Download presentation
Presentation is loading. Please wait.
Published bySheena Mason Modified over 8 years ago
1
Recent Security Threats & Vulnerabilities Computer security Bob Cowles bob.cowles@slac.stanford.edu HEPiX, Fall 2005 – SLAC Work supported by U. S. Department of Energy contract DE-AC03-76SF00515
2
11 October 2005HEPiX - Fall 20052 Final Thoughts – Spring 2005 uAll operating systems are vulnerable uAll browsers are vulnerable (firefox vulnerability) uNo simple solution – security still to complex l Patching helps l Firewalls help l AV & attachment removal & spam filters help l Encrypted passwords/tunnels help – if used!! uYou can’t be “secure”; only “more secure” uWe must share information better l HEPiX Security email list
3
11 October 2005HEPiX - Fall 20053 More Sophisticated Tools
4
11 October 2005HEPiX - Fall 20054 More Sophisticated Tools - 2
5
11 October 2005HEPiX - Fall 20055 More Sophisticated Tools - 3
6
11 October 2005HEPiX - Fall 20056 Passwords (from Monday) uPOP3 l peggyy,kcoct21,dec3.1 41, baum2kid, abouki99, jasperD9, pi16tchou uIMAP l omeRun75, vrvs@Toshi, Bruck5BD, uonsF9 uSMTP l $JPsiMeson, 0~, ha66il33 uICQ l gg14723 uFTP l aw3edcft6
7
11 October 2005HEPiX - Fall 20057 Passwords (http) - 2 ud115872m uHammerhead uS0ph0S u268jld823 ubravodb umonkies uD3141592 ufabien ufigarek u637xre286 uaK`5huHn ue4077a97 upeggy101 uguest ucisco ufin_maggie ufrump upingpass uanais uadmin ucband utig4yet upincopallino uMammoths
8
11 October 2005HEPiX - Fall 20058 On the Increase uphishing (including IM) http://www.infosecwriters.com/texts.php?op=display&id=229 upharming http://www.infosecwriters.com/texts.php?op=display&id=323 uspyware (p2p) uTailored viruses uIdentity theft (in general) http://www.emergentchaos.com/archives/cat_breaches.html http://www.privacyrights.org/ar/ChronDataBreaches.htm
9
11 October 2005HEPiX - Fall 20059 Bad Practices
10
11 October 2005HEPiX - Fall 200510 New Technologies ubluetooth l voice recognition uRFID uVoIP (skype, googletalk, …) usmartcards, OTP uWill they make a difference?
11
11 October 2005HEPiX - Fall 200511 Advances in Security uCommon Malware Enumeration http://cme.mitre.org/ uCommon Vulnerability Scoring System http://www.first.org/newsroom/releases/20050919.html uMS Office 2003 SP2 – anti-phishing Extra click to activate links in email
12
11 October 2005HEPiX - Fall 200512 Map of Bots http://nepenthes.sourceforge.net/visualisation http://nepenthes.sourceforge.net/visualisation
13
11 October 2005HEPiX - Fall 200513 DOE Site Assistance Visit uWe’re from the government and here to help uHelp with documentation required by new government standards (NIST 800-xx) uIncluded penetration test
14
11 October 2005HEPiX - Fall 200514 Penetration Test - results uWin 2000 SP3 server uMS dropped support as of June 30 uNo warning of August vulnerability uLM hashes for local admin password l Rainbow tables l 64GB – 99.9% success at LM passwords uAdmin account shared with other servers
15
11 October 2005HEPiX - Fall 200515 No Final Thoughts Questions? http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg5.wmv
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.