Embed Size (px)
Citation preview
PPD Computing Group Christmas Lectures 2004
Security Issues
Gareth Smith
PPD Computing Group Christmas Lectures 2004
Topics
• Security updates
• Spam
• Spyware– What do you agree to in that licence…?
• Phishing scams
PPD Computing Group Christmas Lectures 2004
Bad news……
This morning’s mail from SANS @RISK weekly newsletter began with:
“This week has seen the greatest number of new vulnerabilities since @RISK started more than three years ago.”
PPD Computing Group Christmas Lectures 2004
Security UpdatesFor Week 6 – 12 December 2004
679/04 - Cisco Security Advisory: Cisco CNS Network Registrar Denial of Service Vulnerability 680/04 - HP SECURITY BULLETIN - SSRT4877 - md5 sums are available for downloaded software681/04 - SECUNIA ADVISORY ID:SA13334 - WS_FTP Server FTP Commands Buffer Overflow 682/04 - iDEFENSE Security Advisory 12.03.2004 - Apple Darwin Streaming Server DESCRIBE 683/04 - Debian Security Advisory DSA 604-1 - New hpsockd packages fix denial of service684/04 - FreeBSD-SA-04:17.procfs - Kernel memory disclosure in procfs and linprocfs685/04 - Debian Security Advisory DSA 603-1 - New openssl packages fix insecure temporary 686/04 - Gentoo Linux Security Advisory - GLSA 200412-02 - PDFlib: Multiple overflows in 687/04 - Novell NetMail/NIMS/IMS NMAP Default - Authentication Credential Vulnerability688/04 - Debian Security Advisory DSA 605-1 - New viewcvs packages fix information leak689/04 - ESB-2004.0760 -- Buffer Overflow In ISAPI Extension - W3who.dll From Windows 2000 690/04 - Sun Alert Notification 57659 - Security Vulnerability in the in.rwhod(1M) Daemon691/04 - Six Mandrakelinux Security Update Advisories692/04 - Three Gentoo Linux Security Advisories:693/04 - Debian Security Advisory DSA 606-1 - New nfs-utils packages fix denial of service694/04 - SECUNIA ADVISORY ID:SA13395 - SUSE Updates for Multiple Packages695/04 - Red Hat Security Advisory -2004:636-01 - Updated ImageMagick packages fix 696/04 - Two KDE Security Advisories:697/04 - Trustix Secure Linux Security Advisory #2004-0065 - nfs-utils698/04 - Window Injection Vulnerability in Multiple Web Browsers
PPD Computing Group Christmas Lectures 2004
Window Injection Vulnerability in Multiple Web Browsers. 9 December 2004
A vulnerability in multiple web browsers allows an attacker to make spoofed web page content appear to come from a trusted site.If a trusted web site is visited while a page from a malicious web site is still open in another window, then any named popup window provided by the trusted site can be overwritten with content of the attacker's choice.
Product:Microsoft Internet Explorer; Mozilla; Firefox; Opera; Safari; Konqueror
Operating System:Windows; Linux variants; UNIX variants; Mac OS
Impact:Provide Misleading Information; Access Privileged Data
Access:Remote/Unauthenticated.
UNIRAS 698/04
PPD Computing Group Christmas Lectures 2004
Lifetime of Unpatched XP System before infection.
Windows XP - How to survive the first day:http://www.sans.org/rr/whitepapers/windows/1298.php
SANS (SysAdmin, Audit, Network, Security) Institute
PPD Computing Group Christmas Lectures 2004
SPAM
http://netstats.rl.ac.uk/virus_stats/
PPD Computing Group Christmas Lectures 2004
What Can I Do About SPAM?
