DOCSLIB.ORG

PC Magazine Fighting Spyware Viruses And

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
PC Magazine Fighting Spyware Viruses And 01_577697 ffirs.qxd 12/7/04 11:49 PM Page i PC Magazine® Fighting Spyware, Viruses, and Malware Ed Tittel TEAM LinG - Live, Informative, Non-cost and Genuine ! 01_577697 ffirs.qxd 12/7/04 11:49 PM Page ii PC Magazine® Fighting Spyware, Viruses, and Malware Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256-5774 www.wiley.com Copyright © 2005 by Wiley Publishing Published simultaneously in Canada ISBN: 0-7645-7769-7 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 1B/RW/RS/QU/IN No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, e-mail: [email protected]. Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Website may provide or recommendations it may make. Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read. For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Cataloging-in-Publication Data Tittel, Ed. PC magazine fighting spyware, viruses and malware / Ed Tittel. p. cm. Includes bibliographical references and index. ISBN 0-7645-7769-7 (paper/website) 1. Computer security. 2. Computer viruses. I. Title. QA76.9.A25T57 2005 005.8--dc22 2004024100 Trademarks: Wiley, the Wiley Publishing logo and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. PC Magazine and the PC Magazine logo are registered trademarks of Ziff Davis Publishing Holdings, Inc. Used under license. All rights reserved. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book. TEAM LinG - Live, Informative, Non-cost and Genuine ! 01_577697 ffirs.qxd 12/7/04 11:49 PM Page iii Credits EXECUTIVE EDITOR VICE PRESIDENT & EXECUTIVE GROUP Chris Webb PUBLISHER Richard Swadley CONTRIBUTOR AND PROJECT MANAGER Dawn Rader VICE PRESIDENT AND PUBLISHER Joseph B. Wikert SENIOR DEVELOPMENT EDITOR Kevin Kent PROJECT COORDINATOR Erin Smith PRODUCTION EDITOR Gabrielle Nabi GRAPHICS AND PRODUCTION SPECIALISTS Lauren Goddard TECHNICAL EDITOR Heather Pope Mark Justice Hinton QUALITY CONTROL TECHNICIAN COPY EDITOR Amanda Briggs Kim Cofer John Greenough Jessica Kramer EDITORIAL MANAGER Carl Pierce Mary Beth Wakefield MEDIA DEVELOPMENT SPECIALIST Kit Malone PROOFREADING AND INDEXING TECHBOOKS Production Services About the Author Ed Tittel is a full-time writer, trainer, and consultant, and the author of more than 100 computer books. He’s been writing, researching, and teaching on Windows security topics since 1996. He’s taught security classes for the NetWorld/Interop conference (1997–2002), the Internet Security Conference, a.k.a. TISC (1999–2001), and as an adjunct faculty member at Austin Community College in his hometown, of Austin, Texas. Ed also writes regularly about security topics for numerous TechTarget Web sites and for Certification Magazine (where he’s a columnist and the Technology Editor). Ed also manages the IT certification guide and topic area at InformIT.com, and writes occasionally on security topics for TechBuilder.org, TechRepublic, and other Web sites. Ed stumbled into the subject of this book — literally — in 2002 when one of his coworkers complained about a toolbar in Internet Explorer that just wouldn’t go away. After repeated attempts to remove the offending item — an adware object that replaced defaults galore, and insinuated itself most cleverly into the Web browser and registry — Ed soon learned about anti-spyware and anti-adware software. From this encounter, an abiding interest in the sub- ject matter was born and continues to this day. An inveterate tinkerer cursed with incurable curiosity, Ed has become something of a connoisseur of spyware, adware, and malware protection tools and techniques. For that rea- son he really enjoyed writing this book and would also be glad to hear from its readers at [email protected] via e-mail. To get past Ed’s spam filter, however, please put PCMFig: in the subject line of all e-mails you send to him. TEAM LinG - Live, Informative, Non-cost and Genuine ! 01_577697 ffirs.qxd 12/7/04 11:49 PM Page iv I’d like to dedicate this book to my loving wife, Dina, and thank her not only for her support and encouragement, but also for bringing our beautiful son, Gregory, into this world on 2/6/2004. Nothing I can do or say can ever completely communicate my love, appreciation, and affection, but that doesn’t mean I won’t keep trying! TEAM LinG - Live, Informative, Non-cost and Genuine ! 