Selinux

Blueprints First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Blueprints First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Note Before using this information and the product it supports, read the information in â€Å"Notices† on page 17. First Edition (August 2009)  © Copyright IBM Corporation 2009. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Introduction . . . . . . . . . . . . . v First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server . . . . . . . . . . . . 1 Scope, requirements, and support Security-Enhanced Linux overview Access control: MAC and DAC SELinux basics. . . . . . SELinux and Apache . . . . Installing and running HTTPD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1 1 2 5 5 HTTPD and context types . . . . . . . . . 5 HTTPD and SE Linux Booleans . . . . . . . 8 Configuring HTTPD security using SELinux . . . . 9 Securing Apache (static content only) . . . . . 9 Hardening CGI scripts with SELinux . . . . . 12 Appendix. Related information and downloads . . . . . . . . . . . . . 15 Notices . . . . . . . . . . . . . . 17 Trademarks . . . . . . . . . . . . . 18  © Copyright IBM Corp. 2009 iii iv Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Introduction This blueprint provides a brief introduction to basic Security-Enhanced Linux (SELinux) commands and concepts, including Boolean variables. In addition, the paper shows you how to increase the security of the Apache Web server with SELinux by using these concepts. Key tools and technologies discussed in this demonstration include security-enhanced Linux (SELinux), mandatory access control (MAC), getenforce, sestatus, getsebool, and setsebool. Intended audienceThis blueprint is intended for Linux system or network administrators who want to learn more about securing their systems with SELinux. You should be familiar with installing and configuring Linux distributions, networks, and the Apache Web server. Scope and purpose This paper provides a basic overview of SELinux, SELinux Boolean variables, and hardening Apache on Red Hat Enterprise Linux (RHEL) 5. 3. For more information about configuring RHEL 5. 3, see the documentation supplied with your installation media or the distribution Web site. For more information about SELinux, see â€Å"Related information and downloads,† on page 15.Software requirements This blueprint is written and tested using Red Hat Enterprise Linux (RHEL) 5. 3. Hardware requirements The information contained in this blueprint is tested on different models of IBM System x and System p hardware. For a list of hardware supported by RHEL 5. 3, see the documentation supplied with your Linux distribution. Author names Robert Sisk Other contributors Monza Lui Kersten Richter Robb Romans IBM Services Linux offers flexibility, options, and competitive total cost of ownership with a world class enterprise operating system.Community innovation integrates leading-edge technologies and best practices into Linux. IBM ® is a leader in the Linux community with over 600 developers in the IBM Linux Technology Center working on over 100 open source projects in the community. IBM supports Linux on all IBM servers, storage, and middleware, offering the broadest flexibility to match your business needs.  © Copyright IBM Corp. 2009 v For more information about IBM and Linux, go to ibm. com/linux (https://www. ibm. com/linux) IBM Support Questions and comments regarding this documentation can be posted on the developerWorks Security Blueprint Community Forum: http://www. bm. com/developerworks/forums/forum. jspa? forumID=1271 The IBM developerWorks ® discussion forums let you ask questions, share knowledge, ideas, and opinions about technologies and progr amming techniques with other developerWorks users. Use the forum content at your own risk. While IBM will attempt to provide a timely response to all postings, the use of this developerWorks forum does not guarantee a response to every question that is posted, nor do we validate the answers or the code that are offered. Typographic conventionsThe following typographic conventions are used in this Blueprint: Bold Identifies commands, subroutines, keywords, files, structures, directories, and other items whose names are predefined by the system. Also identifies graphical objects such as buttons, labels, and icons that the user selects. Identifies parameters whose actual names or values are to be supplied by the user. Identifies examples of specific data values, examples of text like what you might see displayed, examples of portions of program code like what you might write as a programmer, messages from the system, or information you should actually type.Italics Monospace Related ref erence: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x ® running Linux and PowerLinux. You can learn more about the systems to which this information applies. vi Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Scope, requirements, and support This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Systems to which this information applies System x running Linux and PowerLinux Security-Enhanced Linux overview Security-Enhanced Linux (SELinux) is a component of the Linux operating system developed primarily by the United States National Security Agency. SELinux provides a method for creation and enforcement of mandatory access control (MAC) policies. These policies confine users and processes to the minimal amount of privilege req uired to perform assigned tasks. For more information about the history of SELinux, see http://en. wikipedia. org/wiki/Selinux.Since its release to the open source community in December 2000, the SELinux project has gained improvements such as predefined Boolean variables that make it easier to use. This paper helps you understand how to use these variables to configure SELinux policies on your system and to secure the Apache httpd daemon. Related reference: â€Å"Scope, requirements, and support† This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Access control: MAC and DAC Access level is important to computer system security.To compromise a system, attackers try to gain any possible level of access and then try to escalate that level until they are able to obtain restricted data or make unapproved system modifications. Because each user has some level of system access, every user account on your system increases the potential for abuse. System security has historically relied on trusting users not to abuse their access, but this trust has proven to be problematic. Today, server consolidation leads to more users per system. Outsourcing of Systems Management gives legitimate access, often at the system administrator level, to unknown users.Because server consolidation and outsourcing can be financially advantageous, what can you do to prevent abuse on Linux systems? To begin to answer that question, let's take a look at discretionary access control (DAC) and mandatory access control (MAC) and their differences. Discretionary access control (DAC), commonly known as file permissions, is the predominant access control mechanism in traditional UNIX and Linux systems. You may recognize the drwxr-xr-x or the ugo abbreviations for owner, group, and other permissions seen in a directory listing. In DAC, generally the resource owner (a user) controls who has access to a resour ce.For convenience, some users commonly set dangerous DAC file permissions that allow every user on the system to read, write, and execute many files that they own. In addition, a process started by a user can modify or delete any file to which the user has access. Processes that elevate their privileges high enough could therefore modify or delete system files. These instances are some of the disadvantages of DAC.  © Copyright IBM Corp. 2009 1 In contrast to DAC, mandatory access control (MAC) regulates user and process access to resources based upon an organizational (higher-level) security policy.This policy is a collection of rules that specify what types of access are allowed on a system. System policy is related to MAC in the same way that firewall rules are related to firewalls. SELinux is a Linux kernel implementation of a flexible MAC mechanism called type enforcement. In type enforcement, a type identifier is assigned to every user and object. An object can be a file or a process. To access an object, a user must be authorized for that object type. These authorizations are defined in a SELinux policy. Let's work through some examples and you will develop a better understanding of MAC and how it relates to SELinux.Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. SELinux basics It is a good practice not to use the root user unless necessary. However for demonstrating how to use SELinux, the root user is used in the examples in this blueprint. Some of the commands shown require root privileges to run them; for example, running getenforce and editing the /etc/selinux/config file. Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux.You can learn more about the systems to which this information applies. Run modes You can enable or disable SELinux policy enforcement on a Red Hat Enterprise Linux system during or after operating system installation. When disabled, SELinux has no effect on the system. When enabled, SELinux runs in one of two modes: v Enforcing: SELinux is enabled and SELinux policy is enforced v Permissive: SELinux is enabled but it only logs warnings instead of enforcing the policy When prompted during operating system installation, if you choose to enable SELinux, it is installed with a default security policy and set to run in the enforcing mode.Confirm the status of SELinux on your system. Like in many UNIX or Linux operating systems, there is more than one way to perform a task. To check the current mode, run one of the following commands: getenforce, sestatus, or cat /etc/selinux/config. v The getenorce command returns the current SELinux run mode, or Disabled if SELinux is not enabled. In the following example, getenforce shows that SELinux is enabled and enforcin g the current SELinux policy: [[email  protected] ~]$ getenforce EnforcingIf your system is displaying Permissive or Disabled and you want to follow along with the instructions, change the /etc/selinux/config file to run in Enforcing mode before continuing with the demonstration. Remember that if you are in Disabled mode, you should change first to Permissive and then to Enforcing. v The setstatus command returns the current run mode, along with information about the SELinux policy if SELinux is enabled. In the following example, setstatus shows that SELinux is enabled and enforcing the current SELinux policy: [[email  protected] ~]$ sestatus SELinux status: SELinuxfs mount: enabled /selinux Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Current mode: Mode from config file: Policy version: Policy from config file: enforcing enforcing 21 targeted v The /etc/selinux/config file configures SELinux and controls the mode as well as the active policy. Changes to the /etc/selinux/config file become effective only after you reboot the system. In the following example, the file shows that the mode is set to enforcing and the current policy type is targeted. [[email  protected] ~]$ cat /etc/selinux/config # This file controls the state of SELinux on the system. SELINUX= can take one of these three values: # enforcing – SELinux security policy is enforced. # permissive – SELinux prints warnings instead of enforcing. # disabled – SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted – Only targeted network daemons are protected. # strict – Full SELinux protection. SELINUXTYPE=targeted To enable SELinux, you need to set the value of the SELINUX parameter in the /etc/selinux/config file to either enforcing or permissive. If you enable SELinux in the config file, you must reboot your system to start SELinux.We recommend that y ou set SELINUX=permissive if the file system has never been labeled, has not been labeled recently, or you are not sure when it was last labeled. Note that file system labeling is the process of assigning a label containing security-relevant information to each file. In SELinux a file label is composed of the user, role, and type such as system_u:object_r:httpd_sys_content_t. Permissive mode ensures that SELinux does not interfere with the boot sequence if a command in the sequence occurs before the file system relabel is completed. Once the system is up and running, you can change the SELinux mode to enforcing.If you want to change the mode of SELinux on a running system, use the setenforce command. Entering setenforce enforcing changes the mode to enforcing and setenforce permissive changes the mode to permissive. To disable SELinux, edit the /etc/selinux/config file as described previously and reboot. You cannot disable or enable SELinux on a running system from the command line; you can only switch between enforcing and permissive when SELinux is enabled. Change the mode of SELinux to permissive by entering the following command: [[email  protected] ~]$ setenforce permissiveRecheck the output from getenforce, sestatus, and cat /etc/selinux/config. v The getenforce command returns Permissive, confirming the mode change: [[email  protected] ~]$ getenforce Permissive v The sestatus command also returns a Permissive mode value: [[email  protected] ~]$sestatus SELinux status: SELinuxfs mount: Current mode: Mode from config file: Policy version: Policy from config file: enabled /selinux permissive enforcing 21 targeted v After changing the mode to permissive, both the getenforce and sestatus commands return the correct permissive mode.However, look carefully at the output from the sestatus command: [[email  protected] ~]$ cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enfo rcing – SELinux security policy is enforced. # permissive – SELinux prints warnings instead of enforcing. First Steps with Security-Enhanced Linux (SELinux) 3 # disabled – SELinux is fully disabled. SELINUX=enforcing # SELINUXTYPE= type of policy in use. Possible values are: # targeted – Only targeted network daemons are protected. # strict – Full SELinux protection.SELINUXTYPE=targeted [[email  protected] ~]$ The Mode from config file parameter is enforcing. This setting is consistent with the cat /etc/selinux/config output because the config file was not changed. This status implies that the changes made by the setenforce command does not carry over to the next boot. If you reboot, SELinux returns to run state as configured in /etc/selinux/conf in enforcing mode. Change the running mode back to enforcing by entering the following command: [[email  protected] ~]$ setenforce