Friday, May 28, 2010

Sinatra Application Development Part II

Now here, as per the requirement of the task.


1. A MongoHQ account was created.





2.A new application was created on our existing heroku account.



3.MongoMapper was installed


4.A new application was created and tested locally as asked by the task.


5.Now it was the time to push it to heroku. Now after




1.git init

2.git add .

3.git commit -m "interface edited"
lets push it to heroku...






yes!!!!successful!!!!!!






You can check it out the live.....



http://myguestbook.heroku.com/







...this sinatra application saves and retrives all the detail into the MongoDB hosted at MongoHQ.

*note: there might be few changes to interface












Elevator Pitch 2

Hi everyone,
As we have posted 1st elevator pitch, this would the be part 2nd.
This elevator pitch consist of the remaining exercises of the study guide (9 to 15) as well as sinatra application development part two where a new sinatra application was created and successfully uploaded to heroku.
Now, this is the end for this blog.We have learn alot about e-systems.Hope the things that we shared was really very useful.

With regards,
Abhishek and Neeraj.

http://www.youtube.com/watch?v=_KmqAJ_9Es4

Sinatra Application Question (2nd)

a.What is mongoDB?How does it relates to MongoHQ?

MongoDB (from "humongous") is a scalable, high-performance, open source, document-oriented database. Written in C++, MongoDB. MongoDB bridges the gap between key-value stores (which are fast and highly scalable) and traditional RDBMS systems (which provide rich queries and deep functionality).(MongoDb,2010).
In a simple term , MongoDb treats data as documents and stores it in a collection.Collection is a way to store related data.
MongoHQ is a cloud based database hosting solution where we can store our MongoDB databases.

b.What is Mongomapper?
Mongomapper is a Ruby rapper library.The main purpose of this is to aid application built under ruby platform to get connected and use MongoDB.

c.What is the relation between MongoDB and MySql.

Here MySql is a RDBMS a (Relational Database Management System) where all the data is storead in the tables as well as all the relationship between those data are also stored in form of tables.

Where as In MongoDB data are stored as documents.Now these records ,arrays and other objects can all be sotred insid a single record or document, which makes it much easier to find data.We don't have deal with joins and other very complex issues that exits in typical relational databases.

Resources:
MongoDb(2010).Retrived on May 26 ,2010 from http://www.mongodb.org/

MongoHQ(2010).Retrieved on May 26,2010 from https://mongohq.com/home

Wednesday, May 26, 2010

Exercise 15: M-commerce :Innovation and Mobile devices

1.What is meant by a location based service? Explain using the Web applications found on a late model mobile device.

Location Based Services are the services providing informations and entertainment within mobile devices via mobile network.These utilize the grographical positioning ability of these mobile devices.One of the example would be requesting the nearest business or service, such as an ATM or restaurant using this service.This will first locate the position of the device and then replies will various alternatives.
The location is determined by the radio signals delay of the closest cell-phone tower.The other method is integrating a GPS chip inside the device.Since GPS doesn't work quite good indoors,
other methods like NLSB(Near location based service) which make the use of wi-fi , bluethoot and infrared to match the devices with the nearby services.

The Google map service integrated in Apple's iPhone is one of LBS which provides directions to be followed to reach a certain location with ease.

2. Describe the purpose of the Open Mobile Alliance Initiative?

The Open Mobile Alliance Initiative (OMA) is a ruling body which develops open standards for the mobile phone industry.The basic idea of formulating common standards is to develop the entire mobile industry by removing barriers to interoperability, provide seamless and easy to use mobile experience to it's users and create a market environment that encourages competition through innovation and differentiation.


3.What are the main components of a mobile Web services framework?


The European Space Agency (2008) states that the components of a mobile web services framework are:

Mobile Server
The Mobile Server is a mobile remote computer, linked to the Internet via an Inmarsat Regional Broadband Global Area Network (RBGAN) User Terminal (UT).

Gatekeeper
The Gatekeeper is placed on the terrestrial Internet, and acts as the sole gateway to the Mobile Server.

RBGAN UT / Thuraya Satellite / RBGAN SAS
The physical connection between the remote web server and the Gatekeeper is established using a Satellite Access Station, a Telecommunications Satellite and a satellite modem.

