Wednesday, December 16, 2009

Poster Design


Here is the poster~

Thursday, December 10, 2009

Case Study

QuestionA

Andrew is a computer Science student with Microhard Corporation in Cyberjaya as a practical trainee. One day he managed to crack the company’s information system but did not do anything afterwards. The following day he also managed to intrude into Microhand Corporation’s website system and then posted his picture on the front page of the website and left his mobile number below his picture, hoping that someone will call him and make friends. Subsequently his phone rang, but unfortunately it was his training manager who called and later warned him that actions will be taken. Upon investigations, it was also revealed that Andrew had previously leaked the company’s system access code to his friends at University, to whom he also sent emails telling bad things about his manager. Advise Microhand Corporation on various potential liabilities of Andrew from the incidents, with reference to various cybercrime laws applicable in Malaysia.

AnswerA

Issue 1: Crack

Andrew is a computer Science student with Microhard Corporation in Cyberjaya as a practical trainee. One day he managed to crack the company’s information system but did not do anything afterwards.

Andrew already against the Computer Crimes Act 1997, within the first category, the CCA criminalizes the acts of unauthorized access (section 3(1)). The rapid emergence of computer technologies has spawned a variety of new criminal behaviors and an explosion in specialized legislation to combat them. He encompasses offenses against intellectual property and other crimes that do not fall within traditional criminal statutes. Even though Andrew do crack just for fun but not any benefits, but he already the action already against the law and will be punish as maximum RM 50,000.00 fine or to 5 years imprisonment or to both.

Issue 2: Intrusion into others privacy

The following day he also managed to intrude into Microhand Corporation’s website system and then posted his picture on the front page of the website and left his mobile number below his picture, hoping that someone will call him and make friends.

Unauthorized for accessing others website and change the information on the website is an illegal action. Hacking a person’s website, no matter how soft the security may be, is still a crime. Updating their target’s kill board to reflect the actual outcome of a battle does not justify breaking the laws concerning computer security. If you are driving your car and you are exceeding the speed limit, does the fact that you are violating the traffic laws become less a illegal if the cop behind you does not pull you over and issue a speeding citation? The punishment for this section will be a maximum of RM 100,000.00 fine or to 7 years imprisonment or to both. However if the act is done with further intention of causing injury, it can be punished up to RM 150,000.00 find or 10 years imprisonment or both.

Issue 3: Disclosure confidential information

Upon investigations, it was also revealed that Andrew had previously leaked the company’s system access code to his friends at University, to whom he also sent emails telling bad things about his manager.

Andrew had offended the law on Computer Crimes Act 1997 in section 6(1), which is leaking private data to third party. I remembered that there was a new about a Hong Kong artist, whom he bring him laptop for repairing. During the repair period, the technician stole the Hong Kong artist private data inside the laptop which is “sexuality” pictures and expose to the world. According to the FBI, laptop theft is the second most common computer crime and less than 2 percent of those stolen laptops are ever recovered. Four in five (81%) of US firms have had at least one laptop stolen containing sensitive information according to a recent study.

Unfortunately the data that is on these laptops isn’t just corporate data about the inner working of the business who owned it, but the personal details about people like you and me. The data that has been exposed on these laptops over the last 2 years has been (and not limited to) full name, address, age, social security number, credit card number, photos, financial data, digital signatures, full bank accounts details and other personal details. This data, if it falls into the wrong hands could be used to apply for credit cards or loans under false names by identity thieves.

This punishment under this act will be a maximum Rm25, 000.00 fines or a 3 years imprisonment or both.

QuestionB

Meera has been receiving emails from travel companies that keep offering her holiday packages to various places in the world. She replied to the senders to stop emailing her, but only to find that the emails keep coming and flooding her inbox. She came to you to on the legal aspects that may arise out of this practice by the travel company. Advice her on both criminal and data protection aspects.

AnswerB

Issue 1: Improper used on networking

Travel company’s e-mails keep coming and flooding her inbox

Pressure to make e-mail spam illegal has been successful in some jurisdictions, but less so in others. Spammers take advantage of this fact, and frequently outsource parts of their operations to countries where spamming will not get them into legal trouble. This punishment is imprisonment of maximum 1 year or fine of maximum RM 50,000 or both.

Saturday, December 5, 2009

Freedom of Speech


Freedom of speech is the freedom to speak without censorship and/or limitation. The synonymous term freedom of expression is sometimes used to indicate not only freedom of verbal speech but any act of seeking, receiving and imparting information or ideas, regardless of the medium used. In practice, the right to freedom of speech is not absolute in any country and the right is commonly subject to limitations, such as on" hate speech".