02_577697 fpref.qxd 11/29/04 12:53 PM Page v Preface When I read that Microsoft was planning for 100 million downloads of Windows XP Service Pack 2 (SP2) — a new add-on to the company’s flagship desktop operating system that is being publicly released just as I finish the initial draft of this book — I already knew that the world of computing was crossing over into a new phase of use and existence. Explaining why will take a little doing, but also leads directly into the motivation and justification for this book. I started using the Internet seriously in 1987 (and had been a serious CompuServe user since the late 1970s). Never in my wildest dreams did I see the Internet becoming a primary vehicle for soft- ware distribution, as well as communications, information gathering, socializing, entertainment, and so forth. Windows XP SP2 weighs in at somewhere between 250 and 266 megabytes in size — nearly half the contents of a typical CD-ROM, and a pretty hefty download for anybody who doesn’t have a fast Internet connection. Yet here is Microsoft, gearing up for 100 million downloads of this release — a staggering 210 quadrillion bits worth of data — in two months (note: in late October 2004, Microsoft reported there’d been 106 million copies of SP2 accessed, of which 90 million were downloaded and 26 mil- lion distributed on CD). And it’s just one of many companies that now routinely use the Internet to deliver software, updates, upgrades, and so forth on a completely routine basis. In fact, Microsoft’s recommendation for Windows XP users in need of SP2 was to simply enable the Automatic Update function in the operating system, so that it would show up some morning on the desktop, ready to be installed. But alas, what works so very well for software and content that users actually want to see, use, or install works equally well for unwanted content and software as well. Pop-up advertisements for everything from college degrees to all kinds of medications to salacious materials routinely dog peo- ple’s desktops as they visit Web sites, and downloading software from unknown or potentially ques- tionable sources can introduce hidden invaders that can sometimes wreak havoc on the unwary or unsuspecting. Likewise, lots of interesting malicious software — called malware throughout this book — has interesting ways of using e-mail attachments, file transfers, or supposed image files to weasel its way into unprotected PCs. Because everybody uses the Internet these days, everybody must also be prepared to deal with what’s out there “in the wild” and be able to protect themselves from the unwanted or the uninvited interlopers that will try to make a home on their systems. That’s the real reason why I wrote this book: to explain and explore these dangers, to provide some idea of the kinds of risks or threats they pose, and to describe preventative tools and best practices to help everyone avoid the threats they face on a daily basis, unwitting or otherwise. I also describe how to diagnose potential infections or infestations when unwanted visitors do establish residence on your PC, and how to clean up after- wards, if and when this should happen to you.
Load more

Recommended publications
  • Paradise Lost , Book III, Line 18
    _Paradise Lost_, book III, line 18 %%%%%%%%%%%%%%%%%%%%%%%% ++++++++++Hacker's Encyclopedia++++++++ ===========by Logik Bomb (FOA)======== <http://www.xmission.com/~ryder/hack.html> ---------------(1997- Revised Second Edition)-------- ##################V2.5################## %%%%%%%%%%%%%%%%%%%%%%%% "[W]atch where you go once you have entered here, and to whom you turn! Do not be misled by that wide and easy passage!" And my Guide [said] to him: "That is not your concern; it is his fate to enter every door. This has been willed where what is willed must be, and is not yours to question. Say no more." -Dante Alighieri _The Inferno_, 1321 Translated by John Ciardi Acknowledgments ---------------------------- Dedicated to all those who disseminate information, forbidden or otherwise. Also, I should note that a few of these entries are taken from "A Complete List of Hacker Slang and Other Things," Version 1C, by Casual, Bloodwing and Crusader; this doc started out as an unofficial update. However, I've updated, altered, expanded, re-written and otherwise torn apart the original document, so I'd be surprised if you could find any vestiges of the original file left. I think the list is very informative; it came out in 1990, though, which makes it somewhat outdated. I also got a lot of information from the works listed in my bibliography, (it's at the end, after all the quotes) as well as many miscellaneous back issues of such e-zines as _Cheap Truth _, _40Hex_, the _LOD/H Technical Journals_ and _Phrack Magazine_; and print magazines such as _Internet Underground_, _Macworld_, _Mondo 2000_, _Newsweek_, _2600: The Hacker Quarterly_, _U.S. News & World Report_, _Time_, and _Wired_; in addition to various people I've consulted.
