电子商务网络安全毕业设计英文原文及翻译-论文[管理资料]

——网络隐私权的在线保护网络隐私权的在线保护理论（概要）随着电子商务的发展，电子商务的安全是电子商务的关键问题。

我们也需要思考如何保护消费者隐私权。

本文介绍了几种侵犯公民隐私的行为和几种保护个人信息的方法。

政府，消费者本人和最新的技术都能够保护个人信息。

全国人民代表大会应通过立法保护网络隐私权；个人用户应加强隐私权保护意识；技术工具，包括信息安全技术在电子商务中的安全协议的电子商务信息，应该用来保护消费者隐私权。

所以如果他们采取有效的措施，共同营造一个健康的环境，它可以为电子商务长期稳定的发展提供一个良好的保护。

关键词：电子商务隐私权网络隐私权保护因特网服务提供商全国人民代表大会消费者的隐私问题该组织从以下两种方式得到消费者的个人信息，网站可以以不同的方式收集消费者个人信息：公开等方式，通过注册页面，用户调查，网上比赛，申请表格，和秩序的形式。

例如，一项被称为“饼干”的技术。

这是在特定的情况下收集信息的形式（以及惊人的速度和效率，可以收集，存储，聚合，和传播的个人信息），使消费者谨慎的上网和交易。

与传统的互联网为基础的企业（如医院和银行）处理相同的信息相比消费者不信任网络服务供应商和客商办理个人信息。

有商业公司，电子商务服务提供商，互联网服务供应商和个人入侵使用个人信息获得好处。

第一，商业公司作为人气爆棚的新兴电子市场，技术发展保证了灵活安全的网上交易。

开发这一市场提供分散的经济力量，方便低价获得的产品，和那些以前没有店面或路边摊相比，这是一个新的机会，为每一位在中国的人提供产品或服务。

虽然商业网站为消费者提供有用的信息产品和服务，他们有能力也可以收集访问他们网站的消费者的信息个人信息。

同样，他们与那些有兴趣的了解这些信息的人去交换提供的信息、产品或服务，这仅取决于谁来利用这些信息。

公司有兴趣收集网上信息因为还没有一个研究对消费者信息有透彻的解释。

例如，如果信息提供者可以收集那些访问人数与频率的信息，这些信息提供者可以作出准确的决定什么内容应继续提供，扩大，或删除。

毕业论文（文献翻译）单位代码01学号_080114601_分类号_ TN92 _密级__________文献翻译无线技术，低功耗传感器网络无线技术，低功耗传感器网络译文正文：加里莱格在发掘无线传感器的潜在应用方面我们几乎没遇见任何困难。

比如说在家庭安全系统方面，无线传感器比有线传感器更易安装。

而无线传感器的安装费用通常只占有线传感器安装费用的80%，这一点用于工业环境方面同样合适。

并且相对于有线传感器而言，无线传感器应用性更强。

虽然，无线传感器需要消耗更多能量，也就是说所需电池的数量会随之增加或更换过于频繁。

再加上对无线传感器由空气传送的数据可靠性的怀疑论，所以无线传感器看起来并不是那么吸引人。

一个被称为ZigBee的低功率无线技术，它是无线传感器方程重写，但是，通过的IEEE 802.15.4无线标准（图1），ZigBee承诺，把无线传感器的一切，从工厂自动化系统延伸到家庭安全系统，消费电子产品中。

与802.15.4的合作下，ZigBee提供的电池寿命可比普通小型电池长几年。

ZigBee设备预计也便宜，有人估计销售价格最终不到3美元每节点，。

由于价格低，他们应该也能适用于无线交换机，无线自动调温器，烟雾探测器等产品。

图1：ZigBee将网络安全和应用服务层添加到PHY和IEEE811.15.4网络通信的MAC层虽然还没有正式规范的ZigBee存在，但ZigBee的前景似乎一片光明。

