DOCSLIB.ORG

The Ultimate Cybersecurity Guide for the It Professional

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL { 01101000 01110100 01110100 01110000 01110011 00111010 00101111 00101111 01110111 01110111 01110111 00101110 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 01100001 01100011 01101011 00101110 01100011 01101111 01101101 } THE ULTIMATE CYBERSECURITY GUIDE FOR THE IT PROFESSIONAL 2019 Welcome to our comprehensive guide on the basics of cybersecurity. Whether you've been in IT for a long time or are just starting out, there is an expectation that everyone in IT should have some degree of expo- sure to InfoSec. A good way to do that is to learn from and get connected in the community. Cybersecurity is a fascinating and rapidly evolving area of IT. And those that are involved are friendly people who care passionately about keeping us all safe. With information from over 150 sourced references, and personal input from The Howler Hub community of security experts, this guide contains the key information to help you: • Understand key concepts that drive the security professional. • Learn a common language to engage with cybersecurity professionals. • Connect with sources to stay up-to-date on this evolving field. • Engage with cybersecurity experts and the threat hunting community at large. CONTENTS 01 02 03 History of Attackers + Common Cybersecurity Their Motives Attacks <pg num="001" /> <pg num="005" /> <pg num="007" /> 04 05 06 Terms to Know Experts to Blogs to Read <pg num="009" /> Follow <pg num="014" /> <pg num="013" /> 07 08 09 Events to Books to Read Movies + Shows Attend <pg num="017" /> to Watch <pg num="015" /> <pg num="019" /> 10 11 12 Communities Become a References to Engage Threat Hunter <pg num="023" /> <pg num="021" /> <pg num="022" /> 13 Appendices <pg num="024" /> <pg num="001" /> SEC. //01. _HISTORY OF CYBERSECURITY <pg num="002" /> HISTORY OF 1981 First Outbreak { Elk Cloner } 1984 Thompson Finds First Backdoor CYBERSECURITY 1986 First IBM Virus + Military Attack 1987 Viruses Get Media Attention KEY 1988 Morris Worm Slows Internet 1989 ATTACKERS First Ransomware { AIDS } DEFENDERS 1990–1994 Viruses Create Hysteria Chameleon family of viruses hits Polymorphic viruses created Form virus becomes most common 1974 Rabbit Virus Makes Copies Michelangelo creates digital apocalypse Leandro + Kelly, Freddy Krueger + 1971 First Virus OneHalf spread { The Creeper } 1975 First Trojan { ANIMAL } Tens of thousands of identified malware VIRUSES FOR FUN VIRUSES FOR MASS DESTRUCTION 1990–1994 Influx of New Antivirus 1971 The Reaper Developed to Beat The Creeper Panda Software released Panda AV Trend Micro introduced PC-cillin Symantec launched Norton Antivirus 1.0 Grisoft released Anti-Virus Guard (AVG) 1989 Legacy AV is Born 1988 5 Antivirus Programs Released 1987 Brain + Vienna Neutralized by AV 1986 Astronomer Defeats Military Attack 1970 1980 1990 1968 1969 1971 1972 1973 1974 1975 1976 1977 1978 1979 1981 1982 1983 1984 1985 1986 1987 1988 1989 1991 1992 1993 1994 For more details on each event, see Appendix For more details on each event, see Appendix <pg num="003" /> SEC. //01. _HISTORY OF CYBERSECURITY <pg num="004" /> 1995–1999 2000–2004 2005–2009 2010–2014 2015–2019 Worms Expand to Nasty Worms Spread Quickly Data Theft Evolves Keyloggers Get Bank Info Breaches Made Us WannaCry New Systems Pikachu targets children Nyxem, Storm Worm + Conficker were destructive SpyEye + Zeus get mobile phone banking info Locky infected millions in Europe Boza hits Windows 95 files Anna Kournikova spreads to contacts Keyloggers Zeus, Torpig + Daprosy steal data Anti-Spyware disables AV Tiny Banker Trojan infected over 24 banks First MS Excel virus (Linux) ILOVEYOU worm infects millions 92M records stolen from AOL Flame used for targeted cyber espionage Mirai infected IoT and launched DDoS attacks Staog attacks Linuz machines Fastest worm (SQL Slammer) causes internet Cardsystems Solutions hacked for 40M records CryptoLocker so powerful it gets copycats GitHub, Twitter, Reddit Netflix + Airbnb access denied disruptions within 15 min. Happy99 attached to emails TK/TJ Maxx sees breach of 94M records First IoT virus hits (Linux Darlioz) Wannacry spread globally causing $4B in damages Melissa attacks MS Word + Outlook Credit card scam gets 130M records from Heartland Multiple Sony hacks get 101M records Kedi RAT targeted Citrix users ExploreZip destroys MS Office docs Government loses over 125M records Evernote + LivingSocial each Aadhaar, the India ID system, breached for 1.1B records hacked for 50M records Kak worm exploits bug in Outlook Express Marriott Starwood, Equifax, Yahoo data breach steals 22M records Anthem + Uber suffered major breaches Facebook/Cambridge Analytica case puts data use into question VIRUSES FOR MASS DESTRUCTION ATTACKS