enforcing The following output confirms the mode change: [[email  pr otected] ~]$ getenforce EnforcingRelated reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Security contexts The concept of type enforcement and the SELinux type identifier were discussed in the Overview. Let's explore these concepts in more detail. The SELinux implementation of MAC employs a type enforcement mechanism that requires every subject and object to be assigned a type identifier. The terms subject and object are defined in the Bell-La Padula multilevel security model (see http://en. wikipedia. rg/wiki/Bell-La_Padula_model for more information). Think of the subject as a user or a process and the object as a file or a process. Typically, a subject accesses an object; for example, a user modifies a file. When SELinux runs in enforcing mode, a subject cannot access an object unless the type identifier assigned to the subje ct is authorized to access the object. The default policy is to deny all access not specifically allowed. Authorization is determined by rules defined in the SELinux policy. An example of a rule granting access may be as simple as: allow httpd_t httpd_sys_content_t : file {ioctol read getattr lock};In this rule, the subject http daemon, assigned the type identifier of httpd_t, is given the permissions ioctol, read, getattr, and lock for any file object assigned the type identifier httpd_sys_content_t. In simple terms, the http daemon is allowed to read a file that is assigned the type identifier httpd_sys_content_t. This is a basic example of an allow rule type. There are many types of allow rules and some are very complex. There are also many type identifiers for use with subjects and objects. For more information about rule definitions, see: SELinux by Example in the â€Å"Related information and downloads,† on page 15 section.SELinux adds type enforcement to standard Linux distributions. To access an object, the user must have both the appropriate file permissions (DAC) and the correct SELinux access. An SELinux security context contains three parts: the user, the role, and the type identifier. Running the ls command with the –Z switch displays the typical file information as well as the security context for each item in the subdirectory. In the following example, the security context for the index. html file is composed of user_u as the user, object_r as the role, and httpd_sys_content_t as the type identifier [[email  protected] html]$ ls -Z index. tml -rw-r–r– web_admin web_admin user_u:object_r:httpd_sys_content_t index. html 4 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information a pplies. SELinux and Apache Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Installing and running HTTPD Now that you have a general understanding of the SELinux security context, you can secure an Apache Web server using SELinux. To follow along, you must have Apache installed on your system. You can install Apache on Red Hat Linux by entering the following command: [[email  protected] html]$ yum install httpd Next, start the Apache http daemon by entering service httpd start, as follows: [[email  protected] html]$ service httpd start Starting httpd: Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux.You can learn more about the systems to which this information applies. HTTPD and context types Red Hat Enterprise Linux 5. 3, at th e time of this writing, uses selinux-policy-2. 4. 6-203. el5. This policy defines the security context for the http daemon object as httpd_t. Because SELinux is running in enforcing mode, entering /bin/ps axZ | grep httpd produces the following output: [[email  protected] html]$ ps axZ | grep http rootroot:system_r:httpd_t 2555 ? Ss 0:00 /usr/sbin/httpd rootroot:system_r:httpd_t 2593 ? S 0:00 /usr/sbin/httpd rootroot:system_r:httpd_t 2594 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2595 ?S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2596 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2597 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2598 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2599 ? S 0:00 /usr/sbin/httpd root:system_r:httpd_t 2600 ? S 0:00 /usr/sbin/httpd The Z option to ps shows the security context for the httpd processes as root:system_r:httpd_t, confirming that httpd is running as the security type httpd_t. The selinux-policy-2. 4. 6-203. el5 also defines several file security context types to be used with the http daemon. For a listing, see the man page for httpd_selinux.The httpd_sys_content_t context type is used for files and subdirectories containing content to be accessible by the http daemon and all httpd scripts. Entering ls –Z displays the security context for items in the default http directory (/var/www/), as follows: [[email  protected] ~]$ ls -Z /var/www/ | grep html drwxr-xr-x root root system_u:object_r:httpd_sys_content_t html First Steps with Security-Enhanced Linux (SELinux) 5 The /var/www/html directory is the default location for all Web server content (defined by the variable setting of DocumentRoot /var/www/html in the /etc/httpd/conf/httpd. conf http configuration file).This directory is assigned the type httpd_sys_content_t as part of its security context which allows the http daemon to access its contents. Any file or subdirectory inherits the security context of the directory in which it is created; therefo re a file created in the html subdirectory inherits the httpd_sys_content_t type. In the following example, the root user creates the index. html file in the /root directory. The index. html inherits the security root:object_r:user_home_t context which is the expected security context for root in RHEL 5. 3. [[email  protected] ~]$ touch /root/index. html [[email  protected] ~]$ ls -Z /root/index. tml -rw-r–r– root root root:object_r:user_home_t /root/index. html If the root user copies the newly created index. html file to the /var/www/html/ directory, the file inherits the security context (httpd_sys_content_t) of the html subdirectory because a new copy of the file is created in the html subdirectory: [[email  protected] ~]$ cp /root/index. html /var/www/html [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root user_u:object_r:httpd_sys_content_t /var/www/html/index. html If you move the index. html file instead of copying it, a new file is not created in the html subdirectory and index. tml retains the user_home_t type: [[email  protected] ~]$ mv -f /root/index. html /var/www/html [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root user_u:object_r:user_home_t /var/www/html/index. html When a Web browser or network download agent like wget makes a request to the http daemon for the moved index. html file, with user_home_t context, the browser is denied access because SELinux is running in enforcing mode. [[email  protected] ~]# wget localhost/index. html –21:10:00– http://localhost/index. html Resolving localhost†¦ 127. 0. 0. 1 Connecting to localhost|127. 0. 0. 1|:80†¦ onnected. HTTP request sent, awaiting response†¦ 403 Forbidden 21:10:00 ERROR 403: Forbidden. SELinux generates error messages in both /var/log/messages and /var/log/httpd/error_log. The following message in /var/log/httpd/error_log is not very helpful because it t ells you only that access is being denied: [Wed May 20 12:47:57 2009] [error] [client 172. 16. 1. 100] (13) Permission denied: access to /index. html denied The following error message in /var/log/messages is more helpful because it tells you why SELinux is preventing access to the /var/www/html/index. html file – a potentially mislabeled file.Furthermore, it provides a command that you can use to produce a detailed summary of the issue. May 20 12:22:48 localhost setroubleshoot: SELinux is preventing the httpd from using potentially mislabeled files (/var/www/html/index. html). For complete SELinux messages. run sealert -l 9e568d42-4b20-471c-9214-b98020c4d97a Entering sealert –l 9e568d42-4b20-471c-9214-b98020c4d97 as suggested in the previous error message returns the following detailed error message: [[email  protected] ~]$ sealert –l 9e568d42-4b20-471c-9214-b98020c4d97 Summary: SELinux is preventing the httpd from using potentially mislabeled files (/var/www /html/index. html).Detailed Description: SELinux has denied httpd access to potentially mislabeled file(s) (/var/www/html/index. html). This means that SELinux will not allow httpd to use these files. It is common for users to edit files in their home directory or tmp directories and then 6 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want httpd to access this files, you need to relabel them using restorecon -v ’/var/www/html/index. tml’. You might want to relabel the entire directory using restorecon -R -v ’/var/www/html’. Additional Information: Source Context root:system_r:httpd_t Target Context root:object_r:user_home_t Target Objects /var/www/html/index. html [ file ] Source httpd Source Path /usr/sbin/httpd Port Host loc alhost. localdomain Source RPM Packages httpd-2. 2. 3-22. el5 Target RPM Packages Policy RPM selinux-policy-2. 4. 6-203. el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name localhost. localdomain Platform Linux localhost. ocaldomain 2. 6. 18-128. 1. 10. el5 #1 SMP Wed Apr 29 13:55:17 EDT 2009 i686 i686 Alert Count 24 First Seen Fri May 15 13:36:32 2009 Last Seen Wed May 20 12:47:56 2009 Local ID 9e568d42-4b20-471c-9214-b98020c4d97a Line Numbers Raw Audit Messages host=localhost. localdomain type=AVC msg=audit(1242838076. 937:1141): avc: denied { getattr } for pid=3197 comm=†httpd† path=†/var/www/html/index. html† dev=dm-0 ino=3827354 scontext=root:system_r:httpd_t:s0 context=root:object_r:user_home_t:s0 tclass=file host=localhost. localdomain type=SYSCALL msg=audit(1242838076. 37:1141): arch=40000003 syscall=196 success=no exit=-13 a0=8eaa788 a1=bfc8d49c a2=419ff4 a3=2008171 items=0 ppid=3273 pid=3197 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4 comm=†httpd† exe=†/usr/sbin/httpd† subj=root:system_r:httpd_t:s0 key=(null) Although called a summary, this output is a very detailed report that provides the necessary commands to resolve the issue. As shown below, entering /sbin/restorecon -v ’/var/www/html/index. html as suggested not only resolves the problem, but also explains how you should change the security context for the /var/www/html/index. tml file. [[email  protected] ~]$ restorecon -v ’/var/www/html/index. html’ /sbin/restorecon reset /var/www/html/index. html context root:object_r:user_home_t:s0-; root:object_r:httpd_sys_content_t:s0 The previous restorecon -v command changed the security context of /var/www/html/index. html from root:object_r:user_home_t to root:object_r:httpd_sys_content_t. With a root:object_r:httpd_sys_content_t security context, the http dae mon can now access /var/www/html/index. html. Use a Web browser or wget to make another request to the httpd daemon for the index. html file with a restored security context.This time, the request is permitted: [[email  protected] ~]# wget localhost/index. html –21:09:21– http://localhost/index. html Resolving localhost†¦ 127. 0. 0. 1 Connecting to localhost|127. 0. 0. 1|:80†¦ connected. HTTP request sent, awaiting response†¦ 200 OK Length: 0 [text/html] Saving to: ’index. html’ First Steps with Security-Enhanced Linux (SELinux) 7 [ ] 0 –. -K/s in 0s 21:09:21 (0. 00 B/s) – ’index. html’ saved [0/0] Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.HTTPD and SELinux Booleans SELinux has a set of built-in switches named Booleans or conditional policies t hat you can use to turn specific SELinux features on or off. Entering the getsebool -a | grep http command lists the 23 Booleans related to the http daemon, which are a subset of the 234 Booleans currently defined in the selinux-policy-2. 4. 6-203. el5 policy. These 23 Booleans allow you to customize SELinux policy for the http daemon during runtime without modifying, compiling, or loading a new policy. You can customize the level of http security by setting the relevant Boolean values or toggling between on and off values. [email  protected] ~]$ getsebool -a | grep http allow_httpd_anon_write –> off allow_httpd_bugzilla_script_anon_write –> off allow_httpd_mod_auth_pam –> off allow_httpd_nagios_script_anon_write –> off allow_httpd_prewikka_script_anon_write –> off allow_httpd_squid_script_anon_write –> off allow_httpd_sys_script_anon_write –> off httpd_builtin_scripting –> on httpd_can_network_connect –> off httpd_can _network_connect_db –> off httpd_can_network_relay –> off httpd_can_sendmail –> on httpd_disable_trans –> off httpd_enable_cgi –> on httpd_enable_ftp_server –> off httpd_enable_homedirs –> on httpd_rotatelogs_disable_trans –> off httpd_ssi_exec –> off httpd_suexec_disable_trans –> off httpd_tty_comm –> on httpd_unified –> on httpd_use_cifs –> off httpd_use_nfs –> off SELinux provides three command-line tools for working with Booleans: getsebool, setsebool, and togglesebool. The getsebool –a command returns the current state of all the SELinux Booleans defined by the policy.You can also use the command without the –a option to return settings for one or more specific Booleans entered on the command line, as follows: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> on Use setsebool to set the current state of one or more Booleans by specifying the Boolean and its value. Acceptable values to enable a Boolean are 1, true, and on. Acceptable values to disable a Boolean are 0, false, and off. See the following cases for examples. You can use the -P option with the setsebool command to write the specified changes to the SELinux policy file. These changes are persistent across reboots; unwritten changes remain in effect until you change them or the system is rebooted. Use setsebool to change status of the httpd_enable_cgi Boolean to off: [[email  protected] ~]$ setsebool httpd_enable_cgi 0 8Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Confirm status change of the httpd_enable_cgi Boolean: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> off The togglesebool tool flips the current value of one or more Booleans. This tool does not have an option that writes the changes to the policy file. Changes remain in effect until changed or the system is reb ooted. Use the togglesebool tool to switch the status of the httpd_enable_cgi Boolean, as follows: [[email  protected] ~]$ togglesebool httpd_enable_cgi httpd_enable_cgi: active Confirm the status change of the httpd_enable_cgi Boolean: [[email  protected] ~]$ getsebool httpd_enable_cgi httpd_enable_cgi –> onRelated reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Configuring HTTPD security using SELinux Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. Securing Apache (static content only) The default Red Hat Enterprise Linux 5. 