keshav

Posted on Sep 2, 2023 in Other subjects

Explain in brief each type of Intellectual property

1. Patents

The U.S. Patent and Trademark Office grants property rights to original inventions, from processes to machines. Patent law protects inventions from use by others and gives exclusive rights to one or more inventors. Technology companies commonly use patents, as seen in the patent for the first computer to protect their investment in creating new and innovative products. The three types of patents consist of:

  • Design patents: Protection for the aesthetics of a device or invention. Ornamental design patents include a product’s shape (Coca-Cola bottle), emojis, fonts, or any other distinct visual traits.
  • Plant patents: Safeguards for new varieties of plants. An example of a plant patent is pest-free versions of fruit trees. But inventors may also want a design patient if the tree has unique visual properties.
  • Utility patents: Protection for a product that serves a practical purpose and is useful. IP examples include vehicle safety systems, software, and pharmaceuticals. This was the first, and is still the largest, area of patent law.

2. Trademarks

Trademarks protect logos, sounds, words, colors, or symbols used by a company to distinguish its service or product. Trademark examples include the Twitter logo, McDonald’s golden arches, and the font used by Dunkin.

Although patents protect one product, trademarks may cover a group of products. The Lanham Act, also called the Trademark Act of 1946, governs trademarks, infringement, and service marks.

3. Copyrights

Copyright law protects the rights of the original creator of original works of intellectual property. Unlike patents, copyrights must be tangible. For instance, you can’t copyright an idea. But you can write down an original speech, poem, or song and get a copyright.

Once someone creates an original work of authorship (OWA), the author automatically owns the copyright. But, registering with the U.S. Copyright Office gives owners a head-start in the legal system.

4. Trade Secrets

Trade secrets are a company’s intellectual property that isn’t public, has economic value, and carries information. They may be a formula, recipe, or process used to gain a competitive advantage.

To qualify as a trade secret, companies must work to protect proprietary information actively. Once the information is public knowledge, then it’s no longer protected under trade secrets laws. According to 18 USC § 1839(3), assets may be tangible or intangible, and a trade secret can involve information that’s:

  • Business
  • Financial
  • Technical
  • Economic
  • Scientific
  • Engineering

Two well-known examples include the recipe for Coca-Cola and Google’s search algorithm. Although a patent is public, trade secrets remain unavailable to anyone but the owner.

Explain the different real life example of CyberCrime

You wake up on a weekday morning and see an email notification on your phone. It lets you know that your Facebook email has been changed to an old Hotmail address you haven’t used in years. The next email in your inbox informs you that your Facebook password has been changed. 

 You sit bolt upright in bed. This can’t be right! You try to log into Facebook, but your old password won’t work. 

 Okay, don’t panic. This can be fixed. You find that one of the notification emails has a link to secure the account if this change was unauthorized. Relieved, you click it, ready to get your account back. But the whole page is in Turkish, incomprehensible. You can’t make heads or tails of it, or find a way back into your account. 

Pulling up your account by URL you find somebody else’s face on your profile, and somebody else’s name. Your account has been invaded, and somebody else has taken your place. They have access to all your messages, your friends, your photos and personal information about you stored in your account. Even other websites and apps that you use Facebook to access. 

Somebody has stolen your digital life from you! 

The Reality 

This really happened to Jeff Bercovici, Inc.’s San Francisco bureau chief. 

So how did the hacker get access to his Facebook profile? Through an old Hotmail address that Jeff hadn’t used in years. Hotmail will release old addresses to be re-registered if they haven’t been in use for two or more years. 

This old email account was still connected to Jeff’s Facebook profile, and the hacker was able to use it to get in. He then changed the password and the primary email and took total control of the account. If Jeff wasn’t a tech journalist with connections at Facebook, it might have taken him a lot longer to get his account back. 

What can you do to prevent this? 

  • You should check your security settings on your Facebook account. 
  • Check for any connected email addresses and remove old ones. 
  • Make sure you have two-factor authentication enabled. 
  • Lock down privacy settings to prevent people from using your Facebook account to gather information about you. 

Explain organizational guidelines for internet usage.

An internet usage policy is a document used by employers to communicate the acceptable use of technology in the workplace. The document provides rules and guidelines surrounding the organization’s expectations of their employees when using the internet and other company-provided devices.

Common topics include:

  • The company’s stance on employee’s using the internet for personal reasons
  • The disciplinary actions the company will take when employees perform illegal or otherwise unacceptable actions such as harassment or piracy
  • Whether or not the company monitors employee internet use
  • The employee’s computer security obligations such as password management, locking their workstations when not in use, USB security, etc
  • Examples of undesirable internet usage such as excessive unproductive browsing and unnecessarily high bandwidth consumption

Discuss how emails are used in Forensics analysis.

The reason email forensics come into part of the digital forensics investigation is due to the massive and common use of emails among people nowadays.

