95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits...
-
Upload
rosamond-peters -
Category
Documents
-
view
212 -
download
0
Transcript of 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits...
![Page 1: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/1.jpg)
95-752:8-1
Application Security
![Page 2: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/2.jpg)
95-752:8-2
Malicious Code• Vulnerable Software• Hacker toolkits• Back/Trapdoors• Greedy Programs / Logic bombs• Salami Attacks• Trapdoors• Worms/Viruses• Bot Networks
![Page 3: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/3.jpg)
95-752:8-3
Vulnerable Software
• Buffer overflows• Insecure running environment• Insecure temporary files• Insecure program calls• Weak encryption• Poor programming• “If people built buildings the way that
programmers write software, the first woodpecker to come along would destroy civilization.”
![Page 4: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/4.jpg)
95-752:8-4
Handling Vulnerabilities
• Locating
• Dealing with vendors
• Applying patches
• Disabling services
• Reconfiguring software/services
![Page 5: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/5.jpg)
95-752:8-5
Hacker ToolkitsPrograms that automatically scan for
security problems on systems– Useful for system administrators to find
problems for fixing– Useful for hackers to find problems for
exploitation
Examples:– SATAN– COPS– ISS
Countermeasure: Detection Software
![Page 6: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/6.jpg)
95-752:8-6
Back/Trapdoors• Pieces of code written into applications of
operating systems to grant programmers easy access
• Useful for debugging and monitoring• Too often, not removed• Examples:
– Dennis Richie’s loging/compiler hack– Sendmail DEBUG mode
• Countermeasures– Sandboxing– Code Reviews
![Page 7: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/7.jpg)
95-752:8-7
Logic Bombs• Pieces of code to cause undesired effects
when event occurs• Used to enforce licenses (time-outs)• Used for revenge by disgruntled• Can be hard to determine malicious• Examples
– British accounting firm logic bomb– British bank hack
• Countermeasures– Personnel security
![Page 8: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/8.jpg)
95-752:8-8
Viruses
• Pieces of code that attach to existing programs• Not distinct program• No beneficial use – VERY destructive• Examples:
– Michelangelo
– Love letter
• Countermeasures– Virus detection/disinfection software
![Page 9: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/9.jpg)
95-752:8-9
Structure of a Virus
• Marker: determine if a potential carrier program has been previously infected
• Infector: Seeks out potential carriers and infects
• Trigger check: Establishes if current conditions are sufficient for manipulation
• Manipulation: Carry out malicious task
![Page 10: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/10.jpg)
95-752:8-10
Types of Viruses
• Memory-resident
• Hardware
• Buffered
• Hide-and-seek
• Live-and-die
• Boot segment
• Macro
![Page 11: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/11.jpg)
95-752:8-11
Worms• Stand-alone programs that copy themselves
from system to system• Some use in network computation• Examples:
– Dolphin worm (Xerox PARC)– Code Red (2001, $12B cost)– Morris Worm (1988, $20M cost)
• Countermeasures– Sandboxing– Quick patching: fix holes, stop worm
![Page 12: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/12.jpg)
95-752:8-12
Trojan Horses
• Programs that have malicious covert purpose• Have been used for license enforcement• Examples:
– FIX2001– AOL4FREE– RIDBO
• Countermeasures– Sandboxing– Code reviews
![Page 13: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/13.jpg)
95-752:8-13
Greedy Programs• Programs that copy themselves• Core wars• Have been used in destructive web pages,
standalone programs• Can be very difficult to show deliberate usage• Countermeasures:
– CPU quotas on process families– Process quotas– Review of imported software & web pages
![Page 14: 95-752:8-1 Application Security. 95-752:8-2 Malicious Code Vulnerable Software Hacker toolkits Back/Trapdoors Greedy Programs / Logic bombs Salami Attacks.](https://reader035.fdocuments.us/reader035/viewer/2022072006/56649d215503460f949f63bd/html5/thumbnails/14.jpg)
95-752:8-14
Bot Networks
• Collections of compromised machines• Typically, compromised by scripts• Respond to commands, perhaps encrypted• Examples:
LeavesCode Red II
• Countermeasures: Vul patching, Integrity checks