GPS / Data Acquisition system / Web cam
The Mobile Server is connected to a set of peripherals, such as a GPS device, a web cam and/or a Data Acquisition system.

Application server / Client PC
The Gatekeeper handles requests from clients over the Internet.


4. Visit an airline Web site and search for information on WAP or SMS or 3G mobile application access to booking airline services. The same services exist in banking. How do both industries compare?

http://mobile.virginblue.com.au
This is a mobile application service provide by Virgin Blue airlines of Australia.It has the features where a user can book tickets.manager their booking,find Virgin Blue lounges,etc.
Users can also select seats for few destinations.It has also recently integrated electronic boarding pass which contains a bar-code.Flyers can check - in via this bar-code not requiring and paper boarding pass.

http://mobile.netbank.com.au
This is a mobile service provided by Commonwealth Bank of Australia.The user can log on to their netbank account and manage it.It also has features like ATM locator and Branch locator.

Both applications are very simple and easy to use but have very less functionality compared with that of the web.The other feature they have is of strong security as both deals with finance and personal identity.

Resources:
Location-Based Sevice.Wikimedia Foundation, Inc. Retreived on May 24, 2010 from
http://en.wikipedia.org/wiki/Location-based_service

Open Mobile AllianceWikipedia. 2010.Wikimedia Foundation, Inc. Retreived on May 24, 2010 from http://en.wikipedia.org/wiki/Open_Mobile_Alliance.

Mobile Web Services Framework (2008).European Space Agency 2008, ESA Telecommunication.Retrieved on May 24,2010 from
http://telecom.esa.int/telecom/www/object/index.cfm?fobjectid=12852

Exercise 14: Searching mechanisms, virtual worlds and cyberagents


1. What is a spider? What does it do?

A Spider is a program that reads web pages from a website and uses the hyper text links present in the web page to track another pages. It is also called as webcrawler since it crawls through web pages. Search Enginie such as Alta Vista uses web crawling technique to display results from various websites. Spider is also a type of bot or software agent which start with a list of URLs and identifies the hyperlink present in that URLs to go to another pages and also adds the links to its list of URLs called crawler frontier. URLs from the crawler frontier are visited recursively according to a set of policies.

Reference :

Web crawler. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived at May 21, 2010 from http://en.wikipedia.org/wiki/Web_crawler


2. Differentiate the various types of software agents.


A software agent is a software that acts for a user or other program in a realationship of agency as authority to decide which action is appropriate. The lists of software agents are:

i. Buyer Agent: It travels around the internet retreiving information about goods and services. It is also know as shopping bots which works very effciently commodity products such as electronic components , Books etc.

ii. User Agent: Also know as personal agent which takes actions on behalf of youself. It can perform following list of tasks:
  • Check your e-mail, sort it according to the user's order of preference, and alert you when important emails arrive.

  • Play computer games as your opponent or patrol game areas for you.

  • Assemble customized news reports for you. There are several versions of these, including newshub and CNN.

  • Find information for you on the subject of your choice.

  • Fill out forms on the Web automatically for you, storing your information for future reference

  • Scan Web pages looking for and highlighting text that constitutes the "important" part of the information there etc.

iii. Monitorig and survillience Agent: Monitoring and Surveillance Agents are used to observe and report on equipment, usually computer systems. The agents may keep track of company inventory levels, observe competitors' prices and relay them back to the company, watch stock manipulation by insider trading and rumors, etc.


iv. Data Mining Agent: Data Mining agent uses information technology to find trends and patterns in an abundance of information from many different sources. The user can sort through this information in order to find whatever information they are seeking.

Reference :

Software Agent Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived at May 24, 2010 from http://en.wikipedia.org/wiki/Software_agent


3. Identify various activities in e-commerce where software agents are currently in use.

The various activities in e-commerce using software agents can be identified as:

i. Buyer Agent: Amazon.com,eBay.com is a good example of a shopping bot. The website will offer you a list of booksand stuffs that you might like to buy on the basis of what you're buying now and what you have bought in the past. It offers the goods and similar products according to your taste based on your searches or previously bought products.


ii. User Agent: The examples of user Agent could be Yahoo.com, msn.com, Google.com which customizes the mail according to preference, assembles news, play games etc


iii. Monitoring and Survillience Agent : Example, NASA's Jet Propulsion Laboratory has an agent that monitors inventory, planning, and scheduling equipment ordering to keep costs down, as well as food storage facilities. These agents usually monitor complex computer networks that can keep track of the configuration of each computer connected to the network.


iv. Data Mining Agent: For example, a corporation may develop an agent to analyze economic trends. If the agent detects that consumers are becoming more conservative, it will alert management of the change. With this information in hand, management can better plan on how to produce, market, and sell its product. It will make all the process efficiently.


