Andy Kolden

Information Security

Chapter 8 (pages 496-497)

 

Exercises

1)      Go to Amazon.com and place several things in your cart then check out.  When you reach the screen that asks for your credit card number, right-click on the web browser and select “Properties.”  What can you find out about the cryptosystems and protocols in use to protect this transaction?

-          Something that I found out about the cryptosystems was that it was using an Hypertext Transfer Protocol with a very high encryption.  I didn’t really think that they would use anything else in this case because this is the best way to protect the number of end users that they have daily. 

 

2)      Repeat step 1 on a different site (Nike).  What are the differences? 

-          There are really no differences at least that I can notice.  I found out about the cryptosystems was that it was using an Hypertext Transfer Protocol with a very high encryption.  I didn’t really think that they would use anything else in this case because this is the best way to protect the number of end users that they have daily. 

 

Case Exercises

1)      Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?

-          Obviously he was exaggerating but it would take it very  long time for him to crack something like this.  It is a very protected file system and for him to hack into it, it could quite honestly take him multiple years to crack.

 

2)      Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase?

-          There probably are some things that he could sue to recover his passphrase but the PKI system seems like it would be the best possible route to go when doing something like this.  The PKI system is an expensive route to go but it is the most secure and probably the quickest way to figure out something like this.

 

Ethical Decision Making

1)      Would the use of such a tool be an ethical violation on Charlie’s part?  Is it illegal?

-          It would be unethical just for the fact that he did all of this without telling Peter but I’m sure Peter would not care at all.  It is probably not illegal since he hired him to figure this out but it could be illegal because he is downloading information that is not his and does not belong with him.

 

2)      Is such a “little white lie” an ethical action on Charlie’s part?

-          It probably is not ethical but he does not have to tell Peter about what he had to do to get this done for him.  He got the approval from people that are cleared to make decisions like this and he also got signatures, so I would say that it is not unethical but he could have just told Peter what he was going to do.