Question Description
Im working on a Economics question and need guidance to help me study.
# Reviewing the section of chapter assigned
Write a summary document in Word Format for about 1.5 – 2 pages long, on importance of Usability Factor in E-Commerce and factors involved in it.
2 attachmentsSlide 1 of 2attachment_1attachment_1attachment_2attachment_2.slider-slide > img { width: 100%; display: block; }
.slider-slide > img:focus { margin: auto; }
Unformatted Attachment Preview
CHAPTER 10
Electronic
Commerce
Security
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a. publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
Learning Objectives
In this chapter, you will learn:
What security risks arise in online business and how
to manage them
How to create a security policy
How to implement security on Web client computers
How to implement security in the communication
channels between computers
How to implement security on Web server computers
What organizations promote computer, network, and
Internet security
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
2
Introduction
Proper use of password protection is an important
element in maintaining security
Most people unwilling to remember numerous
complex passwords and change them often
Password management tools are popular solutions
for maintaining multiple complex passwords
Requires a single, master password for access
Weak link when hackers access master passwords
Encryption is an important safeguard to help address
attacks
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
3
Online Security Issues Overview
Individuals and businesses have had concerns
about security since Internet became a business
communications tool
Increasing with steady increase in sales and all types
of financial transactions
Chapter topics
Key security problems
Solutions to those problems
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
4
Origins of Security on Interconnected
Computer Systems
Modern computer security techniques developed by
US Department of Defense
Orange Book: rules for mandatory access control
Business computers initially adopted militarys
security methods
Networks and other factors have increased number of
users accessing computers
Computers now transmit valuable information
Changes have made the need for comprehensive
security risk controls more important than ever
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
5
Computer Security and Risk Management
Asset protection from unauthorized access, use,
alteration, and destruction
Physical security includes tangible protection devices
Alarms, guards, fireproof doors, security fences, safes
or vaults, and bombproof buildings
Logical security is protection using nonphysical means
Threat is anything posing danger to computer assets
Countermeasures are procedures (physical or logical)
that recognizes, reduces, and eliminates threats
Extent and expense depends on importance of asset at
risk
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
6
Computer Security and Risk Management
(contd.)
Risk management model: four general actions based
on impact (cost) & probability of physical threat
Also applicable for protecting Internet and electronic
commerce assets from physical and electronic threats
Eavesdropper (person or device) that listens in on and
copies Internet transmissions
Crackers or hackers obtain unauthorized access to
computers and networks
White hat (good) and black hat (bad) hackers
Companies must identify risks, determine how to
protect assets, and calculate how much to spend
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
7
© Cengage Learning 2017
FIGURE 10-1 Risk management model
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
8
Elements of Computer Security
Secrecy refers to protecting against unauthorized
data disclosure and ensuring data source
authenticity
Integrity is preventing unauthorized data modification
Integrity violation occurs when an e-mail message is
intercepted and changed before reaching destination
Man-in-the-middle exploit
Necessity refers to preventing data delays or denials
(removal)
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
9
Establishing a Security Policy
Written statement of: assets to protect and why, who
is responsible for protection and acceptable and
unacceptable behaviors
Addresses physical and network security, access
authorizations, virus protection, disaster recovery
Steps to create security policy
Determine which assets to protect from which threats
Determine access needs to various system parts
Identify resources to protect assets
Develop written security policy
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
10
Establishing a Security Policy (contd.)
Once policy is written and approved resources are
committed to implement the policy
Comprehensive security plan protects systems
privacy, integrity, availability and authenticates users
Selected to satisfy Figure 10-2 requirements
Provides a minimum level of acceptable security
All security measures must work together to prevent
unauthorized disclosure, destruction, or modification
of assets
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
11
© Cengage Learning 2017
FIGURE 10-2 Requirements for secure electronic commerce
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
12
Establishing a Security Policy (contd.)
Security policy points
Authentication: Who is trying to access site?
Access control: Who is allowed to log on to and
access site?
Secrecy: Who is permitted to view selected
information?
Data integrity: Who is allowed to change data?
Audit: Who or what causes specific events to occur,
and when?
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
13
Security for Client Devices
Threats to computers, smartphones, and tablets
Originate in software and downloaded Internet data
Malevolent server site masquerades as legitimate
Web site
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
14
Cookies and Web Bugs
Internet connection between Web clients and servers
accomplished by multiple independent transmissions
No continuous connection (open session) maintained
between any client and server
Cookies are small text files Web servers place on
Web client to identify returning visitors
Allow shopping cart and payment processing functions
without creating an open session
Session cookies exist until client connection ends
Persistent cookies remain indefinitely
Electronic commerce sites use both
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
15
Cookies and Web Bugs (contd.)
Cookies may be categorized by their source
First-party cookies are placed on client computer by
the Web server site
Third-party cookies originate on a Web site other than
the site being visited
Disable cookies entirely for complete protection
Useful cookies blocked (along with others) so that
information is not stored
Full site resources not available if cookies are not
allowed
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
16
Cookies and Web Bugs (contd.)