Freedom of speech today is understood as a multi-faceted right that includes not only the right to express, or disseminate, information and ideas, but three further distinct aspects:
  • the right to seek information and ideas;
  • the right to receive information and ideas;
  • the right to impart information and ideas
International, regional and national standards also recognize that freedom of speech, as the freedom of expression, includes any medium, be it orally, in written, in print, through the internet or through art forms. This means that the protection of freedom of speech as a right includes not only the content, but also the means of expression.

Tuesday, December 1, 2009

Internet Content Regulations



There are two problems with line of thinking for internet content regulations:

1) First, it is not self-evident that Internet content regulation should be "democratic" at all. "Democratic" basically means the will of the majority. A global majority, or a collection of national governments, are not known for their devotion to abstract principles of tolerance and free expression. They are much more likely to be politically mobilized by a desire to suppress or regulate some kind of expression that angers or provokes them at any given moment. Most free expression supporters don't recognize the right of a majority to suppress expression they don't like simply because they are in a majority. Indeed, most Western countries are constitutional democracies where a wide range of liberal freedoms are put outside the reach of democratic majorities for precisely this reason.



2) Second, most discussions of inserting “public policy” concerns into Internet content regulation do not take account of the heterogeneous values and institutional deficit at the global level. If regulation of content should not be delegated to a private sector entity, then by process of elimination the suggestion is that it should be left to governments. But which governments? Which nation’s culture, which nation’s "majority" will decide this? National governments are all limited and territorial in their scope. None of them can claim a democratic mantle at the global level.

Saturday, November 28, 2009

Fishing? Phishing?



Lecturer told us - Do not "fishing" on internet. I was wondering what is the relevant between "fishing" and internet? The correction of "fishing" is "phishing". Definition of phishing is the criminal fraudulent process of attempting to acquire sensitive information such as usernames, password, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Recent phishing attempt is targeting the customers of banks and online payment services, for example e-mail. While the first such examples were sent indiscriminately in the expectation that some would be received by customers of a given bank or service, recent research has shown that phishers may in principle be able to determine which banks potential victims use, and target bogus e-mails accordingly. The damage caused by phishing ranges from denial of access to e-mail to substantial financial loss.

There are several different techniques to combat phishing, including legislation and technology created specifically to protect against phishing:

* social responses

* technical responses

* legal responses


With my last word, phishing is typically carried out by e-mail and by instant messaging,
and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool user, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.




* Above is an example of a phishing e-mail, disguised as an official e-mail from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by "confirming" it at the phisher's website. Note the misspelling of the words received and discrepancy. Such mistakes are common in most phishing emails. Also note that although the URL of the bank's webpage appears to be legitimate, it actually links to the phisher's web page.

Tuesday, November 24, 2009

Cyber Crime


This week lecture class is talk about "Cyber Crime", it also called "Computer Crime". Computer crime issues have become high-profile, particularly those surrounding hacking, copyright infringement, through warez, child pornography and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise. The most interesting part is the topic of "hacking". In my mind set, hacker is a people who always hide in home and hacking others system. But the meaning of "hacker" is a person who breaks into computers, usually by gaining access to administrative control. The subculture that has evolved around hackers is often referred to as the computer underground. Proponents claim to be motivated by artistic and political ends, and are often unconcerned about the use of illegal means to achieve them.

Categories of a "Hacker" :
* White Hat (ethical hacking)

* Grey Hat
* Black Hat

* Script Kiddie

* Hacktivist


In the conclusion, hacker exist that are not related to computer security (computer programmer and home computer hobbyist), but these are rarely used by the mainstream media. Some would argue that the people that are now considered hackers are not hackers, as before the media described the person who breaks into computers as a hacker there was a hacker community. This community was a community of people who had a large interest in computer programming, often creating open source software. These people now refer to the cyber-criminal hackers as "crackers".

Saturday, November 21, 2009

PDP (Privacy and Data Protection)


I was found a kind of service provided from internet:

Privacy and data protection issues present a growing challenge. Conforming with the associated requirements ensures there are no unforeseen interruptions to your operations. Customer and employee concerns over personal information and sensitive data can lead to reputation risk. Breaches in data protection legislation can inhibit organizational change and adversely affect technology integration.

Our team can help you understand the key factors for reducing exposure to critical risks and potential damage to your brand, including help in the following areas:

  • Privacy and data protection strategy
  • Building an organization-wide inventory and classification map of personal data
  • Policies and procedures
  • Training and awareness
  • Cross-border data transfers
  • Data retention
  • Compliance with law enforcement requests
  • Building privacy controls into IT projects
  • Managing varied international compliance requirements
  • Audit and monitoring programmes for ongoing data protection compliance

Information privacy, or data privacy is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.

Privacy concerns exist wherever personally identifiable information is collected and stored - in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues can arise in response to information from a wide range of sources, such as:

From the services above, the challenge in data privacy is to share data while protecting personally identifiable information. The fields of date security and information security design and utilize software, hardware and human resources to address this issue.