Beruflich Dokumente
Kultur Dokumente
Proactive measures are very important, but when a company is alarming the public
for something like this, it could
be considered as an exaggeration. However, making a profit from a proof-of-conc
ept code that's still not in wild isn't
exactly what serious customers are looking forward to.
[ DOD DECENTRALIZES WI-FI ]
The Defense Department's new wireless fidelity policy seeks help from many of it
s agencies to ensure
their employees and contractors use caution when operating wireless computer dev
ices at military installations.
It mandates that military and industry officials do not use wireless devices to
store, process and transmit
classified information without approval from the various agencies and department
officials.
Deputy Defense Secretary Paul Wolfowitz issued the directive in an April 14 Defe
nse Department
directive titled, "Use of Commercial Wireless Devices, Services, and Technologie
s in the Department
of Defense Global Information Grid."
More information can be found at:
http://www.fcw.com/fcw/articles/2004/0426/web-wifi-04-26-04.asp
Astalavista's comment:
Trying to keep the sensitive data as secret as possible is the way it should go.
The question is "How
well will this policy be implemented, and would there be someone watching while
someone is not following it?"
[ EXPLOIT FOR WINDOWS SSL FLAW CIRCULATING ]
Exactly a week after Microsoft announced a SSL vulnerability affecting key Windo
ws products,
malicious hackers unveiled exploits that could lead to widespread denial-of-serv
ice attacks (define).
The exploit code, described in the underground as the "SSL Bomb," could allow sp
ecially crafted SSL
packets to force the Windows 2000 and Windows XP operating systems to block SSL
connections.
On Windows Server 2003 machines, the code could cause the system to reboot, secu
rity experts warned.
More information can be found at:
http://www.internetnews.com/dev-news/article.php/3343011
Astalavista's comment:
Next is another worm in the wild, hope this doesn't happen, as it will repeat it
self over and over again..
03. Astalavista Recommends
----------------------
This section is unique with its idea and the information included within. Its
purpose is to provide you with direct links to various white papers covering
many aspects of Information Security. These white papers are defined as a "must
read" for everyone interested in deepening his/her knowledge in the Security fie
ld.
The section will keep on growing with every new issue. Your comments and suggest
ions
about the section are welcome at security@astalavista.net
" PENETRATION TESTING A SAMPLE REPORT "
One of the most comprehensive penetration testing sample reports we've come acro
ss
http://www.astalavista.com/media/files/1197.pdf
" WIRELESS LAN SECURITY IN DEPTH - BY CISCO SYSTEMS "
A detailed approach on building secure Wireless LAN networks
http://www.astalavista.com/media/files/safwl_wp.pdf
" AN OVERVIEW OF COMMON PROGRAMMING SECURITY VULNERABILITIES AND POSSIBLE SOLUTI
ONS "
A thesis work, quite throughout, includes a lot of examples
" SEBEK A KERNEL BASED DATA CAPTURE TOOL "
Watch the attacker, without them noticing you, recommended reading
http://www.astalavista.com/media/files/sebek.pdf
" UNIX PASSWORD SECURITY "
Rather old, but it still gives you an insight if you're not aware of how Unix p
asswords work
http://www.astalavista.com/media/files/pwseceng.pdf
" ETHICAL HACKING - PENETRATION TESTING "
A comprehensive report giving you an insight of what Ethical Hacking and Penetra
tion Testing is
http://www.astalavista.com/media/files/ethical_hacking___penetration_tests.pdf
" NETWORK SECURITY BASICS "
This document will provide with information on everything you ever wanted to kno
w about Network Security
http://www.astalavista.com/media/files/network_security_basics.pdf
" STEALING PASSWORDS VIA BROWSER REFRESH "
Discusses techniques related to passwords stealing via browser refresh, recommen
ded reading
http://www.astalavista.com/media/files/stealing_passwords_via_browser_refresh.pd
f
04. Site of the month
-----------------Global Intelligence News Portal - Intelligence, espionage, military, government
news and resources
http://mprofaca.cro.net/
05. Tool of the month
-----------------Warez P2P v2.0
Warez is a spyware-free file-sharing program. Search for and download your favor
ite music
and video files shared by other users on a free peer-to-peer network.
http://client.warez.com/dl
06. Paper of the month
------------------Internet Worms
A paper discussing various simulating and optimising worm propagation algorithms
http://www.astalavista.com/media/files/wormpropagation.pdf
07. Free Security Consultation
-------------------------Have you ever had a Security related question but you weren't sure where to
direct it to? This is what the "Free Security Consultation" section was created
for.
Due to the high number of Security concerned e-mails we keep getting on a
daily basis, we have decided to initiate a service free of charge and offer
it to our subscribers. Whenever you have a Security related question, you are
advised to direct it to us, and within 48 hours you will receive a qualified
response from one of our Security experts. The questions we consider most
interesting and useful will be published at the section.