    [Show full text]
  • Windows NT Network Management: Reducing Total Cost of Ownership - 9 - Performance Monitoring
    Windows NT ...: Reducing Total Cost of Ownership - Chapter 9 - Performance Monitorin Page 1 of 13 [Figures are not included in this sample chapter] Windows NT Network Management: Reducing Total Cost of Ownership - 9 - Performance Monitoring AN OLD ADAGE SAYS, "IF YOU can’t measure it, you can’t manage it." Even if you can measure something, how can you tell if your changes are making a difference if you don’t have baseline information? It’s important to monitor a server’s or work- station’s performance to maximize your investment in these tools. If a user complains that her computer is too slow, you often need more information to fix the problem. For example, if the problem is loading Web pages on a computer using an analog modem, the modem is probably limiting the system’s performance. However, if the computer is an older model, certain operations may wait for the CPU to finish processing. In this case, a complete system upgrade may be the best solution. The usefulness of performance monitoring goes far beyond handling user expectations. A network and systems administrator can use information obtained by analyzing the operations of existing hardware, software, and networking devices to predict the timing of upgrades, justify the cost of replacing and upgrading devices, and assist in troubleshooting. Performance monitoring ultimately reduces TCO and is a vital part of managing any IT environment. Performance monitoring helps answer important questions about your current environment. For example, you may want to know which activity specifically uses the most resources in your environment. If you determine that it is loading Web pages, then upgrading the RAM or the CPU speed of client machines may not help much.
    [Show full text]
  • Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
    Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide
    [Show full text]
  • Introduction
    Introduction Toward a Radical Criminology of Hackers In the expansive Rio Hotel and Casino in Las Vegas, I stood in line for around an hour and a half to pay for my badge for admittance into DEF CON 21, one of the largest hacker conventions in the world. The wad of cash in my hand felt heavier than it should have as I approached the badge vendor. DEF CON is an extravagant affair and attendees pay for it (though, from my own readings, the conference administrators work to keep the costs reduced). The line slowly trickled down the ramp into the hotel con- vention area where the badge booths were arranged. As I laid eyes on the convention, my jaw dropped. It was packed. Attendees were already mov- ing hurriedly throughout the place, engaged in energetic conversations. Black t- shirts— a kind of hacker uniform— were everywhere. Las Vegas- and gambling- themed décor lined the walls and floors. Already, I could see a line forming at the DEF CON merchandise booth. Miles, a hacker I had gotten to know throughout my research, mentioned that if I wanted some of the “swag” or “loot” (the conference merchandise), I should go ahead and get in line, a potential three- to four-hour wait. Seemingly, everyone wanted to purchase merchandise to provide some evidence they were in attendance. Wait too long and the loot runs out. After winding through the serpentine line of conference attendees wait- ing for admittance, I approached the badge vendors and (dearly) departed with almost $200. Stepping into the convention area, I felt that loss in the pit of my stomach.
