week 3_exercise

Week3_Security_Economics_and_Psychology/README.md

@@ -16,7 +16,16 @@ Task #|Points|Description|
 
 In this week's course material, you might have heard about concept of lock-ins, often differentiated into **technological** and **vendor lock-ins**. Provide a brief summary of each type of lock-in. Feel free to share any personal insights you may have regarding your own experiences with these lock-ins. Additionally, discuss the potential costs associated with breaking free from these lock-ins and the advantages and disadvantages of remaining within them.
 
-Aim for around 150-200 words in your answer and list sources used.
+Aim for around 150-200 words in your answer and list sources used
+
+Answer:- 
+Technological :- Most of physical security is common, but there are some non-obvious twists, and there have been signicant recent advances in technology. There are useful ideas from criminology and architecture on how you can reduce the incidence of crime around your facilities, some of these may go across into system design too. 
+
+Vendor lock-in:- Vendors producing more complex designs and amateur locksmiths reporting bumping attacks on many of them. NXP managed to maintain much of its lock-in by migrating its customers to new products but at some cost in security. Some of the externalities this created were captured by more alert card reader vendors. However, the whole field has become way too complex for the traditional lock buyer, who was an architect or building services manager.
+
+costs associated with breaking free:- Cost is expensive in terms of data migration and retrain the staff. In developing an advanced software the cost will increases.
+
+The main Advantage is that it is more reliable and useful and the Diadvantage is that it is very costly and expensive.
 
 ---
 
@@ -25,9 +34,18 @@ Aim for around 150-200 words in your answer and list sources used.
 Familiarize yourself with definitions for following; cognitive-, behavioral- and social psychology, course material and search engines are your friends!
 using one or multiple of them, explain your rationale for following phenomena:
 - why are phishing attacks effective enough to be widespread practice?
+Answer:- There are some apps which leave it up to the customer whether they protect their phone using a ngerprint, a pattern lock, a PIN or a password. However they still use email to prompt people to upgrade, and to authenticate people who buy a new phone, so account takeover involves either phone takeover, or guessing a password or a password recovery question. The most popular app that uses SMS to authenticate rather than a password may be WhatsApp. Attackers only wants to know our password and for that they create a fake website or send fake emails for password recovery.
+
 - why social engineering works on people?
+Answer:- Nowadays people are getting better at technology. As designers learn how to forestall the easier technical attacks, psychological manipulation of system users or operators becomes ever more attractive. So the security engineer absolutely must understand basic psychology, as a prerequisite for dealing competently with everything from passwords to CAPTCHAs and from phishing to social engineering in general. There are many well-known results. For example, it’s easier to memorise things that are repeated frequently, and it’s easier to store things in context. Attackers also learn by experiment and share techniques with each other, and develop tools to look efciently for known attacks. So it’s important to be aware of the attacks that have already worked.
+
+
 - why many people have hard time using  passwords in secure way?
+Answer:- People are more lazy to remember the password and create a different and unique password for every different platforms. Hence, people create a simple password, reuse the password and chnage some small variations that are easy to crack for hackers. Using birthdate for password is insecure and may cause a threat.
+
 - why it is so easy to spread malware?
+Answer:- People are more active on social media than before. Also, some people click the links on social media or emails without verify them. This can create a malware function. Email notication is the default for telling people not just of suspicious login attempts, but of logins to new devices that succeeded with the help of a code. That way, if someone plants malware on your phone, you have some chance of detecting it.
+
 
 No strict length requirements, but aim for 100+ words per question. 400-500 words for the whole task overall.