Lesson8 0417 ICT
Lesson8 0417 ICT
This chapter covers safety and security issues when using computers
in the office or at home. As the use of computers continues to expand,
the health risks and security risks continue to increase. Many of these
risks are associated with the internet which, by its very nature, poses
a great risk to younger people unless they are vigilant at all times. But
large businesses are also at risk from a number of threats, including
hackers, pharming attacks and viruses. Many of the precautions people
and business can take are common sense, but, equally, it also requires
additional knowledge to know how to protect yourself from these external
attacks, which can come from anywhere in the world.
194
8.2 E-Safety
8.2.1 Data protection
Most countries have some form of data 1 Data must be fairly and lawfully processed.
protection act (DPA). This is legislation 2 Data can only be processed for the stated purpose.
designed to protect individuals and to
3 Data must be adequate, relevant and not excessive.
prevent incorrect or inaccurate data being
stored. 4 Data must be accurate.
Essentially, DPAs are set up to protect 5 Data must not be kept longer than necessary.
the rights of the individual about whom 6 Data must be processed in accordance with the
data is obtained, stored and processed –
data subject’s rights.
for example, collection, use, disclosure,
destruction and holding of data. Any such 7 Data must be kept secure.
act applies to both computerised and paper 8 Data must not be transferred to another country
records. unless they also have adequate protection.
Many data protection acts are based on eight
principles, as outlined in Figure 8.1.
In many countries, failure to abide by these
simple rules by anyone who holds data about
individuals can lead to a heavy fine or even ▲ Figure 8.1 Main principles of data protection acts
imprisonment.
195
There are general guidelines about how to stop data being obtained unlawfully:
» do not leave personal information lying around on a desk when not attended
» lock filing cabinets at the end of the day or when the room is unoccupied
» do not leave data on a computer monitor if it is unattended; log off from the
computer if away from your desk for any length of time Link
» use passwords and user IDs, which should be kept secure; passwords should be
difficult to guess/break and should be changed frequently (see earlier notes For more on
on passwords) passwords see
» make sure that anything sent in an email or fax (including attachments) is not Section 4.2.
of a sensitive nature.
All of the above are in addition to other security safeguards discussed elsewhere
in this book.
196
disclosed is to encrypt it. You will read many ways of keeping data secure in this
chapter and in other chapters throughout this textbook.
8.2.3 E-Safety
E-safety refers to the benefits, risks and responsibilities when using ICT. It
is often defined to be the safe and responsible use of technology. However,
e-safety is as much about user behaviour as it is about electronic security. In
particular:
» when using the internet
» sending and receiving emails
» taking part in social media
» online gaming.
197
Social media
When using social media sites, it is important to be careful and make sure you
know how to block undesirable people. The following list shows some of the
dangers and some of the ways to protect yourself:
» Do not publicly post or give out personal information to people you do not
know, including email addresses or house addresses, because this could be
used to find information about you or carry out identity theft.
» Do not send out photos of yourself to people you do not know; again this
could lead to identity theft or somebody impersonating you (many of the
photos on social media sites are false).
» Always make sure you use the privacy settings when posting photos of
yourself on social media sites, so that only people you trust can see them.
» It is important that none of the photos you post can link you to a place or an
address (for example, it is not a good idea to show the number plate on a car
because it is possible to find your address from this information).
» Particular care should be taken not to post photos of yourself in some form of
school uniform; again, this gives somebody information about where they can
find you.
» Always maintain privacy settings to stop ‘non-friends’ from contacting you
and also make sure you control who has access to your profile.
» Only make friends with people you know or are very well-known to other
friends.
» Avoid using, or forwarding messages containing, inappropriate language.
198
Exercise 8a
Evaluate your own use of the internet, emails and social media/networking sites.
Which of these e-safety strategies do you use every day?
Online gaming
Online gaming has increased over the last few years. There are many reasons for
this, such as better internet connections, more sophisticated mobile devices
(phones and tablets) and greater realism in recent games. It is important to be
careful when using online gaming because is also carries risks. Many users think all
the games players are like-minded and, therefore, there are no real risks associated
with this type of communication. That is a dangerous assumption. Some of the
known risks, associated with online gaming, reported over the years, include:
» predators (people who prey on others who they see as vulnerable)
» cyberbullying (the use of electronic communication to bully a person, typically
by sending messages of an intimidating or threatening nature)
» use of webcams (the risks here are obvious!)