    [Show full text]
  • Infosec Year in Review -- 1999
    InfoSec Year In Review -- 1999 M. E. Kabay, PhD, CISSP. Security Leader, INFOSEC Group, AtomicTangerine Inc. Category 11 Breaches of confidentiality Date 1999-01-29 Keyword data leakage privacy confidentiality control Web Source, Vol, No. RISKS 20 18 The Canadian consumer-tracking service Air Miles inadvertently left 50,000 records of applicants for its loyalty program publicly accessible on their Web site for an undetermined length of time. The Web site was offline as of 21 January until the problem was fixed. Date 1999-02-03 Keyword data leakage Web script QA vulnerability confidentiality Source, Vol, No. WIRED via PointCast An error in the configuration or programming of the F. A. O. Schwarz Web site resulted paradoxically in weakening the security of transactions deliberately completed by FAX instead of through SSL. Customers who declined to send their credit-card numbers via SSL ended up having their personal details — address and so forth — stored in a Web page that could be accessed by anyone entering a URL with an appropriate (even if randomly chosen) numerical component. Date 1999-02-10 Keyword e-commerce credit card personal information password privacy Source, Vol, No. RISKS 20 20 Prof. Ross Anderson of Cambridge University analyzed requirements on the AMAZON.COM online bookstore for credit card number, password, and personal details such as phone number. He identified several risks: (1) merchant retention of credit card numbers poses a far higher risk of capture than of capture in transit; (2) adding a password increases the likelihood of compromise because so many naïve users choose bad passwords and then write them down; (3) even the British site for Amazon contravenes European rules on protecting consumer privacy; (3) such practices make it easier for banks to reject their clients' claims of fraudulent use of their credit-card numbers.
    [Show full text]
  • Honeypots: Tracking Hackers by Lance Spitzner Publisher: Addison Wesley Pub Date: September 13, 2002 ISBN: 0-321-10895-7 Pages: 480 • Examples
    Honeypots: Tracking Hackers By Lance Spitzner Publisher: Addison Wesley Pub Date: September 13, 2002 ISBN: 0-321-10895-7 Pages: 480 • Examples Copyright Foreword: Giving the Hackers a Kick Where It Hurts Preface Audience CD-ROM Web Site References Network Diagrams About the Author Acknowledgments Chapter 1. The Sting: My Fascination with Honeypots The Lure of Honeypots How I Got Started with Honeypots Perceptions and Misconceptions of Honeypots Summary References Chapter 2. The Threat: Tools, Tactics, and Motives of Attackers Script Kiddies and Advanced Blackhats Everyone Is a Target Methods of Attackers Motives of Attackers Adapting and Changing Threats Summary References Chapter 3. History and Definition of Honeypots The History of Honeypots Definitions of Honeypots Summary References Chapter 4. The Value of Honeypots Advantages of Honeypots Disadvantages of Honeypots The Role of Honeypots in Overall Security Honeypot Policies Summary References Chapter 5. Classifying Honeypots by Level of Interaction Tradeoffs Between Levels of Interaction Low-Interaction Honeypots Medium-Interaction Honeypots High-Interaction Honeypots An Overview of Six Honeypots Summary References Chapter 6. BackOfficer Friendly Overview of BOF The Value of BOF How BOF Works Installing, Configuring, and Deploying BOF Information Gathering and Alerting Capabilities Risk Associated with BOF Summary Tutorial References Chapter 7. Specter Overview of Specter The Value of Specter How Specter Works Installing and Configuring Specter Deploying and Maintaining Specter Information-Gathering and Alerting Capabilities Risk Associated with Specter Summary References Chapter 8. Honeyd Overview of Honeyd Value of Honeyd How Honeyd Works Installing and Configuring Honeyd Deploying and Maintaining Honeyd Information Gathering Risk Associated with Honeyd Summary References Chapter 9.
    [Show full text]
  • Cult of the Dead Cow by Menn, June 2019 : a Fundamental Misunderstanding
    Cult of the Dead Cow by Menn, June 2019 : a fundamental misunderstanding. Camille Akmut June 14, 2019 Abstract Beginning or end of a culture? The old model of the journalist-turned- historian by default. { a book review. 1 Introduction : isomorphic structures \I have not slept with any of my subjects." If such were a condition to be a journalist or documentary filmmaker of technology today, as it is commonly understood to be the rule amongst political reporters, for obvious reasons, their fates would be settled faster than they had settled Applebaum's own. |{ It is hard to observe the doings of this peculiar circle from afar without being reminded of their predecessors, who were the rock bands of the 1960s, 1970s, 1980s and 1990s, and their groupies (e.g. journalist Annik Honore and Ian Curtis). In the 2000s, they emerged, and replaced them; all of their habits and ways included, almost identical. We will forgo any longer discussions or descriptions of this incestu- ous crowd, of \crypto-anarchists" and \cyber-libertarians" with doubtful understanding of political theory, or history, \theoretical physicists" who conduct their own trials by fire, as churchmen had done in the Middle Ages of queers; and the rest of side characters, who too often land on their backs. The bottom is nearly bottomless with them, and they know their mu- tual orifices a little too well for their own good. Their courtship scenes are like those that could be observed, not with- out embarrassment by some, in the gymnasiums of ancient Athens in the middle of summer, June; the remains of which we find now in various comedy plays.