Reference:

Data Mining Agent. Wikipedia. 2010. Wikimedia Foundation, Inc. Retreived at may 24, 2010 from http://en.wikipedia.org/wiki/Data_mining_agents

Software Agent. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived at May 24, 2010 from http://en.wikipedia.org/wiki/Software_agent


4. Computing ethics and bot programming case study: rocky

a. Get an account username and password from the lecturer to LC_MOO
at http://ispg.csu.edu.au:7680 and login to the Welcome Lobby.

b. Hold a 5-minute discussion with Rocky on a special topic.
Commands and chat are entered in the command box (bottom-left of screen in Figure 11) :
act rocky (start bot) hush rocky (stop bot)

c. Rocky is an ELIZA-like bot. Report your findings.


I have logged into the LC_MOO Welcome Lobby as train15 user. First of all, there was an error saying that the chatting area is not enabled because of the browser does not support java. Hence I tried another browser and worked perfectly fine. The chatting area was displayed on the left hand side of the browser and hence to chat with 'Rocky' bot first I typed 'activate Rocky' and it responded as "Gee thanks for waking me up! I must have dozed off..". And i tried chatting with 'rocky' and it was giving random responses. I tried the command 'seewords Rocky', it displays list of all Keywords it uses to answer for a specific question or command.
Screen shots provided below:



Then i tried other commands such as 'addrandom Rocky' giving the result 'sorry, you must be the owner of Rocky to add a new word...'. Giving command 'news 1' it displays the first news present in the 'news' link (screenshot below):


Hence, i found out that rocky is a kind of 'Eliza bot' having some limitation on artificial intelligence and replies according to some random set of comments it has. It can also be termed as Artificial conversational entities, chatter bots, talk bots etc. Such kind of bots are very useful to do some repetitive task faster and efficiently like gaming bots, auction site bots etc.

Tuesday, May 25, 2010

Exercise 13: Shopping cart specifications

Develop the class diagram for the following shopping cart specifications:

A shoppingCart object is associated with only one creditCard and customer and to items in itemToBuy object. Persistent customer information such as name, billing address, delivery address, e-mail address and credit rating is stored in the customer object. The credit card object is associated with a frequentShopper discount object, if the credit rating for the customer is good. The customer can make or cancel orders as well as add and delete items to the shopping cart product. The credit card object contains the secure method for checking that the charge is authentic.



The Class diagram is show as below:







Exercise 12: Modelling with UML or MVC?

Examine the Use Case in Figure 4 and explain the MVC architecture of the online bookstore (the model the view and controllers) needed to Lookup Books and Add to Shopping Cart.

Model :
Lookup Books
Add to shopping Cart
View :
Book Search Page
Display Search Result Page
Display Book Detail Page
Display Shopping Cart List Page
Controller :
Book Search Controller
Shopping Cart Controller

The user enters the book ID or Name in the Book Search Page. The Book Search Controller searches for the book of provided ID or Name and displays the matched results in display result Page. It displays the book details if user chooses any displayed books. Book detail page consist of link to add the book to the shopping cart. If the user clicks the link, then the shopping cart controller receives action to add the selected book to the shopping cart list. User can go to display shopping cart list page to see what list of items has been added to the shopping cart including the price of respective item and total costs as well.

Exercise 11: TP monitors and transaction protocols

1. Give a description in your own words of the ACID properties of a transaction.

When a transaction processing systems starts a transaction, it should be reliable and consistent. There should not be any inaccuracy in the system, so that people can buy and sell or do any financial transaction via internet. Hence, ACID property guarantees the reliability of the system. ACID stands for the acronym of Atomicity, Consistency, Isolation and Durability.

Atomicity - This property ensures that the system is atomic. It means that, the state of the system can either be in begining state or can only be in a finished state. If there is any failure in the system while the process is being done, then it guarantees the system will return to its previous state. It is also called as Roll Back action.