技术研究公司In-Stat/MDR在它所谓的“谨慎进取”的预测中预测，802.15.4节点和芯片销售将从今天基本上为零，增加到2010年的165万台。

不是所有这些单位都将与ZigBee结合，但大多数可能会。

世界研究公司预测，到2010年射频模块无线传感器出货量4.65亿美量，其中77％是与ZigBee相关的。

从某种意义上说，ZigBee的光明前途在很大程度上是由于其较低的数据速率（20 kbps到250 kbps），而这些数据率则取决于频段频率（图2）。

电子商务文献翻译班级：电子商务0902姓名：陈正祥学号：090506037STRUCTURE AND MACRO-LEVEL IMPACTS OF ELECT RONIC COMMERCE: FROM TECHNOLOGICAL INFRAST RUCTURE TO ELECTRONIC MARKETPLACES VLADIMIR ZWASS电子商务的结构和宏观影响：从技术层面的基础设施建设到虚拟的电子市场Abstract摘要Electronic commerce (E-commerce) is sharing business information, maintaining busi ness relationships, and conducting business transactions by means of telecommunicati ons networks. Traditional E-commerce, conducted with the use of information technol ogies centering on electronic data interchange (EDI) over proprietary value-added net works, is rapidly moving to the Internet. The InternetWorld Wide Web has become the prime driver of contemporary E-commerce, which has been vastly broadened and red efined by the use of the new medium.通过通讯网络电子商务可以实现分享信息，维护商业关系和进行商业交易的目的。

传统的电子商务在附有专有价值的网络上以电子信息交流为中心使用信息技术，目前正在逐渐向因特网转移。

电子商务网络安全论文（5篇范文）第一篇：电子商务网络安全论文计算机网络安全与反黑客技术课程论文——电子商务网络安全电子商务网络安全摘要：介绍了电子商务技术的发展，网络交易安全是电子商务发展的核心和关键问题，目前主要采用的电子商务安全防伪技术有：数据加密技术；认证技术；和安全认证协议。

关键词：电子商务计算机网络安全措施商务交易安全措施存在问题及对策引言电子商务实际是基于物联网站开展的各种商务活动，由于Internet本身具有开放性，且具有不直接对面性，其资金流转具有计算机处理性和网络传输性，使得交易的安全成为了电子商务发展的核心和关键问题。

为了确保在交易过程中信息有效、真实、可靠且保密，所以电子商务在网络安全技术方面就显得尤为重要。

本文将概述是目前有关电子商务网络安全技术介绍以及对策，所面临的问题。

[ 6 ]电子商务的概念电子商务（Electronic Commerce），是指实现整个贸易活动的电子化。

从涵盖范围方面可以定义为：交易各方以电子交易方式而不是通过当面交换或直接面谈方式进行的任何形式的商业交易；从技术方面可以定义为：电子商务是一种多技术的集合体，包括交换数据（如电子数据交换、电子邮件）、获得数据（如共享数据库、电子公告牌）以及自动捕获数据（如条形码）等。

电子商务涵盖的业务包括：信息交换、售前售后服务（如提供产品和服务的细节、产品使用技术指南、回答顾客意见）、销售、电子支付（如使用电子资金转帐、信用卡、电子支票、电子现金）、运输（包括商品的发送管理和运输跟踪，以及可以电子化传送的产品的实际发送）、组建虚拟企业（组建一个物理上不存在的企业，集中一批独立中小公司的权限，提供比任何单独公司多得多的产品和服务）、公司和贸易伙伴可以共同拥有和运营共享的商业方法等。

[ 1,] 由于电子商务是在因特网等网络上进行的，因此网络是电子商务最基本的构架。

电子商务还强调要使系统的软件和硬件、参加交易的买方和卖方、银行或金融机构、厂商、企业和所有合作伙伴，都要在Intranet、Extranet、Internet中密切结合起来，共同从事在网络计算机环境下的商业电子化应用。

