Both spoofing and phishing are methods of fraud using telecommunications and the Internet, but they differ in how they are used. Spoofing involves broadly impersonating the IP address of another device, telephone number, email address or DNS server. Everything is camouflaged in such a way that the identification of the real user or caller is impossible. The easiest to recognise is email spoofing. The content of the message sent by someone impersonating a chosen e-mail address indicates the intention of spoofing confidential information from the addressee of the message. Phone number spoofing is carried out using easily accessible websites that, for a fee, allow you to make a call from any phone number and change the voice or convert the text into a voice that the person answering the phone will hear. Detection of such spoofing is only possible after the fact, when checking the billing of the number called and impersonated. IP address and DNS server spoofing is the most difficult to detect, as it may differ only slightly from the real one. The essence of phishing is reflected in its pronunciation, which is similar to the word “fishing”. It consists in preparing a “lure” for the user, e.g. by means of a link sent in an e-mail message, SMS or via instant messenger, and then either installing malicious software on the device or phishing for login data. The fraudster may impersonate e.g. a bank, government agency, courier company or a friend of the victim. Phishing emails are usually designed to look as authentic as possible. One form of phishing is spear-phishing, which involves a targeted attack on, for example, a specific company and impersonation of a business partner.
The market for services related to sales via the Internet is constantly growing. During the pandemic and the related to it restrictions, the demand for remote sale of goods increased significantly. This also necessitated the rapid creation and development of online shops. Traditional Content Management Systems (CMS) tie all layers of the programme together. Headless e-commerce technology separates the layer visible to the user (front-end of the application) from the code dealing with logic and integration of server-side functions (back-end of the application) and the database containing information about the prices of the products offered in the shop, their images and descriptions. These layers are separated from each other, but have contact with each other through the Application Programming Interface (API). In this way, although externally the application looks homogeneous, it actually consists of three parts that interact with each other. This structure allows independence from the solution provider, as the vendor deals only with the front-end layer, visible to the customer, and does not have to interfere with the entire code.
Advantages and disadvantages of headless e-commerce
Online betting in Poland is legal as long as it is run by entities that meet the statutory criteria. Pursuant to Article 5(1b) of the amended Polish Gambling Act of 19 November 2009 (Journal of Laws of 2018, item 165), the organisation of gambling games over the Internet, with the exception of pari-mutuel betting and promotional lotteries, is covered by the State monopoly.
This means that online bookmakers can still legally operate with a whole range of payment methods and are not subject to a state monopoly.
HOW TO OPEN A BOOKMAKING BUSINESS IN POLAND?
On the territory of Poland, only bookmakers who have obtained a licence issued by the Polish Ministry of Finance and thus have complied with the laws in force in Poland may accept bookmaker bets.
Legal bookmakers in Poland must meet a number of requirements in order to conduct sports betting. As stated in the Polish Gambling Act, bookmakers may offer their services in Poland only if the Polish Minister of Finance grants them a licence to conduct such activities.
Open Source is nothing else than free, unpaid software made available by programmers who create it. The idea comes from the end of XX century. By assumption, the Open Source software was to be created by cooperating programmers as a counterbalance for Closed Source software by distributing the base in the form of basic code free of charge for development in the sphere of science, education, law, production and many others. Open Source software products are designed to provide relatively inexpensive, user-friendly software that can be easily adapted to ones needs. Among the advantages of Open Source products are low initial costs, legality of such software, freedom to use and modify it according to user’s needs, development by a large community and faster detection and patching of vulnerabilities, free updates and faster software development. However, some of these advantages can turn into disadvantages. Development by a large community of programmers and a lack of vetting can result in people working on the program who want to introduce malware into the code. This means that Open Source software, on the one hand, is safe because of the large group of programmers working on it, but on the other hand, it can be dangerous for users for the same reason. Another disadvantage is the long-term costs of using Open Source software. These arise from situations where an immediate response to changes in the software is required and the need to call in a specialist in this area. In addition, the implementation of such software may entail the need to train employees in its use, which can also generate costs.
Vulnerability in Apache Log4
In mid-December 2021, a significant vulnerability was discovered in the security features of the Open Source Apache Log4 library, which was rated 10 on a 10-point criticality scale. Apache Log4 is a library for recording event logs by Java applications. It contains a mechanism allowing to search for requests using a special syntax without verification. The vulnerability is serious enough to allow cybercriminals to take control of a system very easily. It has already been exploited for attacks using malicious software to ‘mine’ cryptocurrencies. However, it is estimated that this vulnerability has been or will be exploited to attack the system by more malicious programs.
How to protect oneself from attacks targeting Open Source?
On 18 June 2021, the EDPB adopted internal document No. 04/2021 on the criteria for the territorial competence of supervisory authorities for the enforcement of Article 5(3) of the ePrivacy Directive.
Problem of territorial application
In view of recent decisions adopted by some SAs that are competent to enforce Article 5(3) of the ePrivacy Directive[1], the EDPB has issued an Opinion aimed at establishing a uniform interpretation regulations of the territorial jurisdiction of SAs responsible for the enforcement of Article 5(3). Decisions adopted by SAs have shown that the territorial scope of application of the Directive may vary between different SAs, particularly where the controller/service provider is established in several Member States. Uncertainties on this issue could jeopardize decisions adopted by SAs across the Union.
