• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.721-736
• /
• 2023

The Command and Control Framework was developed for penetration testing and education purposes, but threat actors such as cybercrime groups are abusing it. From a cyber threat hunting perspective, identifying Command and Control Framework servers as well as proactive responding such as blocking the server can contribute to risk management. Therefore, this paper proposes a methodology for tracking the Command and Control Framework in advance. The methodology consists of four steps: collecting a list of Command and Control Framework-related server, emulating staged delivery, extracting botnet configurations, and collecting certificates that feature is going to be extracted. Additionally, experiments are conducted by applying the proposed methodology to Cobalt Strike, a commercial Command and Control Framework. Collected beacons and certificate from the experiments are shared to establish a cyber threat response basis that could be caused from the Command and Control Framework.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.7 no.4
• /
• pp.937-944
• /
• 2012

Smoking in adolescence can cause other health risks such as drinking and abusing drugs. Besides, it goes on adulthood so it can threaten their health all days. This study want to know the relationship between smoking and internet addiction in mid- and highschool students in Korea. It conducted for 38,409 middle school students and 36,657 highschool student in Korea. Smoking and internet addiction was investigated by chi-squared test and the relation between them was done by a Logistic Regression Analysis. The statistical significance is under 0.05. The percentage of smoking is 34.2% in male student and 19.7% in female student. The percentage of internet addiction is 17.6% in male student and 11.4% in female student and it is higher in students who smoked by 1.06 times for male student and 1.62 times for female student. This result shows that smoking which is non-healthy habit is related with internet addiction significantly. Smoking can cause high stress and this stress is shown to be developed in internet addiction. In conclusion, smoking and internet addiction in adolescence are bad habits and they are affect each other. Therefore we have to consider a measure by looking as smoking, stress and internet addiction are complex health risks rather than trying to prevent and treat them individually.

• Management & Information Systems Review
• /
• v.35 no.2
• /
• pp.83-97
• /
• 2016

The purpose of this study is to evaluate our system and consider how the tax rules on corporate reorganization and asset adjustment account can be improved. The scope of this study includes the Korean tax rules on corporate reorganizations, as well as key tax benefits provided by the Special Tax Treatment Control Act. In case of Korea, The relevant regulations and system of taxation respecting the merger has been made the rapid progress in several respects in this situation, there are capable of improvement. This paper suggests improve some problems on tax avoidance abusing incomplete tax law. First, the asset adjustment account is the difficulty that it needs to follow-up during this period of time, as well as the complexity of the accounting and tax adjustments on the practice. If it is permitted to succeed asset-liability as market value, the complexity of asset adjustment account in corporate tax accounting also disappear. Second, in case that controlling shareholders possess more than 20% of merged entity, they could not get the tax deferral until after the time of two years has elapsed. It needs to further alleviate the merged entity ratio than the present level. Finally, after the merger it will be to strengthen the surveillance provisions of five years from the current two years. In addition, continuity of shareholder's requirements and business requirements, it is also necessary to strengthen the requirements of the follow-up provided by a separate regulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.145-153
• /
• 2018

SSL (Secure Socket Layer) and TLS (Transport Layer Security) are widely used protocols for secure and encrypted communication over a computer network. However, there have been reported several security vulnerabilities of SSL/TLS over the years. The vulnerabilities can let an adversary carry out critical attacks on SSL/TLS enabled servers. In this paper, we have developed a system which can periodically scan SSL/TLS vulnerabilities on internal network servers and quickly detects, reports and visualizes the vulnerabilities. We have evaluated the system on working servers of Naver services and analyzed detected vulnerabilities. 816 vulnerabilities are found on 213 internal server domains (4.2 vulnerabilities on average) and most vulnerable servers are not opened to public. However, 46 server domains have old vulnerabilites which were found 2016. We could patch and response to SSL/TLS vulnerabilites of servers by leveraging the proposed system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.511-525
• /
• 2023

As awareness of personal data protection increases, various Full Disk Encryption (FDE)-based applications are being developed that real-time encryption or use virtual drive volumes to protect data on user's PC. FDE-based applications encrypt and protect the volume containing user's data. However, as disk encryption technology advances, some users are abusing FDE-based applications to encrypt evidence associated with criminal activities, which makes difficulties in digital forensic investigations. Thus, it is necessary to analyze the encryption process used in FDE-based applications and decrypt the encrypted data. In this paper, we analyze Cryptomator and Norton Ghost, which provide volume encryption and backup functions. We analyze the encrypted data structure and encryption process to classify the main data of each application and identify the encryption algorithm used for data decryption. The encryption algorithms of these applications are recently emergin gor customized encryption algorithms which are analyzed to decrypt data. User password is essential to generate a data encryption key used for decryption, and a password acquisition method is suggested using the function of each application. This supplemented the limitations of password investigation, and identifies user data by decrypting encrypted data based on the acquired password.