» voice-masking technology (to disguise a voice so you cannot tell their sex,
age, or even their accent)
» it is often overlooked that online games are also a source of cyber attacks on
a user’s computer or mobile phone – viruses, phishing or spyware are well-
reported examples of problems associated with certain online gaming
» violence in the game itself, which can lead to violent behaviour in reality.
As when using other platforms, you should not reveal any personal information
about you or anyone else to anyone while gaming. This includes not using your
real name.
Exercise 8b
Find out what safety measures should be taken when playing games on the internet.
Write an article on these safety measures and include ways to minimise or remove
these risks.
199
Each security risk together with its description, possible effects and risk
mitigation will be set out as shown in Figure 8.2.
Description of the
security risk
Hacking
• Use of firewalls
• Use of strong (frequently changed)
passwords and user IDs
• Use of anti-hacking software Use of encryption won’t
• Use of user IDs and passwords stop hacking – it makes the data
unreadable to the hacker but the
data can still be deleted,
altered or corrupted
200
Malicious use refers to, for example, data deletion, fraud, identity theft and
selling on personal data. A good example of a phishing attack is when a user is
sent an email saying they have ordered an item from an online store. They will
be asked to click on a link to see the order details. The link takes the user to a
web page that shows a product code that appears to come from a well-known
company. A message, such as this will appear: ‘if this order wasn’t made by you,
please fill out the following form to cancel your order in the next 24 hours’.
The form will ask for details such as credit card number, user’s address, and so
on. Some of the key clues are that links, such as ‘how to contact us’, do not work.
Smishing – this is short for ‘SMS phishing’. It uses the SMS system of mobile
phones to send out fake text messages. It is very similar to phishing. These
scams often contain a URL or telephone number embedded in the text message.
The recipient will be asked to log on to the website or make a telephone call. If
they do, they will be asked to supply personal details such as credit/debit card
numbers or passwords. As with phishing attacks, the text message will appear
to come from a legitimate source and will make a claim, for example, that they
have won a prize or that they need to contact their bank urgently. Most people
believe that only computers are liable to security threats and that mobile
phones are not at risk. This makes smishing a particularly dangerous security
threat to many people.
201
Viruses
Worms Ransomware
Malware
Key loggers
202
Viruses are programs or program code that replicates (copies itself) with the
intention of deleting or corrupting files and causing the computer to malfunction
(for example, by deleting .exe files, filling up the hard drive with ‘useless’ data,
and so on).
Viruses need an active host program on the target computer or an operating
system that has already been infected, before they can actually run and cause
harm (that is, they need to be executed by some trigger to start causing any
damage).
Viruses are often sent as email attachments, and reside on infected websites or
on infected software downloaded to the user’s computer. Apart from all the usual
safety actions (for example, do not open emails from unknown sources, do not
install non-original software), always run an up-to-date virus scanner.
Worms
Worms are a type of stand-alone virus that can self-replicate. Their intention is
to spread to other computers and corrupt whole networks; unlike viruses, they do
not need an active host program to be opened in order to do any damage – they
remain inside applications, which allows them to move throughout networks.
In fact, worms replicate without targeting and infecting specific files on a
computer; they rely on security failures within networks to permit them to spread
unhindered.
203
Worms frequently arrive as message attachments and only one user opening a
worm-infested email could end up infecting the whole network. As with viruses,
the same safeguards should be employed, together with the running of an up-to-
date anti-virus program. Worms tend to be problematic because of their ability
to spread throughout a network without any action from an end-user; whereas
viruses require each end-user to somehow initiate the virus.
Examples include the ‘I love you’ worm, which attacked nearly every email user
in the world, overloaded phone systems and even brought down television
networks. All of this makes them more dangerous than viruses.
Trojan horse
A Trojan horse is a malicious program which is often disguised as some
legitimate software, but contains malicious instructions embedded within it. A
Trojan horse replaces all or part of the legitimate software with the intent of
carrying out some harm to the user’s computer system.
They need to be executed by the end-user and therefore usually arrive as an
email attachment or are downloaded from an infected website. For example, they
could be transmitted via a fake anti-virus program that pops up on the user’s
screen claiming their computer is infected and action needs to be taken. The user
will be invited to run fake anti-virus as part of a free trial. Once the user does
this, the damage is done.