Consistency - This property makes sure that the states of all system is in consistent state. If after the transaction has been made and the System A is consistent but the System b is not in consistent state then it rolls back the transaction to the first state where the system were in consistent state. Hence, it makes the system reliable.

Isolation - This property makes sure that other transaction can see or access the data that has been modified during a transaction yet to be complete. It makes other transaction unaware of the other concurrently executing transaction, except the one that needs the same resources which is being modified by the unfinished transaction.

Durability - This property guarantees the state of the system once the system has completed the transaction without any inconsistency. It means that after the transaction is complete, even if the system crashes or the hard disk crashes, the final state of the system can still be recalled. Hence, it makes the system permanent without any flaws.

Reference :

ACID. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived at May 19, 2010 from http://en.wikipedia.org/wiki/ACID

ACID Properties (Wrox Press, 1998). Retreived at May 19, 2010 from http://msdn.microsoft.com/en-us/library/aa480356.aspx


2. Describe a TP monitor environment. How can a TP monitor stop an operating system being overwhelmed?

TP monitor is a Transaction Processing Monitor is a program that manages the transfer of data between multiple local an remote terminals and the application programs that serve them. It provides integrity by ensuring that transactions do not get lost or damaged.

It may be placed in a separate machine and used to balance the load between clients and various application servers and database servers. There is no much load of work to be done by the operating systems, hence it stops OS from being overwhelmed.

Reference:

TP Monitor (2003). Retrieved at May 19, 2010 from
http://encyclopedia2.thefreedictionary.com/TP+monitor


Tuesday, May 11, 2010

Exercise 10: Concurrency and Threading demonstration in Python

1. Find definitions for eight terms and concepts used in threaded programming:
-Thread Synchronisation :
It is a method for preventing deadlock to occur when two or more threads trying to aquire the same resources at the same time by making the thread wait in the line while other thread is accessing the resources or making any change to it, preventing any collision between the them.

-Locks
A lock is a synchronization mechanism for enforcing limits on access to a resource in an environment where there are many threads of execution. Locks are one way of enforcing concurrency control policies.

-DeadLock
A Deadlock is a state in a computer system where two or more process are waiting for each other to finish thier task so that they can use the resource other process is using, but no one does finish the task. Therefore niether of the task can be completed and the resources are occupied as well.

-Semaphores
A semaphore is a protected variable or abstract data type that constiture a classic method of controlling access by several processes to a common resource in a parallel programming environment.

-Mutex (Mututal Exclusion)
It is an algorithm used in concurrent programming to avoid the simultaneous use of a common resource, such as a global variable, by pieces of computer code called critical sections.

-Thread
A thread results from a fork of a computer program into two or more concurrently running tasks. Multiple threads can exists within the same process and share resources such as memory, while different processes do not share these resources.

-Event
It is an action that is usually initiated outside the scope of a program and that is handled by a piece of code inside the program. Events are handled synchronous with the program flow. Main source of events are user who presses a key in the keyboard and hardware devices such as a timer.

-Waitable timer
A waitable time object is a synchronization object whose state is to signaled when the specified due time arrives. Manual-reset and synchronization are two types of waitable timer.

A simple demonstration of the threading module in Python (threaddemo.py) that uses both a lock and semaphore to control concurrency is by Ted Herman at the University of Iowa. The code and sample output below are worth a look. Report your findings.

threaddemo.py

# Create a bunch of threads, let each do some work, wait until all are done

import random

import threading

import time

# This takes about n/3 seconds to run (about n/3 clumps of tasks, times

# about 1 second per clump).

numtasks = 10

# no more than 3 of the 10 can run at once

# create a semaphore bounded up to 3

sema = threading.BoundedSemaphore(value=3)

# create a Read Lock

mutex = threading.RLock()

# running is a global variable to keep track

# of how many threads are running

running = 0

# the TestThread class is a subclass of threading.Thread,

# so it should supply the standard methods: run, ...

class TestThread(threading.Thread):

def run(self):

# tell python we access the global variable

global running

# introduce a random delay between 0 and 2

delay = random.random() * 2

print 'task', self.getName(), 'will run for', delay, 'sec'

# first, wait on the semaphore (limited to three threads)

sema.acquire()

# but only one of these three at a time should update

# the running variable

mutex.acquire()

running = running + 1

print running, 'tasks are running'