People’s using email to communicate with their friends, schoolmates, colleagues and a variety of people. Hence, numerous data and information is transmitted across its use and meanwhile some of those are illegal not surprisingly just like what other common communication approach, e.g. mobile phone, has happened as well when it was popularized to certain extend.

In fact, it’s already a severe public concern that a majority of criminals are using email for their crime committed in recent years, especially when it comes to cyber security and digital crime. Not only that, increasingly noncomputer crimes and even civil litigation, has been related to emails.

That’s being said, we do want to unveil the operation theory of email and thus extract email related digital evidence via email forensics to bring the criminals to justice.

Why there is need of Computer Forensic?

Cybercrime causes billions of dollars of economic damage. Because of this, forensic science has to evolve to deal with cybercriminals. Computer forensic techniques allow investigators to gather evidence against cybercriminals that will stand up in a court of law.

Technology such as computers can make our lives easier and more convenient. One major way that computers are used every day is to store vast amounts of data and information that is important to the daily operations of businesses, government organizations, and private individuals.

Data found on computers is valuable and unfortunately vulnerable. Cybercrimes, where a dishonest individual gains illegal access to data found in computers and networks are on the rise and cyber criminals are becoming more and more adept at evading legal consequences.

Discuss different types of active attack and passive attack?

Passive Attacks

The first type of attack is passive attack. A passive attack can monitor, observe or build use of the system’s data for sure functions. However, it doesn’t have any impact on the system resources, and also, the data can stay unchanged. The victim is difficult to note passive attacks as this sort of attack is conducted in secret. Passive attack aims to achieve data or scan open ports and vulnerabilities of the network.

An eavesdropping attack is taken into account as a kind of passive attack. An eavesdropping attack is to steal data transmitted among two devices that area unit connected to the net. Traffic analysis is enclosed in eavesdropping. An eavesdropping attack happens once the attackers insert a software package within the network path to capture future study network traffic. The attackers have to be compelled to get into the network path between the end point and the UC system to capture the network traffic. If their area unit additional network methods and also the network methods area unit longer, it’ll be more comfortable for the offender to insert a software package within the network path.

The release of messages is additionally another kind of passive attack. The attackers install a package to the device by using virus or malware to watch the device’s activities like a conversation of messages, emails, or any transferred files that contain personal information and knowledge. The attackers will use the data to compromise the device or network.

Some other attacks that have emerged thanks to the exponential interconnection of insecure devices like IoT infrastructure include those that square measure protocol-specific, likewise as wireless device networks-based

For example, in associate IoT-based, mostly sensible-home systems, the communication protocol used is also RPL (Routing protocol for low-power and lossy networks). This protocol is employed thanks to its compatibility with resource-constrained IoT devices that cannot use ancient protocols.

Active Attacks

An active attack could be a network exploit during which the attackers will modify or alter the content and impact the system resource. It’ll cause damages to the victims. The attackers can perform passive attacks to gather info before they begin playacting a vigorous attack. The attackers attempt to disrupt and forced the lock of the system. The victims can get informed concerning the active attack. This sort of attack can threaten their integrity and accessibility. A vigorous attack is tougher to perform compared to a passive attack.

Denial-of-Service attacks (DoS) are one in each of the samples of active attack. A denial-of-Service attack happens once the attackers take action to close up a tool or network. This may cause the first user to be unable to access the actual device or network. The attackers can flood the target device or network with traffic till it’s not responding or flaming. The services that are affected are emails, websites, or on-line banking accounts. Dos attacks may be performed merely from any location.

As mentioned on top of, DoS attack includes flooding or flaming the device and network. Buffer overflow attack is one in every of the common DoS attacks. This sort of flooding attack sends a lot and a lot of traffic to the network that exceeds the limit that a buffer will handle. Then, it’ll lead to a flaming of the system. What is more, ICMP flood, called ping flood, is additionally a kind of flooding attack. The assaulter can send spoofed packets and flood them with ICMP echo requests. The network is forced to reply to all or any claims. This may cause the device not to be accessible to traditional traffic.

What is SQL injection and what are the different countermeasures to prevent the attack?

SQL Injection is a code-based vulnerability that allows an attacker to read and access sensitive data from the database. Attackers can bypass security measures of applications and use SQL queries to modify, add, update, or delete records in a database. A successful SQL injection attack can badly affect websites or web applications using relational databases such as MySQL, Oracle, or SQL Server. In recent years, there have been many security breaches that resulted from SQL injection attacks.

  1. Error-based SQL injection – Here, the attacker performs certain actions that cause the database to generate error messages. Using the error message, you can identify what database it utilizes, the version of the server where the handlers are located, etc.
  2. Union-based SQL injection – Here, the UNION SQL operator is used in combining the results of two or more select statements generated by the database, to get a single HTTP response. You can craft your queries within the URL or combine multiple statements within the input fields and try to generate a response.