Once installed on the user’s computer, the Trojan horse will give cyber criminals
access to personal information on your computers, such as IP addresses,
passwords and other personal data. Spyware (including key logging software) and
ransomware are often installed on a user’s computer via Trojan horse malware.
Because they rely on tricking end-users, firewalls and other security systems are
often useless because the user can overrule them and initiate the running of the
malware.
Key logging software
Key logging software (or key loggers) is a form of spyware. It gathers
information by monitoring a user’s keyboard activities carried out on their
computer. The software stores keystrokes in a small file which is automatically
emailed to the cybercriminal responsible for the software. It is primarily designed
to monitor and capture web browsing and other activities and capture personal
data (for example, bank account numbers, passwords and credit/debit card
details). Key loggers can be detected and removed by anti-spyware software.
Banks try and overcome this risk, by only asking for a different part of the
password each time you log on (for example, ‘please give the 3rd, 4th and 8th
character in your password’). Sometimes drop-down boxes are also used because
this involves on-screen selection using a mouse, which is difficult for the key
logger to pick up. However, some key loggers work by capturing screen images at
random intervals; these are known screen recorders.
Exercise 8c
Find out how banks overcome problems such as phishing, key logging software
and hacking to ensure online banking is safe for their customers. When doing your
research, also check out how risks at ATMs are mitigated by reading the section
on card cloning and shoulder surfing (at the end of this section).
204
Adware
Adware is a type of malware. At its least dangerous, it will attempt to flood
an end-user with unwanted advertising. For example, it could redirect a user’s
browser to a fake website that contains promotional advertising. They can be
in the form of pop-ups, or appear in the browser’s toolbar thus redirecting the
search request.
Although not necessarily harmful, adware can:
» highlight weaknesses in a user’s security defences
» be hard to remove – they defeat most anti-malware software because it can be
difficult to determine whether or not they are harmful
» hijack a browser and create its own default search requests.
Ransomware
Essentially, ransomware are programs that encrypt data on a user’s computer and
‘hold the data hostage’. The cybercriminal just waits until the ransom money is
paid and, sometimes, the decryption key is then sent to the user. It has caused
considerable damage to some companies and individuals.
Imagine a situation where you log on to your computer, only to find the screen
is locked and you cannot boot up your computer until the demands of the
cybercriminal have been met. The malware restricts access to the computer
and encrypts all the data until a ransom is paid. It may be installed on a user’s
computer by way of a Trojan horse or through social engineering.
When ransomware is executed, it either encrypts files straightaway or it waits for
a while to determine how much of a ransom the victim can afford. The malware
can be prevented by the usual methods (for example, by avoiding phishing
emails); but once it is executed, it is almost impossible to reverse the damage
caused. The best way to avoid a catastrophe is to ensure regular backups of key
files are kept and therfore avoid having to pay a ransom.
Table 8.2 summaries the six types of malware described in this section.
▼ Table 8.2 Summary of types of malware
Viruses Programs or program code that can replicate/copy itself with the intention of deleting or corrupting
files, or cause the computer to malfunction; they need an active host program on the target computer
or an operating system that has already been infected before they can run
Worms This is a type of stand-alone virus that can replicate itself with the intention of spreading to other
computers; often uses networks to search out computers with weak security which are prone to such
attacks
Trojan horses These are malicious programs often disguised as legitimate software; they replace all or part of the
legitimate software with the intent of carrying out some harm to the user’s computer system
Spyware Software that gathers information by monitoring, for example, all the activity on a user’s computer; the
gathered information is then sent back to the person who sent the software (sometimes they monitor
key presses, which is referred to as key logging software)
Adware Software that floods a user’s computer with unwanted advertising; usually in the form of pop-ups, but
can frequently appear in the browser address window redirecting the browser to a fake website which
contains the promotional adverts
Ransomware Programs that encrypt the data on a user’s computer; a decryption key is sent back to the user once
they pay a sum of money (a ransom); they are often sent via a Trojan horse or by social engineering
205
Card fraud
Card fraud is the illegal use of a credit or debit card. This can be due to:
» shoulder surfing when using the card on any device that requires keyboard
entries (for example, an ATM or a handheld POS terminal)
» card cloning
» key logging software.