Computer networking summarizeNetworking can be defined as the linking of people, resources and ideas. Networking occurs via casual encounters, meetings, telephone conversation, and the printed words. Now the computer networking provide beings with new networking capabilities. Computer network are important for services because service tasks are information intensive. During the is transmitted between clients, coworkers, management, funding sources, and policy makers. Tools with rapidly speed up communication will dramatically affect services.Computer network growing explosively. Two decades ago, few people essential part of our infrastructure. Networking is used in every aspect of business, including advertising, production, shipping, planning, bulling, and accounting. Consequently, most corporations in on-line libraries around the world. Federal, state, and local government offices use networks, as do military organizations. In short, computer networks are everywhere.The growth in networking economic impact as well. An entire industry jobs for people with more networking expertise. Companies need workers to plan, acquire, install, operate, and manage the addition computer programming is no longer restricted to individual computers; programmers are expected to design and implement application software that can communicate with software on other computers.Computer networks link computers by communication lines and software protocols, allowing data to be exchanged rapidly and reliably. Traditionally, they split between wide area networks (WANs) and local area networks (LANs). A WAN is a network connected over long-distance telephone lines, and a LAN is a localized network usually in one building or a group of buildings close together. The distinction, computers. Today networks carry e-mail, provide access to public databases, and are beginning to be used for distributed systems. Networks also allow users in one locality to share expensive resources, such as printers and disk-systems.Distributed computer systems are built using networked computers that cooperate to perform tasks. In this environment, each part of the networked system does what it is best at. The of a personal computer or workstation provides a good user interface. The mainframe, on the other the results to the users. In a distributed environment, a user might use in a special language (e. g. Structured Query Language-SQL), to the mainframe, which then parrrses the query, returning the user only the data requested. The user might then use the data. By passing back the user’s PC only the specific information requested, network traffic is reduced. If the whole file were transmitted, the PC would then of one network to access the resources on a different type of network. For example, a gateway could be used to connect a local area network of personal computers to a mainframe computer network. For example, if a company this example, using a bridge makes more sense than joining all thepersonal computers together in one large network because the individual departments only occasionally need to access information on the other network.Computer networking technology can be divided into four major aspects.The first is the data transmission. It explains that at the lowest level electrical signals traveling across wires are used to carry information, and shows be encoded using electrical signals.The second focuses on packet transmission. It explains why computer network use packets, and shows . LANs and WANs discussed above are two basic network.The third covers internetworking—the important idea that allows system, and TCPIP, the protocol technology used in global internet.The fourth explains networking applications. It focuses on , and programs provide services such as electronic mail and Web browsing.Continued growth of the global Internet is one of most interesting and exciting phenomena in networking. A decade ago, the Internet was a research project that involved a few dozen sites. Today, the Internet into a production communication system that reaches millions of people in almost all countries on all continents around the world. In the United States, the Internet connects most corporations, colleges and universities, as well as federal, state, and local government offices. It will soon reach most elementary,junior, and senior addition, many private residences can reach the Internet through a dialup telephone connection. Evidence of the Internet’s impact on society can be seen in advertisements, in magazines and on television, which often contain a reference to an Internet Web site that provide additional information about the advertiser’s products and services.A large organization with diverse networking requirements needs multiple physical networks. More important, if the organization chooses the type network that is best for each task, the organization will network can only communicate with other computers attached to same network. The problem became evident in the 1970s as large organizations began to acquire multiple networks. Each network in the organizations formed an island. In many early installations, each computer attached to a single network and employees employees was given access to multiple svreens and keyboards, and the employee was forced to move form one computer to another to send a massage across the appropriate network. Users are neither satisfied nor productive when they must use a separate computer. Consequently, most modern computer communication syetem allow communication between any two computers analogous to the way a telephone system provides communication between any two telephones. Known as universal service, the concept is a fundamental part of networking. With universal service, a user on any computer in any part of an organization can send messages or data to any other users. Furthermore, a user does not need to change computer systems whenchanging tasks—all information is available to all computers. As a result, users are more productive.The basic component used to commect organization to choose network technologies appropriate for each need, and to use routers to connect all networks into a single internet.The goal of internetworking is universal service across an internet, routers must agree to forward information from a source on one network to a specified destination on another. The task is complex because frame formats and addressing schemes used by underlying networks can differ. As s resulrt, protocol software is needed on computers and routers make universal service possible. Internet protocols overcome differences in frame formats and physical addresses to make communication pissible among networks that use different technologies.In general, internet software provides the appeatrance of a single, seamless communication system to which many computers attach. The syetem offers universal service :each computer is assigned an address, and any computer can send a packet to any other computer. Furthermore, internet protocol software —neither users nor application programs are a ware of the underlying physical networks or the routers that connect them.We say that an internet is a virtual network system because the communication system is an abstraction. That is, although a combination of of a uniform network syetem, no such network exists.Research on internetworking modern networking. In fact,internet techmology . Most large organizations already use internetworking as primary computer communication mechanism. Smaller organizations and individuals are beginning to do so as well. More inportant, the TCPIP technology computers in schools, commercial organications, government, military sites and individuals in almost all countries around the world.电脑网络简述网络可被定义为人、资源和思想的联接。

