Quickflix is a DVD rental company, as it said, it is the leading online DVD rental operator in Australia. It allows members to select DVDs from an online library of movie, TV series and music titles and have them delivered through the mail. Members pay a monthly fee regardless of how many DVDs they rent or how long they keep each title. Here is the website www.quickflix.com.au
What assets might an attacker want to acquire from this target?
As a DVD rental company, the most valuable assets of Quickflix are its physical goods, the DVDs. These plastic chips are storing in Quickflix's warehouse, and will be delivered by POST once it has been put on the list.
The other kind of assets is the service availability. This can be seperated into two aspect.
The first one is the safety of Quickflix's website. Generally, all interaction between Quickflix and renters takes place through the company's website. Once the website is down, all services to users become unavailable. They can not sign up, or browse and order DVD anymore. If that really happy, the lost could be huge. Another possibility is running out of inventory. Imaging that all copies of some heat movies being rent out and no spare one available. This will strike the confident of users to the company and may lead to a losing of customers.
Users information on Quickflix could be the assets wanted by an attacker.Membership System is implemented on Quickflix, users need to become a member before enjoying the DVD rental services. When new user signing up, personal information such as name, address, and creditcard details will be required by registration system. That suggests the company may probably storing these private message in their database.
Intellectual Property (inventions, trade secrets, know-how)
As Quickflix is in the leading place of online DVD rental business in Australia, its business secrets will certainly be wanted by competitors, and also the attackers. These secrets can be trading records, business proposal, or inventory information.
What information can be obtained through passive reconnaissance that would be helpful to such an attacker in mounting an attack?
Its hard to discuss how to preventing DVD being stolen from Quickflix's warehouse. Here I will focus on how a attacker will play a trick to steal the DVD when it has been sent out. To do such a trick, attacker should know how the delivery process working, and what is the return policy. The more such information being collect, the more possibility a trick can be play on that.
One way to disable the service is attacking the website. Once the website crashed, all interaction between Quickflix and its customer To carry out, suck attack, attacker need to collect a...