DOCSLIB.ORG

Computer Security Fundamentals

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Computer Security Fundamentals Fourth Edition Dr. Chuck Easttom Computer Security Fundamentals, Fourth Edition Editor-in-Chief Mark Taub Copyright © 2020 by Pearson Education, Inc. All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by Product Line Manager any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from Brett Bartow the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no Senior Editor responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the James Manly information contained herein. ISBN-13: 978-0-13-577477-9 Development Editor ISBN-10: 0-13-577477-2 Christopher Cleveland Library of Congress control number: 2019908181 Managing Editor ScoutAutomatedPrintCode Sandra Schroeder Trademarks Project Editor All terms mentioned in this book that are known to be trademarks or service marks have been Mandie Frank appropriately capitalized. Pearson cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Indexer ® ® ® Microsoft Windows , and Microsoft Office are registered trademarks of the Microsoft Corporation in Erika Millen the U.S.A. and other countries. This book is not sponsored or endorsed by or affiliated with the Microsoft Corporation. Proofreader Abigail Manheim Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or Technical Editor fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have Akhil Behl neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book. Publishing Coordinator Microsoft and/or its respective suppliers make no representations about the suitability of the information Cindy Teeters contained in the documents and related graphics published as part of the services for any purpose all such documents and related graphics are provided “as is” without warranty of any kind. Microsoft and/or its Designer respective suppliers hereby disclaim all warranties and conditions with regard to this information, including Chuti Prasertsith all warranties and conditions of merchantability, whether express, implied or statutory, fitness for a particular purpose, title and non-infringement. In no event shall Microsoft and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or Compositor profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection codeMantra with the use or performance of information available from the services. The documents and related graphics contained herein could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Microsoft and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time. Partial screen shots may be viewed in full within the software version specified. iii Credits Figure Number Attribution/Credit Line Figure 2-1 Screenshot of Command prompt © Microsoft 2019 Figure 2-2 Screenshot of Command prompt © Microsoft 2019 Figure 2-3 Screenshot of Command prompt © Microsoft 2019 Figure 2-4 Screenshot of Command prompt © Microsoft 2019 Figure 2-5 Screenshot of Command prompt © Microsoft 2019 Figure 2-6 Screenshot of Command prompt © Microsoft 2019 Figure 2-7 Screenshot of Command prompt © Microsoft 2019 Figure 2-8 Screenshot of Command prompt © Microsoft 2019 Figure 2-9 Screenshot of Command prompt © Microsoft 2019 Figure 3-1 Screenshot of windows © Microsoft 2019 Figure 3-2 Screenshot of windows © Microsoft 2019 Figure 3-3 Screenshot of windows © Microsoft 2019 Figure 3-4 Screenshot of windows © Microsoft 2019 Figure 3-5 Screenshot of windows © Microsoft 2019 Figure 4-1 Screenshot of Command prompt © Microsoft 2019 Figure 4-2 Screenshot of LOIC © Praetox Technologies Figure 4-3 Screenshot of XOIC © Praetox Technologies Figure 5-1 Screenshot of Command prompt © Microsoft 2019 Figure 5-2 Screenshot of Counterexploitation © CEXX.ORG Figure 5-3 Screenshot of SpywareGuide © 2003-2011, Actiance, Inc. Figure 5-4 Screenshot of SpywareGuide © 2003-2011, Actiance, Inc. Figure 5-5 Screenshot of SpywareGuide © 2003-2011, Actiance, Inc. Figure 5-6 Screenshot of Norton Security © 1995 - 2019 Symantec Corporation Figure 5-7 Screenshot of McAfee AntiVirus © 2019 McAfee, LLC Figure 5-8 Screenshot of Avast © 1988-2019 Copyright Avast Software s.r.o Figure 5-9 Screenshot of AVG © 1988-2019 Copyright Avast Software s.r.o Figure 5-10 Screenshot of Malwarebytes © 2019 Malwarebytes Figure 5-11 Screenshot of Windows © Microsoft 2019 Figure 6-1 Screenshot of Netcraft © 1995-2019 Netcraft Ltd Figure 6-2 Screenshot of WayBackMachine BETA © Internet Archive Figure 6-3 Screenshot