Deck 10: Electronic Commerce Security

When Java applets are run within the constraints of the sandbox, they have full access to the client computer.

The element of necessity in computer security refers to preventing data delays or denials (removal).

Any message traveling on the Internet is subject to secrecy, integrity, and necessity threats.

A digital certificate for software can attest to the quality of the software.

Threats that are deemed low risk and unlikely to occur can be ignored when the cost to protect against the threat exceeds the value of the protected asset.

When a Windows-based Web browser downloads a Web page containing an embedded ActiveX control, the control is executed on the client computer.

Digital certificates never expire.

Worms can spread quickly through the Internet.

Absolute security is relatively easy to achieve.

JavaScript can be used to record the URLs of Web pages a user visits.

Developers use active content because it extends the functionality of HTML and moves some data processing chores from the busy server machine to the user's client computer.

One significant threat to electronic commerce is theft of sensitive or personal information.

Active content is launched in a Web browser automatically when that browser loads a Web page containing active content.

Secrecy protection is a legal matter.

Java applets operating in a sandbox can perform file input, output, or delete operations.

Message packets on the Internet travel a planned path from a source node to a destination node.

The most complete way for Web site visitors to protect themselves from revealing private information or being tracked by cookies is to disable cookies entirely.

The best-known active content forms are crackers and ActiveScript.

JavaScript programs, like Java applets, operate under the restrictions of the Java sandbox security model.

The shorter the session key, the more resistant the encryption is to attack.

A Web browser that has entered into an SSL session indicates that it is in an encrypted session.

E-mail secrecy issues address whether company supervisors should be permitted to read employees' messages randomly.

A computer that has experienced a necessity threat slows processing to an intolerably slow speed.

One disadvantage of private-key systems is that encryption and decryption are significantly slower than public-key systems.

A(n)____________________ cookie originates from a Web site other than the site being visited.

____________________ cookies exists until the Web client ends the connection.

A Web ____________________ is a tiny graphic that a third-party Web site places on another site's Web page.

Any organization concerned about protecting its electronic commerce assets should have a(n)____________________ in place.

____________________ cookies remain on the client machine indefinitely.

____________________ is used in electronic commerce to place items into a shopping cart and compute a total invoice amount, including sales tax, handling, and shipping costs.

Cookies can be placed on the client computer by the Web server site, in which case they are called ____________________ cookies.

____________________ is the general name for a procedure, either physical or logical, that recognizes, reduces, or eliminates a threat.

A(n)____________________ occurs when an Internet e-mail message is intercepted and its contents are changed before it is forwarded to its original destination.

____________________ security means having all security measures working together to prevent unauthorized disclosure, destruction, or modification of assets.

A(n)____________________ is simply a number that is used with the encryption algorithm to "lock" the characters of the message being protected so that they are undecipherable without the key.

The process of proposing and accepting (or rejecting)various transmission conditions is called session ____________________.

A(n)____________________ security device is one that uses an element of a person's biological makeup to perform the identification.

What are the six main elements included on a digital certificate?

The program that transforms normal text into cipher text is called a(n)____________________ program.

A(n)____________________ is an attachment to an e-mail message or program embedded in a Web page that verifies that the sender or Web site is who it claims to be.

What is the difference between a virus and a worm?

Asymmetric encryption is also known as ____________________ encryption.

____________________ Java applets are those that have not been established as secure.

____________________ exists when an unauthorized party can alter a message stream of information.

____________________ is the coding of information by using a mathematically based program and a secret key to produce a string of characters that is unintelligible.

In some cities that have large concentrations of wireless networks, attackers, called ____________________, drive around in cars using their wireless-equipped laptop computers to search for accessible networks.

______________________________ are the computers on the Internet that maintain directories that link domain names to IP addresses.

Briefly describe the requirements for secure electronic commerce.

Apps that contain malware or that collect information from the mobile device and forward it to perpetrators are called a(n)____________________ app.

A(n)____________________ is a Trojan horse that secretly takes over another computer for the purpose of launching attacks on other computers.

The science that studies encryption is called ____________________.

____________________ are programs that enhance the capabilities of browsers.

Describe the security dangers inherent in ActiveX controls.

How might a buffer in a Web server cause security threats?