To see the other types of publications on this topic, follow the link: Computer hackers.
Dissertations / Theses on the topic 'Computer hackers'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 43 dissertations / theses for your research on the topic 'Computer hackers.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Wilmes, Justin Allen. "The Red Scare: The Evolution and Impact of Russian Computer Hackers." Miami University Honors Theses / OhioLINK, 2006. http://rave.ohiolink.edu/etdc/view?acc_num=muhonors1146055290.
Full text
2
Dalwadi, Chintan. "Network and data security." Birmingham, Ala. : University of Alabama at Birmingham, 2006. http://www.mhsl.uab.edu/dt/2006m/dalwadi.pdf.
Full text
3
Imhof, Robert. "Cyber crime and telecommunications law /." Online version of thesis, 2010. http://hdl.handle.net/1850/12268.
Full text
4
Rota, Andrea. "Hacking the Web 2.0 : user agency and the role of hackers as computational mediators." Thesis, London School of Economics and Political Science (University of London), 2016. http://etheses.lse.ac.uk/3313/.
Full textAbstract:
This thesis studies the contested reconfigurations of computational agency within the domain of practices and affordances involved in the use of the Internet in everyday life (here labelled lifeworld Internet), through the transition of the Internet to a much deeper reliance on computation than at any previous stage. Computational agency is here considered not only in terms of capacity to act enabled (or restrained) by the computational layer but also as the recursive capacity to reconfigure the computational layer itself, therefore in turn affecting one’s own and others’ computational agency. My research is based on multisited and diachronic ethnographic fieldwork: an initial (2005–2007) autoethnographic case study focused on the negotiations of computational agency within the development of a Web 2.0 application, later (2010–2011) fieldwork interviews focused on processes through which users make sense of the increasing pervasiveness of the Internet and of computation in everyday life, and a review (2010–2015) of hacker discourses focused on tracing the processes through which hackers constitute themselves as a recursive public able to inscribe counter–narratives in the development of technical form and to reproduce itself as a public of computational mediators with capacity to operate at the intersection of the technical and the social. By grounding my enquiry in the specific context of the lifeworlds of individual end users but by following computational agency through global hacker discourses, my research explores the role of computation, computational capacity and computational mediators in the processes through which users ‘hack’ their everyday Internet environments for practical utility, or develop independent alternatives to centralized Internet services as part of their contestation of values inscribed in the materiality of mainstream Internet.
5
Artore, Diane. "Honeynet design and implementation." Thesis, Atlanta, Ga. : Georgia Institute of Technology, 2007. http://hdl.handle.net/1853/22614.
Full text
6
Howell, Christian Jordan-Michael. "The Restrictive Deterrent Effect of Warning Banners in a Compromised Computer System." Scholar Commons, 2016. http://scholarcommons.usf.edu/etd/6259.
Full textAbstract:
System trespassing, which refers to the unauthorized access of computer systems, has rapidly become a worldwide phenomenon. Despite growing concern, criminological literature has paid system trespassing little attention. The current study utilizes data gathered from a Chinese computer network to examine system trespasser behavior after exposure to one of three warning messages: an altruistic message used for moral persuasion (warning 1), a legal sanction threat (warning 2), and an ambiguous threat (warning 3). More specifically, the current study examines the temporal order of various keystroke commands to determine if some keystroke commands are used as a tactical skill to avoid detection. The results of a series of bivariate cross-tabulations show that encountering a standard legal threat or ambiguous threat increase the early use of reconnaissance commands; however, these findings were not pronounced enough to gain statistical significance. Since the current study is the first known test of particularistic restrictive deterrence in cyberspace it informs those working in cyber security, whilst expanding the scope of the theory.
7
Oswald, Kathleen Frazer. "Hacking subject, subjecting hacking crisis in technoculture /." Click here for download, 2006. http://wwwlib.umi.com/cr/villanova/fullcit?p1432838.
Full text
8
Levine, John G. (John Glenn). "A Methodology for Detecting and Classifying Rootkit Exploits." Diss., Georgia Institute of Technology, 2004. http://hdl.handle.net/1853/5139.
Full textAbstract:
A Methodology for Detecting and Classifying Rootkit Exploits
John G. Levine
164 Pages
Directed by Dr. Henry L. Owen
We propose a methodology to detect and classify rootkit exploits. The goal of this research is to provide system administrators, researchers, and security personnel with the information necessary in order to take the best possible recovery actions concerning systems that are compromised by rootkits. There is no such methodolgoy available at present to perform this function. This may also help to detect and fingerprint additional instances and prevent further security instances involving rootkits. A formal framework was developed in order to define rootkit exploits as an existing rootkit, a modification to an exisiting, or an entirely new rootkit. A methodology was then described in order to apply this framework against rootkits that are to be investigated. We then proposed some new methods to detect and characterize specific types of rootkit exploits. These methods consisted of identifying unique string signatures of binary executable files as well as examining the system call table within the system kernel. We established a Honeynet in order to aid in our research efforts and then applied our methodology to a previously unseen rootkit that was targeted against the Honeynet. By using our methodology we were able to uniquely characterize this rootkit and identify some unique signatures that could be used in the detection of this specific rootkit. We applied our methodolgy against nine additional rootkit exploits and were were able to identify unique characterstics for each of these rootkits. These charactersitics could also be used in the prevention and detection of these rootkits.
9
Gupta, Nirbhay. "Determining the effectiveness of deceptive honeynets." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2003. https://ro.ecu.edu.au/theses/1303.
Full textAbstract:
Over the last few years, incidents of network based intrusions have rapidly increased, due to the increase and popularity of various attack tools easily available for download from the Internet. Due to this increase in intrusions, the concept of a network defence known as Honeypots developed. These honeypots are designed to ensnare attackers and monitor their activities. Honeypots use the principles of deception such as masking, mimicry, decoying, inventing, repackaging and dazzling to deceive attackers. Deception exists in various forms. It is a tactic to survive and defeat the motives of attackers. Due to its presence in the nature, deception has been widely used during wars and now in Information Systems. This thesis considers the current state of honeypot technology as well as describes the framework of how to improve the effectiveness of honeypots through the effective use of deception. In this research, a legitimate corporate deceptive network is created using Honeyd (a type of honeypot) which is attacked and improved using empirical learning approach. The data collected during the attacking exercise were analysed, using various measures, to determine the effectiveness of the deception in the honeypot network created using honeyd. The results indicate that the attackers were deceived into believing the honeynet was a real network which instead was a deceptive network.
10
Kelly, Nicholas M. "The freedom of information hacked: console cowboys, computer wizards, and personal freedom in the digital age." Diss., University of Iowa, 2016. https://ir.uiowa.edu/etd/6778.
Full textAbstract:
“The Freedom of Information Hacked: Console Cowboys, Computer Wizards, and Personal Freedom in the Digital Age” examines depictions of computer hackers in fiction, the media, and popular culture, assessing how such depictions both influence and reflect popular conceptions of hackers and what they do. In doing so, the dissertation demonstrates the central concerns of hacker stories—concerns about digital security, privacy, and the value of information—have become the concerns of digital culture as a whole, hackers laying bare collective hopes and fears regarding digital networks.
11
Lobo, Desmond. "Rapid identification of rootkit infections using data mining." Thesis, University of Ballarat, 2010. http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/44308.
Full textAbstract:
"The main part of this thesis presents a new approach to the topic of conjugation, with applications to various optimization problems. It does so by introducing (what we call) G-coupling functions."Doctor of Philsophy
12
DiGiusto, Dennis Michael. "A protection motivation theory approach to home wireless network security in New Zealand establishing if groups of concerned wireless network users exist and exploring characteristics of behavioral intention : submitted to the School of Information Management, Victoria University of Wellington in partial fulfilment of the requirements for the degree of Master of Information Management /." ResearchArchive@Victoria e-Thesis, 2008. http://hdl.handle.net/10063/1148.
Full text
13
Buys, Stephanus. "Log analysis aided by latent semantic mapping." Thesis, Rhodes University, 2013. http://hdl.handle.net/10962/d1002963.
