Computer SecurityWhat’s this course about?General course info (see web)Current TrendsHistorical hackers (prior to 2000)Typical Botherder: 0x80" (pronounced X-eighty)Some things in the newsTrendsHow big is the security problem?Most-common attacks on systemsVulnerability Stats: web is “winning”Web attack toolkit: MPackSilentBankerSteal cars with a laptopSlide 15iPhone attack (summer 2007)iPhone security measuresAnalysis methodsSuggestions for improvementSlide 20Underground goods and servicesWhy are there security vulnerabilities?Slide 23Ethical use of security informationLaw enforcementDifficult problem: insider threatExample insider attackExample #2Example #3Software dangersKen ThompsonCompiler backdoorC compiler is written in CClever trick to avoid detectionSocial engineeringSlide 36Computer SecurityDan Boneh and John MitchellCS 155 Spring 2009http://crypto.stanford.edu/cs155What’s this course about?Some challenging fun projectsLearn about attacksLearn about preventing attacksLectures on many topicsApplication securityOperating system securityNetwork securityWeb securitySome overlap with CS142; redesign for next yearnot a course on Cryptography (take CS255)General course info (see web)Prerequisite: Operating systems (CS140)Textbook: none – reading onlineCoursework3 projects, 2 homeworks, final exam grade: 0.25 H + 0.5 P + 0.25 F Teaching assistantsHristo Bojinov, Indrajit Khare, Gary LuuOccasional optional section (time to be confirmed)Fridays, 4:15 - 5:05, Gates B03Current TrendsHistorical hackers (prior to 2000)Profile:MaleBetween 14 and 34 years of ageComputer addictedNo permanent girlfriendNo Commercial Interest !!!Source: Raimund GenesTypical Botherder: 0x80" (pronounced X-eighty)High school dropout“…most of these people I infect are so stupid they really ain't got no business being on the Internet in the first place.“Working hours: approx. 2 minutes/day to manage BotnetMonthly earnings: $6,800 on averageDaily Activities: Chatting with people while his bots make him moneyRecently paid $800 for an hour alone in a VIP room with several dancersJob Description: Controls 13,000+ computers in more than 20 countries Infected Bot PCs download Adware then search for new victim PCsAdware displays ads and mines data on victim's online browsing habits.Bots collect password, e-mail address, SS#, credit and banking dataGets paid by companies like TopConverting.com, GammaCash.com, Loudcash, or 180Solutions.6Washington Post: Invasion of the Computer SnatchersSome things in the newsNigerian letter (419 Scams) still works:Michigan Treasurer Sends 1.2MUSD of State Funds !!!Many zero-day attacks in 2007-08 Google, Excel, Word, Powerpoint, Office …Criminal access to important devicesNumerous lost, stolen laptops, storage media, containing customer informationSecond-hand computers (hard drives) pose riskGozi trojan steals data from SSL streamsUndetected for 50 daysVint Cerf estimates ¼ of PCs on Internet are bots7TrendsMalicious software levels consistently risingMore malicious software in ‘08 than all previous years combinedBy all accounts, ’09 will see increasing riseGood vs. bad software inflection pointUnderground economy and supply chain Lowers bar for who can participate in cybercrimeWeb will continue as an attack vector Popular medium, rich content, remote access to your home/officeTargeted attacks Necessitate defense-in-depth protectionAttackers starting at the supply chainInfected digital picture frames8Credit: Zulfikar RamzanHow big is the security problem?http://www.cert.org/stats/CERT Vulnerabilities reportedMost-common attacks on systems2006 MITRE CVE stats: 21.5 % of CVEs were XSS 14 percent SQL injection 9.5 percent php "includes“7.9 buffer overflow2005 was the first year that XSS jumped ahead of buffer overflows …10Vulnerability Stats: web is “winning”Source: MITRE CVE trendsMajority of vulnerabilities now found in web softwareWeb attack toolkit: MPack12Basic setupToolkit hosted on web serverInfects pages on that serverPage visitors get infectedFeaturesCustomized: determines exploit on the fly, based on user’s OS, browser, etcEasy to use: management console provides stats on infection ratesCustomer care toolkit can be purchased with one-year support contract!SilentBankerProxy intercepts request and adds fieldsBank sends login page needed to log inWhen user submits information, also sent to attackerCredit: Zulfikar RamzanSteal cars with a laptopNEW YORK - Security technology created to protect luxury vehicles may now make it easier for tech-savy thieves to drive away with them. In April ‘07, high-tech criminals made international headlines when they used a laptop and transmitter to open the locks and start the ignition of an armor-plated BMW X5 belonging to soccer player David Beckham, the second X5 stolen from him using this technology within six months.… Beckham's BMW X5s were stolen by thieves who hacked into the codes for the vehicles' RFID chips …1415iPhone attack (summer 2007)iPhone Safari downloads malicious web pageArbitrary code is run with administrative privilegesCan read SMS log, address book, call history, other dataCan perform physical actions on the phone. system sound and vibrate the phone for a secondcould dial phone numbers, send text messages, or recordaudio (as a bugging device) Transmit collected data over network to attacker See http://www.securityevaluators.com/iphone/16iPhone security measures“Reduced attack surface”Stripped down and customized version of Mac OS Xdoes not have common binaries such as bash, ssh, or even ls.MobileSafari - many features of Safari have been removedNo Flash plug-in, many file types cannot be downloadedSome internal protectionIf USB syncing with iTunes, file system cannot be mountedFile system accessible to iTunes is chroot’ed Weak security architectureAll processes of interest run with administrative privilegesiPhone does not utilize some widely accepted practicesAddress randomizationEach time a process runs, the stack, heap, and executable code located at precisely the same spot in memory Non-executable heapsBuffer overflow on heap can write executable instructions17Analysis methodsExtract and statically analyze binariesUsing jailbreak and iPhoneInterface,Audit
View Full Document
Unlocking...