Neither your e-mail, nor your name will be present anywhere.
Direct all of your Security questions to security@astalavista.net
Thanks a lot for your interest in this free security service, we are doing our b
est to respond
as soon as possible and provide you with an accurate answer to your questions.
--------Question: Hello Astalavista, with all the surveillance stories I keep coming acr
oss online, I was
wondering to what extent can I be monitored by my ISP, even if I use encryption?
Also how can I be sure
that they're not monitoring what I do online?
--------Answer: Using encryption will protect the confidentiality of your data, using an
the most skilled of such attackers do. Common attackers often rely upon simple o
r well-known cipher algorithms and
systems, or they combine other tactics with cryptography, to achieve results.
Network Protocol Exploits:
Network protocols are often inherently flawed in a variety of ways. Email and we
b data are traditionally
transmitted with little or no encryption, and users as well as the designers of
systems, based upon these protocols,
typically do not give such issues much thought when implementing or using these
protocols. Sometimes, users will
trust a protocol simply because they are not aware of having experienced previou
s compromises - and they will often
trust it with highly sensitive data. Email, and the web, are often used to carry
significant financial information,
as well as governmental and commercial data, which, if closely examined, might w
ell merit classification for reasons
of national security. Examples might include data regarding the schedules of peo
ple surrounding highly ranked
governmental officials, or military unit members, whose planned activities might
represent compromises of operational
security when transmitted via email.
The variety and types of exploits range as widely as the protocols themselves, a
nd often, where one client or
server is immune to a particular exploit, another might not be. Common examples
of this include email clients
which may or may not be HTML-enabled in various ways, web clients with client-si
de scripting languages, and chat
clients which might be vulnerable to client 'booting' or 'punting', based upon e
rrors in the way in which the client
might have been programmed.
Network protocol attackers will frequently be skilled system administrators or p
rogrammers, and will have spent
some measure of time examining the specific target protocol,and/or read protocol
documentation in order
to expose the flaws which are their points of entry.
Programming:
This type of attack relies upon the insertion of malicious code, into the proces
ses of the target network.
The most common form that this takes is the Trojan Horse program - a program whi
ch claims to do one thing but,
in fact, does something completely different. While skilled programming attacker
s will often decry this implementation
as beneath their dignity, the buffer-overflow tactics that mark a truly skilled
attacker of this type amount to
little more than causing a program that was designed to do one thing, to do some
thing else - just like a Trojan Horse.
The difference is more a measure of degree than it is one of a principle.
An attacker who uses such devices as Trojans will typically need to combine this
with some measure of Social Engineering
in order to convince the target to accept the software that is used in the attac
k. A more skilled attacker will look
for ways to enter through pre-existing software, which is in fact installed for
to see a situation from the points of view of many of the people involved. They
will often be capable of talking
themselves out of a situation, even when caught red-handed by the defender/s. A
skilful social engineer is a rare
and dangerous bird, and when successfully combined with technical abilities, suc
h an individual is capable of
operations on a global scale.
To be continued...
09. Home Users Security Issues
-------------------------Due to the high number of e-mails we keep getting from novice users, we have
decided that it would be a very good idea to provide them with their very
special section, discussing various aspects of Information Security in an
easily understandable way, while, on the other hand, improve their current level
of knowledge.
If you have questions or recommendations for the section, direct
them to security@astalavista.net Enjoy yourself!
Protecting from Spyware
What is Spyware?
Your Anti-Virus program won't detect it, your firewall may not completely stop i
t,
someone out there is secretely analyzing all of your online (sometimes offline)
activities
and is storing them for possible data mining purposes, and all of these because
of Spyware.
Spyware can be described as software whose purpose is to collect demographic and
usage information
from your computer, for advertising and marketing purposes. The process is hidde
n from your eyes, usually
spyware is installed within the software you download, or it comes with the pack
age you install. Once started,
it will invade your privacy to a very high level, compromising all of your onlin
e activities and manipulating your
perception of the Internet by hijacking your search results and the web sites yo
u try to enter in.
How dangerous is it?
While still valuable for advertising and marketing purposes, the information gat
hered through web sites is limited compared
to those that could be gathered by using spyware. Literally, all of your online
and offline activities can be reported
and summarized to a centralized ad server. Many spyware will download and instal
l other programs on your computer, wasting
your resources, slowing down your processes and sometimes acting like a trojan h
orse, even like a keylogger. Certain spyware
programs even have AutoUpdate functions where they can download any software the
y want to on your computer, again without
you knowing it. Quite a lot of people still ask, why should I worry about that?
Although it can be argued whether it exists or
not, there's still a word called Privacy, something you need to protect at any c
ost.