Full textAbstract:
In an age of zero-day exploits and increased on-line attacks on computing infrastructure, operational security practitioners are becoming increasingly aware of the value of the information captured in log events. Analysis of these events is critical during incident response, forensic investigations related to network breaches, hacking attacks and data leaks. Such analysis has led to the discipline of Security Event Analysis, also known as Log Analysis. There are several challenges when dealing with events, foremost being the increased volumes at which events are often generated and stored. Furthermore, events are often captured as unstructured data, with very little consistency in the formats or contents of the events. In this environment, security analysts and implementers of Log Management (LM) or Security Information and Event Management (SIEM) systems face the daunting task of identifying, classifying and disambiguating massive volumes of events in order for security analysis and automation to proceed. Latent Semantic Mapping (LSM) is a proven paradigm shown to be an effective method of, among other things, enabling word clustering, document clustering, topic clustering and semantic inference. This research is an investigation into the practical application of LSM in the discipline of Security Event Analysis, showing the value of using LSM to assist practitioners in identifying types of events, classifying events as belonging to certain sources or technologies and disambiguating different events from each other. The culmination of this research presents adaptations to traditional natural language processing techniques that resulted in improved efficacy of LSM when dealing with Security Event Analysis. This research provides strong evidence supporting the wider adoption and use of LSM, as well as further investigation into Security Event Analysis assisted by LSM and other natural language or computer-learning processing techniques.LaTeX with hyperref package
Adobe Acrobat 9.54 Paper Capture Plug-in
14
Bilan, Carolina, and Carl Hedberg. "Säkerhetshot och lösningar för privatpersoner med bredband." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2001. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-1491.
Full textAbstract:
As more and more people gain access to broadband in their properties, the security threats get bigger. A lot more people also have computers that they carry home from work where they store important information concerning the company. The information stored on theese computers can be very easy to retrieve if you have the will and the skill to do it. Very few people have any knowledge how to protect themselves from theese threats.
15
Paulo, Luis Gonzaga de. "Um modelo complementar para aprimorar a segurança da informação no SDLC para dispositivos móveis: SDD - security driven development." Universidade Tecnológica Federal do Paraná, 2015. http://repositorio.utfpr.edu.br/jspui/handle/1/1895.
Full textAbstract:
O uso de dispositivos móveis por um número cada vez maior de pessoas, e em um número crescente de atividades que requerem mais segurança da informação, coloca em evidência a necessidade de prover segurança nos softwares desse ambiente. O aspecto de segurança da informação em dispositivos móveis é preocupante. Entretanto os modelos utilizados pela indústria de software – e os encontrados na literatura atual - no desenvolvimento de aplicações móveis com requisitos de segurança da informação de alto nível ainda não respondem às necessidades de mais segurança reclamadas pelos usuários. O presente estudo considera que tais modelos podem ser melhorados com o incremento de métodos e técnicas específicas, algumas já utilizadas com sucesso no desenvolvimento de aplicações desktop ou não voltadas para o ambiente de dispositivos móveis. Este trabalho propõe a inclusão de abordagem de segurança da informação no início do ciclo de vida do desenvolvimento de software, a partir do estudo das ameaças e vulnerabilidades, da aplicação antecipada dos casos de abuso – aqui chamados de casos de uso impróprio, da análise de risco, dos testes de segurança baseados no risco e do uso de máquinas de ataque nos testes de segurança durante o processo de desenvolvimento do software. Para alcançar o objetivo desta pesquisa, os modelos mais conhecidos e utilizados no ciclo de vida do desenvolvimento de software são analisados do ponto de vista da segurança da informação, e uma nova abordagem é proposta por meio do uso de um modelo complementar de desenvolvimento de software voltado para a segurança. Alguns modelos de artefatos são apresentados e um estudo de caso aplicando os conceitos tratados na pesquisa é utilizado com o intuito de avaliar as principais contribuições discutidas no texto, e também alguns dos resultados preliminares obtidos com a realização do trabalho de pesquisa.The increasingly wide and intense use of mobile devices - whose processing and storage capacity grows almost overcoming the desktops - exposes greatly issues relating to information security in this environment. This is a worrying fact. However, the models currently found in the literature and used by software industry in developing mobile applications with the highest information security requirements are not yet answering users’ needs for more security, and may be improved adding specific methods or techniques, sometimes already used in desktop - or not mobile ones - applications development. This work proposes to insert information security approach early in the software development life cycle using threats and vulnerabilities study, the early application of abuse case - also called misuse cases, the risk analysis, the risk based security test and the use of attack machines in the development process. To reach the research goal, this work analyzed usual models used on SDLC from the information security point of view, and presents a new approach thru the use of a security driven development complementary model. The work also presents some templates and uses a case study for apply the concepts and evaluate the main contributions discussed in the text, also as the preliminary results obtained on the research.
16
Almeida, Fernanda Albuquerque de. "Machinima: entre a narrativa e a experimentação." Universidade de São Paulo, 2014. http://www.teses.usp.br/teses/disponiveis/93/93131/tde-24042015-164451/.
Full textAbstract:
Desde os primeiros filmes realizados em jogos digitais nos anos 1990, a noção de machinima vem sendo associada às convenções do cinema clássico. Com isso, ela falha em abranger a diversidade das obras audiovisuais produzidas em ambientes virtuais interativos em tempo real. Assim, o presente estudo busca contribuir com uma melhor compreensão dessa noção, através da análise interpretativa dos seus filmes experimentais e da bibliografia específica. Ele também pretende colaborar com a sua expansão como meio de comunicação e expressão artística. Em um primeiro momento, busca-se evidenciar a associação da noção de machinima com o cinema clássico, através da apresentação dos filmes relevantes durante a sua história e também de uma análise interpretativa das primeiras publicações teóricas. A partir dessa constatação, são apresentadas práticas audiovisuais precedentes e filmes experimentais realizados nos seus anos iniciais. Em seguida, pretende-se demonstrar que o afastamento da narrativa representado pelas obras experimentais de machinima abre espaço para a identificação de outros elementos que possam colaborar com um entendimento mais aprofundado da sua noção. Dessa forma, as seguintes características são apresentadas e analisadas em relação a essa ideia: a performance, a intervenção e o registro. Essa aproximação é prosseguida pela análise interpretativa dos filmes Formation (Difference and Repetition), de Baden Pailthorpe, 30 Seconds or More One Animation a Day, de Victor Morales e Abstract Livecoded Machinima (Missile Command), de David Griffiths. Ao enfatizar as obras experimentais de machinima, a proposta deste estudo é evidenciar que há uma diversidade de caminhos, entre a narrativa e a experimentação, a serem percorridos pelos artistas com machinima e que a sua noção deve abranger a pluralidade dessas produções audiovisuais.Since the first films accomplished in digital games in the 1990s, the concept of machinima has been associated to the conventions of classical cinema. Therewith, it fails to embrace the diversity of audiovisual works produced in real-time interactive virtual environments. Therefore, this study aims to contribute to a deepen comprehension of this concept through an interpretative analysis of its experimental films and also of the specific bibliography. It also intends to collaborate with its expansion as a communication and an artistic expression medium. First, it is aimed to evince the association of the idea of machinima with the classical cinema, through the presentation of the relevant films of its history and also through an interpretative analysis of the first theoretical publications. From this verification, the previous audiovisual practices and experimental movies accomplished in its first years are presented. Then, it is intended to demonstrate that the distance from narrative represented by the experimental works in machinima makes room for the identification of other features that may collaborate to a deepening understanding of its concept. Thus, the following features are presented and analyzed in relation to this idea: the performance, the intervention, and the record. This approximation is followed by the interpretative analysis of the films Formation (Difference and Repetition), by Baden Pailthorpe, 30 Seconds or More One Animation a Day, by Victor Morales, and Abstract Livecoded Machinima (Missile Command), by David Griffiths. By emphasizing the experimental works in machinima, the proposal of this study is to evince that there is a diversity of paths, between the narrative and the experimentation, to go through by the artists with machinima. Thus, its concept must include the plurality of these audiovisual productions.