3 installation with SELinux running in enforcing mode provides a basic level of Web server security. You can increase that security level with a little effort.Because security is related to the function of the system, let's start with a Web server that only serves static content from the /var/www/html directory. 1. Ensure that SELinux is enabled and running in enforcing mode: [[email  protected] ~]$ sestatus SELinux status: SELinuxfs mount: Current mode: Mode from config file: Policy version: Policy from config file: enabled /selinux enforcing enforcing 21 2. Confirm that httpd is running as type httpd_t: [[email  protected] html]$ /bin/ps axZ root:system_r:httpd_t 2555 ? root:system_r:httpd_t 2593 ? root:system_r:httpd_t 2594 ? root:system_r:httpd_t 2595 ? root:system_r:httpd_t 2596 ? root:system_r:httpd_t 2597 ? root:system_r:httpd_t 2598 ? root:system_r:httpd_t 2599 ? root:system_r:httpd_t 2600 ? grep http Ss 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd S 0:00 httpd 3. Confirm that the /var/www/html directory is assigned the httpd_sys_content_t con text type: [[email  protected] ~]$ ls -Z /var/www/ drwxr-xr-x root root root:object_r:httpd_sys_script_exec_t cgi-bin drwxr-xr-x root root root:object_r:httpd_sys_content_t error drwxr-xr-x root root root:object_r:httpd_sys_content_t html First Steps with Security-Enhanced Linux (SELinux) 9 drwxr-xr-x drwxr-xr-x drwxr-xr-x root root root:object_r:httpd_sys_content_t icons root root root:object_r:httpd_sys_content_t manual webalizer root root:object_r:httpd_sys_content_t usage 4.Confirm that the content to be served is assigned the httpd_sys_content_t context type. For example: [[email  protected] ~]$ ls -Z /var/www/html/index. html -rw-r–r– root root root:object_r:httpd_sys_content_t /var/www/html/index. html Use a Web browser or wget to make a request to the httpd daemon for the index. html file and you should see that permission is granted. To increase the level of protection provided by SELinux, disable any httpd-related features that you do not want by turning off their corresponding Boolean. By default, the following six Boolean are set to on. If you do not need these features, turn them off by setting their Boolean variables to off. [email  protected] ~]# getsebool -a|grep http|grep â€Å"–> on† httpd_builtin_scripting –> on httpd_can_sendmail –> on httpd_enable_cgi –> on httpd_enable_homedirs –> on httpd_tty_comm –> on httpd_unified –> on httpd_can_sendmail If the Web server does not use Sendmail, turn this Boolean to off. This action prevents unauthorized users from sending e-mail spam from this system. httpd_enable_homedirs When this Boolean is set to on, it allows httpd to read content from subdirectories located under user home directories. If the Web server is not configured to serve content from user home directories, set this Boolean to off. httpd_tty_comm By default, httpd is allowed to access the controlling terminal.This action is necessary in certain situations where httpd must prompt the user for a password. If the Web server does not require this feature, set the Boolean to off. httpd_unified This Boolean affects the transition of the http daemon to security domains defined in SELinux policy. Enabling this Boolean creates a single security domain for all http-labeled content. For more information, see SELinux by Example listed under the â€Å"Related information and downloads,† on page 15 section. httpd_enable_cgi If your content does not use the Common Gateway Interface (CGI) protocol, set this Boolean to off. If you are unsure about using CGI in the Web server, try setting it to off and examine the log entries in the /var/log/messages file.The following example shows an error message from /var/log/messages resulting from SELinux blocking httpd execution of a CGI script: May 28 15:48:37 localhost setroubleshoot: SELinux is preventing the http daemon from executing cgi scripts. For complete SELinux messages. run sealert -l 0fdf4649-60df -47b5-bfd5-a72772207adc Entering sealert -l 0fdf4649-60df-47b5-bfd5-a72772207adc produces the following output: Summary: SELinux is preventing the http daemon from executing cgi scripts. Detailed Description: SELinux has denied the http daemon from executing a cgi script. httpd can be setup in a locked down mode where cgi scripts are not allowed to be executed. If the httpd server has been setup to not execute cgi scripts, this could signal a intrusion attempt.Allowing Access: If you want httpd to be able to run cgi scripts, you need to turn on the httpd_enable_cgi Boolean: â€Å"setsebool -P httpd_enable_cgi=1†³ 10 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server The following command will allow this access: setsebool -P httpd_enable_cgi=1 Additional Information: Source Context root:system_r:httpd_t Target Context root:object_r:httpd_sys_script_exec_t Target Objects /var/www/cgi-bin [ dir ] Source httpd Source Path httpd Port Hos t localhost. localdomain Source RPM Packages httpd-2. 2. 3-22. el5 Target RPM Packages httpd-2. 2. 3-22. el5 Policy RPM selinux-policy-2. 4. 6-203. l5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name httpd_enable_cgi Host Name localhost. localdomain Platform Linux localhost. localdomain 2. 6. 18-128. 1. 10. el5 #1 SMP Wed Apr 29 13:55:17 EDT 2009 i686 i686 Alert Count 1 First Seen Thu May 28 15:48:36 2009 Last Seen Thu May 28 15:48:36 2009 Local ID 0fdf4649-60df-47b5-bfd5-a72772207adc Line Numbers Raw Audit Messages host=localhost. localdomain type=AVC msg=audit(1243540116. 963:248): avc: denied { getattr } for pid=2595 comm=†httpd† path=†/var/www/cgi-bin† dev=dm-0 ino=5527166 scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_sys_script_exec_t:s0 tclass=dir host=localhost. localdomain type=SYSCALL msg=audit(1243540116. 63:248): arch=40000003 syscall=196 success=no exit=-13 a0=8bd0a88 a1=bfc790bc a2=4 d0ff4 a3=2008171 items=0 ppid=2555 pid=2595 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=†httpd† exe=†httpd† subj=root:system_r:httpd_t:s0 key=(null) At the end of the previous output, listed under the Raw Audit Messages are these lines: â€Å"scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_sys_script_exec_t:s0 tclass=dir† This output shows you that httpd attempted to access a subdirectory with the httpd_sys_script_exec_t context type. This type is the context type of /var/www/cgi-bin, the directory where httpd looks for CGI scripts. The httpd daemon, with a httpd_t context type, was unable to access this subdirectory because the httpd_enable_cgi variable is set to off.With this configuration, SELinux does not allow a user or process of type httpd_t to access a directory, file, or process of type httpd_sys_script_exec_t. Therefore, the http daemon was denied access to the CGI script located in /var/www/cgi-bin. If you find similar messages in your log file, set the httpd_enable_cgi Boolean to on. httpd_builtin_scripting If you did not configure Apache to load scripting modules by changing the /etc/httpd/conf/ httpd. conf configuration file, set this Boolean to off. If you are unsure, turn httpd_builtin_scripting to off and check the /var/log/messages file for any httpd-related SELinux warnings. See the description of httpd_enable_cgi for an example. PHP and other scripting modules run with the same level of access as the http daemon.Therefore, turning httpd_builtin_scripting to off reduces the amount of access available if the Web server is compromised. To turn off all six of these Booleans and write the values to the policy file by using the setsebool -P command follow these steps: 1. Enter the setsebool -P command: First Steps with Security-Enhanced Linux (SELinux) 11 [[email  protected] ~]# setsebool -P httpd_can_sendmail=0 httpd_enable_homedirs =0 httpd_tty_comm=0 httpd_unified=0 httpd_enable_cgi=0 httpd_builtin_scripting=0 2. Check all the Boolean settings related to httpd by entering getsebool –a | grep httpd. The following output shows that all Boolean are set to off, including the six previously described variables which default to on. [email  protected] ~]$ getsebool -a | grep httpd allow_httpd_anon_write –> off allow_httpd_bugzilla_script_anon_write –> off allow_httpd_mod_auth_pam –> off allow_httpd_nagios_script_anon_write –> off allow_httpd_prewikka_script_anon_write –> off allow_httpd_squid_script_anon_write –> off allow_httpd_sys_script_anon_write –> off httpd_builtin_scripting –> off httpd_can_network_connect –> off httpd_can_network_connect_db –> off httpd_can_network_relay –> off httpd_can_sendmail –> off httpd_disable_trans –> off httpd_enable_cgi –> off httpd_enable_ftp_server –> off httpd_enable _homedirs –> off httpd_rotatelogs_disable_trans –> off httpd_ssi_exec –> off httpd_suexec_disable_trans –> off httpd_tty_comm –> off httpd_unified –> off httpd_use_cifs –> off httpd_use_nfs –> off 3. Use a Web browser or wget to make another request to the httpd daemon for the index. html file and you should succeed. Rebooting your machine does not change this configuration. This completes the necessary basic SELinux settings for hardening a Web server with static content. Next, look at hardening scripts accessed by the http daemon. Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.Hardening CGI scripts with SELinux In the previous section, you used SELinux Booleans to disable scripting because the Web server used only static content. Beginning with that configuration, you can enable CGI scripting and use SELinux to secure the scripts. 1. Confirm that your Web server is configured as described in section â€Å"Securing Apache (static content only)† on page 9. 2. Red Hat Enterprise Linux provides a CGI script that you can use for testing. You can find the script at /usr/lib/perl5/5. 8. 8/CGI/eg/tryit. cgi. Copy this script to the /var/www/cgi-bin/ directory, as follows: [[email  protected] ~]$ cp /usr/lib/perl5/5. 8. 8/CGI/eg/tryit. gi /var/www/cgi-bin/ 3. Make sure that the first line of the tryit. cgi script contains the correct path to the perl binary. From the which perl output shown below, the path should be changed to ! #/usr/bin/perl. [[email  protected] ~]# which perl /usr/bin/perl [[email  protected] ~]# head -1 /var/www/cgi-bin/tryit. cgi #! /usr/local/bin/perl 4. Confirm that /var/www/cgi-bin is assigned the httpd_sys_script_exec_t context type as follows: [[email  protected] ~]$ ls -Z /var/www/ | grep cgi-bin drwxr-xr-x root root root:object_r:httpd_sys_script_exec_t cgi-bin 12 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server 5.Allow and confirm read and execute permission for the tryit. cgi script to all users: [[email  protected] cgi-bin]# chmod 555 /var/www/cgi-bin/tryit. cgi [[email  protected] cgi-bin]# ls -Z -r-xr-xr-x root root root:object_r:httpd_sys_script_exec_t tryit. cgi 6. Confirm that /var/www/cgi-bin/tryit. cgi is assigned the httpd_sys_script_exec_t context type: [[email  protected] ~]$ ls -Z /var/www/cgi-bin/tryit. cgi -r-xr-xr-x root root root:object_r:httpd_sys_script_exec_t /var/www/cgi-bin/tryit. cgi 7. Enable CGI scripting in SELinux and confirm that it is enabled: [[email  protected] cgi-bin]$ setsebool httpd_enable_cgi=1 [[email  protected] cgi-bin]$ getsebool httpd_enable_cgi httpd_enable_cgi –> on 8.Open a Web browser and type the Web server address into the location bar. Include the /cgi-bin/tryit. cgi in the URL. For example, type http://192. 168. 1. 100/cgi-bin/tryit. cgi. The tryit. cgi script should return output similar to Figure 1: Figure 1. Figure 1: A Simple Example 9. Provide test answers to the form fields and click Submit Query. The tryit. cgi script should return output similar to Figure 2: First Steps with Security-Enhanced Linux (SELinux) 13 Figure 2. Figure 2: A Simple Example with results Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies. 14Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Appendix. Related information and downloads Related information v Wikipedia: Security-Enhanced Linux http://en. wikipedia. org/wiki/Selinux v Bell-La Padula model http://en. wikipedia. org/wiki/Bell-La_Padula_model v NSA Security-Enhanced Linux http://www. nsa. gov/research/selinux /index. shtml v Managing Red Hat Enterprise Linux 5 presentation http://people. redhat. com/dwalsh/SELinux/Presentations/ManageRHEL5. pdf v developerWorks Security Blueprint Community Forum http://www. ibm. com/developerworks/forums/forum. jspa? forumID=1271 v Red Hat Enterprise Linux 4: Red Hat SELinux Guide http://www. linuxtopia. rg/online_books/redhat_selinux_guide/rhlcommon-section-0055. html v F. Mayer, K. MacMillan, D. Caplan, â€Å"SELinux By Example – Using Security Enhanced Linux† Prentice Hall, 2007 Related reference: â€Å"Scope, requirements, and support† on page 1 This blueprint applies to System x running Linux and PowerLinux. You can learn more about the systems to which this information applies.  © Copyright IBM Corp. 2009 15 16 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Notices This information was developed for products and services offered in the U. S. A. IBM may not offer the products, s ervices, or features discussed in this document in other countries.Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents.You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U. S. A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION â€Å"AS IS† WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other progr ams (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation Dept. LRAS/Bldg. 903 11501 Burnet Road Austin, TX 78758-3400 U. S. A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee.The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us.  © Copyright IBM Corp. 2009 17 For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: IBM World Trade Asia Corporation Licensing 2-31 Roppongi 3-chome, Minato-ku Tokyo 106-0032, Japan IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Informatio n concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products.All of these names are fictitious and any similarity to the names and addresses used by an ac tual business enterprise is entirely coincidental. Trademarks IBM, the IBM logo, and ibm. com ® are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol ( ® and â„ ¢), these symbols indicate U. S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at Copyright and trademark information at www. ibm. com/legal/copytrade. html Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks and logos are registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Other company, product, or service names may be trademarks or service marks of others. 18 Blueprints: First Steps with Security-Enhanced Linux (SELinux): Hardening the Apache Web Server Printed in USA