    [Show full text]
  • Cult of the Dead Cow
    This document is made available through the declassification efforts and research of John Greenewald, Jr., creator of: The Black Vault The Black Vault is the largest online Freedom of Information Act (FOIA) document clearinghouse in the world. The research efforts here are responsible for the declassification of hundreds of thousands of pages released by the U.S. Government & Military. Discover the Truth at: http://www.theblackvault.com U.S. Department of Justice Federal Bureau of Investigation Washington, D.C. 20535 April 19, 2019 MR. JOHN GREENEWALD JR. SUITE 1203 27305 WEST LIVE OAK ROAD CASTAIC, CA 91384 FOIPA Request No.: 1431530-000 Subject: Cult of the Dead Cow Dear Mr. Greenewald: The enclosed 67 pages of records were determined to be responsive to your subject and were previously processed and released pursuant to the Freedom of Information Act (FOIA). Please see the selected paragraphs below for relevant information specific to your request as well as the enclosed FBI FOIPA Addendum for standard responses applicable to all requests. In an effort to provide you with responsive records as expeditiously as possible, we are releasing documents from previous requests regarding your subject. We consider your request fulfilled. Since we relied on previous results, additional records potentially responsive to your subject may exist. If this release of previously processed material does not satisfy your request, you may request an additional search for records. Submit your request by mail or fax to – Work Process Unit, 170 Marcel Drive, Winchester, VA 22602, fax number (540) 868-4997. Please cite the FOIPA Request Number in your correspondence.
    [Show full text]
  • High CPU Utilization in Newer Windows Versions
    High CPU Utilization in Newer Windows Versions Article ID: GV16-03-15-t Release Date: 03/15/2016 Applied to Windows 8 and later versions Windows Server 2012 and later versions Symptoms In newer Windows versions, the Performance tab in Task Manager often shows a CPU utilization of 100% when running GeoVision software with GeoVision dongles or capture cards installed. 1 Explanation In newer Windows versions, the CPU utilization takes into account of the CPU speed and is not calculated the same way as the CPU usage seen in Windows 7 and older versions. A 100% CPU utilization in Windows 10 is not the same as a 100% CPU usage in Windows 7. When running GeoVision software with GeoVision dongles or capture cards, the power saving mode of the computer is automatically disabled in order to avoid stability issues. Do not restore the power plan to default settings, which will enable the power saving mode again, even though the CPU utilization will appear lower in the Performance tab of Task Manager due to the lower CPU speed used during power saving mode. Looking Up the CPU Usage There are two ways to see the actual CPU usage in newer Windows versions. Method 1: Using Windows’ Performance Monitor 1. Click Start, type perfmon in the Search box, and then press Enter. 2. Under Monitoring Tools, click Performance Monitor. The CPU usage is displayed. 2 Method 2: Using System Idle Process in Task Manager 1. Open Task Manager (Ctrl-Alt-Delete) and click the Details tab. 2. Look for System Idle Process in the list and subtract its CPU usage from 100% to obtain the current CPU usage.