▲ Figure 8.8 Automatic teller machine (ATM) and handheld point-of-sale (POS) terminal
Shoulder surfing
Shoulder surfing is a form of data theft where criminals steal personal
information from a victim when they are using a cash dispensing machine (for
example, an automatic teller machine – ATM), when paying for goods/services
using a handheld point-of-sale (POS) device or even when paying using a
smartphone. Examples of shoulder surfing includes:
» somebody watching you key in data, such as your PIN; this can be something
simple like just looking over your shoulder or somebody watching from a
distance using binoculars or using a video camera
» somebody listening in when you are giving credit or debit card details over
the phone; by simply listening in, a criminal will gain very important data
about your card
» some of the more sophisticated examples of shoulder surfing include the
use of tiny digital cameras (placed near to the keyboard on the ATM or other
device) which take high-quality images of the keys being pressed.
Card cloning
Card cloning is the copying of a credit or debit card which uses a magnetic stripe.
Cloning of this type of card employs an electronic device known as a skimmer.
206
This is a data capture device that allows a criminal to record all of the data stored
on the magnetic stripe on a card. Skimmers can be placed in ATM slots where they
can read all the data from a card; this data is then copied to the magnetic stripe
of a fake card. Even the security hologram can be copied. The skimmer is often a
false front on the card slot on the ATM. To obtain the PIN to use with the newly
cloned car, the criminal would also make use of shoulder surfing.
Smart cards, which contain a microchip, were introduced to combat card cloning
and give considerably more security. Therefore, a different device, known as a
shimmer, is now used to read these smart cards. This uses a paper-thin shim
(that contains a chip and a flash drive) that can be put into a card reading slot.
It is so thin that it is almost impossible to detect. When a customer puts their
card into the reader slot, the shim reads all the data from the credit/debit card,
allowing the criminal to create a fake replica credit/debit card. Although the chip
itself cannot be cloned, all the data gathered from the cloned card is now stored
on a magnetic stripe and a fake card is produced. The fake card can be used to
make purchases where a magnetic stripe card is still acceptable; for example,
when making purchases online.
Obviously, the best way to check on this type of fraud is to do regular checks of
your spending and query any unusual activity.
Key logging
The use of key logging software has been discussed earlier. This is used to detect
all key presses, such as when entering a credit or debit card:
» number
» security code (card verification value – CVV)
» PIN.
Because all this data can be obtained by key logging software, illegal use of a
credit or debit card to buy things online is a continued risk.
Biometric authentication
Biometrics relies on certain unique characteristics of human beings. Examples
include:
» fingerprint scans
» signature recognition
» retina scans
207
» iris recognition
» face recognition
» voice recognition.
Biometrics is used in a number of applications as a security device. For example,
some of the latest mobile phones require fingerprint matching before it can be
operated; some pharmaceutical companies use face recognition or retina scans
to allow entry to secure areas. We will now consider two of these biometric
techniques in a little more detail.
Fingerprint scans
Images of fingerprints are compared against previously scanned fingerprints
stored in a database; if they match then access is allowed. The system
compares patterns of ‘ridges’ and ‘valleys’ which are unique.
An example of its use would be as a security method for entering a
building. Fingerprint scanning techniques have the following advantages:
» Fingerprints are unique, therefore this technique would improve security
because it would be difficult to replicate a person’s fingerprints.
» Other security devices (such as magnetic cards) could be lost or even
stolen, which makes them less effective.
» It would be impossible to ‘sign in’ for somebody else because the
fingerprints would match up to one person only on the database.
» Fingerprints cannot be misplaced; a person always has them!
Face recognition
Face recognition is used to identify somebody by their facial features. It is
used by many modern smartphones as the method of identifying the owner of
the phone, and for authorising purchases using the phone.
Figure 8.10 shows several of the positions used by the face-recognition
software. The position of each facial feature is calculated by the software.
These values are then compared to values already stored on a database. If the
values match, then the face is recognised.
Data such as:
» distance between the eyes
» width of the nose
» shape of the cheek bones ▲ Figure 8.10 Face recognition
» length of the jawline
» shape of the eyebrows
208
One drawback common to all biometric techniques is the need for the systems
to store very personal data about users. Some people are uncomfortable with
this idea. Table 8.3 shows a comparison of some of the other advantages and
disadvantages of the six most common biometric techniques.