FOR RANSOM + DATA CYBERATTACKS AS A BUSINESS MODEL 1995–1999 2000–2004 2005–2009 2010–2014 2015–2019 Continued AV Innovation Antivirus is a Must-have Rise of Endpoint Protection Endpoint Security Goes Deep Security Advances in the Cloud Bitdefender + Antivirus eXpert (AVX) comes AV for GNU/Linux released called ClamAV 5M new malware samples found annually Fileless malware challenges endpoint Machine learning models displace AV signatures out of Softwin Bit9 (later Carbon Black) was founded Legacy AV companies struggle to keep up protection platforms EPP and EDR converge First Black Hat information security event held Advancing threats convince majority of Symantec develops first Carbon Black develops Endpoint Detection Large scale AI and advanced analytics applied to cloud Many security companies formed following AV companies to buy AV endpoint protection platform and Response (EDR) security data releases in early 1990’s Windows XP service packs pay increasing Carbon Black develops application control Cloud-based security platforms developed Security Operations Centers (SOCs) become commonplace and consolidate stack attention to security Next-gen firewalls detect and block Carbon Black launches the PSC, a single-agent security platform Cloud enables big data collection of endpoint activity undesirable HTTP Third party testing labs re-invent better ways Gartner creates SIEM framework MITRE ATT&CK documents TTPs of adversaries to simulate real-world threats BSides 1.0 held during Threat hunting becomes a security role Billions of investment dollars pour into the endpoint security space Black Hat Security Conference Outsourcing security to MSPs common for smaller companies 2000 2010 2020 1994 1995 1996 1997 1998 1999 2001 2002 2003 2004 2005 2006 2007 2008 2009 2011 2012 2013 2014 2015 2016 2017 2018 2019 For more details on each event, see Appendix For more details on each event, see Appendix <pg num="005" /> SEC. //02. _ATTACKERS + THEIR MOTIVES <pg num="006" /> { 01101000 01110100 01110100 01110000 00111010 00101111 00101111 01100011 01100001 01110010 01100010 01101111 01101110 01100010 01101100 HACKTIVISTS 01100001 01100011 01101011 03 00101110 01100011 01101111 01101101 00101111 01100011 01111001 01100010 01100101 <TARGET>: Companies and organizations ATTACKERS + 01110010 01100011 01110010 01101001 01101101 01101001 that are an affront to their religion, politics 01101110 01100001 01101100 01110011 } or cause. <GOALS>: THEIR MOTIVES NATION STATE ACTORS OR Cause disruption for attention to their cause or steal data to damage their targets. 01 CYBERTERRORISTS There are four categories of adversaries that are threatening the <HOW THEY DO IT>: Typical ways hacktivism is executed include website security of today’s companies and organizations. It is important <TARGET>: Governments and businesses defacement, denial-of-service attacks (DoS), to not just understand the different types of attackers, but also running critical infrastructure like power grids. redirects, website parodies, information theft, what motivates them so you can better protect against them <GOALS>: Steal sensitive information, virtual sabotage and virtual sit-ins. disrupt enemy capabilities or create meeting their objectives. <MOTIVATION>: Promote their religion, international incidents. politics or cause. <HOW THEY DO IT>: Sophisticated cyberattacks where the adversary often DAMAGE MEDIUM works directly or indirectly for their government and utilizes highly advanced cyberattacks against targets. <MOTIVATION>: Putting their nation in a better position against supposed enemies. 04 SCRIPT KIDDIES DAMAGE EXTREMELY HIGH <TARGET>: Networks or websites with minimal security. <GOALS>: Gain access to a network to show CYBERCRIMINALS 02 they could or deface a website. <HOW THEY DO IT>: Unskilled hackers <TARGET>: Companies with customer data utilize scripts or programs developed by others. (particularly financial data) or valuable IP. <MOTIVATION>: Impress friends or gain <GOALS>: Steal sensitive information that credit in computer-enthusiast communities. can be sold or directly steal money. <HOW THEY DO IT>: Infiltrate networks, DAMAGE SMALL often through a less secure partner, and retrieve the sensitive data. <MOTIVATION>: Money DAMAGE HIGH <pg num="007" /> SEC. //03. _COMMON ATTACKS <pg num="008" /> Rootkits Trojan Horse A collection of software designed to enable access to a comput- A computer program which misleads users of its true intent. COMMON er or an area of its software. Similar to Trojans, it embeds very Many masquerade as a legitimate file, like an email attachment deep in the OS to mask its existence making it difficult to find or advertisement. Modern forms act as a backdoor to provide and remove. It provides the attacked administrator access
Recommended publications
  • A the Hacker

