According to an article entitled "Three Vulnerability Assessment Tools Put to the Test"
Vulnerability assessment systems scan operating systems and applications for potential problems, such as the use of default passwords or configurations and open ports. This can give administrators a head start in fixing problems and will, hopefully, let IT organizations more effectively beat bad guys to the punch."
The above factors are only true when vulnerability systems find all the problems that may be present in an application.
Research has often demonstrated a gap between the best vulnerability assessment tools and the weaknesses in a test network. However IT employees who are responsible for securing IT assets will find the use of a vulnerability assessment tool beneficial even if all it does is eliminate some of the monotonous work they are confronted with.
When vulnerability assessment tools were first made available, scanning was the primary method utilized. However, today there are also tools such as intrusion-detection software (IDS); this software is different from scanning software in that it works by looking for patterns of illegitimate network traffic that might be consistent with a breach of the system. On the other hand, scanners work by identifying whether or not a computer's actual configuration is vulnerable to attack. In other words the IDS is reactive, whereas the scanning software is proactive.
EBay and Amazon
Now that we have discussed the general vulnerabilities that online businesses are confronted with, let us focus on and compare some of the vulnerabilities that specific companies have to deal with. As it relates to this aspect of the discussion we will focus on EBay and Amazon, two of the largest online businesses in the world.
EBay is the largest internet auction site in the world. The company has been able to generate billions of dollars a year by simply serving a host site fro people all around the world that want to offer products for sale. Although the company has been extremely successful, the very structure of the company makes it vulnerable to some very unique threats.
The first of which is auction fraud. Auction fraud is the most reported type of internet fraud and cost EBay and consumer millions of dollars each year. This type of fraud occurs in several different ways. The primary way that this type of fraud is committed involves sellers that advertise a product, the buyer or winning bidder pays for the product and the product is never received. An article entitled Online Auction Fraud: Are the Auction Houses Doing All They Should or Could to Stop Online Fraud?
Some online sellers have put items up for auction, taken the highest bidder's money, and never delivered the merchandise. In addition, consumers who paid by certified check or money order have little recourse when it comes to getting their money back.(21) With fraudulent online auction users recognizing the difficulty in retrieving a check or money order, it is not surprising that payment by check or money order accounts for ninety-three percent of fraudulent payments.
This type of fraud is problematic for EBay because if the seller never receives the product the buyer can then refuse to accept the charges and EBay will not get there commission from the sell.
To avoid this problem the company has attempted to implement several safeguards that include allowing the buyer to file a complaint with EBay. EBay then investigates such claims and attempts to rectify the situation. The company also allows buyers and sellers to leave rating for one another. On EBay an individuals ratings help others to determine whether or not the buyer or seller is trustworthy and whether doing business with the individual...
If potential buyers see negative ratings there are less likely to do business with that individual.
As it relates to more general threats such as identity theft EBay attempts to use safeguards such as password protection and usernames to safeguard the personal information of users. The company also recommends that users change their passwords frequently, as this decreases greatly the likelihood of their identities being compromised.
Although EBay has attempted to implement many safeguards, the company has experienced major problems with "Spoof Emails." According to Ebay's Security Center this is actually a form of Phishing. The company explains
Some thieves on the Internet, simply go fishing, or 'phishing', as the practice has come to be known, trolling the sea of online consumers in hopes of netting unsuspecting victims. One method of phishing is the sending of 'spoof' (fake) emails, which copy the appearance of popular Web sites or companies in an attempt to commit identity theft or other crimes."
These are emails that are sent to members supposedly from eBay. These emails assert that there is some type of problem with the member's account and their username and password is needed to address the problem. The individuals that send the emails then use this information to enter member accounts and in many cases charge the credit cards of members or place ads in their name. To combat this issue eBay warns members to always log into the official eBay site, because it provides a list of all the emails that have been sent to the member by eBay. If an email is not contained in the list, it is a fake email and should be discarded.
As it relates to Amazon, the company faces a great deal of threats simply because of the size of the company and the types of service that it offers. Amazon is unique in that it is a type of online mall that provides a central location for consumers to shop for the products of different vendors. For instance, the company sells products from Target, Guess and circuit city. All of these businesses also have their own websites but also offers products through Amazon.