# release lock so another can update "running"

mutex.release()

# now sleep for a while (yawn....zzzzzzz)

time.sleep(delay)

# after wakeup, say we are done

print 'task', self.getName(), 'done'

# time to decrement "running"

mutex.acquire()

running = running - 1

print self.getName(), 'is finished.', running, 'tasks are running'

mutex.release()

# and finally, exit the group of three tasks

sema.release()

# main program: build and start all the threads

threads = []

# done in a function just for convenience

def starttasks():

for i in range(numtasks):

# show off Python's formatting feature

# by building a name for each thread

t = TestThread(name=""%i)

# add new name to list

threads.append(t)

# start thread

t.start()

starttasks()

print 'waiting for all tasks to complete'

# next statement waits for all threads to finish

for t in threads: t.join()

print 'all tasks done'


Here is the output window when you run the threaddemo.py script:

PythonWin 2.3.2 (#49, Nov 13 2003, 10:34:54) [MSC v.1200 32 bit (Intel)] on win32. Portions Copyright 1994-2001 Mark Hammond (mhammond@skippinet.com.au) - see

'Help/About PythonWin' for further copyright information.

>>> task will run for 0.120358615571 sec

1 tasks are running

task will run for 0.763990116379 sec

2 tasks are running

task will run for 0.207353153515 sec

3 tasks are running

task will run for 1.55806365714 sec

task will run for 0.776083733579 sec

task will run for 0.336440216469 sec

task will run for 1.55779500185 sec

task will run for 1.96896800957 sec

task will run for 1.57596561512 sec

task will run for 0.634052702735 sec

waiting for all tasks to complete

task done

is finished. 2 tasks are running

3 tasks are running

task done

is finished. 2 tasks are running

3 tasks are running

task done

is finished. 2 tasks are running

3 tasks are running

task done

is finished. 2 tasks are running

3 tasks are running

task done

is finished. 2 tasks are running

3 tasks are running

task done

is finished. 2 tasks are running

3 tasks are running

task done

is finished. 2 tasks are running

3 tasks are running

task done

is finished. 2 tasks are running

task done

is finished. 1 tasks are running

task done

is finished. 0 tasks are running

all tasks done


Here are the findings:

Here is my finding in A simple demonstration of the threading module:

  • Thread ID is only limited 10 ie form 0 to 9.
  • Variable delay that is used to control the processing time of thread (2 secs)
  • Variable sema is a threading semaphore and it is predefined running maximum 3 threads each time (sema = threading.BoundedSemaphore(value=3)).
  • Variable mutex is used to create the read lock for the thread (mutex = threading.RLock()).
  • Method acquire(), reads a wait flag(optional).This can be use to avoid blocking if the lock is held by someone else.
  • Variable running is used to count the total number of running threads.
  • when TestThread() gets executed, console will print out a thread ID and the expected running time. Then sema.acquire() checks the thread number whether is over 3 or not, if false, mutex creates a read lock for the waiting thread, and adds 1 to running.
  • When one of the 3 threads get fully executed , mutex releases the read lock of for that very thread and subtracts running by one.Then prints out that the task had been completed. No the one of the threading will be lock to be executed. These process continues for 10 circles or cycles.




  • Reference:

    What is Thread Synchronisation?, Retreived at May 8, 2010 from http://wiki.answers.com/Q/What_is_Thread_Synchronization

    Lock (Computer Science). Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived at May 8, 2010 from http://en.wikipedia.org/wiki/Lock_(computer_science)

    DeadLock. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived at May 8, 2010 from http://en.wikipedia.org/wiki/Deadlock

    Semaphores. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived at May 8, 2010 from http://en.wikipedia.org/wiki/Semaphores

    Mututal Exclusion. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived at May 8, 2010 from http://en.wikipedia.org/wiki/Mutex

    Thread (Computer Science). Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived at May 8, 2010 from http://en.wikipedia.org/wiki/Thread_(computer_science)

    Event (Computing). Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived at May 8, 2010 from http://en.wikipedia.org/wiki/Event_(computing)