Web browser cookie management functions refuse
only third-party cookies or review each cookie
before allowing
Settings available with most Web browsers
Web bug or Web beacon is a tiny graphic that thirdparty Web site places on another sites Web page
Provides method for third-party site to place cookie on
visitors computer
Also called clear GIFs or 1-by-1 GIFs because
graphics created in GIF format with a color value of
transparent and as small as 1 pixel by 1 pixel
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
17
© Cengage Learning 2017
FIGURE 10-3 Mozilla Firefox dialog box for managing stored cookies
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
18
Active Content
Active content programs run when client device
loads Web page
Example actions: play audio, display moving
graphics, place items into shopping cart
Moves processing work from server to client device
but can pose a threat to client device
Methods to deliver active content
Cookies, Java applets, JavaScript, VBScript, ActiveX
controls, graphics, Web browser plug-ins,
e-mail attachments
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
19
Active Content (contd.)
Scripting languages provide executable script
Examples: JavaScript and VBScript
Applets are small application programs that typically
runs within Web browser
Most browsers include tools limiting applets and
scripting language actions by running in a sandbox
ActiveX controls are objects containing programs or
properties placed on Web pages to perform tasks
Run only on Windows operating systems
Give full access to client system resources
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
20
Active Content (contd.)
Crackers can embed malicious active content
Trojan horse is a program hidden inside another
program or Web page that masks its true purpose
May result in secrecy and integrity violations
Zombie secretly takes over another computer to
launch attacks on other computers
Botnet (robotic network, zombie farm) is all controlled
computers act as an attacking unit
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
21
Graphics and Plug-Ins
Graphics, browser plug-ins, and e-mail attachments
can harbor executable content
Embedded code can harm client computer
Browser plug-ins (programs) enhance browser
capabilities bit can pose security threats
Plug-ins executing commands buried within media
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
22
Viruses, Worms, and Antivirus Software
Programs automatically execute associated
programs to display e-mail attachments
Macro viruses in attached files can cause damage
Virus is software that attaches itself to host program
and causes damage when program is activated
Worm is a virus that replicates itself on computers it
infects and spreads quickly through the Internet
Macro virus is a small program embedded in file
First major virus was I LOVE YOU in 2000
Spread to 40 million computers in 20 countries and
caused estimated $9 billion in damages
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
23
© Cengage Learning 2017
FIGURE 10-4
Early computer
viruses, worms,
and Trojan
horses
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
24
Viruses, Worms, and Antivirus Software
(contd.)
2001 Code Red and Nimda: multivector virus-worm
Entered computer system in several different ways
and caused billions in damages
2003: New version of Code Red (Bugbear) checked
for antivirus software
Antivirus software detects viruses and worms
Deletes or isolates them on client computer
2008: Conficker virus which continues to be a
concern because it can reinstall itself after removal
2010 & 2011: New and more Trojan combinations
Some targeted bank accounts
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
25
© Cengage Learning 2017
FIGURE 10-5
Computer
viruses, worms,
and Trojan
horses: 20002007
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
26
© Cengage Learning 2017
FIGURE 10-5 Computer viruses, worms, and Trojan horses: 2000-2007
(contd)
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
27
Viruses, Worms, and Antivirus Software
(contd.)
2013: Ransomware (Cryptolocker) encrypted files
and demanded payment for keys to unlock
Perpetrators got away with more than $3 million
2015: New version attached itself to games
Companies such as Symantec and McAfee track
viruses and sell antivirus software
Data files must be updated regularly so that newest
viruses are recognized and eliminated
Some Web e-mail systems such as Yahoo! Mail and
Gmail automatically scan attachments before
downloading
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
28
© Cengage Learning 2017
FIGURE 10-6
Computer
viruses, worms,
and Trojan
horses: 2008 2015
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
29
Digital Certificates
Digital certificate is an e-mail attachment or program
embedded in Web page that verifies identity
Contains a means to send encrypted communication
Used to execute online transactions, send encrypted
email and make electronic funds transfers
Certification authority (CA) issues digital certificates
to organizations, individuals with six elements
Owners identification and public key, validity dates,
serial number, issuer name and digital signature
Key is a long binary number used with encryption
algorithm to Lock protected message characters
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
30
Digital Certificates (contd.)