附件1：外文资料翻译译文电子商务战略1、隐私隐私权的问题是网上环境和电子商务战略的辩论，也是当今最热门的话题之一。

隐私不仅影响消费者的在线信心和信任，而且还可能造成潜在的法律问题和伦理问题。

如果消费者不熟悉电子的隐私，对企业的在线做法感到不满意，很难想像电子商务将有一个繁荣的未来。

事实上，根据最近的一项民意调查显示...美国人说，他们对医疗保健和犯罪的关注比不上他们对网上个人隐私损失的关注。

并根据全球的DMA沃思林所进行的研究，近百分之六十的购物者说，立法会需要使企业保持良好的隐私政策。

互联网行业是建立在企业与客户之间的信任之上 - 隐私是信任的最重要的成分。

除非他们有效地解决了隐私问题，否则互联网公司将会失去信任，以及他们客户的生意。

世界之窗万维网是一个巨大的有方便信息的数据库，是可以轻松的获得人，公司，机构和许多其他组织的资料来源。

这带来了关于互联网上的隐私问题。

消费者的隐私得到了实质性的关注，因为我们进入了新时代的在线商务环境。

互联网的发展制定出了有关未来保护消费者的隐私权的许多新问题。

新技术，可以提高数据的收集，不断变化的市场趋势和新的电子商务全球市场正在促使越来越重要的信息在全球经济中的重要作用。

由于有关资料显示，特别是已成为了一种有价值的商品，可以带来更多的就业机会，企业和客户服务。

因此，这些因素带来了越来越大的压力，收集、保存、处理和使用个人数据比以前更多了。

这些因素也减少了消费者隐私和消费者信心水平在这样的环境中的缺乏。

在某些情况下，公司没有披露的基本技术和数据收集的特点已经成为了他们自己的网站关注的焦点。

用户认为该网站提供者并没有通知他们正在发生的事情对他们幕后的数据有多大的作用。

站在公司的角度想，说明他们是在监测未经授权的目的，这种做法很可能造成严重的信誉问题，并且会阻止网络用户访问其网站和参与建议。

对于这些关系着未来营销方法和隐私问题的解决方案，有的技术战略已经发展到有助于预防和防范并且可以识别网站和网友称其为数据磁铁。

农业综合型企业应用因特网和电子商务的情况：2004Jason R. Henderson, Jay T. Akridge, and Frank J. Dooley2001年，气泡破裂，美国电子商务发展很缓慢电子商务的成长可能是电子商务在农业企业公司的使用和观念上的明显的改变。

为了认识和识别因特网和电子商务对农业综合型企业的作用2004年调查农业综合型企业的经理询问他们对于因特网和电子商务的认识。

这项调查是在1999年一个类似的调查发展而来的。

在2004年，农业综合型企业公司和他们的供应商使用电子商务比顾客更频繁。

认识关于因特网和电子商务的使用程度不同，关于英特网和电子商务的不同观点电子商务在农业综合企业中的能力将在未来的时期里保持高度的多样性。

因特网和电子商务技术已经迅速的渗入了美国的商业和家庭，食品和农业产业迅速采纳了因特网和电子商务技术，在电子商务货物公有的基础上，饮料和烟草制造厂家排在了第二，其中在1999.2他们制造的货物上电子商务占了33%。

在2001年43%的农民有网络通道，其中5%的农场从事于电子商务活动。

许多预言家假设电子商务活动的增长将持续。

然而2001年的经济衰退减缓了急速增长的电子商务，经济衰退也混杂着影响在食品和农业方面电子商务的发展。

在1999年到2004年的美国商业发展数据的基础上，电子商务货物（食品和饮料产业）上升了17%，但是从2001年到2003年只有11。

2%，相比之下电子商务批发售业的增长（关于农产品，未加工的材料产业）。

从2001年到2004年（1999年到2001年的衰退之后上升了17%）。

结果是关于在农业综合型企业中电子商务的使用出现了一些问题。

例如，在最近电子商务发展中的减缓影响了英特网和电子商务被农业综合型产业公司采纳吗？关于在农业中的电子商务和因特网的观念改变了吗？在因特网和电子商务经验增长和变化的网络环境下农业综合型企业的经理们对因特网和电子商务的使用和观念可能已经改变，而且可能有潜在的深远影响对未来的电子商务在农业上的使用。