    A the Hacker

    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
  • Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G

    Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G

    Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere, and Michel J.G. van Eeten, Delft University of Technology https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/asghari This paper is included in the Proceedings of the 24th USENIX Security Symposium August 12–14, 2015 • Washington, D.C. ISBN 978-1-939133-11-3 Open access to the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Post-Mortem of a Zombie: Conficker Cleanup After Six Years Hadi Asghari, Michael Ciere and Michel J.G. van Eeten Delft University of Technology Abstract more sophisticated C&C mechanisms that are increas- ingly resilient against takeover attempts [30]. Research on botnet mitigation has focused predomi- In pale contrast to this wealth of work stands the lim- nantly on methods to technically disrupt the command- ited research into the other side of botnet mitigation: and-control infrastructure. Much less is known about the cleanup of the infected machines of end users. Af- effectiveness of large-scale efforts to clean up infected ter a botnet is successfully sinkholed, the bots or zom- machines. We analyze longitudinal data from the sink- bies basically remain waiting for the attackers to find hole of Conficker, one the largest botnets ever seen, to as- a way to reconnect to them, update their binaries and sess the impact of what has been emerging as a best prac- move the machines out of the sinkhole. This happens tice: national anti-botnet initiatives that support large- with some regularity. The recent sinkholing attempt of scale cleanup of end user machines.
  • Jeffrey Heim, Marcel Hernandez, Maria Nunez,& Matthias Katerna Morris Worm on November 2, 1988, Robert Tappan Morris Releas

    Jeffrey Heim, Marcel Hernandez, Maria Nunez,& Matthias Katerna Morris Worm on November 2, 1988, Robert Tappan Morris Releas

    Jeffrey Heim, Marcel Hernandez, Maria Nunez,& Matthias Katerna Morris Worm On November 2, 1988, Robert Tappan Morris released a worm into the internet. The experimental worm was the first of its kind. It replicated itself and programmed itself, so it ended up spreading much faster than Morris expected. It self-programmed and self-replicated at an exponential rate in a manner that had never been seen before. Morris knew this worm was not necessarily ethical, for he released it out of MIT instead of his own Cornell University. In due course, many computers across the United States had crashed because of Morris. Once he discovered how much damage the worm had been causing, he reached out to a friend at Harvard looking for a solution to stop it. They attempted in sending an anonymous message to the network with directions that could kill the worm, but the message came through too late since they system was clogged. Many significant computers at colleges, businesses and the military became infected. The cost to fix each computer ranged from $200 to over $53,000. The worm exploited vulnerabilities in computer systems and in the UNIX email software. Within 24 hours of releasing the worm, thousands of people were aware something was unusual. Eventually, it would infect ten percent of all computers using the internet. The Morris Worm was the largest malware case ever to reach this percentage. However, the percentage was so high due to the fact that the number of computers was much less than today. The computers it impacted included significant systems, such as Stanford’s, Berkley’s and NASA’s.
  • Computer Security CS 426 Lecture 15

