encryption of the data.

 

On my side must confess that I have a perfect antivirus which I have installed on my device and it assists me from all malware as well as spyware. I have also managed not only the firewall but also apply complex and a password that is secured. In our first instance, recognition can be carried out by capturing the address of the IP of every user who managed to log in into the website. The moment an individual clicks the login button his or her IP address must be recognized and stored to the database for future reference.  By doing this, it will be easy to identify the attacker without any difficulties.

 

On our second instance, the data have to be encrypted by an encryption key as well after being encrypted is when it ought to b transferred.

 

The long term repercussion for the organization is that it may damage the reputation of the organization as well as increase the outcomes of the loss in revenues.

Reference

Johnston, K. (2017). From republicans to hacktivists: recent inclusion initiatives in Canadian theatre. Research in Drama Education: The Journal of Applied Theatre and Performance22(3), 352-362.

Din, M. F. (2015). Breaching and Entering: When Data Scraping Should Be a Federal Computer Hacking Crime. Brook. L. Rev.81, 405. 

 

Two examples of poor security measures:

First example of poor security measure I have ever faced is clicking on a link. One day i clicked on a link mentioned on the website, the link spread some kind of viruse in my system and my system is not gonna working, stops almost everything and many of my file are corrupt, Icon images are changed.

Second example once I was using a software that asked for its login. I entered my gmail account. Few days later when I tried to open my email, I was not able to sign in. I did lots of research to recover my account. In order to recover it, I provided my recovery information in my gmail account. I was able to recover my email, but later, I got a scam email that asked me for the subscription of the licensed version of that software. But I neglected and made my google account settings more secured.

Measures:

Two measures I have used on my system are “Avast antivirus” to remove all the corrupted/infected files from my system and “auto software update” in order to prevent from latest issues.

Follow up response:

Now I ensure that never to click on an unknown link which is suspicious and create strong passwords for my accounts by using password generators.

Do not login your credentials on a non-secure device.

Sources:

  1. https://www.theguardian.com/commentisfree/2018/oct/08/facebook-security-bad-zuckerberg-account
  2. https://www.cleverfiles.com/howto/google-account-recovery.html