Handouts of Lecture 21 Professional Practices (IT)
Lecture Title: Computer and Network Security
Hackers – Past vs Present
• Original Meaning:
Long ago, a "hacker" was a smart person who enjoyed exploring and improving systems
— especially computers — in creative ways. It was not a bad word.
• Today’s Meaning:
Now, a “hacker” usually means someone who breaks into computers or websites
without permission — which is illegal.
How Hackers Get In
To access a computer or website, a hacker might:
1. Guess weak passwords like “12345” or “password”.
2. Eavesdrop: Watch over your shoulder as you type.
3. Dumpster Diving: Look in the trash for things like login info or manuals.
4. Social Engineering: Trick people into giving them access (like pretending to be a boss).
Password Tips
To stay safe:
• Don’t use short or dictionary words as passwords.
• Don’t just change letters to numbers (like “E” to “3”).
• Don’t use the same password everywhere.
• It’s okay to write passwords on paper if needed — better than reusing them.
• Use weird answers to security questions (e.g. Pet’s name: “Ford Fiesta”).
• Turn on 2-step verification.
• Use a private email for password recovery — not the one you use every day.
Computer Fraud and Abuse Act (USA Law)
This law makes hacking a serious crime, including:
Page 1 of 5
� • Sending viruses or worms.
• Getting into computers without permission.
• Selling or stealing passwords.
• Punishment: Up to 20 years in jail and $250,000 fine.
Sidejacking (Stealing a session)
This means hijacking someone’s login session using their cookie (a file that keeps them logged
in). It happens mostly on open Wi-Fi (like in cafes) because cookies are sent without encryption.
Firesheep Case
• In 2010, a developer named Eric Butler made a Firefox tool called Firesheep.
• It let users easily sidejack others on public Wi-Fi — logging into their Facebook,
Amazon, Twitter, etc. just by clicking a button.
• Firesheep was free and open-source, and downloaded over 500,000 times in one week!
Why Did He Do It?
Butler wasn’t trying to encourage bad behavior. He wanted to show how unsafe public Wi-Fi
was and pressure websites to fix it by using encryption (HTTPS).
Firesheep and Ethics – 3 Views
1. Utilitarian Analysis (Is it good overall?)
• Result: People became aware of security risks.
• Benefit: Big websites improved their security.
• Harm: Very few people misused Firesheep.
• Conclusion: It helped more than it hurt, so it was a good thing.
2. Virtue Ethics (Was the person’s intention good?)
Page 2 of 5
� • Butler:
o Wanted to help people stay safe online.
o Was brave to take the blame for releasing Firesheep.
o Showed responsibility and honesty.
• Conclusion: He acted like a good, caring person — his actions were virtuous.
3. Kantian Analysis (Was it morally right, no matter the outcome?)
• Problem: Firesheep made it very easy to do bad things (invade privacy).
• Some people did misuse it, even if that wasn’t Butler’s goal.
• Kant says you shouldn’t use people as a way to reach your goal.
• Butler used Firesheep to pressure companies, even though innocent users were
affected.
• Conclusion: From this view, it was wrong to release Firesheep.
What is Malware?
Malware means “bad software” — programs that can harm your computer.
• Sometimes it’s small and just slows your system.
• Sometimes it’s dangerous — it can:
o Delete your files
o Steal your data
o Take control of your PC
o Send spam or illegal content from your computer
What is a Virus?
• A virus is a piece of code that attaches itself to a program.
• When you run the infected program, the virus activates first.
• It finds other programs on your PC and infects them too.
• The virus then lets your program run as usual, so you don’t notice anything.
• Where do viruses come from?
o USBs, CDs, Internet downloads
o Email attachments with hidden code (like macros)
Example: A free game might secretly contain a virus.
Page 3 of 5
� Antivirus Software
• Antivirus programs find and remove viruses.
• But to work well, they must be updated regularly.
• Many users forget to update antivirus software, so viruses still cause harm.
In a survey:
• 84% of people had antivirus software.
• Still, 31% had viruses — because they didn’t update it.
What is a Worm?
• A worm is a standalone program (doesn’t need another host).
• It spreads through networks by using bugs (mistakes) in software.
• It can copy itself to other computers without any help from the user.
Case Study: The Morris Internet Worm (1988)
Who made it?
• Robert Tappan Morris, a Cornell University student.
• He wanted to see how many computers he could infect — not to destroy data.
What did the worm do?
• Used bugs in UNIX programs like ftp, sendmail, and fingerd.
• Spread to thousands of university and government computers.
• Buggy code caused multiple infections on the same computer, making systems crash or
freeze.
What happened next?
• Morris told his friends. One of them posted an anonymous message online about the
worm.
• But the message was delayed because some systems were already down.
• System admins worked quickly to find the problem and fix the bugs.
Page 4 of 5
�What punishment did Morris get?
• First person convicted under the US Computer Fraud and Abuse Act.
• Got 3 years’ probation, 400 hours community service, and $10,000 fine.
• His total cost (with legal fees): more than $150,000.
Ethical Evaluation of Morris Worm
1. Kantian View (Right or Wrong Based on Intention)
• Morris wanted to have fun, not hurt anyone — but his intentions were selfish.
• He used others’ computers without permission.
• He tried to hide his identity — meaning he knew it was wrong.
Conclusion: Wrong action.
2. Social Contract View (Respecting Rules of Society)
• He broke trust by accessing other people's computers.
• He ignored usernames and passwords.
• His worm blocked real users from using their computers.
Conclusion: Wrong action.
3. Utilitarian View (Good vs Harm)
• Good: Found bugs before real hackers did.
• Bad: Caused computers to crash, email delays, time loss, cost, and stress.
• He could have simply informed developers about the bugs.
Conclusion: More harm than good — wrong action.
4. Virtue Ethics (Is He a Good Person?)
• Morris acted selfishly and irresponsibly.
• He hid his identity, used MIT’s network instead of Cornell’s.
• He avoided taking full responsibility.
Conclusion: Not the behavior of a good, responsible person.
Page 5 of 5