17
Krutisch, Dorothee. "Strafbarkeit des unberechtigten Zugangs zu Computerdaten und -systemen /." Frankfurt am Main [u.a.] : Lang, 2004. http://www.gbv.de/dms/spk/sbb/recht/toc/376082763.pdf.
Full text
18
Ogbanufe, Obiageli. "Three Essays on Information Security Risk Management." Thesis, University of North Texas, 2018. https://digital.library.unt.edu/ark:/67531/metadc1157576/.
Full textAbstract:
Today's environment is filled with the proliferation of cyber-attacks that result in losses for organizations and individuals. Hackers often use compromised websites to distribute malware, making it difficult for individuals to detect. The impact of clicking through a link on the Internet that is malware infected can result in consequences such as private information theft and identity theft. Hackers are also known to perpetrate cyber-attacks that result in organizational security breaches that adversely affect organizations' finances, reputation, and market value. Risk management approaches for minimizing and recovering from cyber-attack losses and preventing further cyber-attacks are gaining more importance. Many studies exist that have increased our understanding of how individuals and organizations are motivated to reduce or avoid the risks of security breaches and cyber-attacks using safeguard mechanisms. The safeguards are sometimes technical in nature, such as intrusion detection software and anti-virus software. Other times, the safeguards are procedural in nature such as security policy adherence and security awareness and training. Many of these safeguards fall under the risk mitigation and risk avoidance aspects of risk management, and do not address other aspects of risk management, such as risk transfer. Researchers have argued that technological approaches to security risks are rarely sufficient for providing an overall protection of information system assets. Moreover, others argue that an overall protection must include a risk transfer strategy. Hence, there is a need to understand the risk transfer approach for managing information security risks. Further, in order to effectively address the information security puzzle, there also needs to be an understanding of the nature of the perpetrators of the problem – the hackers. Though hacker incidents proliferate the news, there are few theory based hacker studies. Even though the very nature of their actions presents a difficulty in their accessibility to research, a glimpse of how hackers perpetrate attacks can be obtained through the examination of their knowledge sharing behavior. Gaining some understanding about hackers through their knowledge sharing behavior may help researchers fine-tune future information security research. The insights could also help practitioners design more effective defensive security strategies and risk management efforts aimed at protecting information systems. Hence, this dissertation is interested in understanding the hackers that perpetrate cyber-attacks on individuals and organizations through their knowledge sharing behavior. Then, of interest also is how individuals form their URL click-through intention in the face of proliferated cyber risks. Finally, we explore how and why organizations that are faced with the risk of security breaches, commit to cyberinsurance as a risk management strategy. Thus, the fundamental research question of this dissertation is: how do individuals and organizations manage information security risks?
19
Withers, Kim. "A Psychosocial Behavioral Attribution Model: Examining the Relationship Between the “Dark Triad” and Cyber-Criminal Behaviors Impacting Social Networking Sites." Diss., NSUWorks, 2019. https://nsuworks.nova.edu/gscis_etd/1072.
Full textAbstract:
This study proposes that individual personality characteristics and behavioral triggering effects come together to motivate online victimization. It draws from psychology’s current understanding of personality traits, attribution theory, and criminological research. This study combines the current computer deviancy and hacker taxonomies with that of the Dark Triad model of personality mapping. Each computer deviant behavior is identified by its distinct dimensions of cyber-criminal behavior (e.g., unethical hacking, cyberbullying, cyberstalking, and identity theft) and analyzed against the Dark Triad personality factors (i.e., narcissism, Machiavellianism, and psychopathy). The goal of this study is to explore whether there are significant relationships among the Dark Triad personality traits and specific cyber-criminal behaviors within social network sites (SNSs).
The study targets offensive security engineers and computer deviants from specific hacker conferences and from websites that discuss or promote computer deviant behavior (e.g., hacking). Additional sampling is taken from a general population of SNS users. Using a snowball sampling method, 235 subjects completed an anonymous, self-report survey that includes items measuring computer deviance, personality traits, and demographics. Results yield that there was no significant relationship between Dark Triad and cyber-criminal behaviors defined in the perceived hypotheses.
The final chapter of the study summarizes the results and discusses the mechanisms potentially underlying the findings. In the context of achieving the latter objective, exploratory analyses are incorporated and partly relied upon. It also includes a discussion concerning the implications of the findings in terms of providing theoretical insights on the Dark Triad traits and cyber-criminal behaviors more generally.
20
Kisakye, Alex. "An investigation into information security practices implemented by Research and Educational Network of Uganda (RENU) member institution." Thesis, Rhodes University, 2012. http://hdl.handle.net/10962/d1004748.
Full textAbstract:
Educational institutions are known to be at the heart of complex computing systems in any region in which they exist, especially in Africa. The existence of high end computing power, often connected to the Internet and to research network grids, makes educational institutions soft targets for attackers. Attackers of such networks are normally either looking to exploit the large computing resources available for use in secondary attacks or to steal Intellectual Property (IP) from the research networks to which the institutions belong. Universities also store a lot of information about their current students and staff population as well as alumni ranging from personal to financial information. Unauthorized access to such information violates statutory requirement of the law and could grossly tarnish the institutions name not to mention cost the institution a lot of money during post-incident activities. The purpose of this study was to investigate the information security practices that have been put in place by Research and Education Network of Uganda (RENU) member institutions to safeguard institutional data and systems from both internal and external security threats. The study was conducted on six member institutions in three phases, between the months of May and July 2011 in Uganda. Phase One involved the use of a customised quantitative questionnaire tool. The tool - originally developed by information security governance task-force of EDUCAUSE - was customised for use in Uganda. Phase Two involved the use of a qualitative interview guide in a sessions between the investigator and respondents. Results show that institutions rely heavily on Information and Communication Technology (ICT) systems and services and that all institutions had already acquired more than three information systems and had acquired and implemented some of the cutting edge equipment and systems in their data centres. Further results show that institutions have established ICT departments although staff have not been trained in information security. All institutions interviewed have ICT policies although only a few have carried out policy sensitization and awareness campaigns for their staff and students.TeX
21
Watkins, Trevor U. "Is Microsoft a Threat to National Security? Policy, Products, Penetrations, and Honeypots." Connect to resource online, 2009. http://rave.ohiolink.edu/etdc/view?acc_num=ysu1244659206.
Full text
22
Olofsson, Ammy. "Computer-human relation through glass : a part of the masters project “Growing Computers, Connecting Bodies, Cutting the Cord”." Thesis, Konstfack, Keramik & Glas, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:konstfack:diva-6287.
Full textAbstract:
In this master project I investigate materiality, transhumanism and alternative ways of producing knowledge and new discussions in the fields of glass craft, electronics and biotechnology. I make do-it-yourself glass computers and explore the relation between body/human-machine/computer with a hacker approach.
23
Rheinberg, Falko, and Nadine Tramp. "Anreizanalyse intensiver Freizeitnutzung von Computern : Hacker, Cracker und zweckorientierte Nutzer." Universität Potsdam, 2006. http://opus.kobv.de/ubp/volltexte/2008/1830/.
Full textAbstract:
Was bringt intensive Computernutzer dazu, ihre Freizeit am Rechner zu verbringen, und gibt es hierbei Unterschiede zwischen verschiedenen Nutzertypen? N = 271 Personen nahmen an einer online Befragung zu Anreizen freizeitlicher Computernutzung teil. Durch ausgewählte Internetverteiler waren gezielt besonders engagierte Computernutzer angesprochen worden (M = 3,9 Freizeitstunden am Rechner pro Tag). Für diese Nutzer fanden sich (in der Reihenfolge ihres Gewichtes) folgende Anreizfaktoren: Zugehörigkeit/Gemeinschaft; Kompetenzerleben; Vielseitigkeit/Nutzen; Langeweilevermeidung; rebellische Illegalitätstendenz. Gruppiert nach ihren bevorzugten Nutzungsweisen fanden sich drei Nutzertypen: Zweckorientierte Nutzer (58%), Hacker (= Eindringen in fremde Systeme ohne Schädigungsabsicht, 22%) und Cracker (Eindringen mit Schädigungsabsicht, 20%). Diese Nutzertypen unterschieden sich deutlich in ihrem Anreizprofil. Hacking und Cracking, nicht aber zweckorientierte Nutzungsweisen waren korreliert mit Flow-Erleben und positiver Aktivierung am Rechner. Die Ergebnisse sind nicht repräsentativ für alle Freizeitnutzer. Sie beziehen sich auf eine gezielt rekrutierte Stichprobe besonders engagierter Computernutzer, die über spezifische Netzwerke (z. B. relevante Fachschaften, Chaos Computer Club) erreichbar sind.
