Программа по формированию навыков безопасного поведения на дорогах и улицах «Добрая дорога детства» 2
Скачать 0.54 Mb.
|
Warming upEx. 1. Discussion. Think about the meaning of the word bypass. Discuss the following questions in pairs:
BypassBypass, in general, means either to go around something by an external route rather than going through it, or the means of accomplishing that feat. In network security, a bypass is a flaw in a security system that allows an attacker to circumvent security mechanisms to get system or network access. The actual point of entry is through a mechanism (either a hardware device or program, even just a piece of code) that enables the user to access the system without going through the security clearance procedures (such as authentication) that were set up by the system administrator. A bypass may be a mechanism put in place by an attacker, a flaw in the design, or an alternate access route left in place by developers. A bypass that is purposefully put in place as a means of access for authorized users is called a back door or a trap door. A crypto bypass is a flaw that allows data to circumvent the encryption process and escape, unencrypted, as plaintext. Mainstream Ex. 2. Learning facts. 1. Read the text and pay attention to the terms bypass, flaws in security systems, backdoors or trapdoors and crypto bypass. Explain the differences between them. Back door A back door is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes. However, attackers often use back doors that they detect or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack. For example, Nimda gained entrance through a back door left by Code Red. Whether installed as an administrative tool or a means of attack, a back door is a security risk, because there are always crackers out there looking for any vulnerability to exploit. In her article "Who gets your trust?" security consultant Carole Fennelly uses an analogy to illustrate the situation: "Think of approaching a building with an elaborate security system that does bio scans, background checks, the works. Someone who doesn't have time to go through all that might just rig up a back exit so they can step out for a smoke -- and then hope no one finds out about it." 2. Give Russian equivalents: backdoor trapdoor to bypass troubleshooting 3. Translate: to gain entrance a security risk elaborate security system to rig up a back exit to step out for a smoke Ex. 3. Grammar and vocabulary. 1.Open the brackets and put the words in correct form. FishingPhishing is e-mail fraud where the (1) … (perpetrate) sends out legitimate-looking e-mails that appear to come from well known and trustworthy Web sites in an attempt to gather (2) … (person) and (3) … (finance) information from the recipient. A phishing expedition, like the fishing expedition it's named for, is a (4) … (speculate) venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait. Web sites that are (5) … (frequent) spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims. In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages (6) … (purport) to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal (7) … (identify) numbers (PINs), social security numbers, banking numbers, and passwords. This information was used for identity theft. The FTC warns users to be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and urges recipients to go (8) … (direct) to the organization's Web site to find out whether the request is legitimate. 2. Read the text and fill in the gaps with the terms given in the box. You should use some of them more than once. affected compromised conscious fake fraudulent legitimate legitimate-looking malicious ominous personal and financial removal scamming Pharming Pharming is a(n) (1) …practice in which (2) …code is installed on a personal computer or server, misdirecting users to (3) … Web sites without their knowledge or consent. Pharming has been called "phishing without a lure." In phishing, the perpetrator sends out (4) … e-mails, appearing to come from some of the Web's most popular sites, in an effort to obtain (5) … information from individual recipients. But in pharming, larger numbers of computer users can be victimized because it is not necessary to target individuals one by one and no (6) … action is required on the part of the victim. In one form of pharming attack, code sent in an e-mail modifies local host files on a personal computer. The host files convert URLs into the number strings that the computer uses to access Web sites. A computer with a(n) (7) … host file will go to the (8) … Web site even if a user types in the correct Internet address or clicks on a(n) (9) … bookmark entry. Some spyware (10) … programs can correct the corruption, but it frequently recurs unless the user changes browsing habits. A particularly (11) … pharming tactic is known as domain name system poisoning (DNS poisoning), in which the domain name system table in a server is modified so that someone who thinks they are accessing (12) … Web sites is actually directed toward fraudulent ones. In this method of pharming, individual personal computer host files need not be corrupted. Instead, the problem occurs in the DNS server, which handles thousands or millions of Internet users' requests for URLs. Victims end up at the bogus site without any visible indicator of a discrepancy. Spyware (10) … programs cannot deal with this type of pharming because nothing need be technically wrong with the end users' computers. Once personal information such as a credit card number, bank account number, or password has been entered at a(n) (3) … Web site, criminals have the information and identity theft can be the end result. Ex. 5. VocabularyDecide in your group what these kinds of computer crime are. Then match the crimes to the short descriptions which follow.
a) Leaving, within a completed program, an illicit program that allows unauthorised - and unknown - entry. b) Using another person's identification code or using that person's files before he or she has logged off. c) Adding concealed instructions to a computer program so that it will still work but will also perform prohibited duties. In other words, it appears to do something useful but actually does something destructive in the background. d) Tricking a user into revealing confidential information such as an access code or a credit-card number. e) Inundating an email address with thousands of messages, thereby slowing or even crashing the server. f) Manipulating programs or data so that small amounts of money are deducted from a large number of transactions or accounts and accumulated elsewhere. The victims are often unaware of the crime because the amount taken from any individual is so small. g) Unauthorised copying of a program for sale or distributing to other users. h) Swamping a server with large numbers of requests. i) Redirecting anyone trying to visit a certain site elsewhere. j) Changing the information shown on another person's website. Ex. 6. Listening. Listen to the broadcast about a type of phishing and then answer the questions. 1) What type of phishing is described in the broadcast? 2) How does it differ from ordinary phishing? 3) What happened at West Point? 4) What does the success of this type of phishing rely upon? 5) Give a short summary about the three steps for an organization to protect itself against phishing. UNIT 6. OTHER COMPUTER CRIMES |
