Adnan :: Blog

Today we talked abt our new task which is related to software fundamentals-software piracy. So i went on doing some research trying to search for different countries where they have software piracy. 

Todays class we worked on our Podcast. I wrote down some questions so that when i will interview it will be faster and more effiecient. Me and Atif decided to go to a bank for to learn about ATMs and if i have the chance i will interview for my podcast as a software fundementle. I did some research about ATM and i also found a good article based on ATM. 

  ------

-------------------------------------------------------------------------- ATM Study Reveals Evolving Business Model, Diverging Strategies  Analysis of bank, credit union and ISO deployers provides the most comprehensive assessment of the state of the U.S. ATM industry BOSTON, September 12 — As traditional metrics for measuring ATM performance decline, bank, credit union, and independent sales organization (ISO) ATM deployers are redefining how they manage the ATM channel.  According to a new survey sponsored by the four leading electronic payments networks—CO-OP Financial Services®, NYCE®, PULSE®, and STAR®—and conducted by Dove Consulting, a division of Hitachi Consulting, the ATM industry is becoming increasingly stratified.  Stratification of the ATM IndustryIn 2004, findings from the ATM Deployer Study showed an industry at a cross roads.  Deployment growth was outpacing transaction growth, resulting in declining per-ATM transaction levels—particularly foreign acquired transactions (i.e., revenue-producing transactions performed by another deployer’s cardholders).  Declining revenues, coupled with fixed or increasing costs driven by regulatory requirements (e.g., Triple DES) and increased rent and cost of funds, were putting increasing pressure on ATM deployers’ profitability.  As a result, the ATM industry was in search of a new model. Over the last two years, the search for a new model has prompted many deployers, particularly financial institutions, to re-evaluate the role of the ATM:  is the ATM purely a cash dispenser, or is it a strategic customer delivery channel? How deployers answer that question underpins their ATM strategy, and determines how they manage their ATMs—from how many they deploy and where they deploy them, to what functionality they support and what software they run.  As a result, we are now entering a third phase in the evolution of the ATM industry, one that is characterized by the stratification of deployers’ ATM strategies:  the search for a new model has resulted not in one new model, but many new models, with deployers bifurcating along two dimensions:  ATM access (proprietary vs. shared) and user experience (differentiated vs. undifferentiated). The 2006 ATM Deployer Study provides an in-depth look at the industry’s key performance metrics (including transaction volumes, surcharge rates, and operating expenses), recent industry trends and developments (check imaging, ATM branding), and deployers’ strategies and priorities.  It also presents an outlook for the ATM industry over the next few years, as the industry’s business model(s) evolve and deployers’ strategies diverge.  

In today's class we talked about our new topic 'Podcasting'. we started off recoring our voice, though my voice was deep. nyways i am emberresed first time because when this voice were put into audacity it was better because you can change the settings and add music/sound for better product. 

Analyzing Social and Ethical Issues: Scenarios   1)    Brainstorming Ideas   ·        Risks    -         From the computers this ‘Watch list’ might be hacked and therefore the file might be erased. -         Many companies, banks and from other business a virus might attack and might show an error to the file.   Problems   -         If the file is removed from the databases or from any systems then it would make it difficult for job applicants. -         A person from the ‘Watch list’ might join a company.   Consequences   -         Might change names and get into a good company.     Stakeholders   -         Police Station/FBI (Department) -         Big Companies (Managers, Staff) -         Rental Agencies -         Casinos -         Chemical Firms  -         Stores    Possible Actions   -         Shoplifting -         Hacking into files and getting expansive information from big companies. -         FBI reaction to them and accomplishing there mission. -         Gambling (Casinos)   2)    Analysis phase   Who is responsible?   The police department and the FBI is responsible for this matter. They found out and kept the “Watch List’ names and transferred over to other companies.    Who is accountable?    The people who made a program to save all the hundred of names from the ‘Watch List’. They stored the data in a very clandestine way so that no one finds out easily.    What rules, policies, laws or rules apply to the situation?   There must be a secured file storage system so that without authentication you cannot access the folder.  There must be a backup file storage so that that could look back and find accurate data.      What are the alternative ethical decisions? What are their merits?   They have decided to store all the important files in very secure software were it makes impossible for the hacker to hack. Storing files into different places so that of one is hacked the other files are saved.     What are the consequences of these decisions (risks, benefits,harm,costs)?    