The same people who used to develop and use blacklists, and filter spam
based upon header information for ISPs that have since gone bankrupt or been
bought out, are now writing worms that mine email client databases, to
extract names and addresses, and then use this, combined with email client
configuration information, to send spam out from the user's host that the
addresses were mined from. They are using the user's own name and email
address, to spoof the sender - even using the SMTP server provided to the
victim, by their ISP, to deliver the mail. This effectively permits them to
relay through servers that are not open relays, and distributing the traffic
widely enough to stay under the spam-filtering radar of the sending ISPs,
and to evade the blacklisting employed by the recieving ISPs. It also
permits them to leverage the victim's relationship to the recipients of the
spam, in order to get them to open and read it - and sometimes, to get them
to open attachments, or otherwise infect themselves with the worm that was
used to reach them. The spammers have not previously been able to hire
talent of this grade, very often - now, this talent is often not only
available, but often desperate for cash, and therefore willing to work
cheap.
It's a bit like an arms race. In the rush to develop enough technical
talent to defend against this sort of thing, we have developed an
over-abundance of talent in the area - and that talent is now being hired to
work against us. This will presumably force people to work even harder at
developing coutnermeasures, and repeat the cycle. Assuming, of course, that
the threat is taken seriously enough by the public, to keep the arms race
going. After all - once everybody has enough nuclear weapons to destroy all the
life on Earth, then there isn't much point in striving to build more.
just have to learn to deal with the constant threat of extinction, and
not to take it too seriously - since there isn't really anything to be
about it, any more. We seem to be rapidly approaching this mentality,
regard to malware.
You
try
done
with
Astalavista: What is your opinion on ISPs that upgrade their customers' Internet
connections for free, while not providing them with enhanced security
measures in place? To put it in another way, what do you think is going
to happen when there're more and more novice ADSL users around the
globe, who don't have a clue about what is actually going on?
MrYowler: This comes back around to the second point, with regard to the problem
s of
information security, today. People have little interest in anyone's
security but their own.
The ISPs *could* block all outgoing traffic on port 25, unless it is
destined for the ISPs SMTP servers - and then rate-limit delivery of email
from each user, based upon login (or in the case of unauthenticated
broadband, by IP address). This is a measure that would have effectively
prevented both the desktop server and open relay tactics that I described in
my paper, "Bulk Email Transmission Tactics", about four years ago, and it
would severely constrain the flow of spam from zombie hosts in these user
networks. The problem is that they don't care. They only care when the
spam is *incoming*, and then they can point fingers about how uncaring
someone else is. The same holds true for individual users.
It is neither difficult nor expensive to implement a simple broadband
router, to block most incoming traffic which would be likely to infect user
hardware with malware. It is also not difficult or expensive to implement
auto-updating virus protection, spyware/adware detection/removal, and
software patching. It could be done even more cheaply, if ISPs were to
aggregate the costs, for all of their users, and buy service contracts for
this kind of protection, in bulk, for their users, and pass the cost along
as part of the 'upgraded' service. Unfortunately, the nominal cost of doing
so, would have to be borne by users who do not take the threat seriously,
and who only care about the threat, when it has a noticeable impact on them.
Since many of the malware packages are designed *not* to have a noticeable
impact on the user - using them essentially as a reflection, relay, or
low-rate DDoS platform, or quietly extracting data from their systems which
will be abused in ways not directly traceable to their computer - these
users to not perceive the threat to be real, and are therefore unwilling to
invest - even nominally - in protecting themselves from it. ISPs are not
willing to absorb these costs, and they are not willing to risk becoming
uncompetitive, by passing costs on to their subscribers; so they pay lip
service to questions of security and antispam service, and perform only the
most minimal tasks, to support their marketing claims.
As with most organizations, the security of the organization itself, lies at
the focus of their security policies. The security of subscribers, other
network providers, or other Internet users in general, is something that
they go to some trouble to create the perception that they care about, but
when the time comes to put their money where their mouths are, it's just not
happening.
Astalavista: Thanks for your time.
MrYowler: Any time... :-P
11. Security Sites Review
--------------------The idea of this section is to provide you with reviews of various highly intere
sting
and useful security related web sites. Before we recommend a site, we make sure
that it provides
its visitors with quality and a unique content.
http://www.dsinet.org/
DSInet.org provides its visitors with information, files, tools, news items, col
umns, opinions and an editorial from
a Dutch point of view.
http://www.cgisecurity.com/
A well known and quality security site, CGI Security resources, intresting files
, papers etc.
http://www.cryptome.org/
The conspiracy site, freedom of information!
http://www.ebcvg.com/
You source for information security, daily updates, viruses and malicious code a
rticles and downloads etc.
http://www.dailyrotation.com/
All the news in one page, recommended link if you haven't visited this before.