of Zenmap © NMAP.ORG Figure 6-4 Screenshot of Cain © Cain and Abel Figure 6-5 Screenshot of Shodan © 2013-2019 Shodan Figure 6-6 Screenshot of Shodan © 2013-2019 Shodan Figure 6-8 Screenshot of OphCrack © 2019 Slashdot Media Figure 6-9 Screenshot of TeraBIT Virus Maker © TeraBIT Virus Maker Figure 6-11 Screenshot of Yahoo © 2019 Verizon Media Figure 6-12 Screenshot of Peoples Drug Store © 2019 Digital Pharmacist Inc. Figure 7-2 New Africa/Shutterstock Figure 7-4 Reed Kaestner/Getty Images Figure 7-5 Screenshot of VeraCrypt © IDRIX Figure 7-6 Screenshot of windows © Microsoft 2019 Figure 8-2 Chuck Easttom Figure 9-1 Screenshot of Windows 10 Firewall © Microsoft 2019 Figure 9-2 Screenshot of Snort Installation © 2019 Cisco Figure 9-7 Screenshot of Windows-style library © Microsoft 2019 Figure 11-1 Screenshot of Shutting Down a Service in Windows © Microsoft 2019 Figure 11-2 Screenshot of Disabled services © Microsoft 2019 Figure 11-4 Screenshot of Microsoft Baseline Security Analyzer © Microsoft 2019 Figure 11-5 Screenshot of Microsoft Baseline Security Analyzer © Microsoft 2019 Figure 11-6 Screenshot of Microsoft Baseline Security Analyzer © Microsoft 2019 Figure 11-7 Screenshot of Nessus © 2019 Tenable Figure 11-8 Screenshot of Nessus © 2019 Tenable Figure 11-9 Screenshot of Nessus © 2019 Tenable Figure 11-10 Screenshot of Nessus © 2019 Tenable Figure 11-11 Screenshot of Nessus © 2019 Tenable Figure 11-12 Screenshot of OWASP ZAP © OWASP Figure 11-13 Screenshot of OWASP ZAP © OWASP Figure 11-14 Screenshot of shodan © 2013-2019 Shodan® Figure 11-15 Screenshot of shodan © 2013-2019 Shodan® Figure 12-1 Dan Grytsku/123RF Figure 12-2 Screenshot of Sinn Fein © Sinn Féin Figure 12-3 Screenshot of BBC News © 2019 BBC Figure 12-4 Screenshot of Cyberterrorism Preparedness Act Figure 12-5 Screenshot of Cyberterrorism Preparedness Act Figure 12-6 Screenshot of Tech Law Journal Figure 12-7 Screenshot of The Peoples drug store Figure 12-8 Screenshot of ccPal Store Figure 13-1 Screenshot of Yahoo © 2019 Verizon Media Figure 13-2 Screenshot of Yahoo © 2019 Verizon Media Figure 13-3 Screenshot of Yahoo © 2019 Verizon Media Figure 13-4 Screenshot of Infobel © 1995 - 2019 Kapitol Figure 13-6 Screenshot of Federal Bureau of Investigation Figure 13-7 Screenshot of Texas Department of Public Safety © 2000- 2019 Texas Department of Public Safety. Figure 13-8 Screenshot of Oklahoma Figure 13-9 Screenshot of Google access ©2019 Google Figure 14-1 Screenshot of FTK Imager © Copyright 2019 AccessData Figure 14-2 Screenshot of FTK Imager © Copyright 2019 AccessData Figure 14-3 Screenshot of FTK Imager © Copyright 2019 AccessData Figure 14-4 Screenshot of FTK Imager © Copyright 2019 AccessData Figure 14-5 Screenshot of FTK Imager © Copyright 2019 AccessData Figure 14-6 Screenshot of OSForensics Copyright © 2019 PassMark® Software Figure 14-7 Screenshot of OSForensics Copyright © 2019 PassMark® Software Figure 14-8 Screenshot of DiskDigger Copyright © 2010-2019 Defiant Technologies, LLC Figure 14-9 Screenshot of DiskDigger Copyright © 2010-2019 Defiant Technologies, LLC Figure 14-10 pio3/Shutterstock Figure 14-11 Screenshot of OSForensics Copyright © 2019 PassMark® Software Figure 14-12 Screenshot of Command Prompt © Microsoft 2019 Figure 14-13 Screenshot of Command Prompt © Microsoft 2019 Figure 14-14 Screenshot of Command Prompt © Microsoft 2019 Figure 14-15 Screenshot of Command Prompt © Microsoft 2019 Figure 14-16 Screenshot of Windows registry © Microsoft 2019 Figure 14-17 Screenshot of Windows registry © Microsoft 2019 Figure 15-10 Screenshot of Microsoft Excel © Microsoft 2019 Cover gintas77/Shutterstock Contents at a Glance Introduction .......................................................... xxvi 1 Introduction to Computer Security ...................................... 2 2 Networks and the Internet ............................................ 32 3 Cyber Stalking, Fraud, and Abuse ...................................... 66 4 Denial of Service Attacks ............................................. 96 5 Malware .......................................................... 120 6 Techniques Used by Hackers ......................................... 152 7 Industrial Espionage in Cyberspace ................................... 182 8 Encryption .......................................................
Recommended publications
  • Effective Software Security Management Choosing the Right Drivers for Applying Application Security