If this works out then there will be more secure environment in the country. Every company and big business will run normally and with reliable people.

 

In todays class i did my presentation on Software Piracy. I tried to explain every basic points that i can talk to about. I had some problems with the article because i chose an article which is very old (2001) next time if it says to choose a news article i should choose an article from recent news.  

 HEre is the presentation>>>> pls take time to look.

Click here to view my presentation

 

 

 

 

Adnan Ahmed- 11

Authenticity Task

When do we use authentication at ISD? How do we authenticate users at ISD? How accurate is this? How secure is this? What are the inherent problems, if any?

We use authentication when we logged on into our computer for wireless internet connection. Once we have logged on into we can access the network and can access the server. This is a very secure process and also helps prevent viruses or hacking into the server. When we logged in the main server can find out what we are doing, which include browsing in the internet, printing, emailing and other computer base stuff. I would say that it is getting better at ISD, there are more secure things that have been improved.

What is encryption? How does it work? When is it used?

Encryption is the process of obscuring information to make it unreadable without special knowledge. While encryption has been used to protect communications for centuries, only organizations and individuals with an extraordinary need for secrecy had made use of it. In the mid-1970s, strong encryption emerged from the sole preserve of secretive government agencies into the public domain, and is now employed in protecting widely-used systems, such as Internet e-commerce, mobile telephone networks and bank automatic teller machines.

Encryption can be used to ensure secrecy, but other techniques are still needed to make communications secure, particularly to verify the integrity and authenticity of a message; for example, a message authentication code (MAC) or digital signatures. Another consideration is protection against traffic analysis.

Encryption or software code obfuscation is also used in software copy protection against reverse engineering, unauthorized application analysis, cracks and software piracy used in different encryption or obfuscating software

Find out how Digital Certificates and Digital Signatures work. Are they the same thing?

A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.

A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.

 

So Digital Signature and Digital Certificates are not the same. One helps to do signatures digitally and the other one helps to keep money in a form of a card.

Choose one biometric device used for authentication:

Fingerprint on the Laptop is one of the new biometric devices used in many laptops now. A finger scan is required to gain log-on access to the portable computer and its contents, delivering simplified access to password-protected personal and financial information, Web sites, documents and e-mail.

Secure log-on devices such as key stroke pattern recognition and fingerprint scanners were developed years ago. These devices have been improved in recent years and supplemented with voice recognition software, signature verification scanners and infrared iris scanners.

Discuss advantages and disadvantages

Advantages

 

-         A person who will log in will be faster and more secure.

-         Fingerprint will recognize only the person who will log in and own the laptop.

 

Disadvantages

 

-Sometimes it will show an error when logging in because there might be dirt on the device.

-If it is use roughly then the device might be damage and therefore cant logged in using the biometric device.