    [Show full text]
  • A Toolkit for Detecting and Analyzing Malicious Software
    A Toolkit for Detecting and Analyzing Malicious Software Michael Weber, Matthew Schmid & Michael Schatz David Geyer Cigital, Inc. [email protected] Dulles, VA 20166 g fmweber, mschmid, mschatz @cigital.com Abstract the virus or Trojan horse performs malicious actions unbe- knownst to the user. These programs often propagate while In this paper we present PEAT: The Portable Executable attached to games or other enticing executables. Analysis Toolkit. It is a software prototype designed to pro- Malicious programmers have demonstrated their cre- vide a selection of tools that an analyst may use in order ativity by developing a great number of techniques through to examine structural aspects of a Windows Portable Ex- which malware can be attached to a benign host. Several ecutable (PE) file, with the goal of determining whether insertion methods are common, including appending new malicious code has been inserted into an application af- sections to an executable, appending the malicious code ter compilation. These tools rely on structural features of to the last section of the host, or finding an unused region executables that are likely to indicate the presence of in- of bytes within the host and writing the malicious content serted malicious code. The underlying premise is that typi- there. A less elegant but effective insertion method is to cal application programs are compiled into one binary, ho- simply overwrite parts of the host application. mogeneous from beginning to end with respect to certain Given the myriad ways malicious software can attach to structural features; any disruption of this homogeneity is a benign host it is often a time-consuming process to even a strong indicator that the binary has been tampered with.
    [Show full text]
  • Computer and Network Security CS 215 © Denbigh Starkey
    Computer and Network Security CS 215 © Denbigh Starkey 1. Introduction 1 2. Hackers 1 3. Phreaks 4 4. Software Security 6 5. Network Security 8 1. Introduction I’ve already covered some of the topics that fall into this category in my notes on malicious acts. In particular I’ve discussed viruses and related issues. I’ll get into a bit more detail here on these topics, but will mainly concentrate on other issues like hackers and phreaks. 2. Hackers Hacking used to be considered an ethical profession, but then some hacking groups like the Legion of Doom, whose only goals were negative, changed the connotations of the name to where it is now almost universally thought of as a very negative term. Possibly, however, things might change back, since I have just got a new book called Hands-On Ethical Hacking and Network Defense. Ethical hacking describes is how we first thought of the hacking community before it got corrupted. Levy’s hacker ethic, which was the moral code for hackers, had six principles: 1. Access to computers – and anything which might teach you something about the way the world works – should be unlimited and total. Always yield to the Hands- On Imperative. 2. All information should be free. 3. Mistrust Authority – Promote Decentralization. 4. Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position. 5. You can create art and beauty on a computer. 6. Computers can change your life for the better. So while the hacking code certainly implies lifestyle that is anarchistic in its underlying philosophy, it is not negative or destructive.
    [Show full text]
  • How Hackers Think: a Mixed Method Study of Mental Models and Cognitive Patterns of High-Tech Wizards
    HOW HACKERS THINK: A MIXED METHOD STUDY OF MENTAL MODELS AND COGNITIVE PATTERNS OF HIGH-TECH WIZARDS by TIMOTHY C. SUMMERS Submitted in partial fulfillment of the requirements For the degree of Doctor of Philosophy Dissertation Committee: Kalle Lyytinen, Ph.D., Case Western Reserve University (chair) Mark Turner, Ph.D., Case Western Reserve University Mikko Siponen, Ph.D., University of Jyväskylä James Gaskin, Ph.D., Brigham Young University Weatherhead School of Management Designing Sustainable Systems CASE WESTERN RESERVE UNIVESITY May, 2015 CASE WESTERN RESERVE UNIVERSITY SCHOOL OF GRADUATE STUDIES We hereby approve the thesis/dissertation of Timothy C. Summers candidate for the Doctor of Philosophy degree*. (signed) Kalle Lyytinen (chair of the committee) Mark Turner Mikko Siponen James Gaskin (date) February 17, 2015 *We also certify that written approval has been obtained for any proprietary material contained therein. © Copyright by Timothy C. Summers, 2014 All Rights Reserved Dedication I am honored to dedicate this thesis to my parents, Dr. Gloria D. Frelix and Dr. Timothy Summers, who introduced me to excellence by example and practice. I am especially thankful to my mother for all of her relentless support. Thanks Mom. DISCLAIMER The views expressed in this dissertation are those of the author and do not reflect the official policy or position of the Department of Defense, the United States Government, or Booz Allen Hamilton. Table of Contents List of Tables ....................................................................................................................
    [Show full text]