Web hacking and the Internet user - PowerPoint PPT Presentation

About This Presentation
Title:

Web hacking and the Internet user

Description:

IIS security: see Microsoft Web ... Web vulnerability scanners are available for UNIX/Linux: Nikto and Whisker. Buffer Overflows: (i) PHP security, (ii) ... – PowerPoint PPT presentation

Number of Views:94
Avg rating:3.0/5.0
Slides: 7
Provided by: Dr1803
Category:

less

Transcript and Presenter's Notes

Title: Web hacking and the Internet user


1
Web hacking and the Internet user
2
Web hacking
  • Basics
  • Web pilfering download selectively web sites and
    search files off-line.
  • Automated scripts developed by advanced hackers
    for use by script kiddies. See
    SecurityInnovation for vulnerability scanners.
  • IIS security see Microsoft Web Application
    Security guide to setup the IIS and identify
    threats and create countermeasures.
  • CGI programming CGI with security in mind by
    W3org, a compilation and an index for CGI
    security resources, SSI and CGI security,
  • ASP vulnerabilities HTML and programming in the
    same directory, dot bug, samples (showcode and
    codebrws). See Microsoft ASP Security.
  • Web vulnerability scanners are available for
    UNIX/Linux Nikto and Whisker.
  • Buffer Overflows (i) PHP security, (ii) do not
    use the wwwcount.cgi, and (iii) IIS iishack
    vulnerability (use MSBA to find patches).
  • Poor Web design
  • Misuse of hidden tags (price, shipping, etc),
    e.g. search typehidden nameprice
  • SSI noExecs, pre-processing for hidden code.

3
Hacking the Internet userMalicious mobile code
  • Microsoft ActiveX (Active X controls have the
    file extension.ocx)
  • similar to OLE let an object be embedded in a
    page using the ltobjectgt tag
  • When IE finds a page with a control, it checks
    the Registry to find out if the control is
    available, if it is IE displays the page and runs
    the control
  • If it is not, IE uses Authenticode to check the
    author (Verisign role) and download the control.
    Finally IE displays the page and runs the control
  • Safe for Scripting Authenticode is not used
    with these controls, malicious Web sites may
    explore as a vulnerability. Easy to mark as
    such. Countermeasures
  • apply patches for Scriptlet/Eyedog and OUA
    (Office 2000 UA).
  • Set macro protection to High in Tool/Macro menu
    in Office.
  • restrict or disable ActiveX, using security zones
  • Using security zones IE has five predefined
    zones Internet, Local Intranet, Trusted Sites,
    Restricted Sites, and My Computer.
  • Internet zone disable ActiveX controls, enable
    per-session cookies and file download, and set
    scripting to prompt.
  • Trusted Sites assign medium security and add
    sites you can trust to run ActiveX controls, e.g.
    Microsoft sites.

4
Hacking the Internet userMalicious mobile code
  • Java basic security (a) strong typing enforced
    at compile and execution time, (b) built in JVM
    bytecode verifier controls memory space (buffer
    overflows are difficult to happen), (c) no memory
    pointers (making difficult to insert commands in
    running code), (d) security manager (control
    access to computer resources), and (e) code
    signing similar to Authenticode. Recommendations
    update and use security zones.
  • JavaScript most frequently used client-side
    scripting. MS executes JavaScript using Active
    Scripting. Again use security zones to restrict
    the use of JavaScript.
  • Beware of the cookie monster cookies can be
    per session or persistent.
  • Settings in Firefox and Internet Explorer .(IE 7
    )
  • Cookie sniffing capturing cookies using packet
    sniffing tools (SpyNet/PeepNet).
  • Countermeasures Cookie cutters, Firefox and IE
    cookie controls.
  • IE HTML frame vulnerabilities. The IE's
    cross-domain security model (a domain is a
    security boundary - any open windows within the
    same domain can interact with each other, but
    windows from different domains cannot).
  • IFRAME ExecCommand iframe is a IE tag to
    create a floating frame on the middle of a
    nonframed page. A hacker wrote a JavaScript to
    read a local file.
  • Countermeasure in IE Tools, security, disable
    Navigate sub-frames across different domains.

5
Hacking the Internet userE-mail hacking
  • basics (i)create a text file using the correct
    MIME syntax, (ii) use netcat to send the message
    to an open relay SMTP server, (iii) check the
    results. Using mpack we can include an attachment
    . If mail server requires authentication this
    hack fails, therefore you should use Sam Spade to
    check server first.
  • disable Java, JavaScript and ActiveX in Mail,
    e.g. Thunderbird.
  • executing code through e-mail block all emails
    that have attachments with the extensions
    .scr,.pif, zip,
  • Outlook Express book worms Melissa, ILOVEYOU
    (see book), Nimda, CodeRed, etc, access OE
    address book and mail themselves to all entries.
    More recent versions use as subject and content
    parts of messages sent or received. Use Microsoft
    patch. Countermeasure OE 2003 and above Tools,
    Options, Read, Read All messages as Plain Text.
  • File attachment attacks scrap files (.shs and
    .shb), Long file names in attachments should be
    blocked by anti-virus, or server filtering. Save
    As in Excel/PowerPoint, and be aware of OE use of
    the TEMP directory.

6
Hacking the Internet user other
  • SSL overview, use the 128-bit encryption (most
    countries now). Potential fraud bypassing the
    certificate validation. Click on lock to see
    certificate.
  • IRC hacking not only message exchange, but also
    file exchange. Users connect to a reflector (BNC,
    IRC Bouncer or proxy server), making the tracing
    of IRC users fruitless (a plus for hackers), all
    you get is the BNC IP.
  • DCC Send and Get connect directly two IRC users
    and allow file exchange, what makes easy to an
    user or worm infected user to distribute
    malicious code.
  • Countermeasure if you need to use IRC, run
    anti-virus on the directory you selected as
    default for DCC downloads , and read more about
    IRC security.
  • Napster hacking as a distributed file-sharing
    network, it has the potential to distribute
    Trojans, viruses, disguised as MP3 audio files.
    Napster checks headers and frames to see if the
    files are MP3 files, but Wrapster disguise files
    as MP3. Similar services may also be vulnerable.
  • Global countermeasures
  • keep Antivirus signatures updated (at least twice
    a month).
  • firewalls and traffic scanners (e.g. Vital
    Security Web Appliance).
Write a Comment
User Comments (0)
About PowerShow.com