    Computer Security CS 426 Lecture 15

    Computer Security CS 426 Lecture 15 Malwares CS426 Fall 2010/Lecture 15 1 Trapdoor • SttitittSecret entry point into a system – Specific user identifier or password that circumvents normal security procedures. • Commonlyyy used by developers – Could be included in a compiler. CS426 Fall 2010/Lecture 15 2 Logic Bomb • Embedded in legitimate programs • Activated when specified conditions met – E.g., presence/absence of some file; Particular date/time or particular user • When triggered, typically damages system – Modify/delete files/disks CS426 Fall 2010/Lecture 15 3 Examppgle of Logic Bomb • In 1982 , the Trans-Siber ian Pipe line inc iden t occurred. A KGB operative was to steal the plans fhititdtltditfor a sophisticated control system and its software from a Canadian firm, for use on their Siberi an pi peli ne. The CIA was tippe d o ff by documents in the Farewell Dossier and had the company itlibbithinsert a logic bomb in the program for sabotage purposes. This eventually resulted in "the most monu mental non-nu clear ex plosion and fire ever seen from space“. CS426 Fall 2010/Lecture 15 4 Trojan Horse • Program with an overt Example: Attacker: (expected) and covert effect Place the following file cp /bin/sh /tmp/.xxsh – Appears normal/expected chmod u+s,o+x /tmp/.xxsh – Covert effect violates security policy rm ./ls • User tricked into executing ls $* Trojan horse as /homes/victim/ls – Expects (and sees) overt behavior – Covert effect performed with • Victim user’s authorization ls CS426 Fall 2010/Lecture 15 5 Virus • Self-replicating
  • Using Malware's Self-Defence Mechanism to Harden

    Using Malware's Self-Defence Mechanism to Harden

    Using Malware’s Self-Defence Mechanism to Harden Defence and Remediation Tools Jonathan Pan Wee Kim Wee School of Communication and Information, Nanyang Technological University, Singapore [email protected] Abstract— Malware are becoming a major problem to every them to completely bypass the protection of Firewall and individual and organization in the cyber world. They are Anti-Virus. According to Filiol [30], Malware detection is a advancing in sophistication in many ways. Besides their NP-hard problem. Besides the fact that these defences are advanced abilities to penetrate and stay evasive against detection becoming ineffective against Malware, these defences are also and remediation, they have strong resilience mechanisms that becoming victims of attacks by Malware as part of the latter’s are defying all attempts to eradicate them. Malware are also attacking defence of the systems and making them defunct. self-preservation strategy [21], [27]. The starting point of this When defences are brought down, the organisation or individual cyber problem with Malware is their ability to infiltrate. This will lose control over the IT assets and defend against the is typically done through the weakest link in the defence Malware perpetuators. In order to gain the capability to defend, strategy due to humans are involved. One went as far as to it is necessary to keep the defences or remediation tools active comment that it is people’s stupidity that led to security lapses and not defunct. Given that Malware have proven to be resilient [7]. Malware will inevitably infiltrate past the defences and against deployed defences and remediation tools, the proposed when they do, it is essential to quickly contain these Malware research advocates to utilize the techniques used by Malware to before they induce greater damages to the organizations.
  • Strategies of Computer Worms

    Strategies of Computer Worms

    304543_ch09.qxd 1/7/05 9:05 AM Page 313 CHAPTER 9 Strategies of Computer Worms “Worm: n., A self-replicating program able to propagate itself across network, typically having a detrimental effect.” —Concise Oxford English Dictionary, Revised Tenth Edition 313 304543_ch09.qxd 1/7/05 9:05 AM Page 314 Chapter 9—Strategies of Computer Worms 9.1 Introduction This chapter discusses the generic (or at least “typical”) structure of advanced computer worms and the common strategies that computer worms use to invade new target systems. Computer worms primarily replicate on networks, but they represent a subclass of computer viruses. Interestingly enough, even in security research communities, many people imply that computer worms are dramatically different from computer viruses. In fact, even within CARO (Computer Antivirus Researchers Organization), researchers do not share a common view about what exactly can be classified as a “worm.” We wish to share a common view, but well, at least a few of us agree that all computer worms are ultimately viruses1. Let me explain. The network-oriented infection strategy is indeed a primary difference between viruses and computer worms. Moreover, worms usually do not need to infect files but propagate as standalone programs. Additionally, several worms can take con- trol of remote systems without any help from the users, usually exploiting a vul- nerability or set of vulnerabilities. These usual characteristics of computer worms, however, do not always hold. Table 9.1 shows several well-known threats. Table
  • Iptrust Botnet / Malware Dictionary This List Shows the Most Common Botnet and Malware Variants Tracked by Iptrust