• Proceedings of the Korea Contents Association Conference
• /
• 2006.11a
• /
• pp.322-326
• /
• 2006

Though human being has ability to percept a full colored vision, the technology of early photography only can produce black and white images. For cinema filming imagery also captured mono tone with black and white, until developed a color film technology. The desire for presenting color imagery and the technique for producing film and color ink, photography and print utilize color on it with noticeable color impact to viewers. It, however, abusing fun colors image each and every printed and filmed imagery, the freshness of eye catching power diminished now. On contrast, color becomes black and white or partially used for making discrepancy among full colored images. This image detected commercial and music video, and it spread to film. To use those bleached color images is for evoking a nostalgia and a visual differentiation. Especially, it can be provocative images brought to audience with that. such as "Anycall", "Dimchae" for CF, and "Schindler's list," and "Sin city" for movie. It is hard to investigate on the color studies for partially used images. Therefore, this study is to research that through CF and film, base on it, to investigate the application for this image. To collect data from survey, it will be established a basic concept for understanding the partial color applying.

• Journal of Food Hygiene and Safety
• /
• v.30 no.1
• /
• pp.35-42
• /
• 2015

This study was performed for both evaluating the safety of other processed products and providing basic information for making the general standard for contaminants in the category of other processed products. We analyzed the contents of three heavy metals, thirty six anti-impotence drugs and their analogues, three anti-obesity drugs and their analogues, twenty eight steroid drugs and their analogues, collecting in Incheon Metropolitan City. Any illegal compound was not detected in those products. However the contents of lead, cadmium and mercury of those products were at the range of 0.001-13.390 mg/kg, 0.03-1.231 mg/kg and 0.001-0.650 mg/kg respectively. Because there are no standards of heavy metals against other processed products, we compared the analytical results with relevant standards of both S. Korea and foreign countries. As a result, two products exceeded the relevant standards of lead, and other two products exceeded the relevant standards of mercury. The relative hazards compared to PTWI of FAO/WHO (Codex), Seafoods-pajeonmix, Perilla seed powder exceeded PTWI standards 0.214. The compulsory standards of each food product are determined by the category of the products. Because there is no standard of heavy metals in the category of other processed products in S. Korea, any food products registered as other processed product by manufacturer are free with those standards. Abusing similar problems on the categorization of food products could cause consumers' health problem. To prevent these problems, detail regulations on the categorization of food products have to be introduced.

• Korean Journal of Labor Studies
• /
• v.23 no.1
• /
• pp.47-83
• /
• 2017

The Swedish labor market secures flexibility in the use of labor force by means of non-regular workers such as temporary workers among others instead of regular workers' layoffs. Although the labor law reform in the late 2000s made it easier to use temporary workers and the outbreak of the economic crisis strengthened the power of user firms against labor unions, the size of temporary workers was scaled down. It is the aim of this study to analyze the change in the use of temporary workers, to examine the effect of the labor law reform and that of economic crisis in that regard, and to explain how, over the use of temporary workers, user firms' strategy to secure flexibility and labor unions' strategy to regulate flexibility interact with each other so as to establish a new equilibrium through conflicts and compromises. The labor law reform to enhance the flexibility in the use of temporary workers failed to entail amendments of collective contracts. Besides, out of the economic crisis, user firms adopted a new policy to use third party workers more, refraining from employing temporary workers. That's why the number of temporary workers has declined eventually. User firms prefer to use third party workers because they could avoid their own responsibility as an employer and they could rely on 'permanent temporary' workers without any time limit. Labor unions, however, responded with a strategy to lay more strict regulations on the use of third party workers, so that third party workers could be used only for limited cause for external numerical flexibility. As a result, the managed flexibility thesis comes to prevail to the usage of non-regular workers in general beyond the category of agency workers. Korea with severe abuse of third party workers should learn from Swedish labor unions' strategy to provide third party workers with stronger employment security and higher wages so as to prevent user firms from abusing third party workers.

• Journal of Venture Innovation
• /
• v.4 no.3
• /
• pp.141-150
• /
• 2021

Although management decisions centered on the board of directors and directors must be made in order to effectively promote ESG management, the company's management is not obligated to make decisions considering ESG factors. A Korean corporation(company) is an established organization for commercial or other profit, and the purpose of treating a legal organization as a corporation is to easily handle the legal relationship of a group (corporate's property) and individual property of a group member, but legal person such as rights to "harm public rights" or "defend fraud". Criminal liability for illegal acts of a corporation, but the liability of a corporation (natural person) for illegal acts of a corporation is recognized within a limited range, but the criminal liability of a corporation (natural person) is limited. As the social responsibility of a corporation is great, limiting the responsibility of a corporation-related person (natural person) to civil responsibility will halve its effectiveness if considering the impact on the corporation's national economy. Objective requirements such as the completeness of control, hybridization of property, infringement of creditors' rights, and small-capitalization, and the subjective intention of abusing the company system to avoid legal application to controlling shareholders should be denied. Despite the increasing influence on corporate society, such as large-scale projects and astronomical business profits, corporate officials (natural persons) are forced to be held liable for negligence and intentional liability within a limited range. In such cases, it is necessary to introduce criminal responsibility separately from civil responsibility to legal persons (natural persons) in consideration of the maturity of capitalism in Korean society and the economic status of the world. In Korea, the requirements for recognition of corporate denial are strict, but the United States says that it is sufficient to have control or fraud. Therefore, it is not about civil responsibility, but about criminal responsibility of a legal person (natural person), so if fraud is recognized, it can strengthen the corporate social responsibility.