Amazon allows customers to save their personal information such as credit cards and shipping addresses. Although this is convenient for the customer it creates certain vulnerabilities for the company. To keep this information safe, the company has assigned a username and password for each user. In addition, once customers confirm this information they are taken to secure sites and credit card numbers are never displayed on any screens.
Amazon also has experienced problems associated with spoof emails and confronts this issue in much the same way as EBay.
The purpose of this discussion was to examine the front-end and back-end threats associated with the online business industry. In addition the research will compare and contrast the strategies of EBay and Amazon in eliminating their losses and gaining market share in the U.S. The research found that these front-end and back end threats make businesses and their customers vulnerable. The research also found that analysis and assessment tools assist these businesses in eliminating or reducing these vulnerabilities.
Sumit Kundu, Nitish Singh. 2002. Explaining the Growth of E-Commerce Corporations (ECCs): An Extension and Application of the Eclectic Paradigm. Journal of International Business Studies. Volume: 33. Issue: 4. Publication Year: 2002. Page Number: 679+.
Wright Color Graphic Dictionary. http://www.wrightcolorgraphics.com/f.htm
Back End Systems. http://retailindustry.about.com/library/terms/b/bld_backend.htm
Mike Harris. What is E-commerce.
Jeff Sovern Stopping Identity Theft. Journal of Consumer Affairs. Volume: 38. Issue: 2. Publication Year: 2004. Page Number: 233+.
Amanda Andress. Surviving Security: How to Integrate People, Process, and Technology. Auerbach Publications; Boca Raton, FL. 2003.
Cameron Sturdevant. Three Vulnerability Assessment Tools Put to the Test http://www.eweek.com/article2/0,1759,1653587,00.asp.July 14, 2003.
Tiernan Ray. Think Like a Hacker: The Best Scanning Tools E-Commerce Times http://www.ecommercetimes.com/story/31356.html
James M. Snyder. Online Auction Fraud: Are the Auction Houses Doing All They Should or Could to Stop Online Fraud. Federal Communications Law Journal. Volume: 52. Issue: 2. 2000. Page Number: 453.
20 EBay Security and Resolution Center. http://pages.ebay.com/securitycenter/stop_spoof_websites.html08/16/03
Identifying Phishing or Spoofed E-mails. http://www.amazon.com/gp/help/customer/display.html?ie=UTF8&nodeId=15835501
Functional strategy Functional strategy Functional strategy SWOT Analysis Strengths: The major strength of the company is that Li & Fung has been operating for a long time in the industry and they have been able to establish themselves as an important market player. The supply chain solution provided by Li & Fung is more sophisticated than the other trading companies. Li & Fung has strategic competitive advantage over its competitors as they have the expertise in the
Saying this much, I would like to caution that they must remain within their expertise and professionalism and try to avoid ending up the fate met by some other financial institutions who ventured into commercial banking activity in the past. One disadvantage in Provident leasing may lie on their weak business strategies and techniques. Improvements in their business process seem to be stagnant. Although the company can boast of increasing
Online consumer reviews from the consumer's perspective. Online consumer reviews are often the first way that a consumer will learn about a new product or service. The pros of online consumer reviews include receiving potentially unbiased information about a product or service. The cons of online consumer reviews include their increasing lack of credibility as more companies are resorting to tactics like paying bloggers for positive product reviews, paying writers to
online selling small businesses. • Identify benefits costs online retailing i) small businesses online retailing ii) small business online retailing. • Explain online retailing affect financial management existing small business chooses move online retailing. Online Selling The following pages focus on identifying and discussing the impact that online selling has on small businesses. The paper intends to address issues like benefits and costs associated with online retailing. In order to provide
The objectives of this project will result in a reduced security risk due to incoming spam and junk email messages. Achievement of the objective will be difficult to measure because it represent something that will not happen if the project is successful. A reduction in threats due to the actions or inactions of employees will result in achievement of these objectives. An employee questionnaire or survey would be useful in
online retailing operates, what kind of problems they face and the kind of environment they operate in. The author has also focused on Asian online retailing and special focus on Hong Kong online retailing. It has 22 sources. Access of basic necessities of life has followed the conventional method of buying and selling. This pattern changed in the last decade with the emergence of information technology age. When consumers have