Warming upEx.1. Discuss. What do you call any software attack on a computer? Is it always malicious? Mainstream Ex.2. Learning facts. 1. Read the text. ExploitIn computing, an exploit is an attack on a computer system, especially one that takes advantage of a particular vulnerability that the system offers to intruders. Used as a verb, the term refers to the act of successfully making such an attack. Many crackers (or hackers, if you prefer that term) take pride in keeping tabs of such exploits and post their exploits (and discovered vulnerabilities) on a Web site to share with others. Where an exploit takes advantage of a weakness in an operating system or vended application program, the owners of the system or application issue a "fix" or patch in response. Users of the system or application are responsible for obtaining the patch, which can usually be downloaded from the Web. Failure to install a patch for a given problem exposes the user to a security breach. (However, it can be difficult to keep up with all the required patches.) 2. Give synonyms: Attackers on a computer system To exploitWeakness Security hole 3. Give English equivalents: Воспользоваться незащищенностью Нарушения, брешь в системе защиты Оставлять пользователя незащищенным Невозможность инсталлировать заплату в программе Ex. 3. Grammar and vocabulary. 1. Read the first paragraph of the text and fill in the gaps with the terms given in the box. You should use some of them more than once. exploit exploitation fix notify vulnerability Zero-day exploit a) A zero-day exploit is one that takes advantage of a security (1) … on the same day that the (1) … becomes generally known. Ordinarily, after someone detects that a software program contains a potential exposure to (2) … by a hacker, that person or company can (3) … the software company and sometimes the world at large so that action can be taken to repair the exposure or defend against its (2) … . Given time, the software company can repair and distribute a (4) … to users. Even if potential hackers also learn of the (1) , it may take them some time to (5) … it; meanwhile, the (4) … can hopefully become available first. 2. Insert prepositions in the second paragraph of the text. b) … experience, however, hackers are becoming faster … exploiting a vulnerability and sometimes a hacker may be the first to discover the vulnerability. In these situations, the vulnerability and the exploit may become apparent … the same day. … the vulnerability isn't known … advance, there is no way to guard … the exploit before it happens. Companies exposed … such exploits can, however, institute procedures … early detection of an exploit. A study released by Symantec … early 2004 found that although the number … vulnerabilities discovered was … the same in 2003 as in 2002, the time … the vulnerability and exploits based … it had narrowed. According to the infoAnarchy wiki, "14-day" groups and "7-day" groups carry out an exploit … 14 or 7 days of a product's market release. Conducting a zero-day exploit establishes crackers as members of the elite, because they must have covert industry connections to gain the inside information needed to carry out the attack. 3. Give Russian equivalents: Detect a potential exposure to exploitation by a potential exposure to exploitation by to repair the exposure or defend against its exploitation repair and distribute a fix learn of the vulnerability become faster at exploiting to discover the vulnerability to guard against the exploit institute procedures for early detection of an exploit Ex. 4. Learn and compare. 1. What prefixes can be used with –ware to describe applications which intend to cause some harm? 2. What is the difference between them? Ex. 5. Reading. Study the text about spyware paying attention to the terms and answer the questions. Spyware is any technology that aids in gathering information about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. Spyware can get in a computer as a software virus or as the result of installing a new program. Data collecting programs that are installed with the user's knowledge are not, properly speaking, spyware, if the user fully understands what data is being collected and with whom it is being shared. However, spyware is often installed without the user's consent, as a drive-by download, or as the result of clicking some option in a deceptive pop-up window. Software designed to serve advertising, known as adware, can usually be thought of as spyware as well because it almost invariably includes components for tracking and reporting user information. However, marketing firms object to having their products called "spyware." As a result, McAfee (the Internet security company) and others now refer to such applications as "potentially unwanted programs" (PUP). The cookie is a well-known mechanism for storing information about an Internet user on their own computer. If a Web site stores information about you in a cookie that you don't know about, the cookie can be considered a form of spyware. Spyware is part of an overall public concern about privacy on the Internet. Many Internet users were introduced to spyware in 1999, when a popular freeware game called "Elf Bowling" came bundled with tracking software.
Ex. 6. Discussion. 1. What have you heard about any of these:
2. What steps can a user take to protect himself against all those in your opinion? Ex. 7. Reading Read the texts for additional information MalwareMalware (for "malicious software") is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware, programming that gathers information about a computer user without permission. Adware1) Generically, adware (spelled all lower case) is any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. The justification for adware is that it helps recover programming development cost and helps to hold down the cost for the user. Adware has been criticized because it usually includes code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge. This practice has been dubbed spyware and has prompted an outcry from computer security and privacy advocates, including the Electronic Privacy Information Center. Noted privacy software expert Steve Gibson of Gibson Research explains: "Spyware is any software (that) employs a user's Internet connection in the background (the so-called 'backchannel') without their knowledge or explicit permission. Silent background use of an Internet 'backchannel' connection must be preceded by a complete and truthful disclosure of proposed backchannel usage, followed by the receipt of explicit, informed consent for such use. Any software communicating across the Internet absent of these elements is guilty of information theft and is properly and rightfully termed: Spyware." A number of software applications, including Ad-Aware and OptOut (by Gibson's company), are available as freeware to help computer users search for and remove suspected spyware programs. 2) AdWare is also a registered trademark that belongs to AdWare Systems, Inc. AdWare Systems builds accounting and media buying systems for the advertising industry and has no connection to pop-up advertising, spyware, or other invasive forms of online advertising. |