Integrity   Find a news item about data integrity or a data error problem. Briefly describe the scenario and discuss possible solutions.   The scenario is about Data Integrity: Wal-Mart’s Dirty Secret (10.07.02)- News Article.   The ‘Dirty’ data which is when the UPC code on a package doesn’t match the item. It is mostly consider as human error- the result of sloppy data entry. The problem magnifies when a retailer's inventory replenishment system uses the faulty code to order the wrong product. Even mighty Wal-Mart, with its just-in-time systems, is not immune.   Wal-Mart has refused to be responsible for cleaning up the dirty data. So they went on and wanted help from UCC net. This UCC net have agreed to create a new Web database of product codes called GTINs. These 14 character codes will be used around world wide and eventually will replace UPC codes. There goal is to create one data language for retailers and manufacturers and to promote e-commerce.   So by creating the GTINs code it will be a great solution for Wal-Mart. This data will follow industry standards for describing the item in an effort and catch errors. It will also help to check that each code represent only one item. So by applying this code Wal-Mart data could save the company an estimated $2 billion annually.     Find the 1998 Data Protection Act. What duties does it impose on those who hold personal data? Save a copy of the main principles of the act for your notes.         (Main Principles)   RIGHTS OF DATA SUBJECTS AND OTHERS Right of access to personal data.     7. - (1) Subject to the following provisions of this section and to sections 8 and 9, an individual is entitled-      (a) to be informed by any data controller whether personal data of which that individual is the data subject are being processed by or on behalf of that data controller,   (b) if that is the case, to be given by the data controller a description of-    (i) the personal data of which that individual is the data subject,   (ii) the purposes for which they are being or are to be processed, and   (iii) the recipients or classes of recipients to whom they are or may be disclosed,   (c) to have communicated to him in an intelligible form-    (i) the information constituting any personal data of which that individual is the data subject, and   (ii) any information available to the data controller as to the source of those data, and   (d) where the processing by automatic means of personal data of which that individual is the data subject for the purpose of evaluating matters relating to him such as, for example, his performance at work, his creditworthiness, his reliability or his conduct, has constituted or is likely to constitute the sole basis for any decision significantly affecting him, to be informed by the data controller of the logic involved in that decision-taking.       (2) A data controller is not obliged to supply any information under subsection (1) unless he has received-      (a) a request in writing, and   (b) except in prescribed cases, such fee (not exceeding the prescribed maximum) as he may require.       (3) A data controller is not obliged to comply with a request under this section unless he is supplied with such information as he may reasonably require in order to satisfy himself as to the identity of the person making the request and to locate the information which that person seeks.        (4) Where a data controller cannot comply with the request without disclosing information relating to another individual who can be identified from that information, he is not obliged to comply with the request unless-      (a) the other individual has consented to the disclosure of the information to the person making the request, or   (b) it is reasonable in all the circumstances to comply with the request without the consent of the other individual.       (5) In subsection (4) the reference to information relating to another individual includes a reference to information identifying that individual as the source of the information sought by the request; and that subsection is not to be construed as excusing a data controller from communicating so much of the information sought by the request as can be communicated without disclosing the identity of the other individual concerned, whether by the omission of names or other identifying particulars or otherwise.        (6) In determining for the purposes of subsection (4)(b) whether it is reasonable in all the circumstances to comply with the request without the consent of the other individual concerned, regard shall be had, in particular, to-      (a) any duty of confidentiality owed to the other individual,   (b) any steps taken by the data controller with a view to seeking the consent of the other individual,   (c) whether the other individual is capable of giving consent, and   (d) any express refusal of consent by the other individual.       (7) An individual making a request under this section may, in such cases as may be prescribed, specify that his request is limited to personal data of any prescribed description.        (8) Subject to subsection (4), a data controller shall comply with a request under this section promptly and in any event before the end of the prescribed period beginning with the relevant day.        (9) If a court is satisfied on the application of any person who has made a request under the foregoing provisions of this section that the data controller in question has failed to comply with the request in contravention of those provisions, the court may order him to comply with the request.        (10) In this section-      "prescribed" means prescribed by the Secretary of State by regulations;   "the prescribed maximum" means such amount as may be prescribed;   "the prescribed period" means forty days or such other period as may be prescribed;   "the relevant day", in relation to a request under this section, means the day on which the data controller receives the request or, if later, the first day on which the data controller has both the required fee and the information referred to in subsection (3).       (11) Different amounts or periods may be prescribed under this section in relation to different cases.   

Pls take time to look at the site, click the link. http://plato.stanford.edu/entries/integrity/AA