Hacking tricks toward security on network environments Tzer-Shyong Chen1, Fuh-Gwo Jeng 2, and Yu-Chia Liu 11 Department of Information Management, Tunghai University, Taiwan2 Department of Applied Mathematics, National Chiayi University, TaiwanE-Mail:****************.edu.twAbstractMounting popularity of the Internet has led to the birth of Instant Messaging, an up-and-coming form of Internet communication. Instant Messaging is very popular with businesses and individuals since it has instant communication ability. As a result, Internet security has become a pressing and important topic for discussion. Therefore, in recent years, a lot of attention has been drawn towards Internet security and the various attacks carried out by hackers over the Internet. People today often handle affairs via the Internet. For instance, instead of the conventional letter, they communicate with others by e-mails; they chat with friends through an instant messenger; find information by browsing websites instead of going to the library; perform e-commerce transactions through the Internet, etc. Although the convenience of the Internet makes our life easier, it is also a threat to Internet security. For instance, a business email intercepted during its transmission may let slip business confidentiality; file transfers via instant messengers may also be intercepted, and then implanted with backdoor malwares; conversations via instant messengers could be eavesdropped. Furthermore, ID and password theft may lose us money when using Internet bank service. Attackers on the Internet use hacking tricks to damage systems while users are connected to the Internet. These threats along with possible careless disclosure of business information make Instant Messaging a very unsafe method of communication for businesses. The paper divides hacking tricks into three categories: (1) Trojan programs that share files via instant messenger. (2) Phishing or fraud via e-mails. (3) Fake Websites. Keywords:Hacking tricks, Trojan programs, Phishing, Firewall, Intrusion detection system.1. IntroductionIncreasingly more people are using instant messengers such as MSN Messenger, Yahoo! Messenger, ICQ, etc as the media of communication. These instant messengers transmit alphanumeric message as well as permit file sharing. During transfer, a file may be intercepted by a hacker and implanted with backdoor malware. Moreover, the e-mails users receive every day may include Spam, advertisements, and fraudulent mail intended to trick uninformed users. Fake websites too are prevalent. Websites which we often visit could be counterfeited by imitating the interface and the URL of the original, tricking users. The paper classifies hacking tricks into three categories which are explained in the following sections.2. Hacking TricksThe paper divides hacking tricks into three categories: (1) Trojan programs that share files via instant messenger. (2) Phishing (3) Fake Websites.2.1 Trojan programs that share files via instant messengerInstant messaging allows file-sharing on a computer [9]. All present popular instant messengers have file sharing abilities, or allow users to have the above functionality by installing patches or plug-ins; this is also a major threat to present information security. These communication softwares also makeit difficult for existing hack prevention methods to prevent and control information security. Therefore, we shall discuss how to control the flow of instant messages and how to identify dangerous user behavior.Hackers use instant communication capability to plant Trojan program into an unsuspected program; the planted program is a kind of remotely controlled hacking tool that can conceal itself and is unauthorized. The Trojan program is unknowingly executed, controlling the infected computer; it can read, delete, move and execute any file on the computer. The advantages of a hacker replacing remotely installed backdoor Trojan programs [1] with instant messengers to access files are:When the victim gets online, the hacker will be informed. Thus, a hacker can track and access the infected computer, and incessantly steal user information.A hacker need not open a new port to perform transmissions; he can perform his operations through the already opened instant messenger port.Even if a computer uses dynamic IP addresses, its screen name doesn’t change.Certain Trojan programs are designed especially for instant messengers. These Trojans can change group settings and share all files on the hard disk of the infected computer. They can also destroy or modify data, causing data disarray. This kind of program allows a hacker access to all files on an infected computer, and thus poses a great threat to users. The Trojan program takes up a large amount of the resources of the computer causing it to become very slow and often crashes without a reason.Trojan programs that access a user computer through an instant messenger are probably harder to detect than classic Trojan horse programs. Although classic Trojan intrudes a computer by opening a listening or outgoing port which is used to connect toa remote computer, a desktop firewall can