Dark Tech: The Effect of the Cell Phone on Health

Today’s technologies are advancing at such an astonishing rate. This can make it difficult for even the most avid â€Å"techie† to keep pace. Technology is that wonderful thing that brings comfort and convenience to our lives. But, with that comfort and convenience, there often comes a price; and the technology of the cell phone proves no exception. Arguably, as a communication tool, the cell phone has no equal in how it has changed and affected our lives. Mostly, the effect has been positive in many ways. But, as it is with anything, overuse and abuse has brought out its dark side and the effect of unintended consequences.One of the unintended consequences of the cell phone is its effect on the health of its users and even the health of those around them. What is the effect of the cell phone on our health? Researchers are examining the health risks associated with cell phone use. This research has focused on traffic accidents, germs, cancer, electromagnetic radiation, and vision health. Traffic Accidents and Cell Phones Cell phone users knowingly, or unknowingly, put themselves and others in potentially hazardous situations by using a cell phone while driving.A recent study by the Centers for Disease Control and Prevention focused on cell phone distracted drivers in the United States. According to the study, sixty-nine percent of drivers in the United States, ages 18-64, reported that they had talked on their cell phone while driving within the last thirty days. Additionally, within that same demographic, thirty-one percent of U. S. drivers reported that they had read or sent text messages or email messages while driving at least once within the 30 days before they were surveyed.One must note that these percentages reflect only those drivers that â€Å"admitted† to the cell phone activity in question. Activities, such as texting, take the driver’s attention and hands away from driving more frequently and for longer periods than othe r distractions, making it proportionately more dangerous. Younger, inexperienced drivers under the age of 20 may be at a higher risk; they garner the highest proportion of distraction-related fatal crashes. The National Safety Council reports that at least 23 percent of all traffic crashes, or at least 1. 3 million crashes, involve cell phone use.This number can be broken down to an estimated 1. 2 million crashes each year involving drivers using cell phones for conversations and the remaining 100,000 or more additional crashes can be related to drivers who are texting. Analyzing this data shows that cell phone conversations are involved in 12 times as many crashes as texting. This seems to dispel the common myth that a texting driver is the more commonly dangerous cell phone activity. Additionally, and maybe surprisingly to some, it is not just our drivers causing dangerous situations on the roadways.Many times, pedestrians entranced with their cell phones are just as dangerous as drivers using them. A study published in Injury Prevention in 2012 reflects that one in three pedestrians is distracted by a mobile device while crossing busy streets. This type of distraction leads to accidents that injure both pedestrians and drivers. Germs and Cell Phones Cell phones not only carry important data, but nasty germs also. The greasy, oily residue you usually see on your cell phone after a week, or only a day, of use can often contain more disease-laden germs than those found on a toilet seat.In 2011, researchers from the London School of Hygiene & Tropical Medicine at Queen Mary, University of London found that one in six cell phones is contaminated with some sort of fecal matter. These fecal deposits find their way on to the handsets often because their owners did not wash their hands with soap and water after using the toilet. Some of the phones were found to harbor E. coli bacteria from fecal origin. If this bacterium is transferred into the mouth and ingested in to the body, it can cause fever, vomiting, and diarrhea.In another recent study, students in an Environmental Health course at South University, Columbia sought to find out what germs live on cell phones. After swabbing a sample of 60 phones belonging to students, they found that phones were frequently contaminated with methicillin-resistant Staphylococcus aureus (MRSA). According to Dr. Robert J. Wolff, PhD, program director of Health Science at South University, â€Å"Staph aureus is always dangerous and MRSA forms are worse because they cannot be stopped easily.†Staph skin infections, including MRSA, can quickly turn into deep, painful abscesses. The bacteria might remain confined to the skin, or burrow deeper into the body to cause potentially life-threatening infections in bones, joints, and surgical wounds. Once established in the body, the infection can infiltrate the bloodstream migrating to the heart valves and lungs tissues where it can wreak havoc on critical physi o-biological systems. Radiation and Cell Phone Usage Our cell phones certainly provide an efficient and easy way to communicate with friends, family, and co-workers.But, multiple research projects have suggested that excessive use of these communication devices may take a long-term toll on the user’s wellbeing. Cell phones use transmitting radio waves through a series of cell towers where radiofrequency (RF) waves create electromagnetic fields. Although cell phones are considered to be low-powered RF transmitters, your handset transmits power when it is on, and therefore it is important to increase your distance from the handset to reduce RF radiation exposure.The Federal Communications Commission (FCC) suggests cell phone users to keep a minimum distance of 20 centimeters from their handset to significantly reduce RF radiation exposure. Adults and especially children can suffer the long-term effects of radiation waves on the brain. According to Dr. Devra Davis, director for environmental oncology at the University of Pittsburgh, â€Å"Young children particularly need to be careful. We do not have enough information nor do we have enough time to be sure that cell phones are safe, and there's reason for concern that they may be harmful.†The University of Pittsburgh also warned its faculty and staff to limit their cell phone use due to the possible cancer risks. Vision and Cell Phones For those of you with smart phones, staring at your mobile device can cause problems in your vision later in life. Since screens on mobile devices tend to be smaller than computer screens, you are more likely to squint and strain your eyes while reading messages. According to the Vision Council, more than 70 percent of Americans don't know or are in denial that they are susceptible to digital eye strain.Additionally, smart phones and other hand-held devices are designed for reading at close range, so users’ eyes must constantly refocus and reposition to process the display’s text and graphics. As much as one-third of U. S. adults reported spending as many as four to six hours a day with their cell phones or related electronic devices. As digital device use increases, so do potential vision problems, including eye strain. Symptoms of this â€Å"digital† eye strain may include dry eyes, eye redness or irritation, blurred vision, neck and back pain, as well as headaches.Conclusion We know that today’s cell phone is the new wonder of modern technology that makes our lives richer and fuller as each new model is introduced. It is technically a microcomputer hidden beneath the cloak of a phone that puts the information super highway in our hip pocket for instant access at any time or place. Oh yeah, we can use it to communicate with our friends, family and co-workers too. So, are cell phones hazardous to our health? Well, if cell phones were handguns, they might be banned, or at the very least restricted by all means of laws and regulation.If cell phones were automobiles, an owner would probably need to take a safety course to get an operator’s license. To be serious, the cell phone is just a tool. If used in a safe manner and a little common sense, it is no more dangerous than any other tool (Said the three-fingered shop teacher). Unfortunately, not every cell phone user is endowed with common sense. So, until legislation catches up with the technology, the cell phone will have its dark side fraught with danger. Until then, to stay safe, we can clean our hands and cell phones regularly to keep the toilet germs and other assorted pathogens away from our mouths.We can keep our phone’s possible cancer causing RF at bay by using hands-free devices as much as possible. We can keep our eyesight a little longer by limiting device usage and eye strain. Last, but most importantly, we need to keep our cell phones in our pockets and purses while driving. If we need to make or answer a call, hand it to a passenger, pull over, or wait until we reach our destination to use the device. Just remember, when using your cell phone, think â€Å"safety first†; your health depends on it!

Barack Obama Speech Analysis Essay

In the compelling Inauguration speech of Barack Obama, the first African-American President, a large range of language and oratory techniques are utilized to convey his message to an audience of over a million Americans. The speech was delivered on the traditional inauguration date of the 20th January 2009, on the steps of the Lincoln Memorial where, 45 years earlier, Martin Luther King Jr. delivered his iconic ‘I Have a Dream’ speech. During Obama’s speech, he uses a range of oratory devices to present himself as credible, the techniques include; the proficient use of tone and performance aspects, extensive use of biblical references, allusion to history, and an important underlying theme. These techniques help to convey his strong message of hope and reapplying the good old American values of honesty, courage, tolerance and loyalty. On the 20th January 2009, democrat Barack Hussain Obama became the first African-American to take the presidential oath for America . He delivered his inauguration speech to an audience of over a million Americans, and at a time when the world’s economy had taken a downturn and America had a controversial presence in the Middle East. Americas history had been darkened by its racism and history of slavery and so the significance of this event was amplified as it showed a new acceptance and a positive step in American Civil Rights. Obama also delivered his inauguration speech on the steps of the Lincoln memorial where, 45 years earlier, Martin Luther King delivered his iconic ‘I Have a Dream’ speech. Congressman James Clyburn, the highest ranking African-American congressman of that time said about the event, â€Å"Today is about the validation of the dream Dr. King initiated 45 years ago on the steps of the Lincoln Memorial†, this shows the significance of the event, and put pressure on Obama to put on a show of strength. In Barack Obama’s Inauguration speech, it soon becomes obviou s that he is a seasoned orator who has a natural ability to persuade the audience’s emotions. His use of tone and pitch, amplified by his presentation, has a convincing effect on his delivery. In his opening sentences he says â€Å"I stand here today humbled by the task before us, grateful for the trust you’ve bestowed, mindful of the sacrifices bourne by our ancestors.† In hearing this, the listener is struck by his humbleness and sense of humility. The tone urges caution which  contrasts with the celebratory mood of the audience. His choice to use words like humbled, grateful and mindful along with his natural charisma and charm, causes the audience to respect him and listen to what he has to say. To increase the desired effect of his speech on the audience, Obama repetidly uses an allusion to history, this also helps to strengthen the audiences confidence in him. His statement â€Å"all are equal, all are free, and all deserve a chance to pursue their full measure of happiness† is a clever twist on the Declaration of Independence, a founding document of America and something all Americans can relate to. He uses a patriotic appeal and asks for a â€Å"†¦return to these truths†, a return to the old and true American traits of â€Å"honesty and hard work, courage and fair play, tolerance and curiosity, loyalty and patrionism†. The appeal effectively utilizes pathos, coupled with with allusion and historic references, to pursuade his audience to believe in him. During the delivery of his speech, Obama repeatidly alludes to biblical references, which acts not only as a useful language technique, but also shows a link to his background and heritage. In saying â€Å"the time has come to set aside childish things† (1 Corinthains 13:11), Obama exploits the ethos appeal and cleverly alludes to the refence, as his audience is not all christain and he did not want to offend them. This is yet more proof of his natural oratory ability and it also reflects on his African-American background, in which biblical references and hymns were used and widely known. These effects combined with the seamless delivery proves his incredible speaking ability and his charisma and charmwhich has helped him in his American dream, from being raised by a single mother, to becoming the first African-American president. Obama’s inauguration speech includes the interesting theme of ‘Drawing strength from out heroic past’. There are many references to history that Obama then applies to the current time. He took office at a troublesome time when the economic downturn was occurring and people were growing weary of the war on terror, so Obama cleverly addresses these issues with references to returning to the ideals of founding fathers, which raises a note of patrionism and brings the audience together. To help portray his theme, Obama includes extensive use of personal pronouns, for example â€Å"We the people have remained faithful to the ideals of our forebearers, and true to our founding documents†, he commends the audience for rem aining faithful to past ideals while using the  personal pronoun ‘we’, which deepens their confidence inhim and continues to draw the audience and speaker together. The speech effectively serves its purpose and addresses the issues of the day, while being strengthened with the use of personal pronouns, which has a constructive effect on the audience in view of getting the audience to believe in Obama, and accept what he is saying. The effectiveness of Barack Obama’s inauguration speech is complimented by his compelling use of oratory devices and techniques, including; the convincing effect of his tone and pitch, amplified by the presentation, the combined effect of allusion and historic references in making his appeals, an extensive use of biblical references which represents his heritage – and which are thoughtfully alluded to, as well as an underlying theme which helps Obama to elaborate on his message and address the issues of the day. These techniques are the cornerstone to gaining acceptance from the audience and persuading them to believe in what he is saying, and he also uses his charisma and charm in conjunction. The result is, a critically acclaimed speech which the NYTimes states as â€Å"Reveling in a moment of national significance† where Obama puts on a positive show of strength, rises to the occasion, and establishes himself as the 44th President of the United States of America.

