URLs can change over time. If any of the sites used in these Internet Exercises change, please visit the Turban Electronic Commerce 2002, 2e Companion Web site at http://www.prenhall.com/turban for an update.

Chapter 13

1. Visit the hacked pages archive at 2600.com (http://www.2600.com/). Construct a list of some of the more famous sites that have been the object of hacker attacks.
   
   
2. The Common Vulnerabilities and Exposures Board (http://www.cve.mitre.org/) maintains a list of common network security vulnerabilities. Review the list. How many vulnerabilities are there? Based on that list, which system components appear to be most vulnerable to attack? What impact do these vulnerable components have on EC?
   
   
3. A number of B2C sites rely on hidden fields in their Web forms to pass information back and forth between a consumer's browser and their Web servers. Go to AltaVista and search for the following string: <INPUT TYPE=hidden NAME="price". What types of EC forms use this type of hidden field? Give some examples. What sort of security threat does a hidden field of this sort represent?
   
   
4. Your B2C site has just been hacked. You'd like to report the incident to the Computer Emergency Response Team (http://www.cert.org/) at Carnegie Mellon University so they can alert other sites. How do you do this and what types of information do you have to provide?
   
   
5. Go to Network Associates virus library (vil.nai.com/vil/default.asp). What are the general characteristics of a virus? How are risks of viruses assessed (see mcafeeb2b.com/avert/virus-alerts/avert-risk-assessment.asp)?
   
   
6. The World Wide Web consortium maintains a security FAQ (list of frequently asked questions). Based on this FAQ (w3.org/Security/Faq/www-security-faq.html#contents), what sorts of security threats do CGI programs pose and how can they be managed?
   
   
7. The Computer Security Institute provides a comparison of various commercial firewall products (spirit.com/cgi-new/report.pl?dbase=fw&function=view). Select three of the products and do a comparison of their features. Based on your comparison, which product would you select?
   
   
8. You have just installed a DSL line in your home so you will have faster Internet access. You have heard that this makes your computer susceptible to DDoS attacks and you want to install a personal firewall to guard against this threat. What sorts of commercial products are available? Which one would you choose?