Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Fall 2005 – SLAC Work supported by U. S. Department of Energy contract DE-AC03-76SF00515
11 October 2005HEPiX - Fall Final Thoughts – Spring 2005 uAll operating systems are vulnerable uAll browsers are vulnerable (firefox vulnerability) uNo simple solution – security still to complex l Patching helps l Firewalls help l AV & attachment removal & spam filters help l Encrypted passwords/tunnels help – if used!! uYou can’t be “secure”; only “more secure” uWe must share information better l HEPiX Security list
11 October 2005HEPiX - Fall More Sophisticated Tools
11 October 2005HEPiX - Fall More Sophisticated Tools - 2
11 October 2005HEPiX - Fall More Sophisticated Tools - 3
11 October 2005HEPiX - Fall Passwords (from Monday) uPOP3 l peggyy,kcoct21,dec3.1 41, baum2kid, abouki99, jasperD9, pi16tchou uIMAP l omeRun75, Bruck5BD, uonsF9 uSMTP l $JPsiMeson, 0~, ha66il33 uICQ l gg14723 uFTP l aw3edcft6
11 October 2005HEPiX - Fall Passwords (http) - 2 ud115872m uHammerhead uS0ph0S u268jld823 ubravodb umonkies uD ufabien ufigarek u637xre286 uaK`5huHn ue4077a97 upeggy101 uguest ucisco ufin_maggie ufrump upingpass uanais uadmin ucband utig4yet upincopallino uMammoths
11 October 2005HEPiX - Fall On the Increase uphishing (including IM) upharming uspyware (p2p) uTailored viruses uIdentity theft (in general)
11 October 2005HEPiX - Fall Bad Practices
11 October 2005HEPiX - Fall New Technologies ubluetooth l voice recognition uRFID uVoIP (skype, googletalk, …) usmartcards, OTP uWill they make a difference?
11 October 2005HEPiX - Fall Advances in Security uCommon Malware Enumeration uCommon Vulnerability Scoring System uMS Office 2003 SP2 – anti-phishing Extra click to activate links in
11 October 2005HEPiX - Fall Map of Bots
11 October 2005HEPiX - Fall DOE Site Assistance Visit uWe’re from the government and here to help uHelp with documentation required by new government standards (NIST 800-xx) uIncluded penetration test
11 October 2005HEPiX - Fall Penetration Test - results uWin 2000 SP3 server uMS dropped support as of June 30 uNo warning of August vulnerability uLM hashes for local admin password l Rainbow tables l 64GB – 99.9% success at LM passwords uAdmin account shared with other servers
11 October 2005HEPiX - Fall No Final Thoughts Questions?