    Iptrust Botnet / Malware Dictionary This List Shows the Most Common Botnet and Malware Variants Tracked by Iptrust

    ipTrust Botnet / Malware Dictionary This list shows the most common botnet and malware variants tracked by ipTrust. This is not intended to be an exhaustive list, since new threat intelligence is always being added into our global Reputation Engine. NAME DESCRIPTION Conficker A/B Conficker A/B is a downloader worm that is used to propagate additional malware. The original malware it was after was rogue AV - but the army's current focus is undefined. At this point it has no other purpose but to spread. Propagation methods include a Microsoft server service vulnerability (MS08-067) - weakly protected network shares - and removable devices like USB keys. Once on a machine, it will attach itself to current processes such as explorer.exe and search for other vulnerable machines across the network. Using a list of passwords and actively searching for legitimate usernames - the ... Mariposa Mariposa was first observed in May 2009 as an emerging botnet. Since then it has infected an ever- growing number of systems; currently, in the millions. Mariposa works by installing itself in a hidden location on the compromised system and injecting code into the critical process ͞ĞdžƉůŽƌĞƌ͘ĞdžĞ͘͟/ƚŝƐknown to affect all modern Windows versions, editing the registry to allow it to automatically start upon login. Additionally, there is a guard that prevents deletion while running, and it automatically restarts upon crash/restart of explorer.exe. In essence, Mariposa opens a backdoor on the compromised computer, which grants full shell access to ... Unknown A botnet is designated 'unknown' when it is first being tracked, or before it is given a publicly- known common name.
  • Tangled Web : Tales of Digital Crime from the Shadows of Cyberspace

    Tangled Web : Tales of Digital Crime from the Shadows of Cyberspace

    TANGLED WEB Tales of Digital Crime from the Shadows of Cyberspace RICHARD POWER A Division of Macmillan USA 201 West 103rd Street, Indianapolis, Indiana 46290 Tangled Web: Tales of Digital Crime Associate Publisher from the Shadows of Cyberspace Tracy Dunkelberger Copyright 2000 by Que Corporation Acquisitions Editor All rights reserved. No part of this book shall be reproduced, stored in a Kathryn Purdum retrieval system, or transmitted by any means, electronic, mechanical, pho- Development Editor tocopying, recording, or otherwise, without written permission from the Hugh Vandivier publisher. No patent liability is assumed with respect to the use of the infor- mation contained herein. Although every precaution has been taken in the Managing Editor preparation of this book, the publisher and author assume no responsibility Thomas Hayes for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Project Editor International Standard Book Number: 0-7897-2443-x Tonya Simpson Library of Congress Catalog Card Number: 00-106209 Copy Editor Printed in the United States of America Michael Dietsch First Printing: September 2000 Indexer 02 01 00 4 3 2 Erika Millen Trademarks Proofreader Benjamin Berg All terms mentioned in this book that are known to be trademarks or ser- vice marks have been appropriately capitalized. Que Corporation cannot Team Coordinator attest to the accuracy of this information. Use of a term in this book should Vicki Harding not be regarded as affecting the validity of any trademark or service mark. Design Manager Warning and Disclaimer Sandra Schroeder Every effort has been made to make this book as complete and as accurate Cover Designer as possible, but no warranty or fitness is implied.
  • Intelligent Malware Detection Using File-To-File Relations and Enhancing Its Security Against Adversarial Attacks

    Intelligent Malware Detection Using File-To-File Relations and Enhancing Its Security Against Adversarial Attacks

    Graduate Theses, Dissertations, and Problem Reports 2019 Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks Lingwei Chen [email protected] Follow this and additional works at: https://researchrepository.wvu.edu/etd Part of the Information Security Commons Recommended Citation Chen, Lingwei, "Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks" (2019). Graduate Theses, Dissertations, and Problem Reports. 3844. https://researchrepository.wvu.edu/etd/3844 This Dissertation is protected by copyright and/or related rights. It has been brought to you by the The Research Repository @ WVU with permission from the rights-holder(s). You are free to use this Dissertation in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you must obtain permission from the rights-holder(s) directly, unless additional rights are indicated by a Creative Commons license in the record and/ or on the work itself. This Dissertation has been accepted for inclusion in WVU Graduate Theses, Dissertations, and Problem Reports collection by an authorized administrator of The Research Repository @ WVU. For more information, please contact [email protected]. Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks Lingwei Chen Dissertation submitted to the Benjamin M. Statler College of Engineering and Mineral Resources at West Virginia University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Yanfang Ye, Ph.D., Committee Chairperson Donald Adjeroh, Ph.D. Elaine M.
  • Chapter 3: Viruses, Worms, and Blended Threats