• Do not reply to it.• Move it to the #SPAM folder.• CLRC flags the mail header with a likelihood of a
mail being SPAM.• Set-up a rule in Outlook:
http://www.cleo.clrc.ac.uk/mail/spam.htm• The mail header can be seen when looking at a
mail by selecting: “View” then “Options…”
PPD Computing Group Christmas Lectures 2004
Example Mail Header
x-ral-mfrom: <[email protected]>x-ral-connect: <D9f19.d.pppool.de [80.184.159.25]>x-scanned-by: MIMEDefang 2.39x-cclrc-spam-report: 2.397 :
BAYES_60,MSGID_FROM_MTA_HEADER,RCVD_IN_SORBS
x-cclrc-spam-bar: xxx-message-info: EH98Ke8kw6Uh6cxA/3xo5Hi8abEContent-class: urn:content-classes:messageSubject: WHY pay for Cable Sports and Entertainment Date: Sun, 19 Dec 2004 09:37:50 -0000
PPD Computing Group Christmas Lectures 2004
Spyware
• Software added to your machine, in many cases without alerting you to the fact.
• Varies from ‘tracking cookie to malicious software such as keyboard sniffers.
• Malicious or self-propagating spyware removed by Sophos.
• We run ‘PestPatrol’. At home you may want to try ‘Adaware’ or ‘Spybot’.
• You have often agreed to it…..
PPD Computing Group Christmas Lectures 2004
Kazaa license - 19. Third Party Software 9.1 During the process of installing Kazaa, you must install software from third
party software vendors pursuant to licences or other arrangements between such vendors and yourself ("Third Party Software"), including without limitation those software components noted in Section 9.4 below. Please note that the Third Party Software may be subject to different licences or other arrangements, which you should read carefully. ….
9.4.6 In exchange for downloading the Software at no cost, you expressly agree that you accept the Embedded Third Party Software and that so long as you have not entirely deleted Kazaa from your computer you will not take any action, including downloading other software which modifies, is intended to modify or permits others to modify registry or other settings on your computer to, disable, remove, block, prevent the functioning of, or otherwise interfere with any of the Embedded Third Party Software.
PPD Computing Group Christmas Lectures 2004
Kazaa License - 29.4 Embedded Third Party Software
9.4.1 Cydoor. The Software includes a Cydoor Technologies advertising delivery program, which may display web content such as banner ads, e-commerce offers, news headlines and other value-added content. ….
9.4.2 TopSearch. The Software includes the Topsearch software provided by Altnet. The TopSearch component regularly downloads an index of available Altnet content through your Internet connection. This index contains a list of available rights managed files which can be displayed in your search results. …..
9.4.3 Bullguard P2P. The Software comes with a virus protection feature provided by Bullguard Technology, which is designed to guard your computer from virus attacks by quarantining and deleting files downloaded via P2P that may have a virus. ….
9.4.4 GAIN AdServer. Kazaa incorporates a software component called the GAIN AdServer, which is provided by GAIN Publishing. The GAIN AdServer software identifies your interests based on some of your computer usage and uses that information to deliver advertising messages to you. ...
PPD Computing Group Christmas Lectures 2004
Phishing
• Phishing is an attempt to trick you into revealing personal information.
• A spoofed e-mail tries to lure you to a bugus web site.
Useful Web Site:
http://www.antiphishing.org/
PPD Computing Group Christmas Lectures 2004
Example E-mail
PPD Computing Group Christmas Lectures 2004
Another Example E-mail
Actual web site is:
http://200.204.198.158:16780/Io/applypassword.php
PPD Computing Group Christmas Lectures 2004
PPD Computing Group Christmas Lectures 2004
PPD Computing Group Christmas Lectures 2004
What you can do:
• Be very suspicious of any email with (urgent) requests for personal financial information.
• Don't use links in an email to get to a web page, if you suspect the message might not be authentic.
• Don’t fill out forms for personal information that arrive by e-mail.
• Ensure web sites that you use (e.g. for internet banking) are secure (https: not http:)
• Set outlook to view all mail as plain text. http://hepwww.rl.ac.uk/ppdcomputing/WindowsXP/FAQ_page.htm
PPD Computing Group Christmas Lectures 2004
Conclusions
• Computer Secuity is now a critical problem.• We have to fight this on all fronts (anti-virus software,
applying patches, firewalling, network monitoring, user education……)
• There will be inconveniences. As security is tightened it will impact your work.
• We have to be prepared for the break-ins and have prepared for system recovery.
• This includes home users.
