IST 233 Lecture Notes - Lecture 7: Information Security, Malware, Computer Worm
Document Summary
Su penetration testing: used to access internal infosec practices, one aspect was to access the security practices and vulnerabilities of su- its employees. Most su faculty and staff have grown accustomed to processing e-mail on personally- owned mobile devices, including smartphones and tablets. Since e-mail often includes sensitive info, there is a big enterprise risk if a phone is lost/stolen. Stuxnet: computer worm discovered in 2010, targeted control systems for iranian nuclear centrifuges, caused them to spin out of control. Zero day exploit: exploits vulnerabilities before developer of software knew they were there. Real world of security: personal finance, commerce, ransom ware attack: code is put in software and company is threate(cid:374)ed if they do(cid:374)"t pay the code will release the payload, privacy. Freedom of press: example is ny times, washington post, etc have been hacked by people believed to have ties to gov.