    Chapter 3: Viruses, Worms, and Blended Threats

    Chapter 3 Chapter 3: Viruses, Worms, and Blended Threats.........................................................................46 Evolution of Viruses and Countermeasures...................................................................................46 The Early Days of Viruses.................................................................................................47 Beyond Annoyance: The Proliferation of Destructive Viruses .........................................48 Wiping Out Hard Drives—CIH Virus ...................................................................48 Virus Programming for the Masses 1: Macro Viruses...........................................48 Virus Programming for the Masses 2: Virus Generators.......................................50 Evolving Threats, Evolving Countermeasures ..................................................................51 Detecting Viruses...................................................................................................51 Radical Evolution—Polymorphic and Metamorphic Viruses ...............................53 Detecting Complex Viruses ...................................................................................55 State of Virus Detection.........................................................................................55 Trends in Virus Evolution..................................................................................................56 Worms and Vulnerabilities ............................................................................................................57
  • Cybernotes Issue #4-99 February 17, 1999

    Cybernotes Issue #4-99 February 17, 1999

    National Infrastructure Protection Center CyberNotes Issue #4-99 February 17, 1999 CyberNotes is published every two weeks by the National Infrastructure Protection Center (NIPC). Its mission is to support security and information system professionals with timely information on cyber vulnerabilities, hacker exploit scripts, hacker trends, virus information, and other critical infrastructure-related best practices. You are encouraged to share this publication with colleagues in the information and infrastructure protection field. Electronic copies are available on the NIPC Web site at http://www.nipc.gov. Please direct any inquiries regarding this publication to the Editor-CyberNotes, National Infrastructure Protection Center, FBI Building, Room 11719, 935 Pennsylvania Avenue, NW, Washington, DC, 20535. Bugs, Holes & Patches The following table provides a summary of software vulnerabilities identified between January 27 and February 12, 1999. The table provides the operating system, software name, potential vulnerability/impact, identified patches/workarounds/alerts, common name of the vulnerability, potential risk, and an indication of whether attacks have utilized this vulnerability or an exploit script is known to exist. Software versions are identified if known. This information is presented only as a summary; complete details are available from the source of the patch/workaround/alert, indicated in the footnote or linked site. Please note that even if the method of attack has not been utilized or an exploit script is not currently widely available on the Internet, a potential vulnerability has been identified. Operating Vulnerability/ Common Software Name Patches/Workarounds/Alerts Risk* Attacks/Scripts System Impact Name Allaire1 ColdFusion 4.0 Code snippets from Remove the CFDOCS ColdFusion High Bug discussed in sample applications directory or restrict access to Sample Code newsgroups and make it possible to make the directory.
  • Lesson 6: Hacking Malware

    Lesson 6: Hacking Malware

    LESSON 6 HACKING MALWARE Lesson 6: Malware WARNING The Hacker Highschool Project is a learning tool and as with any learning tool there are dangers. Some lessons if abused may result in physical injury. Some additional dangers may also exist where there is not enough research on possible effects of emanations from particular technologies. Students using these lessons should be supervised yet encouraged to learn, try, and do. However ISECOM cannot accept responsibility for how any information herein is abused. The following lessons and workbooks are open and publicly available under the following terms and conditions of ISECOM: All works in the Hacker Highschool Project are provided for non-commercial use with elementary school students, junior high school students, and high school students whether in a public institution, private institution, or a part of home-schooling. These materials may not be reproduced for sale in any form. The provision of any class, course, training, or camp with these materials for which a fee is charged is expressly forbidden without a license including college classes, university classes, trade-school classes, summer or computer camps, and similar. To purchase a license, visit the LICENSE section of the HHS web page at http://www.hackerhighschool.org/licensing.html. The HHS Project is an open community effort and if you find value in this project we ask that you support us through the purchase of a license, a donation, or sponsorship. 2 Lesson 6: Malware Table of Contents WARNING....................................................................................................................................................2