    Effective Software Security Management Choosing the Right Drivers for Applying Application Security

    Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta [email protected] / [email protected] Effective Software Security Management Table of Contents Abstract ........................................................................................................................................................ 1 Introduction ................................................................................................................................................. 2 Applying Security in Software Development Lifecycle (SDLC) ................................................................. 3 Growing Demand of Moving Security Higher in SDLC ........................................................................ 3 Effective Application Security Model ................................................................................................... 4 Conclusion .................................................................................................................................................. 13 About the Author....................................................................................................................................... 14 Effective Software Security Management Abstract Effective Software Security Management has been emphasized mainly to introduce methodologies which are Practical, Flexible and Understandable. This white paper describes the need and methodology of improving the current posture of Application Development
  • Xbt.Doc.248.2.Pdf

    Xbt.Doc.248.2.Pdf

    MAY 25, 2018 United States District Court Southern District of Florida Miami Division CASE NO. 1:17-CV-60426-UU ALEKSEJ GUBAREV, XBT HOLDING S.A., AND WEBZILLA, INC., PLAINTIFFS, VS BUZZFEED, INC. AND BEN SMITH, DEFENDANTS Expert report of Anthony J. Ferrante FTI Consulting, Inc. 4827-3935-4214v.1 0100812-000009 Table of Contents Table of Contents .............................................................................................................................................. 1 Qualifications ..................................................................................................................................................... 2 Scope of Assignment ......................................................................................................................................... 3 Glossary of Important Terms ............................................................................................................................. 4 Executive Summary ........................................................................................................................................... 7 Methodology ..................................................................................................................................................... 8 Technical Investigation ................................................................................................................................ 8 Investigative Findings .......................................................................................................................................
  • Tstable of Content

    Tstable of Content

    ZZ LONDON INTERNATIONAL MODEL UNITED NATIONS 2017 North Atlantic Treaty Organization London International Model United Nations 18th Session | 2017 tsTable of Content 1 ZZ LONDON INTERNATIONAL MODEL UNITED NATIONS 2017 Table of Contents Table of Contents WELCOME TO THE NORTH ATLANTIC TREATY ORGANIZATION .............................................................. 3 INTRODUCTION TO THE COMMITTEE .................................................................................................................. 4 TOPIC A: FORMING A NATO STRATEGY IN CYBERSPACE ............................................................................. 5 INTRODUCTION ............................................................................................................................................................... 5 HISTORY OF THE PROBLEM ............................................................................................................................................. 6 Timeline of notable attacks ....................................................................................................................................... 7 1998 – 2001 “MOONLIGHT MAZE” ....................................................................................................................... 7 2005 – 2011 TITAN RAIN & BYZANTINE HADES .................................................................................................. 8 2007 Estonia DDoS Campaigns ...............................................................................................................................
  • Misuse Case and Security Requirement Analysis for an Application