Journal Article (Current event on Wall Street Journal) Essay - 1

Journal Article (Current event on Wall Street Journal) - Essay Example Smaller changes in the tax policy are supposedly getting in, and as a result of tax changes, there will be a direct implication on the economy. Sparshott elaborates that there is an expectation that there will be a shrink in the gross domestic product, which has an enormous implication on the economy by an estimate of 0.9 percent (7). The conjecture incorporates the full connotation of the fiscal cliff. More research as seen in the article by Sparshott indicates that there is an economic consequence of going over the fiscal cliff, and a much higher probability of staying off the cliff which many analysts and economist have ignored over time (8). To calm the nerves of the people who rely on the economy of the nation for their well-being, Sparshott explains that there is hope still, and there is a thin line separating the achievement of the fiscal plan and the current conditions (7). Further research by renowned researchers according to Sparshott indicates that economists figure that the economy of the nation is more stable and will survive (7). This is an indication of the fact that the country’s economy will be stable enough for the investors to risk a huge amount of money into the country. This assurance by researchers does not concur with many estimates by renowned analysts. However, the case is totally different in consideration to other analysts who indicate that the economy has an extensive process ahead so as to stabilize. In this case, the chances of survival of the country’s economy are negotiable. To back this argument, it is recommended to assess the entire state of the economy not a section of it. In this case, the assumption that the economy is stable is for the reason that there is a notable improvement in the housing market recovery. This recovery consequently leads to a steady fall in the level of unemployment which further leads t o a solidifying bank leading

Our Barbies, Ourselves by Emily Prager Article Example | Topics and Well Written Essays - 750 words

Our Barbies, Ourselves by Emily Prager - Article Example Prager asserts that this physical perfection on part of the most popular doll undermines the feminist movement and other feminine ideals. Prager acknowledges that Barbie does serve as a role model in terms of her liberated sense of style and living. The showcasing of Barbie’s bohemian lifestyle, spanning condos, fashion plazas, swimming pools and beauty salons is appealing for young girls. Yet, her combination of verve and freedom does not compensate for real substance. Prager constructs her arguments well through the use of deductive logic. She exposes the problems associated with Barbie’s idolatry. At the center of Prager’s criticism is the homocentric physical construction of Barbie and the highly materialistic basis of her lifestyle. As much a criticism of Barbie, the essay is a criticism of society at large for allowing a flawed concept to take such strong cultural roots. I Have a Dream by Martin Luther King Jr. This landmark speech of the Civil Rights Movem ent is one of the most powerful public orations ever. It was delivered by Martin Luther King Jr. on 28th August 1963 at the steps of the Lincoln Memorial in Washington D.C. The speech is exceptional for both its logical merit and emotional appeal. Indeed reading the transcript of the speech dilutes some of its rhetorical effects that were witnessed firsthand by the fortunate congregation at the Lincoln Memorial. ... Though the speech is delivered for political mobilization and has for its subject the deep-rooted social malaise of racial discrimination, it does not sacrifice its rhetorical flourishes. The combination of a powerful rallying cry delivered with a style bordering on poetic recitation makes it the most singular. It is hard to find any flaws with the speech. This is testified by the fact that it continues to be a source of inspiration for social activists even today. Message to the Grassroots by Malcolm X This is a public speech by the militant black leader Malcolm X, calling upon men of his race to unite in their efforts to fight white oppression. The speech is reminiscent of the more famous counterpart delivered by Martin Luther King Jr. But the methods advocated by the two speakers are contrasting. While the philosophy of King was one of non-violent activist organization, Malcolm X forwards a more militant approach to racial equality. Malcolm X’s agenda is also much broader t han attaining political rights. He believes that unless Black Nationalism (with due territorial sovereignty) is achieved there is no scope for black liberation. Malcolm X thus condemns the pacifist and conciliatory strands of the Civil Rights Movement. He urges all the black brethren to unite in their claim for a separate black nationhood. If a bloody revolution is what it takes to achieve that end so may the black race incur is his central message. Though Malcolm X’s speech is powerful in terms of rhetoric and public appeal, I personally do not find it acceptable. Malcolm X has a valid point in urging all factions of black social activists to unite. But his ready endorsement of violent means for achieving socio-political goals is problematic on two counts. Not only is Malcolm X’s stance

Answer the following question after reading Heart of Darkness Is the Essay

Answer the following question after reading Heart of Darkness Is the quest for knowledge a destructive endeavor, why or why not - Essay Example The story is about the men's inner confusion when faced with compelling situations, cruelty towards other humans, and what they become after leaving civilization and humanitarian values. In the end Mr. Kurtz, a man with quest for knowledge ended up insane and worthless to his company, shows the paradox underlying Conrad's intention to question the purpose of his mission. Whether quest for knowledge is a destructive endeavor or not, main question that may arise in the story of "Heart of Darkness," is clearly emphasized through large number of resources by Conrad. We all know that quest for knowledge is not a waste of time, as knowledge could be applied to life both in learning about self and the world, and it is a way to make life productive and eventful. The "Heart of Darkness" carries story within the story, of which "the meaning of an episode was not inside like a kernel but outside, enveloping the tale" (Conrad 2000. p.18). It gives a clear picture on the depth of knowledge Conrad has and forces the readers to search more and more sources to enrich their knowledge. "The basic narrative structure of Heart of Darkness is a frame-tale with inset stories, an experiment with 'oblique narration', a tale within a tale" (p.xxv). For any reader who is reading it for the first time, it will not be possible to understand the message or inner meaning of the novel completely. Subsequent reading will reveal that much of the meaning in "Heart of Darkness" is found in the periphery of the book, and not in the centre of the book or the heart of Africa. H eart of Darkness is a good example to cite the downfall of morality and withering away of a civilized man, Mr. Kurtz in the African Congo. Pursuit of knowledge is presented through the anecdotal narration of Mr. Marlow, a seaman. He begins his story sitting cross legged, resembling a "Buddha preaching", and ends it sitting 'indistinct and silent," "in the pose of a meditating Buddha" (ibid p.16,123). Mr. Marlow described as sitting "like a meditating Buddha' reveals he has achieved some sort of enlightenment. It symbolizes the preaching of an enlightened person and how he is going to deliver knowledge to his attentive disciples like the sermons of Lord Buddha. By following the words of Marlow, and the narrative style adopted by Conrad it is doubtful whether the ultimate goal of imparting knowledge was achieved or not. As the narrator is not maintaining continuity to his narration, and his audience is also inattentive, proves this symbolism failed to deliver any purpose. Another incidence that link to an effort to gather scientific knowledge comes from Marlow's visit to a doctor before his departure to African Congo and what transpired between them. It indicates another incidence of thirst for knowledge and its ultimate outcome. For Marlow's enquiry about the investigations carried out by the doctor and the reply he receives "this is my share in the advantages my country shall reap from the possession of such a magnificent dependency" has not been effectively established anywhere in the novel. To his further question, whether the doctor also measures the crania of those returning, the reply was he never sees them and "moreover the changes take place inside." It indirectly points out that the navigators to Africa are experimental pieces and majority lost their senses

Information Policy Essay Example | Topics and Well Written Essays - 3500 words

Information Policy - Essay Example Such information does not reach the in the public domain, until it is communicated by unauthorized means, or unless by the organization s policy permits such disclosure which is stated in the Public Disclosures Act 1998 (Anderman 1998 p15). All report, documents and information that are confidential that are made or gained during employment will be the sole property of the organization and has to be submitted back to the organization at the time of termination or resignation. Employee ought to realize that in during his/her employment with the organization; the Employee might get authorized access to or unintentionally come across "confidential information." As utilized in the Confidentiality Agreement, "confidential information" is the similar to "protected health information. These are even known as the Trade Secrets. Employee has an obligation to withhold the confidential information of the organization in strict confidence as well as not to reveal or otherwise use this confidential information apart from when this information plays an essential role in the Employee's regular job responsibilities. This indicates, amongst all things, that: Employee has an obligation to not disclose, reveal, copy, make public, trade, lend, assess, change or wipe out any confidential information of the organization only when the employee completely authorized by the organization; and Employee has an obligation not to misuse or steal the accessed ... Employee has an obligation to withhold the confidential information of the organization in strict confidence as well as not to reveal or otherwise use this confidential information apart from when this information plays an essential role in the Employee's regular job responsibilities. This indicates, amongst all things, that: Employee will have an obligation only to access confidential information only when he needs it for legitimate business. Employee has an obligation to not disclose, reveal, copy, make public, trade, lend, assess, change or wipe out any confidential information of the organization only when the employee completely authorized by the organization; and Employee has an obligation not to misuse or steal the accessed confidential information. Employee's further obligation is to stop unauthorized utilization of confidential information and he is also obligated to the policy to complain about any unauthorized utilization of confidential information to the Privacy Officer of the organization.The Employee has an obligation not to get rid of any record of clients (as well as the copies of the records ), or any other kind of confidential information, thus the Employee is obligated to the policy by not getting rid of any original record s of clients from property of the organization's if he has no past permission by the supervisor. Employee has an obligation not reveal his or her network computer password to anybody, or permit anybody to access or change information in the Employee's identity. Employee realizes that the trade secrets have to be kept confidential both in as well as outside the organization where he works and so he must talk about the trade secrets with every individual or organization as

Correlation of how many student took the LSATs and how many students Essay

Correlation of how many student took the LSATs and how many students actually got accepted into law school - Essay Example In essence, Law Schools will try to place higher LSAT requirements for students so that they are protrayed as having higher standards and so that they compete effectively. LSAC implemented the requirement to ensure uniformity in the criteria that member schools used to admit students to their law programs. However, the validity of LSAT has come under controversy considering that there is a possibility that students who might be proficient could be left out by LSAT requirement. A study conducted by Domino & Domino established that 54% of those students who passed the LSAT actually proved that the test was valid. The study was conducted on first year students using their average scores in various Law Schools and involved 726 students (12). However, Domino & Domino also explain that the values were very different across schools. Controversies have also recently arisen over cheating where some students hire other people to take the tests for them. The general realization from these findings is that there are other factors that influence the LSAT other than the standardization requirement by the schools. For instance, Law Schools might make the tests extremely difficult so that they appear as having high quality students and therefore influence the admission of their graduates to the mainstream practising of the Law. The essence of tests is not to lock out candidates but to ensure that only those candidates with the correct qualifications are admitted. The following paper seeks to establish the nature of correlation between the number of students who take LSAT and the ones who actually get admitted in Law schools so as to determine whether most students who take the exams fail or pass. According to Burdette, â€Å"LSAT is usually administered by the Law School Admissions Council a non-profit organization†¦Ã¢â‚¬ (4) and the general realization is that Law Schools realized that they needed

Women Progress In The 20th Century Essay Example | Topics and Well Written Essays - 1250 words

Women Progress In The 20th Century - Essay Example China went through a nationwide reform in the 20th century. Plagued by the traditional pressures and cultural values, it was difficult for women to embrace freedom and modernity immediately. However, the internal rebellions, political changes, an introduction of new reformsetc., brought an end to the dynasty system. China strived to step up and gain its position in the international arena, for which they had to embrace the inevitable, modernity. Chinese scholars believed that in order for their survival in the modern world they had to form national citizenry which focused upon modernity and nationalism. Modernity suggested the acceptance of women as an important part of the process by acknowledging their significant contribution to the upholding of their cultures, traditions, and the economy. Women thus played a key role in shaping the modern China of today which is known for its strong societal and economic standing(Rudolph, n.d.). Marriage laws supported individual choice more than suppressed obligation to marry and the family structure changes highly. With women becoming more independent, the joint family system was replaced by a highly individualistic living culture with small families. The one child law gave women more time to do something other than child rearing and thus, many resorted to completing their education and seeking active careers. However, culture did play a significant role in the re-shaping of the one-child rule to a two-child one for the purpose of obtaining a son in a family(Hershatter, 2007).

