• Title/Summary/Keyword: white hacker

Search Result 6, Processing Time 0.024 seconds

Review on improving measurement of cyber terror management system

  • Park, Jong-Ryeol;Noe, Sang-Ouk
    • Journal of the Korea Society of Computer and Information
    • /
    • v.21 no.6
    • /
    • pp.89-96
    • /
    • 2016
  • Damage and attack size of cyber terror is growing to the national size. Not only targeting at a certain companies or individuals but number of cyber terror targeting government bodies or unspecific people is increasing. This is because compared to traditional weapon, input cost is very cheap but ripple effect and shock are much stronger, affecting not only certain groups but also each individuals. 'Anti-terror measurement for protection of nation and public safety' passed last month is one of the renowned measurement passed regardless of objection from opposition party. The opposition party went against this through filibuster for 192 hours but this finally passed National Congress due to lack of oppositions. Korean government is taking post actions after passage of anti-terror measurement. Legislation of enforcement ordinance and regulations is due by 6th of next month. This regulation will be executed from June 4th after legislation. Whenever there is any security issues such as hacking of Korea Hydro and Nuclear Power and National Intelligence Service happens, lot of attention is made to those hackers. However, social recognition or management of those hackers need lot more improvement. Especially, as market of internet of things is increasing, there is an increased anxiety on information security. But as we only rely on security solutions, this problems are keep happening. Therefore, active investment on nurturing hackers who play the role of 'spear and shield' shall be made. Government should put more efforts to allow white hackers to show their abilities. We should have a policy for supporting high-quality programs such as BoB. To make information protection industry into future growth engine, it is necessary to nurture professionals for information protection and white hackers through special programs. Politicians should make related regulations as soon as possible to remove factors that prevent swift management of cyber attack due to lack of legislation. Government should pay lot more financial investment to nurturing professional manpower than now. Protecting life and asset of nation is responsibility and duty of our government. We all should recognize that controlling cyber attack is a part of national defense.

A Study of Information Leakage Prevention through Certified Authentication in Phishing, Vishing, SMiShing Attacks (Phishing, Vishing, SMiShing 공격에서 공인인증을 통한 정보침해 방지 연구)

  • Park, Dea-Woo;Seo, Jeong-Man
    • Journal of the Korea Society of Computer and Information
    • /
    • v.12 no.2 s.46
    • /
    • pp.171-180
    • /
    • 2007
  • The financial crime that used morale anger Phishing, Pharming, Vishing, SMiSing etc. will gain during recent cyber crimes. We are study systematically whether or not leakage of information and infringement can how easily occur to Phishing, Vishing, SMiSing using a social engineering technique and VoIP at these papers through experiment. A hacker makes Phishing, Vishing site, and test an information infringement process of a user through PiSing mail and a virus, a nasty code, Vishing, a SMiSing character, disarmament of Keylogger prevention S/W etc. as establish server. Information by Phishing, Vishing, SMiSing is infringed with leakage in the experiment results, and confirm, and test certified certificate and White List and a certified authentication mark, plug-in program installation etc. to prevention, and security becomes, and demonstrate. Technical experiment and prevention regarding Phishing of this paper and Vishing attack reduce the damage of information infringement, and be education for Ubiquitous information security will contribute in technical development.

  • PDF

A Study on Legislative Approaches for Introducing Coordinated Vulnerability Disclosure(CVD): Focusing on the Information and Communications Network Act (보안취약점 협력대응제도(CVD) 도입을 위한 법제화 방안 연구: 정보통신망법 중심으로)