24
Уткіна, Марина Сергіївна, Марина Сергеевна Уткина, and Maryna Serhiivna Utkina. "Computer hacking - high-tech crime." Thesis, Сумський державний університет, 2012. http://essuir.sumdu.edu.ua/handle/123456789/42835.
Full textAbstract:
В роботі проаналізовано злочини із використанням комп’ютерів зважаючи на технічний прогрес. Також визначено поняття "хакер" та наведені шляхи, як захистити себе від хакерів.В работе проанализированы преступления с использованием компьютеров несмотря на технический прогресс. Также определено понятие "хакер" и приведены пути, как защитить себя от хакеров.
The work analyzed crimes using computers in view of technical progress. Also the term "hacker" was given and there were defined ways to protect yourself from hackers.
25
Zadig, Sean M. "Understanding the Impact of Hacker Innovation upon IS Security Countermeasures." NSUWorks, 2016. http://nsuworks.nova.edu/gscis_etd/976.
Full textAbstract:
Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace.
Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining to the defeat of IS security countermeasures. This research sought to understand the manner in which hackers diffuse innovations within these communities. Employing a multi-site, positivist case study approach of four separate hacking communities, the study examined how hackers develop, communicate, and eventually adopt these new techniques and tools, so as to better inform future attempts at mitigating these attacks. The research found that three classes of change agents are influential in the diffusion and adoption of an innovation: the developer/introducer of the innovation to the community, the senior member of a community, and the author of tutorials. Additionally, the research found that three innovation factors are key to successful diffusion and adoption: the compatibility of the innovation to the needs of the community, the complexity of the innovation, and the change in image conferred upon the member from adopting the innovation. The research also described the process by which innovations are adopted within the hacking communities and detailed phases in this process which are unique to these communities.
26
Rochefort, Guillaume. "Collaborative Chaos: Symbiotic Physical and Virtual Resistance to Pervasive Surveillance." Thesis, Université d'Ottawa / University of Ottawa, 2021. http://hdl.handle.net/10393/42183.
Full textAbstract:
The scale of modern surveillance and the debate surrounding its nature have become
expansively complex. Consequently, the field of communication and surveillance studies
represent a critical area of scholarship with interwoven academic, policy and social
implications. This thesis, a critical ideological study of modern surveillance founded upon
an empirical study, draws on participant observation, militant ethnography and semistructured interviews as research methods. From a participant insider perspective, it
explores and interprets the experiences, meanings and views of counter-surveillance
actors targeted by surveillance based on participant observation and militant ethnography
conducted during the 2017 Chaos Communication Congress in Leipzig and the 2019
Chaos Communication Camp in Mildenberg, Germany. Drawing on Jeffrey Juris’ militant
ethnography and based on the participants’ own experiences in resisting modern
surveillance, I focus on the lessons learned from those belonging to the third-wave of
privacy activism. Through their personal experiences, this research reveals control
strategies, lessons learned and views of privacy activists, hacktivists and civic-hackers on
the state of modern surveillance. This thesis concludes that the current symbiotic nature of
the state-corporate surveillance and disinformation nexus means any legislative solution to
be unlikely.
27
Palmqvist, Stefan. "Social-engineering ett hot mot informationssäkerheten?" Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-1993.
Full textAbstract:
Den här rapporten tar upp ett annorlunda hot mot informationssäkerheten, som inte hårdvara
eller mjukvara kan stoppa. Detta hot kallas för social-engineering, och det som gör detta hot
farligt är att de anställda och chefer i en organisation, kan hjälpa utövaren av socialengineering
utan att de själva vet om det.
Det går inte att förhindra att dessa attacker sker, men man kan förhindra de negativa
konsekvenserna av en sådan attack. Denna rapport tar upp hur man ska göra för att en
organisation ska kunna fortsätta med sin verksamhet, efter en attack av social-engineering. I
värsta fall kan en attack av social-engineering innebära att ett företag aldrig återhämtar sig.
Detta kan bero på att organisationen har förlorat alla sina kunder, förlorat marknads andelar,
eller för att de ansvariga och viktiga personerna i organisationen har blivit dömda för
oaktsamhet och sitter i fängelse.
Denna rapport ska informera och få er att vara uppmärksamma och medvetna om dessa
hot, som ni kanske inte vet finns. Ni ska få kunskap och lära er känna igen de olika
förklädnaderna en utövare av social-engineering antar.
This paper discusses a different threat against information security, which can not be
prevented by either hardware or software. This Threat is called social engineering and the
main issue that makes this threat so dangerous is that the victims, like executives and the
employees in an organization are not aware that they actually helps the practician of social
engineering.
These attacks can not be avoided, but there is a way to prevent negative consequences of
such an attack. This paper discusses how an organization can manage to continue with the
activity, despite an attack of social engineering. In worse case the scenarios of an attack of
social engineering can mean that an organization never fully recovers. The different scenarios
of this can be as following. The organization could lose all the clients, they could have lost
market share or the responsible important people in the organization could be convicted and
sent to jail.
This paper will make you aware of these threats that you might even don’t know exists.
You will be given the knowledge to be able to recognize de different disguises a practician of
social engineering can assume.
28
Wallström, Andreas, and Mohammad-Ali Omer. "Implementing Security Techniques to Lower the Probability of IoT-devices Getting Hacked." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-259359.
Full textAbstract:
IoT security is something that is becoming more important with the exponential growing number of IoT devices. It is important to find methods that can make IoT devices more secure and are feasible to install and use. This paper investigates how effective the security features geographical IP based blocking (GeoIP) and a limit on the number of allowed sign-in attempts to a server (fail2ban) are at reducing the number of successful hacker attacks. By launching honeypots with and without these security features data was collected about the number of hacking attempts. The results shows that the GeoIP security feature can reduce attacks by roughly 93% and that fail2ban can reduce the attacks by 99%. Further work in this field is encouraged to create better GeoIP tools and to better understand the potential for these security techniques on a larger scale.IoT-säkerhet är ett fält med en allt mer ökad relevans i dagens samhälle i och med den exponentialla tillväxten av IoT-enheter. Det är viktigt att hitta metoder som kan göra IoT-enheter säkrare och är enkla att installera och använda. Den här rapporten undersöker hur effektiva geografiskt baserad IP-blockningar (GeoIP) och en begränsning i antalet tillåtna inloggningsförsök till en server (fail2ban) kan vara i att minska antalet lyckade attacker mot IoT-enheter. Genom att sätta upp honeypots med och utan de tidigare nämnda säkerhetsfunktionerna kunda vi samla data på hur de påverkade antalet attacker. Resultaten visade att GeoIP reducerade antalet med ungefär 93% och att fail2ban reducerade antalet med ungefär 99%. Framtida arbete inom detta fält kan vara att skapa en snabbare och mer simpel GeoIP modul och att försöka förstå hur dessa säkerhetstekniker kan påverka IoT-enheter i en större skala.
29
Ottosson, Henrik, and Per Lindquist. "Penetration testing for the inexperienced ethical hacker : A baseline methodology for detecting and mitigating web application vulnerabilities." Thesis, Linköpings universitet, Databas och informationsteknik, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-148581.