effectively block such Trojans. Alternatively, since it is very difficult for the server’s firewall to spot intrusion by controlling an instant messenger’s flow, it is extremely susceptible to intrusion.Present Trojan programs have already successfully implemented instant messengers. Some Trojan programs are Backdoor Trojan, AIMVision, and Backdoor. Sparta.C. Backdoor Trojans use ICQ pager to send messages to its writer. AIMVision steals AIM related information stored in the Windows registry, enabling a hacker to setup an AIM user id. Backdoor. Sparta.C uses ICQ to communicate with its writer and opens a port on an infected host and send its IP Address to the hacker, and at the same time attempts to terminate the antivirus program or firewall of the host.2.1.1 Hijacking and ImpersonationThere are various ways through which a hacker can impersonate other users [7]. The most commonly used method is eavesdropping on unsuspecting users to retrieve user accounts, passwords and other user related information.The theft of user account number and related information is a very serious problem in any instant messenger. For instance, a hacker after stealing a user’s information impersonate the user; the user’s contacts not knowing that the user’s account has been hacked believe that the person they’re talking to is the user, and are persuaded to execute certain programs or reveal confidential information. Hence, theft of user identity not only endangers a user but also surrounding users. Guarding against Internet security problems is presently the focus of future research; because without good protection, a computer can be easily attacked, causing major losses.Hackers wishing to obtain user accounts may do so with the help of Trojans designed to steal passwords. If an instant messenger client stores his/her password on his/her computer, then a hacker can send a Trojan program to the unsuspecting user. When the user executes the program, the program shall search for the user’s password and send it to the hacker. There are several ways through which a Trojan program can send messages back to the hacker. The methods include instant messenger, IRC, e-mails, etc.Current four most popular instant messengers are AIM, Yahoo! Messenger, ICQ, and MSN Messenger, none of which encrypts its flow. Therefore, a hackercan use a man-in-the-middle attack to hijack a connection, then impersonate the hijacked user and participate in a chat-session. Although difficult, a hacker can use the man-in-the-middle attack to hijack the connection entirely. For example, a user may receive an offline message that resembles that sent by the server, but this message could have been sent by the hacker. All at once, the user could also get disconnected to the server. Furthermore, hackers may also use a Denial of Service (DoS) tool or other unrelated exploits to break the user’s connection. However, the server keeps the connection open, and does not know that the user has been disconnected; thus allowing the hacker to impersonate the user. Moreover, since the data flow is unencrypted and unauthenticated, a hacker can use man-in-the-middle attacks that are similar to that of ARP fraud to achieve its purpose.2.1.2 Denial of Service (DoS)There are many ways through which a hacker can launch a denial of service (DoS) attack [2] on an instant messenger user. A Partial DoS attack will cause a user end to hang, or use up a large portion of CPU resources causing the system to become unstable.Another commonly seen attack is the flooding of messages to a particular user. Most instant messengers allow the blocking of a particular user to prevent flood attacks. However, a hacker can use tools that allow him to log in using several different identities at the same time, or automatically create a large number of new user ids, thus enabling a flood attack. Once a flood attack begins, even if the user realizes that his/her computer has been infected, the computer will not be able to respond. Thus, the problem cannot be solved by putting a hacker’s user id on the ignore list of your instant messenger.A DoS attack on an instant messenger client is only a common hacking tool. The difficulty of taking precautions against it could turn this hacking tool into dangerous DoS type attacks. Moreover, some hacking tools do not just cause an instant messenger client to hang, but also cause the user end to consume large amount of CPU time, causing the computer to crash.2.1.3 Information DisclosureRetrieving system information through instant messenger users is currently the most commonly used hacking tool [4]. It can effortlessly collect user network information like, current IP, port, etc. IP address retriever is an example. IP address retrievers can be used to many purposes; for instance, a Trojan when integrated with an IP address retriever allows a hacker to receive all information related to the infected computer’s IP address as soon as the infected computer connects to the internet. Therefore, even if the user uses a dynamic IP address, hackers can still retrieve the IP address.IP address retrievers and other similar tools can also be used by hackers to send data