Identification requirements vary between CAs
Drivers license, notarized form, fingerprints
More stringent rules adopted in 2008 after hackers
obtained falsified digital certificates
Secure Sockets Layer-Extended Validation (SSL-EV)
requires extensive confirmations
Annual fees range from $100 to more than $1000
Digital certificates expire after period of time
Provides protection by requiring credentials be
resubmitted for evaluation
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
31
Steganography
Process of hiding information within another piece of
information whcih can be used for malicious
purposes
Provides a way for hiding an encrypted file within
another file
Casual observer cannot detect anything important in
container file
Two-step process where encrypting file protects it
from being read and steganography makes it invisible
Al Qaeda used steganography to hide attack orders
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
32
Physical Security for Client Devices and
Client Security for Mobile Devices
Client computers require physical security
Fingerprint readers: more protection than passwords
Biometric security devices use an element of a
persons biological makeup to provide identification
Signature recognition, eye or palm scanners, veins
Access passwords help secure mobile devices
Remote wipe clears all personal data and can be
added as a app or done through e-mail
Many users install antivirus software
Rogue apps contain malware or collect information
and forward to perpetrators
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
33
Communication Channel Security and
Secrecy Threats
Internet was designed to provide redundancy, not to
be secure
Remains unchanged from original insecure state
Secrecy is the prevention of unauthorized
information disclosure
Technical issue requiring sophisticated physical and
logical mechanisms such as encryption of emails
Privacy is the protection of individual rights to
nondisclosure which is a legal matter
Should supervisors be allowed to randomly read
employee emails?
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
34
Secrecy Threats (contd.)
Theft of sensitive or personal information is a
significant electronic commerce threat
Sniffer programs record information passing through
computer or router handling Internet traffic
Backdoor allows users to run a program without going
through the normal authentication procedures
May be left by programmers accidently or intentionally
Stolen corporate info (Eavesdropper example)
Several companies offer anonymous Web services
that hide personal information from sites visited
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
35
Integrity Threats
Active wiretapping when an unauthorized party alters
message information stream
Cybervandalism is electronic defacing of a Web site
Masquerading (spoofing) is pretending to be someone
else or a fake Web site representing itself as original
Domain name servers (DNSs) are Internet
computers that link domain names to IP addresses
Perpetrators substitute their Web site address in place
of real one
Phishing expeditions trick victims into disclosing
confidential info (banking and payment systems)
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom
use.
36
Necessity Threats
Delay, denial, and denial-of-service (DoS) attacks
that disrupt or deny normal computer processing
Intolerably slow-speed computer processing
Renders service unusable or unattractive
Distributed denial-of-service (DDoS) attack uses
botnets to launch simultaneous attack on a Web site
DoS attacks can remove information from a
transmission or file
Quicken accounting program diverted money to
perpetrators bank account
Overwhelmed servers and stopped customers access
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
37
Threats to the Physical Security of Internet
Communications Channels
Internets packet-based network design precludes it
from being shut down by attack on single
communications link
Individual users Internet service can be interrupted
Destruction of users Internet link
Larger companies, organizations use more than one
link to main Internet backbone
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
38
Threats to Wireless Networks
Wireless Encryption Protocol (WEP) is a set of rules
for encrypting transmissions from the wireless
devices to the wireless access points (WAPs)
Wardrivers attackers drive around in cars and
search for accessible networks
Warchalking is placing a chalk mark on buildings
when open networks are found
Companies can avoid attacks by turning on WEP
and changing default login and password settings
Best Buy wireless point-of-sale (POS) failed to enable
WEP and customer intercepted data
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
39
Encryption Solutions and Encryption
Algorithms
Encryption is coding information using mathematically
based program and a secret key
Cryptography is the science of studying encryption
Converts text that is visible but has no apparent meaning
Encryption programs transforms normal text (plain
text) into cipher text (unintelligible characters string)
Encryption algorithm is the logic behind the program
Includes mathematics to do transformation
Decryption program is an encryption-reversing
procedure that decodes or decrypts messages
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
40
Encryption Algorithms and Hash Coding
In the U.S. the National Security Agency controls
dissemination which banned publication of details
Illegal for U.S. companies to export
Encryption algorithm property is that message
cannot be deciphered without key used to encrypt it
Hash coding uses a hash algorithm to calculate a
number (hash value) from a message
Unique message fingerprint
Can determine if message was altered during transit
Mismatch between original hash value and receiver
computed value
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
41
Asymmetric Encryption
Public-key encryption encodes messages using two
mathematically related numeric keys
Public key is freely distributed and encrypts
messages using encryption algorithm
Private key is secret and belongs to key owner
Decrypts all messages received
Pretty Good Privacy (PGP) is a popular public-key
encryption technology
Uses several different encryption algorithms
Free for individuals and sold to businesses
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
42
Symmetric Encryption
Private-key encryption that encodes message with a
single numeric key to encode and decode data
Both sender and receiver must know the key
Very fast and efficient but does not work well in large
environments because of number of keys required
Data Encryption Standard (DES) was first U.S.
government private-key encryption system
Triple Data Encryption Standard (Triple DES, 3DES)
was a stronger version of DES
Advanced Encryption Standard (AES) is a more
secure standard that is commonly used today
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
43
Comparing Asymmetric and Symmetric
Encryption Systems
Advantages of public-key (asymmetric) systems
Small combination of keys required
No problem in key distribution
Implementation of digital signatures possible
Disadvantage is that public key systems are
significantly slower than private-key systems
Public-key systems complement rather than replace
private-key systems
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.
44
© Cengage Learning 2017
FIGURE 10-7
Comparison of
(a) hash coding, (b)
private-key, and (c)
public-key encryption
© 2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a
license distributed with a certain product or service or otherwise on a password-