Full textAbstract:
Having a proper method of defense against attacks is crucial for web applications to ensure the safety of both the application itself and its users. Penetration testing (or ethical hacking) has long been one of the primary methods to detect vulnerabilities against such attacks, but is costly and requires considerable ability and knowledge. As this expertise remains largely individual and undocumented, the industry remains based on expertise. A lack of comprehensive methodologies at levels that are accessible to inexperienced ethical hackers is clearly observable. While attempts at automating the process have yielded some results, automated tools are often specific to certain types of flaws, and lack contextual flexibility. A clear, simple and comprehensive methodology using automatic vulnerability scanners complemented by manual methods is therefore necessary to get a basic level of security across the entirety of a web application. This master's thesis describes the construction of such a methodology. In order to define the requirements of the methodology, a literature study was performed to identify the types of vulnerabilities most critical to web applications, and the applicability of automated tools for each of them. These tools were tested against various existing applications, both intentionally vulnerable ones, and ones that were intended to be secure. The methodology was constructed as a four-step process: Manual Review, Testing, Risk Analysis, and Reporting. Further, the testing step was defined as an iterative process in three parts: Tool/Method Selection, Vulnerability Testing, and Verification. In order to verify the sufficiency of the methodology, it was subject to Peer-review and Field experiments.Att ha en gedigen metodologi för att försvara mot attacker är avgörande för att upprätthålla säkerheten i webbapplikationer, både vad gäller applikationen själv och dess användare. Penetrationstestning (eller etisk hacking) har länge varit en av de främsta metoderna för att upptäcka sårbarheter mot sådana attacker, men det är kostsamt och kräver stor personlig förmåga och kunskap. Eftersom denna expertis förblir i stor utsträckning individuell och odokumenterad, fortsätter industrin vara baserad på expertis. En brist på omfattande metodiker på nivåer som är tillgängliga för oerfarna etiska hackare är tydligt observerbar. Även om försök att automatisera processen har givit visst resultat är automatiserade verktyg ofta specifika för vissa typer av sårbarheter och lider av bristande flexibilitet. En tydlig, enkel och övergripande metodik som använder sig av automatiska sårbarhetsverktyg och kompletterande manuella metoder är därför nödvändig för att få till en grundläggande och heltäckande säkerhetsnivå. Denna masteruppsats beskriver konstruktionen av en sådan metodik. För att definiera metodologin genomfördes en litteraturstudie för att identifiera de typer av sårbarheter som är mest kritiska för webbapplikationer, samt tillämpligheten av automatiserade verktyg för var och en av dessa sårbarhetstyper. Verktygen i fråga testades mot olika befintliga applikationer, både mot avsiktligt sårbara, och sådana som var utvecklade med syfte att vara säkra. Metodiken konstruerades som en fyrstegsprocess: manuell granskning, sårbarhetstestning, riskanalys och rapportering. Vidare definierades sårbarhetstestningen som en iterativ process i tre delar: val av verkyg och metoder, sårbarhetsprovning och sårbarhetsverifiering. För att verifiera metodens tillräcklighet användes metoder såsom peer-review och fältexperiment.
30
Mazieres, Antoine Bernardo Marie. "Uma analise sociopolitica do movimento de software livre e de codigo aberto." [s.n.], 2009. http://repositorio.unicamp.br/jspui/handle/REPOSIP/279476.
Full textAbstract:
Orientador: Tom DwyerDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Filosofia e Ciencias Humanas
Made available in DSpace on 2018-08-14T10:47:13Z (GMT). No. of bitstreams: 1 Mazieres_AntoineBernardoMarie_M.pdf: 1276055 bytes, checksum: fb566238c8de83cd0ddace38cae7b026 (MD5) Previous issue date: 2009
Resumo: Esta dissertação procura apresentar as significações políticas e culturais de um movimento de Software Livre e de Código Aberto (SL/CA) entendido como conjunto muito heterogêneo de comunidades e projetos. Ademais, a partir de um histórico do objeto "software" desde a sua origem, mostramos como ele foi diferenciado do hardware e depois encerrado como um objeto fechado pela companhias de software nascentes. Nesse contexto, o movimento SL/CA aparece tanto uma reação ao fenômeno de blackboxing, como uma continuação da tradição de compartilhamento de informações dentro da engenharia da computação. Por isso, estrutura-se ao redor de vários ramos da ética hacker e de seu agnosticismo político para constituir uma alternativa tecnológica concreta. Isto nos permite afirmar que as características sociopolíticas das comunidades do Software Livre devem ser procuradas no próprio ato de programar, na pragmática, como arte ou regulação. Dessa forma, estudamos os casos específicos de varias comunidades (gNewSense, Samba, BSD) para tentar sistematizar os seus posicionamentos tecnológicos e sociopolíticos a respeito do movimento tecnológico contemporâneo.
Abstract: This dissertation presents some political and cultural significations of a Free Software Movement, understood as a heterogeneous aggregation of projects and communities. Then, the historical analysis of the "software object" shows how it become, in the first place, differentiated from the hardware and, then, secondly, closed as an end- product by the rising software companies. In this context, the Free Software Movement presents itself as a reaction to blackboxing phenomena, as well as a continuation of the computater engineering tradition of sharing knowledge freely. Therefore, FS Movement has become structured through diverse blends of Hacker Ethic and its own political agnosticism, in order to build a concrete technological alternative. This leads to the argument that sociopolitical characteristics of Free Software communities should be found in the very act of programming, and in its pragmatics as an art or a regulation. Finally, specific cases of several communities (gNewSense, Samba, BSD) are examined in an attempt to systematize their sociopolitical and technological positions of the contemporary technological movement.
Mestrado
Mestre em Ciência Política
31
Gustafsson, Alexander. "Riskanalys inom intrångsäkerhet på webbplatser." Thesis, Blekinge Tekniska Högskola, Avdelningen för för interaktion och systemdesign, 2004. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5377.
Full textAbstract:
Attacker och intrång på webbservrar är idag vanligt förekommande. Webben gör det lätt för hackare, knäckare och andra inkräktare att hitta sårbara servrar, och det finns gott om tips att hämta för den som vill lära sig hur man gör intrång. Det finns ett flertal olika intrångsmetoder som utnyttjar olika typer av svagheter i datorsystemen. Denna uppsats inriktar sig på svagheter i webbplatsernas serverskriptsystem, dess skriptkod och konfiguration. Syftet är att undersöka huruvida intrång kan göras med endast en webbläsare via webbplatsens offentliga webbsidor. Genom att kombinera tre olika metoder - litteraturundersökning, en enkät och ett experiment - undersöker uppsatsen hur serverskriptintrång fungerar. Den analyserar ett urval vanliga misstag webbprogrammerare kan göra, till exempel att inte kontrollera inkommande data, eller att använda lättgissade variabelnamn och databastabellnamn. Några olika typer av intrång analyseras, som till exempel SQL-injektion. Förebyggande åtgärder tas även upp med ett antal konkreta exempel. Uppsatsens slutsats är att på webbplatser med svaga serverskriptsystem kan inkräktare göra intrång via webbplatsens egna publika webbsidor, med endast en vanlig webbläsare som hjälpmedel. I uppsatsens avslutande del diskuteras även några orsaker till varför det produceras ogenomtänkt skriptkod, till exempel beroende på att programmeringskurser i allmänhet inte tycks lära ut säker programmering i tillräcklig utsträckning.
32
Persson, Peter. "Säkerhetsanalys av plugin-kod till publiceringsplattformen WordPress." Thesis, Linnéuniversitetet, Institutionen för datavetenskap, fysik och matematik, DFM, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-27529.
Full textAbstract:
Applikationer och system flyttar i allt större utsträckning från lokala installationer på den enskilda datorn, ut i “molnet” där data skickas och hanteras via Internet. Traditionella “Desktop applikationer” blir webbapplikationer för att centralisera drift och öka tillgänglighet. Detta skifte medför ett ökande antal träffytor för personer som av en eller annan orsak vill åsamka skada eller tillskansa sig, alternativt manipulera eller förstöra, känslig eller hemlig information. Den här rapporten har för avsikt att utvärdera hur väl man kan skydda sig mot tre av de just nu vanligaste attackformerna mot webbapplikationer generellt, men WordPress specifikt. Nämligen attackformerna SQL-injection, Cross site scripting och Cross site request forgery. Resultaten av undersökningen visar att det genom en väl implementerad hantering av in- och utgående data går att skapa ett fullt acceptabelt grundskydd för att desarmera attacker av dessa typer.
33
Nezirevic, Esmeralda. "Brandväggar för hemmakontor." Thesis, Jönköping University, School of Engineering, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-617.