    Waitable Timer Objects- MSDN. Retreived at May 8, 2010 from


    Monday, May 3, 2010

    Exercise 9: Electronic payments and security I

    1. Find out about SET and the use of RSA 128-bit encryption for e-commerce.

    SET which stands for Secure Electronic Transaction jointly developed by Microsoft, Mastercard, VISA international and others, is an open protocol for securing credit card transaction over insecure networks like protecting the privacy and ensuring the authenticity. Its working mechanism is encoding the message to be transferred and decoding the received message which is also known as cryptography. SET protocol relies on two different encryption mechanism and authentication mechanism. SET uses 56 bits session keys which are transmitted asymmetrically and the remainder transaction uses symmetric encryption in the form of Data Encryption Standard (DES).
    RSA was previously described by Ron Rivest, Adi Shamir and Leonard Adleman which was named after the initials of their surname. It is an algorithm for public key cryptography used for both signing and encryption. RSA derives its security from factoring large integers that are the product of two large primes of roughly equal size. The RSA algorithm contains three basic steps which are key generation, encryption and decryption.


    Reference:
    RSA. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived on May 3, 2010 from http://en.wikipedia.org/wiki/RSA

    Secure Electronic Transaction. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived on May 2, 2010 from http://en.wikipedia.org/wiki/Secure_Electronic_Transaction

    Secure Electronic Transaction: An Overview. Retrieved on May 3, 2010 from
    http://www.davidreilly.com/topics/electronic_commerce/essays/secure_electronic_transactions.html

    SSH: The Secure Shell. Retrieved on May 3, 2010 from http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch03_09.htm


    2. What can you find out about network and host-based intrusion detection systems?


    Network Based Intrusion Detection System(IDS) is the system that detects and reads all the incoming packects and finds the suspicious patterns known as signatures or rules. The IDS's attack recognition module uses four to recognize signature: 1. pattern, expression or byte code matching, 2. Frequency or threshold crossing, 3. Correlation of lesser events 4. Statistical anomaly detection. If an attack has been detected then the IDS continues with option such as administrator notification, connection termination or session recording for collecting evidence.


    A Host-Based Intrusion Detection System monitors the threat present in the computer itself rather than analysing the network packets. It detects which program uses what resources and any possible threat present in the computer. Host-Based IDS uses an object database of the system objects which it should monitor. It records all of the events in logs like whether the attack was successfull or not making Host-Based IDS more accurate. It detects the threats that even the Network-Based IDS missed and also donot require additional hardware to implement it.


    Reference:
    Network Intrusion Detection System. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived on May 3, 2010 from http://en.wikipedia.org/wiki/Network_intrusion_detection_system

    Network vs Host-Based Intrusion Detection. Retrieved on May 3, 2010 from http://documents.iss.net/whitepapers/nvh_ids.pdf

    Host-Based Intrusion Detection System. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived on May 3, 2010 from http://en.wikipedia.org/wiki/Host-based_intrusion_detection_system


    3. What is 'Phishing'?

    Phising is an act of sending a false email to users claiming to be an legitimate enterprise or authorized person in an attempt to acquire user's private and sensitive information such as passwords or credit card details. This emails directs people to website which asks the user to enter or update private information and ends up stealing the information to damage the users well-being. The other techniques of phishing are such as Link manupulation, Filter evasion, Website forgery, Phone phishing etc. The most effective anti-phishing technique can be making public aware about the level of phising atempts being made and how to recognize it. People should be a little extra precautious while browsing sensitive material over the Internet.


    Reference :
    Phishing. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived on May 4, 2010 from http://en.wikipedia.org/wiki/Phishing

    What is Phishing?. Retrieved on May 4, 2010 from http://www.webopedia.com/TERM/P/phishing.html

    4. What is SET and how does it compare to SSL as a platform for secure electronic transaction? Is SET in common use?

    Secure Electronic Transaction(SET) is system that ensures the security of financial transaction via the internet. During a financial transaction, purchaser, merchants and purchaser's bank are verified and the transaction is conducted after the user has recieved a digital certificate (digital wallet). This process makes the transaction secure and confidential.

    Secure Socket Layer(SSL) on the other is a standard that encrypts the data between Web Server and a Web Browser. It helps improve the communication in the Internet. SSL is built in over the all of the major browsers and webservers which turns on the SSL capabilities by simply installing the digital certificate.

    SET and SSL are both similar in a way that they both uses public key encryption but SET is more secure and ensures safe internet transaction then SSL because the process in SET double checks all the transaction at least three times but SET is more complex and costly in relation to SSL which could be called its drawback.

