CHAPTER 6

Question 1

……….. explorer, risk taker, system innovator

Answer 1

Original meaning of hacker

Question 2

……………..someone who gains unauthorized access to
computers and computer network

Answer 2

Modern meaning of hacker

Question 3

Three other low-tech techniques for obtaining login names and passwords
are:

Answer 3

➢ Eavesdropping
➢ Dumpster diving
➢ Social engineering

Question 4

………………….such as simply looking over the shoulder of a legitimate
computer user to learn his login name and password, is a common way that
hackers gain access to computers.

Answer 4

Eavesdropping

Question 5

………………..means looking through garbage for interesting bits of
information. Companies typically do not put a fence around their dumpsters. In
midnight rummaging sessions, hackers have found user manuals, phone
numbers, login names, and passwords.

Answer 5

Dumpster diving

Question 6

…………….refers to the manipulation of a person inside the organization
to gain access to confidential information. Social engineering is easier in large
organizations where people do not know each other very well.

Answer 6

Social engineering

Question 7

Criminalizes wide variety of hacker-related activities

Answer 7

➢ Transmitting code that damages a computer
➢ Accessing any Internet-connected computer without authorization
➢ Transmitting classified government information
➢ Trafficking in computer passwords
➢ Computer fraud
➢ Computer extortion

Question 8

…………. hijacking of an open Web session by capturing a user’s cookie

Answer 8

Sidejacking

Question 9

T/F Sidejacking possible on unencrypted wireless networks because many
sites send cookies “in the clear”

Answer 9

T

Question 10

……….Piece of self-replicating code embedded within another program (host)

Answer 10

Virus

Question 11

How viruses spread?

Answer 11

➢ Diskettes or CDs
➢ Email
➢ Files downloaded from Internet

Question 12

Antivirus Software Packages

Answer 12

➢ Allow computer users to detect and destroy viruses
➢ Must be kept up-to-date to be most effective
➢ Many people do not keep their antivirus software packages up
to-date
➢ Consumers need to beware of fake antivirus applications

Question 13

………….. is a self-contained program that spreads through a computer
network by exploiting security holes in the computers connected to the
network

Answer 13

worm

Question 14

Conficker Worm

Answer 14

–Appeared 2008 on Windows computers–Particularly difficult to eradicate–Millions of copies of worm are circulating–Purpose of worm still unknown

Question 15

Another way malware may be downloaded without user’s knowledge–Problem appears on Web sites that allow people to read what others
have posted–Attacker injects client-side script into a Web site–Victim’s browser executes script, which may steal cookies, track user’s activity, or perform another malicious action

Answer 15

Cross-site Scripting

Question 16

–Unintentional downloading of malware caused by visiting a
compromised Web site–Also happens when Web surfer sees pop-up window asking permission
to download software and clicks “Okay”–Google Anti-Malware Team says 1.3 percent of queries to Google’s
search engine return a malicious URL somewhere on results page

Answer 16

Drive-by Downloads

Question 17

……………. A set of programs that provides privileged access to a computer

Answer 17

Rootkits

Question 18

…………..Program that communicates over an Internet connection without user’s knowledge or consent

➢ Monitor Web surfing
➢ Log keystrokes
➢ Take snapshots of computer screen
➢ Send reports back to host computer

Answer 18

Spyware

Question 19

………….Type of spyware that displays pop-up advertisements related
to user’s activity

Answer 19

Adware

Question 20

Defensive Measures

Answer 20

–Security patches: Code updates to remove security vulnerabilities–Anti-malware

tools: Software to scan hard drives, detect files that
contain viruses or spyware, and delete these files

Firewall: A software application installed on a single computer that
can selectively block network traffic to and from that computer

Question 21

………..Large-scale effort to gain sensitive information from gullible computer users

Answer 21

Phishing

Question 22

……………Variant of phishing in which addresses chosen
selectively to target particular group of recipients

Answer 22

Spear-phishing

Question 23

–Method of attacking a database-driven Web application with improper

security–Attack inserts (injects) SQL query into text string from client to application

–Application returns sensitive information

Answer 23

SQL Injection

Question 24

…………Intentional action designed to prevent
legitimate users from making use of a computer service

Answer 24

–Denial-of-service attack

Question 25

T/F Aim of a DoS attack is not to steal information but to disrupt a server’s ability to respond to its clients

Answer 25

T

Question 26

............DoS attack launched from many computers, such as a botnet

Answer 26

Distributed denial-of-service attack

Question 27

– well-known cyber crime incidents:

Answer 27

Jeanson James Ancheta: created a network of about 400,000 bots, including computers operated by the US Department of Defense. Adware companies, spammers, and others paid Ancheta for the use of these computers

Question 28

Benefits of Online Voting

Answer 28

–More people would vote –Votes would be counted more quickly –No ambiguity with electronic votes –Cost less money –Eliminate ballot box tampering –Software can prevent accidental over-voting –Software can prevent under-voting

Question 29

Risks of Online Voting

Answer 29

–More difficult to preserve voter privacy –More opportunities for vote selling –Obvious target for a DDoS attack –Security of election depends on security of home computers –Susceptible to vote-changing virus –No paper copies of ballots for auditing or recounts