Full textAbstract:
Firewalls protect network traffic and decide witch traffic to send further and witch traffic will be blocked. All this depends on the rules in the firewall. The firewall is installed between the internal network and the Internet. It is difficult to find a firewall that can protect us against different threats. Firewalls have both advantages and disadvantages and all this make them vulnerable. It is important to understand how the firewall protects the network and how to configure it. This paper gives the reader a clear idea how firewalls can protect against different attacks and improve the security.
Computers are not safe when connected to Internet. This paper is about how to use a personal firewall to protect a computer when connected to Internet. One of the firewalls in this examination is Norton Personal Firewall 2005.
Perkins, “Firewalls 24seven, 2nd Edition” and Brian Komar, Ronald Beekelaar and Joern Wettern “Firewalls for Dummies”. Information has also been collected from Apples home page.
It is important to have knowledge about different attacks against network traffic and also about how to protect against them. To know the risks is the first step to be able to evolve an own strategy; too defend network attack.
34
Breindl, Yana. "Hacking the law: an analysis of internet-based campaigning on digital rights in the European Union." Doctoral thesis, Universite Libre de Bruxelles, 2011. http://hdl.handle.net/2013/ULB-DIPOT:oai:dipot.ulb.ac.be:2013/209836.
Full textAbstract:
Digital rights activism constitutes an exemplary case of how internet affordances can be mobilised to engender political change. The values and principles stemming from the hacker imaginaire, and free and open source software practices, underpin digital rights activism, which uses the internet as a tool, object and platform for the protection of rights in the digital realm. The analysis focuses on how digital rights activists use and adapt the political affordances of the internet to intervene in European Union policy-making. Two original case studies of internet-based campaigning at the European level (the “No Software Patents” and the “Telecoms package” campaigns) provide in-depth insight into the campaigning processes and their impact upon parliamentary politics. The cases highlight the complementarity of online and offline collective action, by examining processes of open collaboration, information disclosure and internet-assisted lobbying. The success of the “Telecoms package” campaign is then assessed, along with the perspective of the targets: members and staff of the European Parliament.The belief in values of freedom, decentralisation, openness, creativity and progress inspires a particular type of activism, which promotes autonomy, participation and efficiency. The empirical evidence suggests that this set of principles can, at times, conflict with practices observed in the field. This has to do with the particular opportunity structure of the European Union and the characteristics of the movement. The EU favours functional integration of civil society actors who are expected to contribute technical and/or legal expertise. This configuration challenges internet-based protest networks that rely on highly independent and fluctuating engagement, and suffer from a lack of diversity and cohesion. The internet does not solve all obstacles to collective action. It provides, however, a networked infrastructure and tools for organising, coordinating and campaigning. Online and offline actions are not only supportive of each other. Internet-based campaigning can be successful once it reaches out beyond the internet, and penetrates the corridors of political institutions.
Doctorat en Information et communication
info:eu-repo/semantics/nonPublished
35
Gomez, Norberto Jr. "The Art of Perl: How a Scripting Language (inter)Activated the World Wide Web." VCU Scholars Compass, 2013. http://scholarscompass.vcu.edu/etd/472.
Full textAbstract:
In 1987, computer programmer and linguist Larry Wall authored the general-purpose, high-level, interpreted, dynamic Unix scripting language, Perl. Borrowing features from C and awk, Perl was originally intended as a scripting language for text-processing. However, with the rising popularity of the Internet and the advent of Tim Berners-Lee’s World Wide Web (Web), in the 1990s, Perl soon became the glue-language for the Internet, due in large part to its relationship to the Hypertext Transfer Protocol (HTTP) and the Common Gateway Interface (CGI). Perl was the go-to language for on the fly program writing and coding, gaining accolades from the likes of publisher Tim O’Reilly and hackers alike. Perl became a favorite language of amateur Web users, whom net artist Olia Lialina calls barbarians, or the indigenous. These users authored everything from database scripts to social spaces like chatrooms and bulletin boards. Perl, while largely ignored today, played a fundamental role in facilitating those social spaces and interactions of Web 1.0, or what I refer to as a Perl-net. Thus, Perl informed today’s more ubiquitous digital culture, referred to as Web 2.0, and the social web. This project examines Perl’s origin which is predicated on postmodern theories, such as deconstructionism and multiculturalism. Perl’s formal features are differentiated from those of others, like Java. In order to defend Perl’s status as an inherently cultural online tool, this project also analyzes many instances of cultural artifacts: script programs, chatrooms, code poetry, webpages, and net art. This cultural analysis is guided by the work of contemporary media archaeologists: Lialina and Dragan Espenschied, Erkki Huhtamo and Jussi Parikka. Lastly, the present state of digital culture is analyzed in an effort to re-consider the Perl scripting language as a relevant, critical computer language, capable of aiding in deprogramming the contemporary user.
36
"An effective methodology to traceback DDoS attackers." 2003. http://library.cuhk.edu.hk/record=b5891537.
Full textAbstract:
Lam, Kwok Tai.Thesis (M.Phil.)--Chinese University of Hong Kong, 2003.
Includes bibliographical references (leaves 64-66).
Abstracts in English and Chinese.
Chapter 1 --- Introduction to Network Security via Efficient IP Traceback --- p.10
Chapter 1.1 --- Motivation --- p.10
Chapter 1.2 --- DDoS Attacker Traceback Problem --- p.11
Chapter 1.3 --- Document Roadmap --- p.13
Chapter 2 --- Background --- p.14
Chapter 2.1 --- Probabilistic Edge Marking Algorithm --- p.14
Chapter 2.1.1 --- Probabilistic Edge Marking Procedure --- p.15
Chapter 2.1.2 --- Attack Graph Construction Procedure --- p.17
Chapter 2.1.3 --- Advantages and Disadvantages of Algorithm --- p.19
Chapter 3 --- Attacker Traceback: Linear Topology --- p.22
Chapter 3.1 --- Determination of Local Traffic Rates --- p.23
Chapter 3.2 --- Determination of Minimum Stable Time tmin --- p.25
Chapter 3.3 --- Elimination of Attackers --- p.26
Chapter 4 --- Attacker Traceback: General Topology --- p.30
Chapter 4.1 --- Determination of Local Traffic Rates --- p.30
Chapter 4.2 --- Determination of Minimum Stable Time tmin --- p.33
Chapter 5 --- Simulations --- p.36
Chapter 5.1 --- Simulation 1 - Correctness and robustness of estimating the min- imum stable time tmin --- p.37
Chapter 5.1.1 --- Simulation l.A - Influence on tmin by different packet arrival processes --- p.37
Chapter 5.1.2 --- Simulation l.B - Influence on tmin by different packet arrival processes under MMPP --- p.38
Chapter 5.1.3 --- Simulation l.C - Influence on tmin and variance of traffic rate estimation by different pthreshold --- p.39
Chapter 5.2 --- Simulation 2 - Factors which influence the minimum stable time tmin --- p.40
Chapter 5.2.1 --- Simulation 2.A - Influence on tmin by different length of the attack path --- p.41
Chapter 5.2.2 --- Simulation 2.B - Influence on tmin by the relative posi- tions of the attackers --- p.42
Chapter 5.2.3 --- Simulation 2.C - Influence on tmin by different ATR and different length of the attack path --- p.43
Chapter 5.3 --- Simulation 3 - Extension to General Network Topology --- p.45
Chapter 5.3.1 --- Simulation 3.A - Influence on tmin by different ATR and different diameter of the network topology --- p.45
Chapter 5.3.2 --- Simulation 3.B - Influence on tmin by different number of attackers --- p.46
Chapter 5.4 --- Simulation 4 - Extension to Internet Topology --- p.47
Chapter 5.4.1 --- Simulation 4.A - Influence on tminby different diameter of the network topology --- p.49
Chapter 5.4.2 --- Simulation 4.B - Influence on tmin by different number of attackers --- p.50
Chapter 6 --- Experiments --- p.51
Chapter 6.1 --- Experiment 1: Simple DoS Attack --- p.53
Chapter 6.1.1 --- Experiment l.A - Influence on tmin by different types of DDoS attack --- p.54
Chapter 6.1.2 --- Experiment l.B - Influence on tmin by different length of the attack path --- p.55
Chapter 6.2 --- Experiment 2: Coordinated DoS Attack --- p.55
Chapter 6.2.1 --- Experiment 2.A - Influence on tmin by the relative posi- tions of the attackers --- p.56
Chapter 6.2.2 --- Experiment 2.B - Influence on tmin by different number of attackers --- p.58
Chapter 7 --- Related Work --- p.59
Chapter 8 --- Conclusion --- p.62
Bibliography --- p.64
37
Roos, Christiaan J. "Governance responses to hacking in the banking sector of South Africa : an exploratory study." Thesis, 2013. http://hdl.handle.net/10210/8642.