▼ Table 8.3 Comparison of biometric types
Digital certificates
A digital certificate is a pair of files stored on a user’s computer – these are
used to ensure the security of data sent over the internet. Each pair of files is
divided into:
» a public key (which can be accessed by anyone)
» a private key (known to the computer user only).
For example, when sending an email, the message is made more secure by
attaching a digital certificate. When the message is received, the recipient can
verify that it comes from a known or trusted source by viewing the public key
information (this is usually part of the email attachment). This is an added level
of security to protect the recipient from harmful emails. The digital certificate is
made up of six parts:
» the sender’s email address
» the name of the digital certificate owner
» a serial number
» expiry date (the date range during which the certificate is valid)
» public key (which is used for encrypting the messages and for digital signatures)
» digital signature of certificate authority (CAs) – an example of this is VeriSign
209
SSL certificates are small data files that digitally bind an encryption key to an
organisation’s details. When installed on a web server, it shows as the green
padlock and the https protocol ensures secure connections from a web server to a
web browser.
Figure 8.12 shows what happens when a user wants to access a secure website
and receive and send data to it:
210
Encryption
Encryption is used primarily to protect data in case it has been hacked or
accessed illegally. While encryption will not prevent hacking, it makes the
data meaningless unless the recipient has the necessary decryption tools (as
described below).
Encryption uses a secret key that has the capability of altering the characters
in a message. If this key is applied to a message, its content is changed, which
makes it unreadable unless the recipient also has the same secret key. When this
secret key is applied to the encrypted message, it decodes it, allowing it to be
read.
The key used to encrypt (or encode) the message is known as the encryption
key; the key used to decrypt (or decipher) the message is known as the
decryption key. When a message undergoes encryption it is known as cypher
script; the original message is known as plain text. Figure 8.13 shows how these
two are linked together.
Encryption key
Plain text
‘YM3G 3G 1 N2GG1R2
FV3YY2P 3P DX13P Y2LY
T2Z4V23Y R42G
YMV45RM YM2
2PKVHDY34P DV4K2GG’ RECIPIENT ‘This is a message
written in plain text
Decryption
before it goes
process
through the
Decryption key encryption process’
211
Encrypt the connection with your Encrypt the actual email Encrypt stored or
email provider: messages: archived email messages:
» Encryption of the connection » Encryption of » Any backed-up
with your email supplier emails themselves messages stored on
prevents unauthorised prevents a hacker your email supplier’s
users from intercepting and making sense of any server also need to be
capturing log in details as well intercepted messages encrypted
as any email messages sent or (keeping any sensitive » If a hacker acquires
received or confidential access to this server,
» As the emails leave your email information safe) they could then gain
supplier’s server and travel to access to your stored
their destination server they or archived messages
are at risk; encryption will
give the additional protection
described above
As mentioned earlier, https and SSL gives protection when transferring data
across the internet.
Firewalls
A firewall can be software or hardware. It sits between the user’s computer
and an external network (for example, the internet). A firewall will help to keep
potentially destructive forces away from a user’s computer, by filtering incoming
and outgoing network traffic. The criteria for allowing or denying access to a
computer can be set by the user.
212
Firewall
User’s
(software or Internet
computer
hardware)
The following list shows a number of the tasks carried out by a firewall:
» to examine the ‘traffic’ between user’s computer (or internal network) and a
public network (for example, the internet)
» checks whether incoming or outgoing data meets a given set of criteria
» if the data fails the criteria, the firewall will block the ‘traffic’ and give the
user (or network manager) a warning that there may be a security issue
» the firewall can be used to log all incoming and outgoing ‘traffic’ to allow
later interrogation by the user (or network manager)
» criteria can be set so that the firewall prevents access to certain undesirable
sites; the firewall can keep a list of all undesirable IP addresses
» it is possible for firewalls to help prevent viruses or hackers entering the
user’s computer (or internal network)
» the user is warned if some software on their system is trying to access an
external data source (for example, automatic software upgrade); the user is
given the option of allowing it to go ahead or request that such access is
denied.
The firewall can be a hardware interface which is located somewhere between the
computer and the internet connection. It is often referred to in this case as a
gateway. Alternatively, the firewall can be software installed on a computer; in
some cases, this is part of the operating system.
