Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web hacking and the Internet user. Web hacking Basics Web pilfering: download selectively web sites and search files off-line.selectivelysitesfiles Automated.

Similar presentations


Presentation on theme: "Web hacking and the Internet user. Web hacking Basics Web pilfering: download selectively web sites and search files off-line.selectivelysitesfiles Automated."— Presentation transcript:

1 Web hacking and the Internet user

2 Web hacking Basics Web pilfering: download selectively web sites and search files off-line.selectivelysitesfiles Automated scripts: developed by advanced hackers for use by “script kiddies.” See SecurityInnovation for vulnerability scanners.SecurityInnovation IIS security: see Microsoft Web Application Security guide to setup the IIS and identify threats and create countermeasures.Web Application Security CGI: programming CGI with security in mind by W3org, a compilation and an index for CGI security resources, SSI and CGI security,W3org compilationindex SSI and CGI ASP vulnerabilities: HTML and programming in the same directory, dot bug, samples (showcode and codebrws). See Microsoft ASP Security.ASP Security Web vulnerability scanners are available for UNIX/Linux: Nikto and Whisker.NiktoWhisker Buffer Overflows: (i) PHP security, (ii) do not use the wwwcount.cgi, and (iii) IIS iishack vulnerability (use MSBA to find patches).PHP securityIIS iishack patches Poor Web design Misuse of hidden tags (price, shipping, etc), e.g. search “type=hidden name=price” SSI: noExecs, pre-processing for hidden code. SSI

3 Hacking the Internet user: Malicious mobile code Microsoft ActiveX (Active X controls have the file extension.ocx) similar to OLE let an object be embedded in a page using the tag When IE finds a page with a control, it checks the Registry to find out if the control is available, if it is IE displays the page and runs the control If it is not, IE uses Authenticode to check the author (Verisign role) and download the control. Finally IE displays the page and runs the control “Safe for Scripting”: Authenticode is not used with these controls, malicious Web sites may explore as a vulnerability. Easy to mark as such. Countermeasures:Easy to mark as such apply patches for Scriptlet/Eyedog and OUA (Office 2000 UA).Scriptlet/EyedogOffice 2000 UA Set macro protection to High in Tool/Macro menu in Office. restrict or disable ActiveX, using security zones Using security zones: IE has five predefined zones: Internet, Local Intranet, Trusted Sites, Restricted Sites, and My Computer.security zones Internet zone: disable ActiveX controls, enable per-session cookies and file download, and set scripting to prompt.disable ActiveX controlsenable per-session cookies and file downloadset scripting to prompt Trusted Sites: assign medium security and add sites you can trust to run ActiveX controls, e.g. Microsoft sites.medium securityadd sites

4 Hacking the Internet user: Malicious mobile code Java basic security: (a) strong typing enforced at compile and execution time, (b) built in JVM bytecode verifier controls memory space (buffer overflows are difficult to happen), (c) no memory pointers (making difficult to insert commands in running code), (d) security manager (control access to computer resources), and (e) code signing similar to Authenticode. Recommendations: update and use security zones. JavaScript: most frequently used client-side scripting. MS executes JavaScript using Active Scripting. Again use security zones to restrict the use of JavaScript. Beware of the “cookie monster”: cookies can be per session or persistent. Settings in Firefox and Internet Explorer.(IE 7 )FirefoxInternet ExplorerIE 7 Cookie sniffing: capturing cookies using packet sniffing tools (SpyNet/PeepNet).SpyNet/PeepNet Countermeasures: Cookie cutters, Firefox and IE cookie controls.Cookie cutters IE HTML frame vulnerabilities. The IE's cross-domain security model (a domain is a security boundary - any open windows within the same domain can interact with each other, but windows from different domains cannot). IE's cross-domain security model IFRAME ExecCommand: iframe is a IE tag to create a floating frame on the middle of a nonframed page. A hacker wrote a JavaScript to read a local file.hacker Countermeasure in IE: Tools, security, disable Navigate sub-frames across different domains.disable Navigate sub-frames across different domains

5 Hacking the Internet user: hacking basics: (i)create a text file using the correct MIME syntax, (ii) use netcat to send the message to an open relay SMTP server, (iii) check the results. Using mpack we can include an attachment. If mail server requires authentication this hack fails, therefore you should use Sam Spade to check server first.text fileuse netcatsend the messageresultsmpackhack fails disable Java, JavaScript and ActiveX in Mail, e.g. Thunderbird.Thunderbird. executing code through block all s that have attachments with the extensions.scr,.pif, zip, : Outlook Express: “book worms:” Melissa, ILOVEYOU (see book), Nimda, CodeRed, etc, access OE address book and mail themselves to all entries. More recent versions use as subject and content parts of messages sent or received. Use Microsoft patch. Countermeasure: OE 2003 and above: Tools, Options, Read, Read All messages as Plain Text.patchRead All messages as Plain Text File attachment attacks: scrap files (.shs and.shb), Long file names in attachments should be blocked by anti-virus, or server filtering. Save As in Excel/PowerPoint, and be aware of OE use of the TEMP directory.scrap files

6 Hacking the Internet user: other SSL : overview, use the 128-bit encryption (most countries now). Potential fraud: bypassing the certificate validation. Click on lock to see certificate. overviewcertificate IRC hacking: not only message exchange, but also file exchange. Users connect to a reflector (BNC, IRC Bouncer or proxy server), making the tracing of IRC users fruitless (a plus for hackers), all you get is the BNC IP. IRC DCC Send and Get connect directly two IRC users and allow file exchange, what makes easy to an user or worm infected user to distribute malicious code. Countermeasure: if you need to use IRC, run anti-virus on the directory you selected as default for DCC downloads, and read more about IRC security.IRC security Napster hacking: as a distributed file-sharing network, it has the potential to distribute Trojans, viruses, disguised as MP3 audio files. Napster checks headers and frames to see if the files are MP3 files, but Wrapster disguise files as MP3. Similar services may also be vulnerable. Napster Wrapster Global countermeasures keep Antivirus signatures updated (at least twice a month). firewalls and traffic scanners (e.g. Vital Security™ Web Appliance).Vital Security™ Web Appliance


Download ppt "Web hacking and the Internet user. Web hacking Basics Web pilfering: download selectively web sites and search files off-line.selectivelysitesfiles Automated."

Similar presentations


Ads by Google