3. Packet Sniffers The connection between a user’s computer and the web server can be “sniffed” to gather an
abundance of data concerning a user including credit card information and passwords. A packet
sniffer is used to gather data that is passed through a network (Bradley, 2005). It is very difficult
to detect packet sniffers because their function is to capture network traffic as they do not
manipulate the data stream. The use of a Secure Socket Layer connection is the best way to
ensure that attackers utilizing packet sniffers cannot steal sensitive data.
4. Password Cracking Password cracking can involve different types of vulnerabilities and decrypting techniques;
however, the most popular form of password cracking is a brute force attempt. Brute force
password attacks are used to crack an individual’s username and password for a specific website
by scanning thousands of common terms, words, activities, and names until a combination of
them is granted access to a server. Brute force cracking takes advantage of systems that do not
require strong passwords, thus users will often use common names and activities making it
simple for a password cracker to gain access to a system. Other password cracking methods
include using hash tables to decrypt password files that may divulge an entire systems user name
and password list.
5. Trojans Trojan software is considered to be the most harmful in terms of E-Commerce security due to its
ability to secretly connect and send confidential information. These programs are developed for
the specific purpose of communicating without the chance of detection. Trojans can be used to
filter data from many different clients, servers, and database systems. Trojans can be installed to
monitor emails, instant messages, database communications, and a multitude of other services.
The percentage of personal computers with Trojan software installed was a staggering 31% in
2006 with a steady increase from years before (Webroot, 2006).