Two-factor authentication
Authentication refers to the ability of a user to prove who they are. There are
three common factors used in authentication:
» something you know (for example, a password or PIN code)
» something you have (for example, a mobile phone or tablet)
» something which is unique to you (for example, biometrics).
213
KAMEREZZ
enter user name
Here is your
Smith1234 8 digit one-time please enter
pass code one-time
enter your password pass code
5123 4400
************ **** ****
Using the definitions of authentication at the start of this section, the mobile
phone is something she has and the password/PIN code is something she knows.
User IDs and passwords
Passwords are used to restrict access to data or systems. They should be hard
to break and changed frequently to retain any real level of security. In addition
to protecting access levels to computer systems, passwords are frequently used
when accessing the internet, for example:
» when accessing email accounts
» when carrying out online banking or shopping
» when accessing social networking sites.
It is important that passwords are protected; some ways of doing this are
described below:
» Run anti-spyware software to make sure that your passwords are not being
relayed back to anyone who put the spyware on your computer.
» Change passwords on a regular basis in case it has come into the possession of
another user illegally or accidentally.
» Passwords should not be easy to break (for example, your favourite colour,
name of a pet or favourite music artist); passwords are grouped as either
strong (hard to break or guess) or weak (relatively easy to break or guess).
» It is possible to make a password strong but also be easy to remember;
suppose we use the phrase: ‘The 3rd planet is Earth: the 8th planet is Neptune’
could give us an easy-to-remember password: T3piE:t8piN (which is certainly
strong and difficult to break).
» Strong passwords should contain:
– at least one capital letter
– at least one numerical value
– at least one other keyboard character (such as @, *, &. etc.)
An example of a strong password would be: Sy12@#TT90kj=0
An example of a weak password would be: GREEN
When the password is typed in, it often shows on the screen as ******** so
nobody overlooking can see what the user has typed in. If the user’s password
does not match up with the user name then access will be denied. Many systems
ask for the password to be typed in twice when being created, as a verification
check (a check on input errors). To help protect the system, users are only
214
Exercise 8d
Which of the following are weak passwords and which are strong passwords?
Explain your decision in each case.
i 25-Apr-2005
ii Password1
iii ChapTer@06
iv rX!3&tp%
v 111111”
215
Exam-style questions
1 a Name three safety issues when using computer systems. [3]
b For each named safety issue, describe one way to remove or militate
against the risk. [3]
2 Internet banking can be used by bank customers to check their account
balance.
Many ways of logging into such a system involve the use of passwords.
Describe three methods of minimising the possibility of passwords being
misused or intercepted. [3]
Cambridge IGCSE Information and Communication Technology (0417) Paper 11 Q9 a,
May/June 2016
3 There are a number of health and safety issues associated with the use of
computers.
Draw arrows from the terms Health or Safety to the matching issue. Use a
maximum of four arrows. [4]
Tripping over loose wires.
Health Heavy equipment falling off tables and
injuring people.
4 a Discuss the e-safety issues when using a social networking site. [7]
b Data can be classified as personal or sensitive.
Give two examples of each. [4]
5 Indicate, by ticking (✓) the appropriate box, which of the following are
examples of a health risk and which are examples of a safety risk. [7]
Description of risk Health Safety
(✓) (✓)
Irritation of the eyes caused by ozone gas coming from a laser printer
216
6 Seven ICT descriptions are shown on the left and seven ICT terms on the
right.
By drawing arrows, connect each description to the correct term. [6]
Authentication method using, for example, fingerprint Firewall
scans, retina scans or face recognition
7 Complete the following paragraph using words or phrases from the following
list. Each word or phrase may be used once, more than once or not at all.
» authenticity » link » protocols
» biometrics » password protected » secure sockets layer
» digital certificate » personal data » sensitive data
» encrypted » pharming » smishing
» e-safety » phishing » user ID
» hacking » privacy settings » vishing
217
9 Explain each of the following terms and give an example of their use.
a cloning of credit cards
b fingerprint scanning
c digital certificates
d encryption
e vishing [10]
10 a Name three biometric authentication techniques. [3]
b For each named technique, describe the advantages and disadvantages
of using it as a method of data security. [6]
11 a Explain what is meant by the term authentication. [2]
b Explain what is meant by two-factor authentication. [3]
12 a Explain why it is important to encrypt emails. [3]
b Explain why key logging software poses a security threat when
purchasing items on the internet. [3]
218