    Misuse Case and Security Requirement Analysis for an Application

    MISUSE CASE AND SECURITY REQUIREMENT ANALYSIS FOR AN APPLICATION Thesis Submitted in partial fulfillment of the requirements for the degree of MASTER OF TECHNOLOGY in COMPUTER SCIENCE & ENGINEERING - INFORMATION SECURITY by VINEET KUMAR MAURYA (07IS11F) DEPARTMENT OF COMPUTER ENGINEERING NATIONAL INSTITUTE OF TECHNOLOGY KARNATAKA SURATHKAL, MANGALORE-575025 June, 2009 Dedicated To My parents & Suraksha Group Members D E C L A R A T I O N I hereby declare that the Report of the P.G Project Work entitled "MISUSE CASE AND SECURITY REQUIREMENT ANALYSIS FOR AN APPLICATION" which is being submitted to the National Institute of Technology Karnataka, Surathkal, in partial fulfillment of the requirements for the award of the Degree of Master of Technology in Computer Science & Engineering - Information Security in the Department of Computer Engineering, is a bonafide report of the work carried out by me. The material contained in this report has not been submitted to any University or Institution for the award of any degree. ……………………………………………………………………………….. (Register Number, Name & Signature of the Student) Department of Computer Engineering Place: NITK, SURATHKAL Date: ............................ C E R T I F I C A T E This is to certify that the P.G Project Work Report entitled "MISUSE CASE AND SECURITY REQUIREMENT ANALYSIS FOR AN APPLICATION" submitted by Vineet Kumar Maurya (Register Number: 07IS11F), as the record of the work carried out by him, is accepted as the P.G. Project Work Report submission in partial fulfillment of the requirements for the award of the Degree of Master of Technology in Computer Science & Engineering - Information Security in the Department of Computer Engineering.
  • Wikileaks Wars: Digital Conflict Spills Into Real Life

    Wikileaks Wars: Digital Conflict Spills Into Real Life

    Home | Tech | Science in Society | News | Back to article WikiLeaks wars: Digital conflict spills into real life 15 December 2010 by Jacob Aron Magazine issue 2791. Subscribe and save For similar stories, visit the Computer crime and Weapons Technology Topic Guides ADVERTISEMENT Editorial: Democracy 2.0: The world after WikiLeaks WHILE it is not, as some have called it, the "first great cyberwar", the digital conflict over information sparked by WikiLeaks amounts to the greatest incursion of the online world into the real one yet seen. In response to the taking down of the WikiLeaks website after it released details of secret diplomatic cables, a leaderless army of activists has gone on the offensive. It might not have started a war, but the conflict Dress code for an Anonymous vendetta (Image: is surely a sign of future battles. Sander Koning/AFP/Getty) 1 more image No one is quite sure what the ultimate political effect of the leaks will be. What the episode has done, though, is show what happens when the authorities attempt to silence what many people perceive as a force for freedom of information. It has also shone a light on the evolving world of cyber-weapons (see "The cyber-weapon du jour"). WikiLeaks was subjected to a distributed denial of service (DDoS) attack, which floods the target website with massive amounts of traffic in an effort to force it offline. The perpetrator of the attack is unknown, though an individual calling himself the Jester has claimed responsibility. WikiLeaks took defensive action by moving to Amazon's EC2 web hosting service, but the respite was short-lived as Amazon soon dumped the site, saying that WikiLeaks violated its terms of service.
  • Synthesizing Near-Optimal Malware Specifications from Suspicious