  • Taeseung Lee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.34 no.4
    • /
    • pp.781-799
    • /
    • 2024
  • Recently, the US and EU have been institutionally introducing and promoting Coordinated Vulnerability Disclosure(CVD) to strengthen the response to security vulnerabilities in ICT products and services, based on collaboration with white-hat hackers. In response to these changes in cybersecurity, we propose a three-step approach to introduce CVD through the Information and Communications Network Act(ICNA). In the first step, to comprehend the necessity and requirements for legislating CVD, we survey the current situation in Korea and the trends of CVD in the US, EU, and OECD. In the second step, we analyze the necessity for legislating CVD and derive the requirements for its legislation. In this paper, we analyze the necessity for legislating CVD from three perspectives: the need for introducing CVD, the need for institutionalization based on law, and the suitability of the ICNA as the legislation. The derived requirements for CVD legislation include the establishment and publication of Vulnerability Disclosure Policy(VDP), legal protection for white-hat hackers, and designation and role assignments of coordinator. In the third step, we introduce approaches to apply the requirements for CVD legislation to the ICNA, which is the law governing prevention and response to cybersecurity incidents in private sector.

A Study of Security for a Spam Attack of VoIP Vulnerability (VoIP 취약점에 대한 스팸 공격과 보안에 관한 연구)

  • Lee, In-Hee;Park, Dea-Woo
    • KSCI Review
    • /
    • v.14 no.2
    • /
    • pp.215-224
    • /
    • 2006
  • Regarding a spam attack and the interception that a spinoff is largest among Vulnerability of VoIP at these papers study. Write scenario of a spam attack regarding VoIP Vulnerability, and execute Call spam. Instant Messaging spam, Presence spam attack. A spam attack is succeeded in laboratories, and prove. and confirm damage fact of a user in proposals of a spam interception way of VoIP service, 1) INVITE Request Flood Attack 2) Black/White list, 3) Traceback, 4) Black Hole-Sink Hole, 5) Content Filtering, 6) Consent based Communication, 7) Call act pattern investigation, 8) Reputation System Propose, and prove. Test each interception plan proposed in VoIP networks, and confirm security level of a spam interception. Information protection of VoIP service is enlarged at WiBro, BcN. and to realize Ubiquitous Security through result of research of this paper contribute, and may make.

  • PDF

A Study of Interception for a Spam Attack of VoIP Service (VoIP서비스의 스팸 공격에 대한 차단 연구)

  • Lee, In-Hee;Park, Dea-Woo
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.5 s.43
    • /
    • pp.241-250
    • /
    • 2006
  • Regarding a spam attack and the interception that a spinoff is largest among weakness of VoIP service at these papers study. Write scenario of a spam attack regarding VoIP service, and execute Call spam, Instant Messaging spam, Presence spam attack. A spam attack is succeeded in laboratories, and prove, and confirm damage fact of a user in proposals of a spam interception way of VoIP service, 1) INVITE Request Flood Attack 2) Black/White list, 3) Traceback, 4) Black Hole-Sink Hole, 5) Content Filtering, 6) Consent based Communication, 7) Call act pattern investigation, 8) Reputation System Propose, and prove. Test each interception plan proposed in VoIP networks, and confirm security level of a spam interception. Information protection of VoIP service is enlarged at WiBro, BcN, and to realize Ubiquitous Security through result of research of this paper contribute, and may make.

  • PDF

A Study on the Countermeasures against APT Attacks in Industrial Management Environment (산업경영환경에서 지속적 APT 공격에 대한 대응방안 연구)

  • Hong, Sunghyuck
    • Journal of Industrial Convergence
    • /
    • v.16 no.2
    • /
    • pp.25-31
    • /
    • 2018
  • An APT attack is a new hacking technique that continuously attacks specific targets and is called an APT attack in which a hacker exploits various security threats to continually attack a company or organization's network. Protect employees in a specific organization and access their internal servers or databases until they acquire significant assets of the company or organization, such as personal information leaks or critical data breaches. Also, APT attacks are not attacked at once, and it is difficult to detect hacking over the years. This white paper examines ongoing APT attacks and identifies, educates, and proposes measures to build a security management system, from the executives of each organization to the general staff. It also provides security updates and up-to-date antivirus software to prevent malicious code from infiltrating your company or organization, which can exploit vulnerabilities in your organization that could infect malicious code. And provides an environment to respond to APT attacks.