Planning for Learning Essay Example | Topics and Well Written Essays - 2000 words

Planning for Learning - Essay Example Hence it is important to build a homework structure for them and that should find place in middle and high school. The important aspect to be observed is that the planning for learning should consider improvement but not perfection. The planning should consider recording, having the books necessary for learning, reviewing of the student's books, agreeing with the student to participate in the learning program, making them to follow assignments and study hours, keeping them honest in doing work, developing sustenance of attention to follow the planning, making the student to use a calendar to track long term assignments and periodically work on them instead of leaving them for the last minute. Another important aspect in planning a learning program is to assess the learner's needs and behavioural problems. The planning of programs for learning should be according to the assessment. The learning programs as part of the planning should follow inclusive teaching and learning strategies. The teacher should concentrate on managing the process as well as environment as the success of planning in case of ADHD students depends even on environment. At the end of the program it is necessary to assess the outcomes of learning programs. After that it is necessary for a teacher to reflect his/her performance for future practice (Arthur Robin, 2009). 2 Assessing Learners Needs Assessment can serve different purposes as it can grade the attainment of learners. In assessment teacher should consider emotional and practical needs of the student and plan accordingly. The communication that has occurred between teacher and the student helps in assessing his needs practically as well as emotionally. The important aspect in assessing is verbal questions by teacher to students and in the course trying to fulfil their emotional needs. By questioning, teacher can understand the lapses in understanding the problem by the student and that helps in developing a plan for learning for the students having behavioural problems like ADHD as they have attention deficit and, which results in lack of understanding. In addition to that practitioners found that the questioning involves the students and develops communication with teachers thus enabling them to know the points where the student lacks attention. One assessment a teacher can make by questioning is the difference bet ween the students who know and who can understand. If a teacher can find the students who just only know, he/she can plan a program that helps them in understanding the aspect and the concept of the lesson. According to David Edward Gray et al (2000), FENTO Standards for teaching recognise the importance of professional assessment of students that underpins learning as well as achievement. The assessment needs the verification of key elements like vocational curriculum, competencies, underlying knowledge and key skills. The authors of book 'Training to Teach in Further and Adult Education' state that assessment is a process by which evidence of student achievement is obtained as well as judged. It requires evidence and a scale of standards. The assessment includes the capability of the student, performance relative to his/her group and his

Final Paper Essay Example for Free

Final Paper Essay Target corporation is one of the biggest retailers there is out there, bringing in an estimate of $74 million dollars a year in revenue. Majority of Target revenue is earned during the busiest time of the year, which are Black Friday and holidays. Target has had a huge positive reputation because of the â€Å"Expect More Pay Less† promise and giving 5% back to the community. However, Target has been going through some hard times because of the Target breach that occurred during the holidays of 2013. This research paper will focus first on introducing the Target breach and how it has affected the company and what the company has done to fix the problem. Moving forward, I will focus on internal controls that Target could have applied and summarizing everything towards the end. Target Breach Internal Controls Target Corporation is a well known and respected retail store out there. Target is a corporation that buys goods from manufactures at a purchase discount price and reselling it to consumers in a higher price to make a profit. Target has brought in revenue of $74 million dollars a year and continues to grow every year. However, Target has gone through some hard times with the Target breach that just occurred during the holidays of 2013. Consumers have had a hard time trusting their card readers and loyalty and sales have been dropping ever since. The question that is now in the air is what internal controls that company had during this breach and what could they have done to avoid this breach that just occurred. To begin with, the company was running perfectly and driving outstanding sales until the company and guest found out that they had a breach, also known to the community as the â€Å"Target Breach. Target corporation confirmed that a major data breach occurred between Black Friday and December 15, 2013, which includes many of the most important shopping days of the year† (Edelson, 2013). Ever since the Target breach, the company’s reputation was hurt, consumers were not confident about shopping, and are afraid of using the card readers at the stores. Later in time, after the breach was announced, the company had given further information on how the breach affected the people. It is believed that the breach affected roughly 40,000 card devices at store registers, which could mean that millions of cardholders could be vulnerable, according to the people familiar with the incident† (Sidel, 2013). On top of the 40,000 card devices being affected, 40 million people’s credit card and debit card information was stolen. The CEO of Target Corporation later released to the press and announced that personal information such as address, names, phone numbers, and e-mail address were also taken from the Target system. After reading about the Target breach, being an assistant manager for Target, and hearing about the tragic that has been caused, I remember feeling upset because of the way the company was going to be affected. However, it also reminded of the internal control concept that was thought in class. There was a lot of fraud involved with the Target breach, which is something that occurs when it comes to intern control. â€Å"Fraud refers to any act by the management or employees of business involving an internal deception for personal gain. Fraud may include, among other acts, embezzlement of business cash, theft of assets, filing false insurance claims, filing false health claims, and financial statement fraud† (Ferris, Wallace, Christensen, 2014, pg. 314). With the Target breach, you are able to see the fraud triangle concepts, which consist of pressure, opportunity, and rationalization. Being employed by Target, that concept came into mine when reading the article because there was an e-mail sent to management about believing that an employee that worked with the POS (point on sale) system had a lot of inside information within the system. The pressure was there to get information from the POS system and rationalization was involved when they knew that they can get credit card information. The opportunity occurred when they knew the busiest time of the year was going to be Black Friday and majority of the sales are driven in that day. From all that has occurred it is not clear what internal controls Target had in order to avoid this situation. Internal controls are important when it comes to businesses in order to avoid situation like the Target breach. There are two parts that I believe that important when it comes to internal controls, which are prevention control and detection control. A â€Å"prevention control is intended to deter a problem or fraud before it can arise† (Ferris, Wallace, Christensen, 2014, pg. 316). Target should have followed the prevention control with the POS system in order to avoid the Target breach. A â€Å"detection control, on the other hand, is designed to discover any problems or fraud shortly it arises† (Ferris, Wallace, Christensen, 2014, pg. 316). Target followed the detection control after the problem of the breach was brought and took justice in their own hands in order to fix the problem. The first thing Target did was post a prominent message on its Web site, â€Å"Important notice: unauthorized access to payment card data in the U. S. stores. † The message linked to a letter alerting customers that a breach occurred and outlining steps Target is taking to a voice a recurrence† (Edelson, 2013). Another step that Target has taken is bringing justice for the information was that was stolen out of their systems. Target had invested $5 million dollars into a multi-year campaign in order to stop phishing scams (Target, 2013). â€Å"Target has longstanding history of commitment to our communities, and cyber security is one of the most pressing issues facing consumers today,† said Steinhafel. â€Å"We are proud to be working with three trusted organizations-the National Cyber-Forensics and Training Alliance (NCFTA), National Cyber Security Alliance (NCSA) and Better Business Bureau (BBB)- to advance public education around cyber security† (Target, 2013). Target has gone to long measures to protect the information of the guest and reinsure loyalty by offering ProtectMyID, which keeps track of credit reports, monitoring, and identity theft (Target, 2013). As an apology to the guest, Target offered a 10% off discount to all guests which were a huge success for the company but numbers of transactions was cash paid. Being an employee for Target, we are still determine to follow our core roles, continue delivering the â€Å"Expect More Pay Less† promise, and delivering an excellent shopping experience for our guest in order to continue driving profitable sales and guest loyalty. In order to avoid this situation and detect the problem ahead of time, Target should have incorporated the following elements that are designed for prevention and detection controls. The first element is establish clear lines of authority and responsibility, which is giving authority to a supervisor or manager but also evaluation their consequently to companies policies and rules. Implement segregation of duties, â€Å"requires that when allocating various duties within the accounting system, management should make sure that no employee is assigned too many different responsibilities† (Ferris, Wallace, Christensen, 2014, pg.317). Hire competent personnel, which the company sees if that person has the education and qualified skills to perform that job. Use control number on all business documents, which is having all important documents with control numbers. Develop plans and budgets, which is having a plan and budget in order to bring the company forward. For example, the $5 m illion dollars that were invested in the anti fraud software in order to bring guest loyalty back. Maintain adequate accounting records, which is making sure that the company has the most recent accounting records. For example, the number of fraud claims that were reported under guest bank statements in order to reinvers their money back. Provide physical and electronic controls, is locking their doors or important files to prevent theft, which should have happened with the POS system. Conduct internal audit, â€Å"is a company function that provided independent appraisals of the company’s financial statement, its internal control, and its operations† (Ferris, Wallace, Christensen, 2014, pg. 319). In conclusion, we are able to see how the company was impacted from the breach that had occurred and the actions that the company has taken in order to fix the problem. People information had been stolen and finances have been tampered through it. We are able to see how internal controls play an important part when it comes to finances, accounting, and to businesses such as Target. If the proper elements and procedures had been applied with internal control I am sure that all of this could have been avoided or reduced.

Cash Flows Essay Example for Free

Cash Flows Essay â€Å"The statement of cash flows reports the cash receipts, cash payments, and net change in cash resulting from operating, investing, and financing activities during a period† (Weygandt, Kimmel, Kieso, 2010, p. 614). Companies are required to prepare a statement of cash flow because it contains important information about the company that deems useful for external sources, such as investors, to make educated decisions about a company. The information contained in the cash flow, such as the company’s ability to generate cash and meet obligations, assists creditors and investors to determine the adequate decision regarding extending credit or investing. The statement of cash flows is divided into three sections: Operating activities, investing activities, and financing activities (Weygandt, et al, 2010). Each of these sections have reflect their own characteristics of transactions and other events. First, operating activities include transactions that create revenues and expenses; these are included in the determination of net income (Weygandt, et al, 2010). Second, investing activities has two purposes: includes the acquisition and disposing of investments and property, plant, and equipment, and lending money and collecting the loans (Weygandt, et al, 2010). Third, financing activities include two purposes: obtaining cash from issuing debt and repaying the amounts borrowed, and obtaining cash from stockholders, repurchasing shares, and paying dividends (Weygandt, et al, 2010, p. 615). Operating activities, which include income statement items are: Cash inflows – from sale of goods and services, and from interest received from dividends received; Cash outflows – to suppliers for inventory, employees for services, and others for expenses (Weygandt, Kimmel, Kieso, 2010, p. 616). Investing activities – investments and long-term assets: Cash inflows – from sale of property, plant, and equipment, and collections on loans to other entities; Cash outflows – to purchase property, plant, and equipment, purchase investments in debt, and making loans to other entities (Weygandt,  Kimmel, Kieso, 2010, p. 616). Financing activities involves long-term liabilities and stockholders’ equity: Cash inflows – from sale of common stock, and from issuance of long-term debt; Cash outflows – to stockholders as dividends, and to redeem long-term debt or reacquire capital stock (Weygandt, Kimmel, Kieso, 2010, p. 616). References Weygandt, J. J., Kimmel, P. D., Kieso, D. E. (2010). Financial accounting (7th ed.). Retrieved from The University of Phoenix eBook Collection database.