and Trojans to unsuspecting users. Hackers may also persuade unsuspecting users to execute files through social engineering or other unrelated exploits. These files when executed search for information on the user’s computer and sends them back to the hacker through the instant messenger network.Different Trojan programs were designed for different instant messaging clients. For example, with a user accounts and password stealing Trojans a hacker can have full control of the account once the user logs out. The hacker can thus perform various tasks like changing the password and sending the Trojan program to all of the user’s contacts.Moreover, Trojans is not the only way through which a hacker can cause information disclosure. Since data sent through instant messengers are unencrypted, hackers can sniff and monitor entire instant messaging transmissions. Suppose an employee of an enterprise sends confidential information of the enterprise through the instant messenger; a hacker monitoring the instant messaging session can retrieve the data sent by the enterprise employee. Thus, we must face up to the severity of the problem.2.2 PhishingThe word “Phishing” first appeared in 1996. It is a variant of ‘fishing’, and formed by replacing the ‘f’ in ‘fishing’ with ‘ph’ from phone. It means tricking users of their money through e-mails.Based on the statistics of the Internet Crime Complaint Center, loss due to internet scam was as high as $1.256 million USD in 2004. The Internet Crime Complaint Center has listed the above Nigerian internet scam as one of the ten major internet scams.Based on the latest report of Anti-Phishing Working Group (APWG) [8], there has been a 28% growth of Phishing scams in the past 4 months, mostly in the US and in Asia. Through social engineering and Trojans, it is very difficult for a common user to detect the infection.To avoid exploitation of your compassion, the following should be noted:(1)When you need to enter confidentialinformation, first make sure that theinformation is entered via an entirely secureand official webpage. There are two ways todetermine the security of the webpage:a.The address displayed on the browserbegins with https://, and not http://. Payattention to if the letter ‘s’ exists.b.There is a security lock sign on the lowerright corner of the webpage, and whenyour mouse points to the sign, a securitycertification sign shall appear.(2)Consider installing a browser security softwarelike SpoofStick which can detect fake websites.(3)If you suspect the received e-mail is a Phishinge-mail, do not open attachments attached to theemail. Opening an unknown attachment couldinstall malicious programs onto your computer.(4)Do not click on links attached to your emails. Itis always safer to visit the website through theofficial link or to first confirm the authenticityof the link. Never follow or click on suspiciouslinks in an e-mail. It is advisable to enter theURL at the address bar of the web browser,and not follow the given link.Generally speaking, Phishing [3] [5] is a method that exploits people’s sympathy in the form of aid-seeking e-mails; the e-mail act as bait. These e-mails usually request their readers to visit a link that seemingly links to some charitable organization’s website; but in truth links the readers to a website that will install a Trojan program into the reader’s computer. Therefore, users should not forward unauthenticated charity mails, or click on unfamiliar links in an e-mail. Sometimes, the link could be a very familiar link or an often frequented website, but still, it would be safer if you’d type in the address yourself so as to avoid being linked to a fraudulent website. Phisher deludes people by using similar e-mails mailed by well-known enterprises or banks; these e-mails often asks users to provide personal information, or result in losing their personal rights; they usually contain a counterfeit URL which links to a website where the users can fillin the required information. People are often trapped by phishing due to inattentionBesides, you must also be careful when using a search engine to search for donations and charitable organizations.2.3 Fake WebsitesFake bank websites stealing account numbers and passwords have become increasingly common with the growth of online financial transactions. Hence, when using online banking, we should take precautions like using a secure encrypted customer’s certificate, surf the net following the correct procedure, etc.There are countless kinds of phishing baits, for instance, messages that say data expired, data invalid, please update data, or identity verification intended to steal account ID and matching password. This typeof online scam is difficult for users to identify. As scam methods become finer, e-mails and forged websites created by the impostor resemble their original, and tremendous losses arise from the illegal transactions.The following are methods commonly used by fake websites. First, the scammers create a similar website homepage; then they send out e-mails withenticing messages to attract visitors. They may also use fake links to link internet surfers to their