Full textAbstract:
D.Comm. (Auditing)Organisations today are critically dependent on IT to enable business operations and ensure competitiveness in a growing international marketplace. At the same time, IT also introduces significant risks, such as hacking. The board of directors is ultimately responsible for mitigating IT risk as a component of business risk. This task is included in its corporate governance responsibilities, which, in the South African context, is underpinned by the King Code of Corporate Governance. The board of directors also plays a key role in identifying and enabling the most appropriate responses to IT risk, including hacking. This inevitably necessitates greater focus on and understanding of risks such as hacking. The determined and elusive nature of hackers makes them a significant threat to organisations today. Not only are hackers characterised by various profiles and motives, but they are also exceptionally skilled in exploiting weak security practices and software vulnerabilities, with attack techniques which range from non-technical social engineering to advanced technical attacks and exploits. Hackers are role-players in cybercrime and cyber warfare, as is evident from the media and information security survey results explored in this thesis, in particular within the banking sector, which is the financial backbone of the country. It is for this reason that the South African banking sector has been selected as the target population for this study. This study considers the meaning and nature of hacking, viewing it as either a risk or an event, which requires preventative or detective responses. The effect of hacking on business risks is explored next by identifying common business risks and common IT risks themes, where after the fundamental links between hacking and the IT risk themes are established. This study further argues that business risks are increased by IT risks, which implies that, by indirect association, business risks are increased by hacking. A response to this threat is required, in particular from a governance perspective, with the board of directors playing a fundamental role in supporting the appropriate responses. This study explores the advantages and disadvantages of various responses to hacking, highlighting the point that most traditional responses are not effective enough in fully mitigating the hacking threat. It is argued that ethical hacking is an effective response to the threat of hacking. The nature of ethical hacking is explored, including its objectives, motivation, advantages and disadvantages. The multi-faceted nature of the ethical hacking response is also considered. In order to explore the risks and responses to hacking in the banking sector in South Africa, an analysis of annual reports was conducted and two questionnaires were administered. The analysis of the annual reports of the 16 locally registered banks in South Africa highlighted differences in disclosure practices around IT risk, IT governance and hacking. This was followed by empirical testing in the local banking sector, by using a mixed-method approach in order to solicit mostly quantitative, but also qualitative, responses from company secretaries and individuals responsible for IT at the 16 locally registered banks. The results of the questionnaires indicated that the board of directors is not fully embracing its IT governance responsibilities and that IT matters are mostly dealt with by risk management committees at board level or IT steering committees at executive management level. The effect of IT risks on business risks such as human resource risk and physical risk is underestimated. Respondents were unclear about the effect of hacking on IT risks, such as IT human resource risk and lack of software development. The local banking sector is not fully aware of how hacking can affect organisations, and banks are not making enough use of ethical hacking as a response to the hacker threat. This is the first study of its kind to explore ethical hacking in the context of governance responses. The study breaks new ground by providing a unique in-depth analysis of the link between business risk, IT risk and hacking. It is also the first study into the various responses to hacking in the SA banking sector and will assist not only the banking industry but business at large in defining appropriate preventative and detective responses to hacking.
38
Almulhem, Ahmad. "Detection and analysis of connection chains in network forensics." Thesis, 2007. http://hdl.handle.net/1828/2474.
Full textAbstract:
Network forensics is a young member of the bigger family of digital forensics discipline. In particular, it refers to digital forensics in networked environments. It represents an important extension to the model of network security where emphasis is traditionally put on prevention and to a lesser extent on detection. It focuses on the collection, and analysis of network packets and events caused by an intruder for investigative purposes. A key challenge in network forensics is to ensure that the network itself is forensically-ready, by providing an infrastructure to collect and analyze data in real-time. In this thesis, we propose an agent-based network forensics system, which is intended to add real-time network forensics capabilities into a controlled network. We also evaluate the proposed system by deploying and studying it in a real-life environment. Another challenge in network forensics arises because of attackers ability to move around in the network, which results in creating a chain of connections; commonly known as connection chains. In this thesis, we provide an extensive review and taxonomy of connection chains. Then, we propose a novel framework to detect them. The framework adopts a black-box approach by passively monitoring inbound and outbound packets at a host, and analyzing the observed packets using association rule mining. We assess the proposed framework using public network traces, and demonstrate both its efficiency and detection capabilities. We, finally, propose a profiling-based framework to investigate connection chains that are distributed over several ip addresses. The framework utilizes a simple yet extensible hacker model that integrates information about a hacker's linguistic, operating system and time of activity. We establish the effectiveness of the proposed approach through several simulations and an evaluation with real attack data.
39
Lu, Zebin. "SECURE WEB APPLICATIONS AGAINST OFF-LINE PASSWORD GUESSING ATTACK: A TWO WAY PASSWORD PROTOCOL WITH CHALLENGE RESPONSE USING ARBITRARY IMAGES." 2013. http://hdl.handle.net/1805/3425.
Full textAbstract:
Indiana University-Purdue University Indianapolis (IUPUI)The web applications are now being used in many security oriented areas, including online shopping, e-commerce, which require the users to transmit sensitive information on the Internet. Therefore, to successfully authenticate each party of web applications is very important. A popular deployed technique for web authentication is the Hypertext Transfer Protocol Secure (HTTPS) protocol. However the protocol does not protect the careless users who connect to fraudulent websites from being trapped into tricks. For example, in a phishing attack, a web user who connects to an attacker may provide password to the attacker, who can use it afterwards to log in the target website and get the victim’s credentials. To prevent phishing attacks, the Two-Way Password Protocol (TPP) and Dynamic Two-Way Password Protocol (DTPP) are developed. However there still exist potential security threats in those protocols. For example, an attacker who makes a fake website may obtain the hash of users’ passwords, and use that information to arrange offline password guessing attacks. Based on TPP, we incorporated challenge responses with arbitrary images to prevent the off-line password guessing attacks in our new protocol, TPP with Challenge response using Arbitrary image (TPPCA). Besides TPPCA, we developed another scheme called Rain to solve the same problem by dividing shared secrets into several rounds of negotiations. We discussed various aspects of our protocols, the implementation and experimental results.
40
Pritchard, Maritha. "The Gautrain : active communication research on the manifestations of the hacker ethic by citizen journalists." Thesis, 2010. http://encore.tut.ac.za/iii/cpro/DigitalItemViewPage.external?sp=1001288.
Full textAbstract:
Thesis (MTech. degree in Journalism) -- Tshwane University of Technology, 2010.Explores the themes derived from the six tenets of the hacker ethic in blog posts about the Gautrain project over a one-year period. It also describes how citizen journalists express the six tenets of the hacker ethic when blogging about the Gautrain project.
41
Tekle, Solomon Mekonnen. "A Privacy-Preserving, Context-Aware, Insider Threat prevention and prediction model (PPCAITPP)." Thesis, 2018. http://hdl.handle.net/10500/25968.
Full textAbstract:
The insider threat problem is extremely challenging to address, as it is committed by insiders who are
trusted and authorized to access the information resources of the organization. The problem is further
complicated by the multifaceted nature of insiders, as human beings have various motivations and
fluctuating behaviours. Additionally, typical monitoring systems may violate the privacy of insiders.
