Presentation is loading. Please wait.

Presentation is loading. Please wait.

Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Fall 2005 – SLAC Work supported by U. S. Department.

Published bySheena Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Fall 2005 – SLAC Work supported by U. S. Department."— Presentation transcript:

1 Recent Security Threats & Vulnerabilities Computer security Bob Cowles bob.cowles@slac.stanford.edu HEPiX, Fall 2005 – SLAC Work supported by U. S. Department of Energy contract DE-AC03-76SF00515

2 11 October 2005HEPiX - Fall 20052 Final Thoughts – Spring 2005 uAll operating systems are vulnerable uAll browsers are vulnerable (firefox vulnerability) uNo simple solution – security still to complex l Patching helps l Firewalls help l AV & attachment removal & spam filters help l Encrypted passwords/tunnels help – if used!! uYou can’t be “secure”; only “more secure” uWe must share information better l HEPiX Security email list

3 11 October 2005HEPiX - Fall 20053 More Sophisticated Tools

4 11 October 2005HEPiX - Fall 20054 More Sophisticated Tools - 2

5 11 October 2005HEPiX - Fall 20055 More Sophisticated Tools - 3

6 11 October 2005HEPiX - Fall 20056 Passwords (from Monday) uPOP3 l peggyy,kcoct21,dec3.1 41, baum2kid, abouki99, jasperD9, pi16tchou uIMAP l omeRun75, vrvs@Toshi, Bruck5BD, uonsF9 uSMTP l $JPsiMeson, 0~, ha66il33 uICQ l gg14723 uFTP l aw3edcft6

7 11 October 2005HEPiX - Fall 20057 Passwords (http) - 2 ud115872m uHammerhead uS0ph0S u268jld823 ubravodb umonkies uD3141592 ufabien ufigarek u637xre286 uaK`5huHn ue4077a97 upeggy101 uguest ucisco ufin_maggie ufrump upingpass uanais uadmin ucband utig4yet upincopallino uMammoths

8 11 October 2005HEPiX - Fall 20058 On the Increase uphishing (including IM) http://www.infosecwriters.com/texts.php?op=display&id=229 upharming http://www.infosecwriters.com/texts.php?op=display&id=323 uspyware (p2p) uTailored viruses uIdentity theft (in general) http://www.emergentchaos.com/archives/cat_breaches.html http://www.privacyrights.org/ar/ChronDataBreaches.htm

9 11 October 2005HEPiX - Fall 20059 Bad Practices

10 11 October 2005HEPiX - Fall 200510 New Technologies ubluetooth l voice recognition uRFID uVoIP (skype, googletalk, …) usmartcards, OTP uWill they make a difference?

11 11 October 2005HEPiX - Fall 200511 Advances in Security uCommon Malware Enumeration http://cme.mitre.org/ uCommon Vulnerability Scoring System http://www.first.org/newsroom/releases/20050919.html uMS Office 2003 SP2 – anti-phishing Extra click to activate links in email

12 11 October 2005HEPiX - Fall 200512 Map of Bots http://nepenthes.sourceforge.net/visualisation http://nepenthes.sourceforge.net/visualisation

13 11 October 2005HEPiX - Fall 200513 DOE Site Assistance Visit uWe’re from the government and here to help uHelp with documentation required by new government standards (NIST 800-xx) uIncluded penetration test

14 11 October 2005HEPiX - Fall 200514 Penetration Test - results uWin 2000 SP3 server uMS dropped support as of June 30 uNo warning of August vulnerability uLM hashes for local admin password l Rainbow tables l 64GB – 99.9% success at LM passwords uAdmin account shared with other servers

15 11 October 2005HEPiX - Fall 200515 No Final Thoughts Questions? http://www.antsight.com/zsl/rainbowcrack/demo_rainbowcrack_cfg5.wmv

Download ppt "Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Fall 2005 – SLAC Work supported by U. S. Department."

Similar presentations

Security in the NT Environment at SLAC HEPNT at CERN December 4, 1998 Bob Cowles, SLAC.

Security in the NT Environment at SLAC HEPNT at CERN December 4, 1998 Bob Cowles, SLAC.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.

Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.
Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Fall 2004 – Brookhaven, NY, USA Work supported.

Recent Security Threats & Vulnerabilities Computer security Bob Cowles HEPiX, Fall 2004 – Brookhaven, NY, USA Work supported.
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
Annual Safety & Security Briefing - 9/22/04 Teresa Downey – SLAC Computer Security Group & SCS Applications Group.

Annual Safety & Security Briefing - 9/22/04 Teresa Downey – SLAC Computer Security Group & SCS Applications Group.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Windows Malware: Detection And Removal TechBytes Tim Ramsey.

Windows Malware: Detection And Removal TechBytes Tim Ramsey.
Coming Soon ! Google Prepared by Frank Saraceno.

Coming Soon ! Google Prepared by Frank Saraceno.
Identity Theft and Safe Computing Keeping yourself You by good habits and good technology.

Identity Theft and Safe Computing Keeping yourself You by good habits and good technology.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.

Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Internet Security In the 21st Century Presented by Daniel Mills.

Internet Security In the 21st Century Presented by Daniel Mills.
IT Academy (part of the University of York ). Cybercrime... Fact or CSI SciFi?

IT Academy (part of the University of York ). Cybercrime... Fact or CSI SciFi?
Computer Security Update Bob Cowles, SLAC stanford.edu Presented at RAL 09 Dec 2002 Work supported by U. S. Department of Energy contract.

Computer Security Update Bob Cowles, SLAC stanford.edu Presented at RAL 09 Dec 2002 Work supported by U. S. Department of Energy contract.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Security for Seniors SeniorNet Help Desk 631.629.5426

Security for Seniors SeniorNet Help Desk

Similar presentations

Ads by Google