Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 1 Eggs have the potential to cause catastrophic damage to private.

Published byAlycia Jacobson Modified over 10 years ago

Similar presentations

Presentation on theme: "© 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 1 Eggs have the potential to cause catastrophic damage to private."— Presentation transcript:

1 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 1 Eggs have the potential to cause catastrophic damage to private users, corporations and government systems. By Stephen Greenberg CS 725fc © 14/05/2002, Shareef I. Mostafa Easter Egg Insertion, Detection & Deletion in Commercial Software

2 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 2 Outline Easter Eggs Defined Egg Threats and their Creators Software Development Process Easter Egg Insertion Easter Egg Detection Easter Egg Recommendations

3 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 3 So what is an Easter Egg? Easter Egg – Code inserted into a commercial software product, which is not documented and not meant to be part of the product. Trojan Horse – a program that, when activated, performs some undesirable action not anticipated by the person running it. Prof Denning, GeorgeTown Trojan Horse – a program that, when activated, performs some undesirable action not anticipated by the person running it. Prof Denning, GeorgeTown Time Bomb – Executes at a specific date and time Logic Bomb – Triggered by some user action So an Easter Egg is really just a Trojan Horse!

4 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 4 Egg Threats and Creators Potential Threats Consumer – Steal Passwords, Credit Card details… Corporations - Crash Computers, Financial Loss… Government Agencies - Breach National Security Egg Creators Elites - Pay homage to development team. Not necessarily malicious. Not necessarily malicious. Dark Siders - Write malicious eggs for profit. (coined by author I think) (coined by author I think) But how real are these threats?

5 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 5 Software Development Process Software Testing Hardware Integration Independent Testing Product Assembly & Shipping Software Developmen t Product Configuratio n Customers Every bug results in code returning to Software Development process for correction Every bug results in code returning to Software Development process for correction Eggs usually inserted after first 4 stages when product is in binary form Eggs usually inserted after first 4 stages when product is in binary form

6 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 6 Easter Egg Insertion Improved Insertion Method by George Kalb 1) Obtain executable file you wish to backdoor 2) Identify function or symbol to backdoor (hexEditor) 3) Insert compiled Egg code into executable (hexEditor) 4) Change the address of the backdoored function to the new address of the egg code. (backdooring) 5) Recompute the Checksum

7 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 7 Easter Egg Code Example Function B { Detect triggering event; if (triggering event) { Egg Code goes here; } Call Function A; Return; } Function B Main Function Function A Call Function A to maintain all existing functionality Call Function A to maintain all existing functionality

8 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 8 Detection & Recommendations Recommendations Protect File Format – Insider wont understand file format and so cant insert any Egg. Encrypt Symbol Table – Insider cant backdoor any function in symbol table. Detection of Eggs Emulator – Run program with every documented function and have it capture all instruction fetches. Locations in memory that should not have been called. (ie. Possilby the result of an Egg) Also gaps in memory accesses, possibly from backdooring, may hint at Egg code.

9 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 9 Conclusion Easter Eggs…should we be worried? - There have been no documented cases of malicious Eggs to date. - Easter Egg threats need to viewed relative to all other security threats. (They aren't at the top of the list) So what have we learned? So what have we learned? - What are and Who creates Eggs? - How do they actually get into Software? - The general idea of how to backdoor an object. - An overview of Egg Insertion, Detection, & Solutions

10 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 10 Sites (for those interested) www.eeggs.com - Very thorough listing of Eggs www.wotsit.org - Executable File Format Definitions www.gnu.org - Info on BFD and GNU phrack.org/phrack/56/p56-0x09 – Backdooring Binary Objects

11 © 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 11 Easter Eggs MS Word 97 Egg MS Excel 97 Egg www.eeggs.com For thousands more check out

Download ppt "© 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 1 Eggs have the potential to cause catastrophic damage to private."

Similar presentations

Intermediate 2 Computing

Intermediate 2 Computing
Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Lecturer: Fadwa Tlaelan

Lecturer: Fadwa Tlaelan
Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. Copyright 1984, Association for Computing.

Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp Copyright 1984, Association for Computing.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Computer Viruses.

Computer Viruses.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.

1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google