    Synthesizing Near-Optimal Malware Specifications from Suspicious

    Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors Somesh Jha∗, Matthew Fredrikson∗, Mihai Christodoresu†, Reiner Sailer‡, Xifeng Yan§ ∗University of Wisconsin–Madison, †Qualcomm Research Silicon Valley, ‡IBM T.J Watson Research Center, §University of California–Santa Barbara Abstract—Behavior-based detection techniques are a promis- and errors. ing solution to the problem of malware proliferation. However, We make the observation that behavioral specifications they require precise specifications of malicious behavior that do not result in an excessive number of false alarms, while still are best viewed as a form of discriminative specification.A remaining general enough to detect new variants before tradi- discriminative specification describes the unique properties tional signatures can be created and distributed. In this paper, of a given class, in contrast to the properties exhibited by we present an automatic technique for extracting optimally discriminative specifications a second mutually-exclusive class. This paper presents an , which uniquely identify a class automated technique that combines program analysis, graph of programs. Such a discriminative specification can be used by a behavior-based malware detector. Our technique, based mining, and stochastic optimization to synthesize malware on graph mining and stochastic optimization, scales to large behavior specifications. We represent program behaviors as classes of programs. When this work was originally published, graphs that are mined for discriminative patterns. As there the technique yielded favorable results on malware targeted are many ways in which malware can accomplish the same towards workstations (~86% detection rates on new malware). goal, we use these patterns as building blocks for construct- We believe that it can be brought to bear on emerging malware- based threats for new platforms, and discuss several promising ing discriminative specifications that are general across vari- avenues for future work in this direction.
  • Cyber Warfare a “Nuclear Option”?

    Cyber Warfare a “Nuclear Option”?

    CYBER WARFARE A “NUCLEAR OPTION”? ANDREW F. KREPINEVICH CYBER WARFARE: A “NUCLEAR OPTION”? BY ANDREW KREPINEVICH 2012 © 2012 Center for Strategic and Budgetary Assessments. All rights reserved. About the Center for Strategic and Budgetary Assessments The Center for Strategic and Budgetary Assessments (CSBA) is an independent, nonpartisan policy research institute established to promote innovative thinking and debate about national security strategy and investment options. CSBA’s goal is to enable policymakers to make informed decisions on matters of strategy, secu- rity policy and resource allocation. CSBA provides timely, impartial, and insight- ful analyses to senior decision makers in the executive and legislative branches, as well as to the media and the broader national security community. CSBA encour- ages thoughtful participation in the development of national security strategy and policy, and in the allocation of scarce human and capital resources. CSBA’s analysis and outreach focus on key questions related to existing and emerging threats to US national security. Meeting these challenges will require transforming the national security establishment, and we are devoted to helping achieve this end. About the Author Dr. Andrew F. Krepinevich, Jr. is the President of the Center for Strategic and Budgetary Assessments, which he joined following a 21-year career in the U.S. Army. He has served in the Department of Defense’s Office of Net Assessment, on the personal staff of three secretaries of defense, the National Defense Panel, the Defense Science Board Task Force on Joint Experimentation, and the Defense Policy Board. He is the author of 7 Deadly Scenarios: A Military Futurist Explores War in the 21st Century and The Army and Vietnam.
  • Security > Automotive > Blockchain > Virtual and Augmented Reality

    Security > Automotive > Blockchain > Virtual and Augmented Reality

    > Security > Automotive > Blockchain > Virtual and Augmented Reality AUGUST 2018 www.computer.org CALL FOR NOMINEES Education Awards Nominations Taylor L. Booth Education Award Computer Science and Engineering Undergraduate Teaching Award A bronze medal and US$5,000 honorarium are awarded for an outstanding record in computer science and engineering A plaque, certificate and a stipend of US$2,000 is education. The individual must meet two or more of the awarded to recognize outstanding contributions to following criteria in the computer science and engineering field: undergraduate education through both teaching and service and for helping to maintain interest, increase the • Achieving recognition as a teacher of renown. visibility of the society, and making a statement about the • Writing an influential text. importance with which we view undergraduate education. • Leading, inspiring or providing significant education content during the creation of a curriculum in the field. The award nomination requires a minimum of three • Inspiring others to a career in computer science and endorsements. engineering education. Two endorsements are required for an award nomination. See the award information at: See the award details at: www.computer.org/web/awards/booth www.computer.org/web/awards/cse-undergrad-teaching Deadline: 1 October 2018 Nomination Site: awards.computer.org r5p77.indd 77 5/9/18 3:30 PM IEEE COMPUTER SOCIETY computer.org • +1 714 821 8380 STAFF Editor Managers, Editorial Content Meghan O’Dell Brian Brannon, Carrie Clark Contributing Staff Publisher Christine Anthony, Lori Cameron, Cathy Martin, Chris Nelson, Robin Baldwin Dennis Taylor, Rebecca Torres, Bonnie Wylie Senior Advertising Coordinator Production & Design Debbie Sims Carmen Flores-Garvey Circulation: ComputingEdge (ISSN 2469-7087) is published monthly by the IEEE Computer Society.
  • The Botnet Chronicles a Journey to Infamy

