Using MIS (10th Edition)
10th Edition
ISBN: 9780134606996
Author: David M. Kroenke, Randall J. Boyle
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Concept explainers
Question
Chapter 9, Problem 9.12CE9
Program Plan Intro
Cookies:
Cookies are an encrypted text file, which contains some message given by the Web browser to a Web server.
- The information about the web site is stored in the user’s computer with the help of cookies, and later, the web browser can retrieve that information.
- Main purpose of cookies is to analyze the user and customize the browser according to their needs.
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solutionStudents have asked these similar questions
Please walk me through an example of an attack against online authentication that takes use of cookies.
There are multiple ways to prevent from this spyware. There are some that should always keep in mind like disabling cookies, javascript for mail and news, use alternative tools of Internet Explorer, configuring personal firewalls or installing anti-virus.
[ your answer goes here ]
What may it mean if the deleting of these file were not recorded in the audit log? Provide at least 3 items with reasons.
[ your answer goes here ]
What is the impact/cost of auditing events?
[ your answer goes here ]
What is the impact/cost of not auditing events?
[ your answer goes here ]
Be sure to include at least two different kinds of cookies in this talk on internet security cookies.
Chapter 9 Solutions
Using MIS (10th Edition)
Ch. 9.3 - Prob. 1EGDQCh. 9.3 - Prob. 2EGDQCh. 9.3 - Prob. 3EGDQCh. 9.3 - Prob. 4EGDQCh. 9.6 - Prob. 1BFSQCh. 9.6 - Prob. 2BFSQCh. 9.6 - Prob. 3BFSQCh. 9.6 - Prob. 4BFSQCh. 9.9 - Prob. 1SGDQCh. 9.9 - Prob. 2SGDQ
Ch. 9.9 - Prob. 3SGDQCh. 9.9 - Prob. 4SGDQCh. 9.9 - Prob. 5SGDQCh. 9.9 - Prob. 9.1ARQCh. 9.9 - Prob. 9.2ARQCh. 9.9 - Prob. 9.3ARQCh. 9.9 - Prob. 9.4ARQCh. 9.9 - Prob. 9.5ARQCh. 9.9 - Prob. 9.6ARQCh. 9.9 - Prob. 9.8ARQCh. 9.9 - Prob. 9.9ARQCh. 9 - Prob. 9.1UYKCh. 9 - Prob. 9.2UYKCh. 9 - Prob. 9.3UYKCh. 9 - Prob. 9.4UYKCh. 9 - Prob. 9.5UYKCh. 9 - Prob. 9.6UYKCh. 9 - Prob. 9.7UYKCh. 9 - Prob. 9.8UYKCh. 9 - Prob. 9.9CE9Ch. 9 - Prob. 9.1CE9Ch. 9 - Prob. 9.11CE9Ch. 9 - Prob. 9.12CE9Ch. 9 - Prob. 9.13CE9Ch. 9 - Prob. 9.14CE9Ch. 9 - Prob. 9.15CE9Ch. 9 - Prob. 9.16CS9Ch. 9 - Prob. 9.17CS9Ch. 9 - Prob. 9.18CS9Ch. 9 - Prob. 9.19CS9Ch. 9 - Prob. 9.22MML
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- For the Agent Tesla malware, please write a short paragraph based on the given background and website info: Agent Tesla is a RAT that targets Windows operating systems. It is available for purchase on criminal forums as Malware-as-a-Service (MaaS). It has various capabilities depending on the version purchased, including capturing keystrokes and screenshots, harvesting saved credentials from web browsers, copying clipboard data, exfiltrating victim files, and loading other malware onto the host. https://www.cisecurity.org/insights/blog/top-10-malware-december-2022 Agent Tesla is an extremely popular spyware Trojan written for the .NET framework that has been observed since 2014 with many iterations since then. It is used to steal sensitive information from a victim’s device such as user credentials, keystrokes, clipboard data, credentials from browsers, and other information. This information can then be traded or used for business intelligence or ransom. Agent Tesla is most commonly…arrow_forwardPhishing is one kind of electronic con artistry, and it is possible to combine it with spoofing and a number of other methods. Other methods may also be utilised. Phishing may also be used on its own by alone. What are the most effective preventive measures that can be taken to stop fraudulent activities like phishing and spoofing from happening, and how can these measures be taken?arrow_forward1.To defeat XSS attacks, a developer decides to implement filtering on the browser side. Basically, the developer plans to add JavaScript code on each page, so before data are sent to the server, it filters out any JavaScript code contained inside the data. Let’s assume that the filtering logic can be made perfect. Can this approach prevent XSS attacks? 2.What are the differences between XSS and CSRF attacks? 3.Can the secret token countermeasure be used to defeat XSS attacks? 4.Can the same-site cookie countermeasure for CSRF attacks be used to defeat XSS at- tacks? 5.To filter out JavaScript code from user input, can we just look for script tags, and remove them? If you can modify browser’s behavior, what would you add to browser, so you can help reduce the risks of XSS attacks?arrow_forward