website. Next, the fake website tricks the visitors into entering their personal information, credit card information or online banking account number and passwords. After obtaining a user’s information, the scammers can use the information to drain the bank accounts, shop online or create fake credit cards and other similar crimes. Usually, there will be a quick search option on these fake websites, luring users to enter their account number and password. When a user enters their account number and password, the website will respond with a message stating that the server is under maintenance. Hence, we must observe the following when using online banking:(1)Observe the correct procedure for entering abanking website. Do not use links resultingfrom searches or links on other websites.(2)Online banking certifications are currently themost effective security safeguard measure. (3)Do not easily trust e-mails, phone calls, andshort messages, etc. that asks for your accountnumber and passwords.Phishers often impost a well-known enterprise while sending their e-mails, by changing the sender’s e-mail address to that of the well known enterprise, in order to gain people’s trust. The ‘From’ column of an e-mail is set by the mail software and can be easily changed by the web administrator. Then, the Phisher creates a fake information input website, and send out e-mails containing a link to this fake website to lure e-mail recipients into visiting his fake website.Most Phishers create imitations of well known enterprises websites to lure users into using their fake websites. Even so, a user can easily notice that the URL of the website they’re entering has no relation to the intended enterprise. Hence, Phishers may use different methods to impersonate enterprises and other people. A commonly used method is hiding the URL. This can easily be done with the help of JavaScript.Another way is to exploit the loopholes in an internet browser, for instance, displaying a fake URL in the browser’s address bar. The security loophole causing the address bar of a browser to display a fake URL is a commonly used trick and has often been used in the past. For example, an e-mail in HTML format may hold the URL of a website of a well-known enterprise, but in reality, the link connects to a fake website.The key to successfully use a URL similar to that of the intended website is to trick the visual senses. For example, the sender’s address could be disguised as that of Nikkei BP, and the link set to http://www.nikeibp.co.jp/ which has one k less than the correct URL which is http://www.nikkeibp.co.jp/. The two URLs look very similar, and the difference barely noticeable. Hence people are easily tricked into clicking the link.Besides the above, there are many more scams that exploit the trickery of visual senses. Therefore, you should not easily trust the given sender’s name and a website’s appearance. Never click on unfamiliar and suspicious URLs on a webpage. Also, never enter personal information into a website without careful scrutiny.3. ConclusionsBusiness strategy is the most effective form of defense and also the easiest to carry out. Therefore, they should be the first line of defense, and not last. First, determine if instant messaging is essential in the business; then weigh its pros and cons. Rules and norms must be set on user ends if it is decided that the business cannot do without instant messaging functionality. The end server should be able to support functions like centralized logging and encryption. If not, then strict rules must be drawn, and carried out by the users. Especially, business discussions must not be done over an instant messenger.The paper categorized hacking tricks into three categories: (1) Trojan programs that share files via instant messenger. (2) Phishing (3) Fake Websites. Hacking tricks when successfully carried out could cause considerable loss and damage to users. The first category of hacking tricks can be divided into three types: (1) Hijacking and Impersonation; (2) Denial of Service; (3) Information Disclosure.Acknowledgement:This work was supported by the National Science Council, Taiwan, under contract No. NSC 95-2221-E-029-024.References[1] B. Schneier, “The trojan horse race,”Communications of ACM, Vol. 42, 1999, pp.128.[2] C. L. Schuba, “Analysis of a denial of serviceattack on TCP,” IEEE Security and PrivacyConference, 1997, pp. 208-223.[3] E. Schultz, “Phishing is becoming moresophisticated,” Computer and Security, Vol.24(3), 2005, pp. 184-185.[4]G. Miklau, D. Suciu, “A formal analysis ofinformation disclosure in data exchange,”International Conference on Management ofData, 2004, pp. 575-586.[5]J. Hoyle, “'Phishing' for trouble,” Journal ofthe American Detal Association, Vol. 134(9),2003, pp. 1182-1182.[6]J. Scambray, S. McClure, G. Kurtz, Hackingexposed: network security secrets and solutions,McGraw-Hill, 2001.[7]T. Tsuji and A. Shimizu, “An impersonationattack on one-time password authenticationprotocol OSPA,” to appear in IEICE Trans.Commun, Vol. E86-B, No.7, 2003.[8]Anti-Phishing Working Group,.[9]/region/tw/enterprise/article/icq_threat.html.有关网络环境安全的黑客技术摘要：现在人们往往通过互联网处理事务。