Computer Security Update
Download
Report
Transcript Computer Security Update
Understanding the Risks
Is Safe Computing Possible?
Bob Cowles
[email protected]
TERENA Conference 2005 – Poznań, Poland
Work supported by U. S. Department of Energy contract DE-AC03-76SF00515
Final Thoughts (Spring 2004)
Attacks coming faster; attackers getting smarter
Complex attacks using multiple vulnerabilities
No simple solution works
Patching helps
Firewalls help
AV & attachment removal help
Encrypted passwords/tunnels help
You can’t be “secure”; only “more secure”
We must share information better
7 June 2005
TNC 2005
2
Passwords captured on WiFi
YM%lsd.512
severine
n0mad
cris1964
cms2wa97
luciole
n0811a
xxxx8769 & xxxx0255
7 June 2005
TNC 2005
3
Public Access
Insecure Protocols
Cleartext protocols
http – sometimes difficult to tell
smtp – visible emails as they are sent/received
pop – visible email and possible passwords
imap –visible email and possible passwords
ftp & telnet – visible sessions and passwords
Network file systems
Faked service providers
7 June 2005
TNC 2005
4
Public Access
Insecure Protocols
Instant messaging
aim
yahoo messenger
ICQ
jabber
Kiosks
Vulnerable to worms on “local network”
Blaster vulnerability discovered by local LSD group
Passwords for coffee
http://www.theregister.co.uk/2005/05/06/verisign_password_survey/
Lists of recent compromises
http://www.emergentchaos.com/archives/cat_breaches.html
7 June 2005
TNC 2005
5
ssh and Other Compromises
Attacker installs trojaned ssh w/ keylogger
Later suspected tactics:
Scan for open X sessions (xhost +)
Windows compromises
• hacker defender rootkit installed
session hi-jacking
http://www.cnn.com/2005/TECH/05/10/govt.computer.hacker/
http://www.sfgate.com/cgibin/article.cgi?file=/c/a/2005/05/10/MNGSCCMIJ21.DTL
Replaced by ssh weak password scanning
http://www.frsirt.com/exploits/08202004.brutessh2.c.php
7 June 2005
TNC 2005
6
On the Increase
Phishing
http://www.techworld.com/news/index.cfm?RSS&NewsID=3638
419 – Now job ads
http://www.theregister.co.uk/2005/05/09/419_job_ads/
Pharming
http://www.channelregister.co.uk/2005/04/08/dns_attacks_attempt_to
_mislead_consumers/
Spyware (p2p)
http://en.wikipedia.org/wiki/Spyware
Google hacking
http://johnny.ihackstuff.com/index.php?module=prodreviews
7 June 2005
TNC 2005
7
7 June 2005
TNC 2005
8
Where It Really Goes …
http://scgi.ebay.com/verify_id=ebay &fraud alert id
code=00937614
<http://210.95.98.124:81/aw-cgi/[email protected]>
7 June 2005
TNC 2005
9
Postbank Phishing (04 June)
Courtesy of Vincent 'rastakid' van Scherpenseel
http://www.syn-ack.org/papers/postbank.html
Where it appears to go:
http://www.postbank.nl/gRK6QnraG6FTLfFmTNNbX68U7rj8Q2
2oyqyIKv8qBXCeGv0TJYa0w9g6c6wih2g3
Where it goes:
href="http://www.google.es/url?q=http://go.msn.com/HML/1/5.asp?target
=http://%68k%73chf%09%6f%2E%64%%09a%2ER%%09U/"
Where it REALLY goes:
http://hkschfo.da.RU/
Login popup in front of real Postbank page
7 June 2005
TNC 2005
10
7 June 2005
TNC 2005
11
New Technologies
bluetooth
I 0wn your Lexus
http://www.cryptonomicon.net (site being rebuilt)
Hacking “secure” bluetooth devices
http://www.newscientist.com/article.ns?id=dn7461
RFID
http://www.rfidbuzz.com/news/2004/rfdump.html
VoIP
http://www.pcworld.com/resource/article/0,aid,120668,pg,1,RSS,RSS,00.asp
0wned by iPod
http://md.hudora.de/presentations/firewire/PacSec2004.pdf
7 June 2005
TNC 2005
12
Collaborative Environments
Organizations of resource consumers cross multiple
resource providers
Resource consumer organization manages user base and
user not registered in advance with providers
Authorization assertion from organization identifies valid
users
Many security implications
Incident response
Credential theft
Adequacy / usability of audit information
Maintenance of persistent resource (e. g. storage) ownership
7 June 2005
TNC 2005
13
UN on Fighting Cybercrime
Create culture of cybersecurity
Prevention & prosecution of cybercrime
Address needs of developing countries too
Coordinated efforts to facilitate practical research
Global approaches to avert & mitigate impact on
Critical infrastructure
Sustainable development
Privacy protection
eCommerce, banking and trade
http://www.crime-research.org/news/05.12.2005/1225/
7 June 2005
TNC 2005
14
Late Breaking News
Numerous versions of Mytob (125 in 3 mos)
Turns off anti-virus
Opens backdoor for further compromise
00 June 2005 – Apple Quicktime allows information theft
Invisible – while playing a Quicktime movie
Download version 7.0.1. (Macs only. Profile info only)
01 June 2005 – Coordinated malware attack
Gleider – Eight variants. Opens backdoor
Fantibag – Disables antivirus & Windows Update
Mitglieder – Opens backdoor for control
06 June 2005 – Spybot worm variant
Spreads through network shares or unpatched systems
Opens backdoors for further compromise
7 June 2005
TNC 2005
15
Final Thoughts (June 2005)
All operating systems are vulnerable
http://www.theregister.co.uk/2005/05/05/apple_mega_patch/
All browsers are vulnerable (firefox vulnerability)
http://www.theregister.co.uk/2005/05/09/firefox_0day_exploit/
No simple solution – security still to complex
Patching helps
Firewalls help
AV & attachment removal & spam filters help
Encrypted passwords/tunnels help – if used!!
You can’t be “secure”; only “more secure”
We must share information (100 best security web sites)
http://www.uribe100.com/index100.htm
7 June 2005
TNC 2005
16