    Therefore, SET is less common is use than SSL because of its high cost as well as its Network effect caused by a need to install client software.

    Reference:
    Secure Electronic Transaction. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived on May 4, 2010 from http://en.wikipedia.org/wiki/Secure_Electronic_Transaction

    SSL versus SET, Clough G. (n.d), retrieved on May 5, 2010 from http://www.savagerun.com/SSLSET.htm

    What is secure electronic transaction?, retrieved on May 5, 2010 from http://searchfinancialsecurity.techtarget.com/sDefinition/0,,sid185_gci214194,00.html

    5. What are cookies and how are they used to improve security?Can the use of cookies be a security risk?

    Cookies is a small text file stored by the browser which stores bits of information like Unique ID tag in an encrypted format for the purpose of privacy. There are two types of cookies stored in the computer system, which are temporary cookies also known as session which remains on the computer's memory only till the browser is open and another cookies which is permanent cookie stored in the computer's drive and will be recreated even if it is deleted when the website is opened again.

    A cookie can be used for the purpose of authenticating the user and tracking the session for the shopping cart purpose. Hence it can enhance security of the user.

    However, there has also been a security concerns while using cookies. Cookies Hijacking is the most common among those risk, where unauthorized party hijacks all the sensitive information from the cookies such as usernames from the network causing damage to the user. Such an act can be manipulated by packet sniffing. Another security risks could be Cookies Poisoning, the act of changing the values of the cookies by an attacker and Cookies Theft, the act of directing the cookies to an arbitary server using different means from the 'cookies header'.

    Reference:
    HTTP cookie. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived on May 5, 2010 from http://en.wikipedia.org/wiki/HTTP_cookie

    What are Computer Cookies?, Kayne R. (2010), Retrieved on May 5, 2010 from http://www.wisegeek.com/what-are-computer-cookies.htm

    6. What makes a firewall a good security investment? Accessing the Internet, find two or three firewall vendors. Do they provide hardware, software or both?

    Firewall is a barrier in computer system built to stop unauthorized access to the system, based on a certain set of rules. Firewalls are specially used to prevent unwanted network from internet
    and extranet into the system. Its main function is to monitor the network that is seeking access and then give permit or denies the network based on the set of rules. Hence, firewalls can also provide good security from unauthorized network access.

    The firewall vendors that we found on internet were
    - Zone Alarm PRO firewall 2010: it provides firewall and anti-spy protection software only.
    - Prisma Firewall : provides firewall software only.
    - WatchGuard FireBox X6500e : the vendor provides both hardware and software for the firewall

    Reference:
    Firewall (computing). Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived on May 7, 2010 from http://en.wikipedia.org/wiki/Firewall_(computing)

    Best Firewall Software - Editors choice. Retreived on May 7, 2010 from

    7. What measures should e-commerce provide to create trust among their potential customers? What measures can be verified by the customer?

    To create trust among the potential customers on the e-commerce, they can use certain level of encryption while the file is being transferred. Antivirus and firewall can also used in the server side to prevent damage from unknown viruses and attacks.

    Cusomer can be educated about the dangers and threat present in the internet while doing financial transaction and measures to prevent themselves like making passwords that are difficult to trace and unpredicatable, Not leaving their computers for others to use and use of antivirus software for deeper protection.

    Reference:
    Internet Security. Retreived on May 7, 2010 from

    8. Get the latest PGP information from http://en.wikipedia.org/wiki/Pretty_Good_Privacy.
    The use of digital certificates and passports are just two examples of many tools for validating legitimate users and avoiding consequences such as identity theft. What others exist?

    The latest information on PGP was on April 29 2010, that Symantec Corp will be aquiring PGP for 300 million with the intent of integrating it into its Enterprise Security Group.

    Other examples for avoiding identity theft other than digital certificate and passports are Ephemeral Key, Federated identity, Secure Socket Layer (SSL), Biometric Verification etc.

    Reference:
    Identity and Access Management, Milgate R. (2010), Retreived on May 8, 2010 from

    Pretty Good Privacy. Wikipedia. 2010.Wikimedia Foundation, Inc. Retreived on May 7, 2010 http://en.wikipedia.org/wiki/Pretty_Good_Privacy