Consequently, there is a need to consider a comprehensive approach to mitigate insider threats. This
research presents a novel insider threat prevention and prediction model, combining several approaches,
techniques and tools from the fields of computer science and criminology. The model is a Privacy-
Preserving, Context-Aware, Insider Threat Prevention and Prediction model (PPCAITPP). The model is
predicated on the Fraud Diamond (a theory from Criminology) which assumes there must be four elements
present in order for a criminal to commit maleficence. The basic elements are pressure (i.e. motive),
opportunity, ability (i.e. capability) and rationalization. According to the Fraud Diamond, malicious
employees need to have a motive, opportunity and the capability to commit fraud. Additionally, criminals
tend to rationalize their malicious actions in order for them to ease their cognitive dissonance towards
maleficence. In order to mitigate the insider threat comprehensively, there is a need to consider all the
elements of the Fraud Diamond because insider threat crime is also related to elements of the Fraud
Diamond similar to crimes committed within the physical landscape.
The model intends to act within context, which implies that when the model offers predictions about threats,
it also reacts to prevent the threat from becoming a future threat instantaneously. To collect information
about insiders for the purposes of prediction, there is a need to collect current information, as the motives
and behaviours of humans are transient. Context-aware systems are used in the model to collect current
information about insiders related to motive and ability as well as to determine whether insiders exploit any
opportunity to commit a crime (i.e. entrapment). Furthermore, they are used to neutralize any
rationalizations the insider may have via neutralization mitigation, thus preventing the insider from
committing a future crime. However, the model collects private information and involves entrapment that
will be deemed unethical. A model that does not preserve the privacy of insiders may cause them to feel
they are not trusted, which in turn may affect their productivity in the workplace negatively. Hence, this
thesis argues that an insider prediction model must be privacy-preserving in order to prevent further
cybercrime. The model is not intended to be punitive but rather a strategy to prevent current insiders from
being tempted to commit a crime in future.
The model involves four major components: context awareness, opportunity facilitation, neutralization
mitigation and privacy preservation. The model implements a context analyser to collect information related
to an insider who may be motivated to commit a crime and his or her ability to implement an attack plan.
The context analyser only collects meta-data such as search behaviour, file access, logins, use of keystrokes
and linguistic features, excluding the content to preserve the privacy of insiders. The model also employs
keystroke and linguistic features based on typing patterns to collect information about any change in an
insider’s emotional and stress levels. This is indirectly related to the motivation to commit a cybercrime.
Research demonstrates that most of the insiders who have committed a crime have experienced a negative
emotion/pressure resulting from dissatisfaction with employment measures such as terminations, transfers
without their consent or denial of a wage increase. However, there may also be personal problems such as a
divorce. The typing pattern analyser and other resource usage behaviours aid in identifying an insider who
may be motivated to commit a cybercrime based on his or her stress levels and emotions as well as the
change in resource usage behaviour. The model does not identify the motive itself, but rather identifies those
individuals who may be motivated to commit a crime by reviewing their computer-based actions. The model
also assesses the capability of insiders to commit a planned attack based on their usage of computer
applications and measuring their sophistication in terms of the range of knowledge, depth of knowledge and
skill as well as assessing the number of systems errors and warnings generated while using the applications.
The model will facilitate an opportunity to commit a crime by using honeypots to determine whether a
motivated and capable insider will exploit any opportunity in the organization involving a criminal act.
Based on the insider’s reaction to the opportunity presented via a honeypot, the model will deploy an
implementation strategy based on neutralization mitigation. Neutralization mitigation is the process of
nullifying the rationalizations that the insider may have had for committing the crime. All information about
insiders will be anonymized to remove any identifiers for the purpose of preserving the privacy of insiders.
The model also intends to identify any new behaviour that may result during the course of implementation.
This research contributes to existing scientific knowledge in the insider threat domain and can be used as a
point of departure for future researchers in the area. Organizations could use the model as a framework to
design and develop a comprehensive security solution for insider threat problems. The model concept can
also be integrated into existing information security systems that address the insider threat problemInformation Science
D. Phil. (Information Systems)
42
"A Hacker-Centric Perspective to Empower Cyber Defense." Doctoral diss., 2020. http://hdl.handle.net/2286/R.I.57382.
Full textAbstract:
abstract: Malicious hackers utilize the World Wide Web to share knowledge. Previous work has demonstrated that information mined from online hacking communities can be used as precursors to cyber-attacks. In a threatening scenario, where security alert systems are facing high false positive rates, understanding the people behind cyber incidents can help reduce the risk of attacks. However, the rapidly evolving nature of those communities leads to limitations still largely unexplored, such as: who are the skilled and influential individuals forming those groups, how they self-organize along the lines of technical expertise, how ideas propagate within them, and which internal patterns can signal imminent cyber offensives? In this dissertation, I have studied four key parts of this complex problem set. Initially, I leverage content, social network, and seniority analysis to mine key-hackers on darkweb forums, identifying skilled and influential individuals who are likely to succeed in their cybercriminal goals. Next, as hackers often use Web platforms to advertise and recruit collaborators, I analyze how social influence contributes to user engagement online. On social media, two time constraints are proposed to extend standard influence measures, which increases their correlation with adoption probability and consequently improves hashtag adoption prediction. On darkweb forums, the prediction of where and when hackers will post a message in the near future is accomplished by analyzing their recurrent interactions with other hackers. After that, I demonstrate how vendors of malware and malicious exploits organically form hidden organizations on darkweb marketplaces, obtaining significant consistency across the vendors’ communities extracted using the similarity of their products in different networks. Finally, I predict imminent cyber-attacks correlating malicious hacking activity on darkweb forums with real-world cyber incidents, evidencing how social indicators are crucial for the performance of the proposed model. This research is a hybrid of social network analysis (SNA), machine learning (ML), evolutionary computation (EC), and temporal logic (TL), presenting expressive contributions to empower cyber defense.Dissertation/Thesis
Doctoral Dissertation Computer Science 2020
43
Ulrich, Neil. "Wetgewing teen elektroniese betreding." Diss., 1998. http://hdl.handle.net/10500/16234.
Full textAbstract:
Text in AfrikaansParralel met die snelle groei van rekenaartegnologie en die groteiwordende rol wat rekenaars in ans alledaagse lewe speel, is daar ongelukkig 'n toename in die misbruik van rekenaars. Benewens die wyses om rekenaarmisbruik by wyse van remedies in die siviele reg aan te spreek, is dit hoofsaaklik die taak van die strafreg om sodanige misbruik te kriminaliseer en deur middel van straf sulke misbruik te voorkom en oortreders af te skrik. Uit 'n ontleding van die Suid-Afrikaanse strafreg het dit geblyk dat bestaande misdrywe, beide gemeenregtelik en statuter, nie voldoende rekenaarmisbruik kan kriminaliseer en aanspreek nie. Wetgewing blyk die mees gepaste optossing te wees. Uit 'n regsvergelykende studie van die hantering van rekenaarmisbruik in jurisdiksies waar die wetgewer verskillende benaderings toegepas het, het dit geblyk dat die mees gepaste wyse om rekenaarmisbruik te kriminaliseer sal wees om ongemagtigde rekenaarbetreding as moedermisdaad te bestraf aangesien dit die fondament is waarop enige verdere misbruik van 'n rekenaar gebaseer word. Daarbenewens moet verdere meer spesifieke misbruikshandelinge wyd omskryfword as misdrywe, ten opsigte van meer emstige misbruik na betreding van 'n rekenaar
Parallel with the growth in computer technology and increasing use of computers, there has been an increase in computer misuse. In addition to addressing different methods of computer misuse in terms of civil law remedies, it is mainly the task of the criminal law to criminalise such misuse, prevent computer misuse and deter offenders by means of punishment. It was clear from a study of South African criminal law that existing offences, both statutory and in terms of the common law, do not criminalise and address computer misuse effectively. It therefore seems that legislation would be the most appropriate solution. It appeared from a comparative study of jurisdictions where legislators approach computer misuse differently, that the most effective way of criminalising computer misuse would be to criminalise una1,1thorised computer accessing as basic offence. In addition thereto more specific further acts of serious computer misuse, defined broadly, should be criminalised
Criminal & Procedural Law
LL.M. (Criminal & Procedural Law)