    The Botnet Chronicles a Journey to Infamy

    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
  • Defeating Invisible Enemies:Firmware Based

    Defeating Invisible Enemies:Firmware Based

    Defeating Invisible Enemies: Firmware Based Security in OpenPOWER Systems — Linux Security Summit 2017 — George Wilson IBM Linux Technology Center Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation Agenda Introduction The Case for Firmware Security What OpenPOWER Is Trusted Computing in OpenPOWER Secure Boot in OpenPOWER Current Status of Work Benefits of Open Source Software Conclusion Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 2 Introduction Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 3 Disclaimer These slides represent my views, not necessarily IBM’s All design points disclosed herein are subject to finalization and upstream acceptance The features described may not ultimately exist or take the described form in a product Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 4 Background The PowerPC CPU has been around since 1990 Introduced in the RS/6000 line Usage presently spans embedded to server IBM PowerPC servers traditionally shipped with the PowerVM hypervisor and ran AIX and, later, Linux in LPARs In 2013, IBM decided to open up the server architecture: OpenPOWER OpenPOWER runs open source firmware and the KVM hypervisor with Linux guests Firmware and software designed and developed by the IBM Linux Technology Center “OpenPOWER needs secure and trusted boot!” Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 5 The Case for Firmware Security Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 6 Leaks Wikileaks Vault 7 Year 0 Dump NSA ANT Catalog Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 7 Industry Surveys UEFI Firmware Rootkits: Myths and Reality – Matrosov Firmware Is the New Black – Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities – Branco et al.
  • Using Malware Analysis to Tailor SQUARE for Mobile Platforms

    Using Malware Analysis to Tailor SQUARE for Mobile Platforms

    Using Malware Analysis to Tailor SQUARE for Mobile Platforms Gregory Paul Alice Nancy R. Mead (Faculty Adviser) November 2014 TECHNICAL NOTE CMU/SEI-2014-TN-018 CERT® Division http://www.sei.cmu.edu Copyright 2014 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineer- ing Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense. This report was prepared for the SEI Administrative Agent AFLCMC/PZM 20 Schilling Circle, Bldg 1305, 3rd floor Hanscom AFB, MA 01731-2125 NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution except as restricted be- low. Internal use:* Permission to reproduce this material and to prepare derivative works from this material for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works.
  • The Flame: Questions and Answers 1.8

    The Flame: Questions and Answers 1.8

    The Flame: Questions and Answers 1.8 Aleks Kaspersky Lab Expert Posted May 28, 13:00 GMT Tags: Targeted Attacks, Wiper, Cyber weapon, Cyber espionage, Flame Duqu and Stuxnet raised the stakes in the cyber battles being fought in the Middle East – but now we’ve found what might be the most sophisticated cyber weapon yet unleashed. The ‘Flame’ cyber espionage worm came to the attention of our experts at Kaspersky Lab after the UN’s International Telecommunication Union came to us for help in finding an unknown piece of malware which was deleting sensitive information across the Middle East. While searching for that code – nicknamed Wiper – we discovered a new malware codenamed Worm.Win32.Flame. Flame shares many characteristics with notorious cyber weapons Duqu and Stuxnet: while its features are different, the geography and careful targeting of attacks coupled with the usage of specific software vulnerabilities seems to put it alongside those familiar ‘super­weapons’ currently deployed in the Middle East by unknown perpetrators. Flame can easily be described as one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage. For the full low­down on this advanced threat, read on… General Questions What exactly is Flame? A worm? A backdoor? What does it do? Flame is a sophisticated attack toolkit, which is a lot more complex than Duqu. It is a backdoor, a Trojan, and it has worm­like features, allowing it to replicate in a local network and on removable media if it is commanded so by its master.