Lecture 5: Attacks Part 3

1. Discussion question
2. Social engineering
3. Misunderstanding how technology works
   1. Sen. Orrin Hatch’s “kill switch” for PCs whose owners violate copyright
   2. National identification cards
   3. The IP Commission report recommendation
   4. Helping the lawmakers understand the technology
4. Laws
   1. Digital Millenium Copyright Act
   2. Adding “back doors” for law enforcement and national security
5. Organization problems
   1. Responsibility without authority
   2. Organization barriers to good security
6. Human factors

Discussion Topic

A professor wants his computer security class to learn about computer viruses. So he creates an exercise for them to write one and test it out. They will do this on a network that is not connected to any other network (and, especially, not to the Internet).

Do you think having students write viruses is a reasonable way to have them learn about computer viruses?

Passage from The IP Commission Report

The IP Commission Report: The Report of the Commission on the Theft of American Intellectual Property, released in May 2013, has the following recommendation (see p. 81):

Additionally, software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized userÕs computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account. Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved.