Cyber Security

Posted Wednesday, June 25, 2008 1:54 PM by Nathan Zaugg

Firewall When I seem to have re-occurring themes happen naturally I find that those are good things to blog about.  Recently I was speaking with my brother (who has incessant adware problems) about Internet Safety and Cyber Security.  A week or two ago I had a stimulating conversation with my friend Anthony about security, and this morning on the Diane Rehm Show there was a segment about Cyber Threats.  In which one of the guests stated that he works on Banking systems and will not engage on Online Banking.

The first question anyone has is how wide-spread is this problem and does this really affect me.  The answer is that this is wide-spread and it affects everyone whether you own a computer attached to the Internet or not.  The scary part is that even the most pragmatic and Internet-savvy users can fall victim.  Does this mean you or I should stop using the Internet altogether?  Absolutely not.  While anyone can fall victim to this kind of threat there are steps to take to greatly reduce your risk!

In this age of technology we have almost no limits to our technical abilities.  Unfortunately, our attackers have this same ability.

Types of attacks:

  1. Trojan Horses - A computer program that poses to be something useful but allows access to your system from the Internet.
  2. Adware - A computer program that either tracks your usage and sells that information to marketers or pops adds up on your computer.
  3. Spyware / Key-loggers - A program that "watches" what you do on your computer.  They can record every keystroke and send that information to a scammer.
  4. Worms - A special kind of program (which usually includes spyware or Trojan horses) that spreads its self -- usually through email or mapped network drives.
  5. Proxy - A term used for an attack coming from a computer in which the user/operator has no idea about.  This is a compromised computer system that a remote scammer has installed a Trojan horse on.  This "bot" can now do anything it's owner wishes. 
  6. DOS - Denial of Service attack.  This is an attack on a server which will render it unable to complete the task it for which it was designed.
  7. DDOS - Distributed Denial of Service attacks.  This type of attack usually involves overwhelming a web site to the point that it can not serve requests to legitimate customers.  This usually involves a large amount of "bots" controlled by a single party and often controlled through a mechanism called IRC which is a lot like a chat room.
  8. Buffer Overflow - this is a special type of attack that targets specific code.  Basically if the scammer can pass a malformed piece of data to a function in code then they might craft it in such a way that it will execute part of the data.  That allows the attacker to run any kind of code on your machine.  Depending on the security of the process that was compromised (which is usually pretty high) they can take over your computer.  Remember, any maliciously-crafted data can cause this including data they try to send to you on an unprotected Internet port or data that you requested from a malicious website.  Simple things such as an image can contain a buffer overflow attack (and have in the past).  This type of attack is not only limited to windows.  It can be attributed to careless programming but can often be a weakness in the compiler itself. 
  9. Root Kits - This is a special kind of hacking technique which involves exploiting one small veunerability after another.  This is typically on web servers who's upload function is unprotected or ones which have a buffer overflow exploit in place.  Once a file is uploaded it is executed and causes a larger hole to be created.  Eventually they can take control over that machine.
  10. Email Scams - Email is where most of the bad stuff originates from.  That is because it is cheap and easy to send mail and because it is often easy to harvest or guess an email address.  It's far more difficult to get people to visit a malicious website.

Q & A:Virus

  • Info: The terms  virus's, adware, spyware, and worms can be safely summed by the term malware.
  • Q: Are Mac's really more secure than PC's?
  • A: Yes and No.  Although the Mac has made a comeback the past few years it is still a very, very small percentage of the computers in the world.  Because of this most every virus targets a PC running some version of Windows.  However, this does not mean that your "safer" using a Mac.  As Macs become more more popular more virus will be written to target them and they may have more success than targeting windows.  Windows has gone a few rounds of cops and robbers where Macs have not.  In my opinion, if you are buying a Mac simply because you think you are "more secure" than don't bother.  A sense of false security is the most detrimental risk of all.
  • Q: Who is attacking me and why?
  • A: Attackers are generally part of 1 of 2 different types.  People in it for personal gain and government-sponsored groups.  There has been a very significant and organized amount of hacking coming from China which suggests that the Chinese government sponsors this type of activity.  Much of their effort seems to be on mapping our resources around the net.
  • Q: I get a lot of email about stocks, what is that about?
  • A: This is the old pump & dump scam!  They artificially inflate the price of "penny stock" that they own a large number of shares of.  They send this email en masse telling people to buy lots an lots of this stock.  Enough people buy that the stock price raises and the scammer sells the stock and allows it to tank.  This kind of scam can be costly for both the business offering the stock and for those foolish enough to actually invest in it.
  • Q: Do people really fall for the emails claiming to be from their bank?
  • A:  No, not really.  The problem is that if just one in ten million *do* fall for this scam then it would have been worth it.  They can send these phishing emails out at a rate of millions per minuet. 
  • Q: Will the Internet ever become a safe place.
  • A: No.  Like the game of cops and robbers this will likely play out forever.  The programmer in me wants to believe that it is possible to have 100% secure software.  The pragmatist in me knows that it may not ever be possible.  However, overall I do tend to believe that it will get much better but will probably get much worse before that begins to happen.
  • Q: Does looking at porn on the Internet make me more susceptible to malware?
  • A: Absolutely!  Porn and Malware go hand-in-hand! 
  • Q: Does downloading "cracked" programs make me more susceptible to malware?
  • A: Absolutely!  Crack sites, key sites, etc. are a Trojan horse delivery mechanism.  Why do you think these people crack these apps?  They do it to lure you there and take control of your computer.
  • Q: Can a virus really take control of my email?
  • A: Yes, it can but usually it doesn't have to.  SMTP (the protocol in which mail is sent over the Internet) has absolutely no good way of verifying that you are who you say you are. If your computer is hacked then it's probably your email address book they are after. 

Tips & Tricks:

  1. Get a home firewall that uses NAT.  You may already have this and not realize it but computer systems sitting behind NAT "invisible" to Internet scans which greatly helps keep your computers safe!
  2. Let your computer update regularly!  Make sure auto-update is turned on and working.  If the computer needs to restart to apply a patch make sure that happens ASAP.
  3. Install a software firewall.  They will slow down your computer, I know, but they are a necessity today.
  4. Let your virus scan run weekly
  5. Own two computers (especially if you have kids).  Use one for Internet banking, and Internet purchases, storing personal information and nothing else.  Use the other one for everything else, keeping any kind of personal information off of this machine.
  6. Use the least possible permissions you can for your user accounts. 
  7. Our school used a hardware device in which every time the computer is rebooted the state is restored to exactly the same state every time.  This would be a really great tool for your general use computer. (I'll post a link when I can find one)
  8. If you are at an Internet shopping site and you get a certificate error, leave now!  That certificate error is the ONLY thing protecting you from a man-in-the-middle attack!
  9. NEVER, NEVER, NEVER, NEVER, NEVER download or open an attachment you are not expecting!  Even if it looks like it is from a person you trust!  If it is from a person you trust verify it's contents before opening!  They may have been sent this wonderful screen saver and wanted to share it with you.  That's great and all but that screen saver is probably a worm!  Also, they may not have actually sent it to you, the screen saver did it!
  10. Do not download any executable file.  Those include files that end with: .exe, .scr, .bat, .pif, .com, .dll, .ocx, .sys  Also watch for the space trick where the filename is "myfile.zip                                              .exe".  Notice the spaces?  You may not see those in Outlook or whatever else you are using.
  11. Verify from the author any other types of download.  Recently virus have been able to attach to innocent PDF files!  The moral is that there really is no such thing as an innocent file!

Opinion:

  1. Virus' are not easy to detect!  Virus scanners use something called Heuristics to find virus's, adware, spyware, and worms.  
  2. Both client and server need a way to be independently authenticated by a trusted 3rd party, and if the trust can not be established then there must be no way to continue.
  3. We need to phase out passwords!  They are way too easy to predict and/or capture!
  4. We need a way to positively identify (for computing purposes) every user on the Internet.  This is the only way we can really develop trust relationships with other systems and the only way to end SPAM/Phishing.

Certificate

Visit these links for more information:

Be careful out there!

Filed under: , , ,