Byzantine times: The effect on women

Byzantine times: The effect on women An average woman in the fifth and sixth centuries of the Byzantine Empire did not have a big role in public society.  [1]  In fact, it was common for her to not be seen in public at all. It was standard for Byzantine women to get married around twelve to thirteen years old due to an arranged marriage chosen by her parents. Once married she spent most of her time at home. Occasionally a woman was allowed to leave her home to attend to church, festivals, marriages, births, visit relations, or go to public baths. These were the only activities in society acceptable where a woman could to leave her house.  [2]  However, if a woman must venture outside, she must have her face covered by a veil at all times and be accompanied by a man. Though veils were rarely shown in Byzantine artwork, this was a social standard for women. The wearing of veils often represented the difference between an honest women and a prostitute.  [3]   Even in her own home, a Byzantine woman had to endure gender inequalities. During meals she was not allowed to dine with men foreign of her relations. More often than not, she would be eating alone separate from men.  [4]  For her education, she was taught skills only useful for a house wife. If a woman was in middle to upper class, she was usually taught to read, write, and sing.  [5]  Women of royalty however, were given the opportunity to study medicine and natural sciences with scholars in their courts.  [6]  Nevertheless education was usually second quality compared to the education given to men. Women could easily be described as cloistered as prisoners, though her prison walls were only the invisible judgments and rules cast by society.  [7]   Most women could not participate in politics. A woman could not even testify in court for fear that her testimonial would be easily influenced by her husband or brother. It is only in rare cases where a man was not involved that a woman could testify.  [8]  Despite what little influence and respect women had in public society, through home life a woman could still easily influence her own husband, sons, brothers, and other male relations in her home life.  [9]  This influence could be subtle in a small Byzantine family or extremely considerable if she was the wife of the emperor. Unlike men who could rise up to a political position through military, or the church, for a women to gain political power she had either be born or marry into aristocracy. Born in 399 A.D, Empress Pulcheria was the eldest daughter of Emperor Arcadius.  [10]  She was a devoted Christian that paved her way into power through her influence over her younger brother Theodosios II. She eventually received the title of Augusta (Empress) which was the highest position a woman of relation to the Emperor could aspire to.  [11]  Pulcheria was just two years older than Theodosios II but had a great influence over him all his life. Though Pulcheria was the eldest born into royalty, she did not have much power as she would if she had been born male. Even with this gender disadvantage, she was extremely intelligent. At the age of 16, she swore a vow of chastity and also influenced her younger sisters to do the same.  [12]  This was a way to sustain power that would be lost if she was forced into marriage as well as stop the competition to her brothers throne.  [13]  The reasoning she gave for her actions was due to her Christian fate, comparing the Vi rgin Mary as her heavenly counterpart.  [14]  Figure 1 depicts an ivory relief known as The Translation of Relics Ivory dating around the year 420 A.D.  [15]  and was acquired by the Trier Cathedral in 1844.  [16]  The carving measure 13.1 x 26.1 x 2.3 cm and has been cut to a depth of 2 cm  [17]  . The Byzantines loved ivory and usually imported it from India and Africa. The ivory of this specific piece has been speculated to have been imported from Africa do to its larger size.  [18]  The Translation of Relics Ivory depicts a procession of people in the streets followed by two priests riding a chariot pulled by mules. Leading this procession is an Emperor holding a candle and ready to receive the relics is an Empress holding a cross in front of church doors. In the background are onlookers cheering waving incense and a church which is still under construction, still being complete for the relics to be place into. For many years, the protagonists in this relief have been unidentifiable. Historians have compared the lives of Justin II, Maurice, and Phocas and their wives but found no historical evidence which relates them to this scene.  [19]  In the late 70s, The Translation of Relics Ivory has been identified by historians, Kenneth G. Holum and Gary Vikan that the characters in this relief are likely Empress Pulcheria, her brother Emperor Theodosios II and the relics given are the bones of Saint Stephen. The historians deducted this from written evidence of a chronicler of the ninth century named Theophanes Confessor. In his narrative he wrote: Under the influence of the blessed Pulcheria, the pious Theodosius sent a rich donation to the archbishop of Jerusalem for distribution to the needy, and also a golden cross studded with precious stones to be erected on Golgotha. In exchange for these gifts, the archbishop dispatched relics of the right arm of Stephen Protomaryr, in the care of St. Passarion [Pulcheria] arose taking her brother with her and went to greet the holy relics. Receiving them into the palace, she founded a splendid chapel for the holy Protomartr, and in it she deposited the holy relics.  [20]   The narrative matched perfectly with the description of The Translation of Relics Ivory as well as another found narrative which proved that the bones of Saint Stephen had in fact appeared outside Jerusalem that time in December 416 and later went under control of the bishop.  [21]  The church under construction is believed to be a church of St. Stephen.  [22]  An interesting detail to The Translation of Relics Ivory is the composition of the piece. The entire focus of the image is on Pulcheria rather than the Emperor Theodosios II, her brother. Even Theodosios relief is still a bit further back than hers, as he is standing right next to her. This is a huge representation of Pulcherias power as she is the center of attention opposed to the Emperor himself. In her lifetime, Pulcheria had commissioned several new churches, most dedicated to her patron saint the Virgin Mary. It was well known that Virgin Mary deeply impacted her life to staying openly celibate for God. However during the fifth century the Virgin Mary was not a major figure in Constantinople.  [23]  Her choice for the Virgin Mary as her patron was not to advance women but simply get rid of the stigma that women were the curse of eve, a curse which claimed that women where responsible for original sin.  [24]  It was also due to Pulcherias influence that the Virgin Mary would be again be known not just as the Mother of Christ (christotokos) but the Mother of God ( theotokos) when the statement was overturned.  [25]  Pulcherias most well-know church to the Virgin Mary is the Church of Saint Mary of Blacherne , which has also been depicted in literature with names such as the Panagia of Blachernae and the Blachernae Monastery. The church started construction in 450 A.D. and was finished by her husband Marcian after Pulcherias death in 453 A.D.  [26]  The church was built around a pre-existing sacred spring called the Ayazma of Blacherne.  [27]  It is also said that Christians of Jerusalem had contributed a robe that belonged to the Virgin Mary as a relic for the church,  [28]  though other sources state that the robe was stolen.  [29]  Figure 2 shows the church before its second fire, and Figure 3 shows the current modern church after being rebuilt. The church focused around images of the Virgin Mary, which led to much destruction of its icons during the reign of Constantine V.  [30]  The church first burnt down in 1070 from a fire but was rebuilt again using its old floor plans.  [31]  The church was completely burnt down yet again in 1434, this time from a careless fire caused by children chasing pigeons on its roofs.  [32]  By the time Constantinople fell to the Ottoman Turks in 1453, the Church of Saint Mary of Blachernae no longer existed and the people of Constantinople had to turn to different mediums for the protection Virgin Marys icons.  [33]   Figure 3 shows Icon of the Virgin Blachernitissa. In 626 A.D., the Blachernitissa was credited for the protecting the city from an Avar attack as well as an Arab siege in 717. Thus this relics reputation grew to be known as a powerful Byzantine talisman of protection and was kept in the Church of Saint Mary of Blachernae.  [34]  Though the figure head of this icon was a woman, it had huge veneration. The term Blachernitissa was a type of representation of the Virgin Mary named after the Church of Saint Mary of Blachernae.  [35]  The icon shows Mary within it and was held in the Church of Saint Mary of Blachernae. The piece was also within the church during its 1434 fire and was thought to be destroyed. It was a talisman that represented the protection of the citys walls.  [36]  Its absence was believed to be the reason why the Ottoman Turks succeeded their invasion only 19 years later. The year 730 was the start of the first iconoclastic period lasing until 787.  [37]  It started with Emperor Leo III, who reigned from 717-740. The Iconoclasts believed that icons where evil and led to the misinterpretation of the Catholic religion. As the Iconoclasts resorted back into symbols and scripture, they tore down icons, thinking them as heresy to their religion. When Leo III died in 740, his son Constantine V continued the ban of during his reign in 741-775.  [38]  It was during Constantine Vs reign, that the Church of St. Mary of Blachernae was attacked by iconoclasts. Constantine V ordered the destruction of the interior mosaics that represented a New Testament cycle and replaced them with vegetal ornaments and pictures of birds.  [39]  It was fortunate however that the Icon of the Virgin Blachernitissa was hidden from destruction at this time. This first Iconoclastic period was stopped by Empress Irene. Irene acted in the name of her son Constatine VI, who was too young to rule at the time. She created and ordered the Second Council of Nicea, which supported Iconophiles.  [40]  As Iconophiles, they believed that images were also representing their religion and they were not wrong in using them. The Council condemned the opposition to icons as heresy. It is through Irenes actions of the revival of icons that she earned the title of Saint in the Greek Orthodox Church. The second iconoclastic period lasted 814-842. This time it was Emperor Leo V (reigning from 813-820) who instated this new wave of iconoclasm. It was speculated that it was to cure the recent military failure. Emperors Michael II and Theophilus who succeeded him were also iconoclasts. However after Theophilus died, he was succeeded by his son Michael III. Michael at the time was too young to reign so his mother Theodora acted as a regent for him. Similar to Irene, Theodora was an iconodule and was able to proclaim the restoration of icons. Now ever since the revival of icons, the first Sunday of Lent is celebrated as the Triumph of Orthodoxy. Figure 4 shows the Icon of the Triumph of Orthodoxy, a painting that was painted on a wooden panel covered with gesso and linen. Its medium was egg tempera and gold leaf.  [41]  The center of the painting is a portrait of the Virgin Mary, said to be painted by St. Luke. Empress Theodora and her son, Emperor Michael III, appear on the left o f the portrait. On the right are three monks with the Patriarch Methodios. This painting was painted more than 500 years after the end of iconoclasm during the time when the Byzantine Empire was under threat of invasion by the Ottoman Turks.  [42]  Again as it is not usually common for a woman to be in the painting, Empress Theodora is shown next to her son in royal robes. Though she is not next to them, Theodora is shown at the same level as the bishops. In the center of the painting is the Blachernitissa, the Virgin Mary and child. The Virgin Mary was a celebrated icon of her woman status. It is not surprising that Irene and Theodora were iconophiles. Since the average Byzantine woman was housebound for the majority of their lives, most had a special dedication to religious practices involving icons.  [43]  It might be due to their life style that women where the most affected when their precious icons where taken away. The influence women had and their relations to art during the Byzantine Empire shown to be very important. It is through the influence of the empresses Pulcheria, Irene and Theodora that impacted artwork despite a judgmental and men-driven environment that shadowed their lives. It is as fascinating and influential as the works themselves that these women were able to influence the Byzantine public and the artwork. Is Bitcoin the Best Cryptocurrency? Is Bitcoin the Best Cryptocurrency? Is Bitcoin the most practical form of cybercurrency? In 2009, the world was forever changed when an anonymous individual that goes by the name of Satoshi Nakamoto introduced the world to a new form of currency: the bitcoin. A bitcoin is a form of cybercurrency that cannot be traced to the person that purchases them.   Through the introduction of the bitcoin, several other companies have released their form of cybercurrency. These newer currencies range from the â€Å"Litecoin† to the â€Å"Dogecoin†. While bitcoin has been the figurehead of the cyber-coin movement, there are several other notable and more efficient â€Å"altcoins† as they are referred to: the ever popular â€Å"Dogecoin† for the online â€Å"memer† community, the Litecoin, a more efficient version of the Bitcoin, the â€Å"Ripple†, the â€Å"Ethereum† cryptocurrency, and â€Å"Dash† are all widely accepted cryptocurrencies that are taking the world by storm. The Bitcoin was one of the first forms of cryptocurrency that gained notoriety. Bitcoins are not a form of tangible currency; they are not connected to banks in any way, shape or form. There are no transaction fees and no way that a Bitcoin can be traced back to someone that purchases them. Merchants are beginning to accept bitcoins as a new method of payment, ranging from food, trips to the hair salon, and even illegal products on the internet! To acquire a bitcoin, people purchase them on a multitude of cryptocurrency exchange market websites. Transfers are relatively simple; People can easily transfer their bitcoins among each other by using mobile apps or their computers. People are also capable of â€Å"mining† for bitcoins, where individuals solve complex math problems, which is how Bitcoins are made. However, Bitcoins are kind of shady; If an everyday person was to invest in purchasing some Bitcoins, the only thing that protects their cryptocurrency is a Blockchain that you need to enable. This means that virtually anyone that has hacking experience can take that person’s Bitcoins if they do not take the necessary steps to protect them. Granted, the anonymity of Bitcoin transactions and purchases make it somewhat secure, but anyone that solves the complex mathematical equations is probably able to hack into an unsuspecting person’s account.