- For the RogueRaticate malware, please write a short paragraph based on the given background and website info: The RogueRaticate campaign, otherwise known as FakeSG, was spotted by Proofpoint in May 2023 but its activity may date back to November 2022. It's the first major fake-browser-update campaign to emerge since SocGholish and typically leads to the NetSupport RAT being installed on the victim's machine. A month later in June, the first activity from the ZPHP campaign, also known as SmartApeSG, was spotted and finally made public in August by Trellix. Like RogueRaticate, ZPHP also most often leads to the installation of NetSupport RAT, which has been infecting machines since around 2017, according to SentinelOne. The most recent of the four campaigns is ClearFake, which was first spotted in July and made public in August by researcher Randy McEoin. Proofpoint characterized ClearFake as a campaign that drops infostealer malware and is able to tailor lures not just by the user's…arrow_forwardMake a distinction between spoofing and session hijacking. In the case that you're a web user, what are some of the countermeasures you use to protect yourself against session hijacking?arrow_forwardAs stated, third party cookies usually do not contain in themselves, data that identifies you as a particular person. However, Amazon, Facebook, and other first party cookie vendors know who you are because you signed in. Only one of them needs to reveal your identity to the ad server and your identity can then be correlated with your IP address. At that point, the ad server and potentially all its clients know who you are. /are you concerned about the invasion of your privacy that third-party cookies enable? Explain your answer.arrow_forward
- For the SpinOK malware, please write a short paragraph based on the given background and website info: - the date of the first incident’s report - How does it work, - How one should protect his/her system against this malware - If infected, how one can cope with that? Is there any solution? Doctor Web discovered an Android software module with spyware functionality. It collects information on files stored on devices and is capable of transferring them to malicious actors. It can also substitute and upload clipboard contents to a remote server. Dubbed Android.Spy.SpinOk in accordance with Dr.Web classification, this module is distributed as a marketing SDK. Developers can embed it into all sorts of apps and games, including those available on Google Play. On the surface, the SpinOk module is designed to maintain users’ interest in apps with the help of mini games, a system of tasks, and alleged prizes and reward drawings. Upon initialization, this trojan SDK connects to a C&C…arrow_forwardIn this section, you may expect to learn in depth about at least four various kinds of cookies, as well as how cookies affect the safety of the internet.arrow_forwardThere has to be a lengthy discussion on cookies, especially at least two different kinds of cookies, and their influence on internet safety.arrow_forward
- It is necessary to have an in-depth discussion on cookies, specifically at least two distinct types of cookies, and the effect that they have on the safety of the internet.arrow_forwardFirst, argue for the best information security practice, whether a block cipher or stream cipher should be used to encrypt a video data file sent through the internet as part of a major, successful entertainment service. The entertainment company has a large market share, and ample resources. Secondly, argue for the most secure choice of which kind of cipher should be used for the authentication exchange between the user and the entertainment service web portal. The entertainment service is expensive to the customer, and users are wary of the misuse of their accounts. Consider the nature of the traffic and its pattern, and the nature of the keys to use.arrow_forward"Zero-day assaults" are a kind of cyberattack that is so novel that it has yet to be categorized on the Internet or for which a patch has been developed. If you have any spare time, look into online zero-day attacks. Explain in detail a few zero-day attacks.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning