Password Theft
Essay Preview: Password Theft
Report this essay
INTRODUCTION
History of Authorization System
The security of digital data has long been a concern of operating system designers. The first time-sharing systems in the early 1960s had password schemes as part of logging in, memory protection hardware, and access control lists on files. By 1970, the means to assure security and protection were considered fundamental to operating systems and were an important consideration in the design of OS kernels.
Authorization is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth). Thus, authorization is sometimes seen as both the preliminary setting up of permissions by a system administrator and the actual checking of the permission values that have been set up when a user is getting access.
Knowledge of the password is assumed to guarantee that the user is authentic. Each user registers initially (or is registered by someone else), using an assigned or self-declared password. On each subsequent use, the user must know and use the previously declared password. The weakness in this system for transactions that are significant (such as the exchange of money) is that passwords can often be stolen, accidentally revealed, or forgotten.
Histories listed below are numbers of major events along the way of authorization system since it had been introduced:
1.1.1.
One-way Functions to Protect Passwords (1967)
The authentication system (used during login) stores enciphered images of user passwords but not the actual passwords. This protects passwords from being divulged if an attacker happens to read the file.
1.1.2.
Public key Cryptography and Digital Signatures (1976)
Public-key cryptography enables two people to communicate confidentially, or to authenticate each other, without a prearranged exchange of shared cryptographic keys. It also provided the first technical mechanism for digital signatures that cannot be repudiated.
1.1.3.
First Vulnerability Study of Passwords (Morris and Thompson 1978)
This study demonstrated that password guessing is far more effective than deciphering password images. It found that a very high percentage of passwords could be guessed from user names, addresses, social security numbers, phones, and other information stored in the user identification files. Password guessing remains a major threat today.
1.1.4.
RSA Public-Key Cryptosystem (1978)
The RSA public-key cryptosystem is the oldest unbroken public key cryptosystem that provides both confidentiality and authentication. It is based upon the difficulty of determining the prime factors of a very large number.
1.1.5.
Distributed authentication (Kerberos 1988)
Authentication servers allow users and processes to authenticate themselves on any system using one set of data. The data can be updated globally, and the server can pass proof of identity back to the user or process. This proof can be passed to other servers and clients and used as a basis for access control or authorization.
Introduction of Password Theft
We live in a world of passwords. We use them for everything, to access our e-mail and credit cards or others authorization system. In same time, we have so many of them it can be easy to forget which password belongs to which service. Because of their ubiquity, we also tend to reuse our passwords. The ubiquity of passwords, however, has given rise to an entire criminal enterprise focused on acquiring them. Consequently, security experts have suggested for years that to increase security, computer users should vary their passwords frequently, and use different passwords for different services. Few take this advice, but not to some people that hard to memorized something especially password that had a combination of number and characters. Even so, in a world built on access and information, the password has become the ultimate skeleton key.
While stealing passwords is not a new crime, in the world of Internet theft, it has taken on new dimensions. The harm caused by password theft very often impairs of dignity right. Password theft, however, is not a unary crime, it comes in two forms, depending on the nature of the password. By most measures, incidence of password theft is rising, not declining.
There are 2 types of password theft:
1.2.1.
First-Party Password Theft
Concerns crimes that are quite familiar are identity theft, monetary theft, mail theft and are clearly analogous to the common law crime of larceny. It is involves the theft of a users password that results in damage to that individual.
1.2.2.
Second-Party Password Theft
Concerns crimes that are not as obvious as unauthorized access are password sharing, and the like. It is distinguished from first-party password theft in that ownership and possession of the password reside in two different individuals or entities. It also characterized by a party giving a password to another entrusted user for that users benefit.
Password theft causes pecuniary harm in rather obvious ways. The law has had a hard time detecting. Comprehensive programs of public education, flexible password usage contracts utilizing price discrimination models and targeted lawsuits need to be used to decreasing this issues as more people gain access to the Internet, and the Internets reach broadens, the importance of passwords in the daily lives of hundreds of Millions of Internet users is also likely to increase.
What is Hacking
Are “hackers” bright, inquisitive young people who explore computer system for fun and intellectual challenge? Or are they irresponsible criminals who invade privacy, steal information and money, destroy file, and crash computer systems?
The answer is both. In the early days of computing, a “hacker” was a creative programmer who wrote very elegant or clever program. They tend to be outside the social