[1] The Bitcoin is one, if not the most popular form of cryptocurrency. However, there are a vast majority of other â€Å"altcoins† that seem to be up-and-coming. Someday, these â€Å"altcoins† may end up surpassing the Bitcoin in terms of use. One of these cryptocurrencies is known as the â€Å"Dogecoin†. The â€Å"Dogecoin† is a growing altcoin in today’s era of cryptocurrencies. The â€Å"Dogecoin† is â€Å"a peer-to-peer digital currency, favored by Shiba Inus worldwide†. It works very similarly to the Bitcoin; however, it has the Doge internet meme as the face of the currency. This altcoin caters to the meming community of the internet, which is how it advertises to its patrons. To sell their altcoins, they advertise that people that use this form of currency are in a tight-knit community, which has a Reddit sub-thread; they also explain that it is seamless to set up an account to transfer and store Dogecoins. The creators of Dogecoin also create a video that explains the origin of this meme-ridden cryptocurrency in a ninety second video, which was incredibly hard to stomach, for a multitude of reasons (I will be sure to provide the link for you somewhere; viewer discretion is advised). This altcoin is for the people of the internet that everyone collectively hates on. However, the currency is efficient, fun, and very similar to the Bitcoin. Although they have a section on their website dedicated to teaching patrons about the origin of doge, it is an ingenious selling point, as most memers just want to belong to something other than Reddit (Can you blame them? That community sucks). The Litecoin is another popular form of cryptocurrency.   Introduced in 2011 by Charles Lee, it is very similar to the Bitcoin; however, it is more practical in terms of security, and speed of transaction. The community of Litecoin also makes a point to stay united; the Litecoin community has also created forums, subreddits, and other networks. Litecoin also has a tab on their website dedicated for resources to the community. The resources tab was intended to allow their community to better understand the Litecoin and other cryptocurrencies and how they compare. Litecoin also utilizes a better form of Blockchain, a service which is considered to be the greatest software platform for digital assets. Wallet encryption is also a feature included in the Litecoin cryptocurrency; Litecoin requires that you provide a password for every transaction you encounter when utilizing the Litecoin. The password feature is useful, as it prevents theft from hacker or people that utilize bots to do t heir dirty work and also makes sure that you are positive that you need to spend your Litecoins. With any cryptocurrency, users are also allowed to mine for Litecoins, as long as they basically know rocket science. While the Litecoin is still up-and-coming, it seems to be quite secure. As of right now, it is the silver to Bitcoin’s gold.[2]   However, with more time and donations, the Litecoin could manage to surpass the success of the Bitcoin. It provides people with a significantly larger amount of coins in the economy, however, this could pose threats for inflation While this may pose a threat in the long run, the use of Litecoins seems to be practical. Overall, Litecoin is a practical and cheaper alternative to invest in, because it is cheaper to purchase and it is safer to utilize due to the use of mandatory passwords. One of the more unique forms of cybercurrency is the â€Å"ripple†. It is a form of cryptocurrency that works to connect of the economies together. The ripple works in tandem with banks. The reason the ripple works with banks is to transform how money is sent across the world, which they feel is a vital step in the advancement of economics, both international and nationally. Their company vision is to enable the â€Å"Internet or Value† to move value as fast as information travels across the internet. Traditionally, two banks would use a third bank as a middle-man to send money to each other. B including the â€Å"ripple solution† to this equation the third bank is eliminated from the process, resulting in a much more efficient system for transactions from bank to bank. The â€Å"ripple solution† also works to convey useful information and messages to both banks. The ILP ledger that the ripple service is run through, works to coordinate fund movements between institutions to settle the payment†[3]. Overall, the ripple system seems to be a practical form of cryptocurrency for everyday use. While it is not ideal for the pesky dark web users that require anonymous currency, it is a much simpler way for foreign transactions to occur, or even people that do not use the same bank to make a transaction. This is also the optimal form of cryptocurrency when dealing with foreign affairs because it is incredible secure; there is complete transaction privacy for each financial institution involved. Most banks do not operate on the same network, especially those in different countries. With the Ripple solution, banks on separate networks can transact directly. There is also an ability to connect traditional and emerging financial networks together, which is immensely useful in the modernizing and integrating of international economics. Another notable form of cryptocurrency is Ethereum. Ethereum was developed in Toronto, Canada by a nineteen-year-old programmer. Vitalik Buterin created Ethereum in 2011, after learning more about Bitcoins and other forms of cryptocurrency. He also created Bitcoin Magazine, an online news website about the cryptocurrency world.[4] Ethereum is one of the newer forms of cryptocurrencies on the market. The Ethereum Foundation has a similar view as the Ripple Foundation. â€Å"While bitcoin aims to disrupt PayPal and online banking, Ethereum has the goal of using a blockchain to replace internet third parties — those that store data, transfer mortgages and keep track of complex financial instruments†[5]. In short, the Ethereum Foundation’s long-term goal is to be a sort of world computer. â€Å"Although the apps appear to be possible, it’s unclear which blockchain applications will actually prove useful, secure, or scalable, and if they will ever be as convenient to use as the apps we use today† [6] The Ethereum Foundation uses a form of currency known as the â€Å"ether†. Ether are unique pieces of code that allow updates to the blockchain’s ledger.[7] The process behind obtaining and holding ether is similar to most forms of cryptocurrencies. First, there are varying levels of security and risks that you can take in the method of storage for ether. The first method is a desktop wallet to store ether. This form of storage requires the user to download a sort of blockchain, known as the â€Å"Ethereum client†-a copy of the entire Ethereum blockchain. The desktop wallet will also need to stay updated with transaction records.[8] The next type of storage is possible through a mobile device, typically a cell phone. The app that caters to the â€Å"light† users of Ethereum is incredibly convenient but equally as risky; light users rely on miners and other people involved in The Ethereum Foundation to verify transactions and secure their ether. If the light users lose their private keys, they will not be able to contact anyone to be able to access their ether, meaning they will ultimately lose all of the money they put into their account.[9] The next form of storage is through hardware. â€Å"These secure devices that can often be detached from the internet, and can sign transactions without being online†, meaning that although it is incredibly secure, this method can be incredibly irritating to deal with if the user is constantly out and about. The last form of storage a patron of the Ethereum Foundation can partake in is paper currency. In this method, the user carefully writes the private key and can securely store it in a deposit box or something similar.[10] While this is the most efficient way to utilize ether, it is also the most difficult method to secure and maintain. But how can users obtain ether? Ether can be purchased in person or on the internet from miners, or other users that desire to have their country’s recognized form of currency, or even other types of cryptocurrency. Unfortunately, if users are looking to purchase ether in person, it should be in a highly-populated area, such as New York City or Toronto in order to find someone that also uses ether; in less populated areas, this is not necessarily an option. While Ethereum is a growing form of cryptocurrency. However, it is not considered to be one of the most secure or efficient. While it could develop to be something incredible, as of right now, the cryptocurrency advocates of the world deem it to be a little over-zealous. Ethereum is definitely on the right track to becoming one of the best forms of cryptocurrencies, but it has a lot of room for improvement. As of right now, J.P. Morgan Chase, Microsoft and Intel have all allied in order to make Ethereum’s goal easier—a â€Å"world computer†. â€Å"Dash† is another one of the most popular forms of cryptocurrency.   Its name conveniently combines the word â€Å"digital† and â€Å"cash† together (which is super nifty right? Names are always so original when their used in business or history.). It was designed for the honest, hardworking nerds out there. These miners that participate in the mining of this cryptocurrency mine for their fair share of Dash coins. However, unique to the Dash coin system, you need special hardware and computers to mine for the coins.[11] Another useful aspect of the Dash coin is that the transactions are allegedly instantaneous. This caters to people that value time. According to Dash coin, Bitcoin takes roughly an hour for the transaction to process. While the Bitcoin is the most popular form of cryptocurrency, it is not the most efficient or practical form of currency in a generalized sense. It is useful for a multitude of reasons: anonymity, for the people that are ashamed with their addiction to My Little Pony collectables, people that are too afraid to meet their drug dealers face-to-face, or those undercover cannibals that so desperately want to try a new body part (Eww. Still can’t wrap my head around this one). However, funds of the patrons that utilize the Bitcoin as their go-to form of cryptocurrency run the risk of it being stolen by hackers. Dogecoin is a light and comical approach for the cryptocurrencies that are becoming a widely popular global phenomenon. While at first it was a joke among the Reddit community, it grew into an ever-popular alternative cryptocurrency to the Bitcoin. While it may not be the most practical form of cryptocurrency. It is a very useful alternative on the steady rise. In time, it may even be able to pass the most popular coin—the Bitcoin. The Ripple Foundation really outdid themselves with their form of cryptocurrency. It is one of the most optimal forms of cryptocurrencies in order to simplify the way people bank with each other. By making Ripple the middleman between the banks, it creates communication and eliminates any ways that banks that transfer money between two banks would eliminate misconceptions or errors. Ethereum is the next most efficient cryptocurrency, although highly unlikely to fully be achieved within the next couple years. While several notable companies have allied with the Ethereum in an effort to expand their company, they have a long way to go in order to achieve their goals to create a â€Å"world computer†. However, the most efficient form of cryptocurrency seems to be the Litecoin. While it is not worth as much as the Bitcoin, it uses faster transaction times. The Litecoin also has a very friendly website. That instantly allows you to access their forums and helpful videos to better understand their cryptocurrency and other forms of cryptocurrencies, as well.   It is also very secure, while still being efficient. There are a multitude of ways to secure your currency, one of them being the useful password feature. Where Bitcoin makes it optional to secure your account, Litecoin makes it mandatory. Bibliography n.d. Bitcoin. Accessed May 12, 2017. https://bitcoin.org/en/. n.d. Blockchain. Accessed May 12, 2017. https://www.blockchain.com/. n.d. Comparing Bitcoin to Litecoin. Accessed May 12, 2017. http://www.coindesk.com/information/comparing-litecoin-bitcoin/. corporation, dogecoin. n.d. Dogecoin. Accessed May 12, 2017. http://dogecoin.com/. Foundation, Ripple. n.d. Ripple. Accessed May 12, 2017. https://ripple.com/. Hertig, Alyssa. n.d. How to use Ethereum. Accessed May 12, 2017. http://www.coindesk.com/information/how-to-use-ethereum/. —. n.d. What is Ethereum. Accessed May 12, 2017. http://www.coindesk.com/information/what-is-ethereum/. —. n.d. Who Created Ethereum. Accessed May 12, 2017. http://www.coindesk.com/information/who-created-ethereum/. n.d. How Ethereum Works. Accessed May 12, 2017. https://www.ethereum.org/. Networks, The Dash. n.d. Dash. Accessed May 12, 2017. https://www.dash.org. Tal Yellin, Dominic Aratari, Jose Pagliery / CNNMoney. n.d. What is Bitcoin? Accessed May 12, 2017. http://money.cnn.com/infographic/technology/what-is-bitcoin/. 2017. What is a Bitcoin? May 12. http://www.coindesk.com/information/what-is-bitcoin/. n.d. What is the Best Cryptocurrency to Invest in Long Term and Why? Accessed May 12, 2017. https://www.quora.com/Whats-the-best-Cryptocurrency-to-invest-in-long-term-Why. n.d. What is the Litecoin? Accessed May 12, 2017. https://litecoin.org/. >[1] n.d. Bitcoin. Accessed May 12, 2017. https://bitcoin.org/en/. >[2] n.d. Comparing Bitcoin to Litecoin. Accessed May 12, 2017. http://www.coindesk.com/information/comparing-litecoin-bitcoin/. >[3] Foundation, Ripple. n.d. Ripple. Accessed May 12, 2017. https://ripple.com/. [4] —. n.d. Who Created Ethereum. Accessed May 12, 2017. http://www.coindesk.com/information/who-created-ethereum/. >[5] —. n.d. What is Ethereum. Accessed May 12, 2017. http://www.coindesk.com/information/what-is-ethereum/. >[6] n.d. How Ethereum Works. Accessed May 12, 2017. https://www.ethereum.org/. >[7] ibid [8] ibid [9] Hertig, Alyssa. n.d. How to use Ethereum. Accessed May 12, 2017. http://www.coindesk.com/information/how-to-use-ethereum/. [10] ibid [11] Networks, The Dash. n.d. Dash. Accessed May 12, 2017. https://www.dash.org.