Color profile:ProLib8 Generic/ Hacking CMYK Exposed: printer profile Network Security Secrets and Solutions, Third Edition / McClure, Scambray & Kurtz / 9381-6 / Front Composite Default screen Matter HACKING EXPOSED: NETWORK SECURITY SECRETS AND SOLUTIONS, THIRD EDITION STUART McCLURE JOEL SCAMBRAY GEORGE KURTZ Osborne/McGraw-Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto P:\010Comp\Hacking\381-6\fm.vp Monday, September 10, 2001 2:11:09 PM Color profile:ProLib8 Generic/ Hacking CMYK Exposed: printer profile Network Security Secrets and Solutions, Third Edition / McClure, Scambray & Kurtz / 9381-6 / Front Composite Default screen Matter Osborne/McGraw-Hill 2600 Tenth Street Berkeley, California 94710 U.S.A. To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact Osborne/McGraw-Hill at the above address. For information on transla- tions or book distributors outside the U.S.A., please see the International Contact Infor- mation page immediately following the index of this book. Hacking Exposed: Network Security Secrets and Solutions, Third Edition Copyright © 2001 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. 1234567890 CUS CUS 01987654321 Book p/n 0-07-219382-4 and CD p/n 0-07-219383-2 parts of ISBN 0-07-219381-6 Publisher Proofreaders Brandon A. Nordin Stefany Otis, Linda Medoff, Vice President & Associate Publisher Paul Medoff Scott Rogers Indexer Acquisitions Editor Karin Arrigoni Jane K. Brownlow Computer Designers Project Editor Carie Abrew, Elizabeth Jang, LeeAnn Pickrell Melinda Lytle Acquisitions Coordinator Illustrators Emma Acker Michael Mueller, Lyssa Wald Technical Editors Series Design Tom Lee, Eric Schultze Dick Schwartz, Peter F. Hancik Copy Editor Cover Design Janice A. Jue Dodie Shoemaker This book was composed with Corel VENTURA™ Publisher. Information has been obtained by Osborne/McGraw-Hill from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, Osborne/McGraw-Hill, or others, Osborne/McGraw-Hill does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from use of such information. P:\010Comp\Hacking\381-6\fm.vp Monday, September 10, 2001 2:11:09 PM ColorProLib8 profile:/ Hacking Generic Exposed: CMYK printer Network profile Security Secrets and Solutions, Third Edition / McClure, Scambray & Kurtz / 9381-6 / Chapter 16 Composite Default screen CHAPTER 16 Hacking the Internet User 635 P:\010Comp\Hacking\381-6\ch16.vp Monday, September 10, 2001 9:44:14 AM ColorProLib8 profile:/ Hacking Generic Exposed: CMYK printer Network profile Security Secrets and Solutions, Third Edition / McClure, Scambray & Kurtz / 9381-6 / Chapter 16 Composite Default screen 636 Hacking Exposed: Network Security Secrets and Solutions e’ve spent a lot of time in this book talking about common techniques for break- ing into systems that are owned by companies and run by experienced adminis- Wtrators. After all, that’s where all the valuables are, right? What could malicious hackers possibly hope to attain from breaking into the average home computer? The reality is, the home computer is only part of the picture. Everyone uses the prod- ucts preyed upon in this chapter: web browsers, email readers, and all manner of Internet client software. Everyone is thus a potential victim, and the information on their system is likely just as critical as the stuff sitting on a web server, if not more so. The sheer distrib- uted nature of the problem also makes it much harder to address than its counterpart on the server side. The tools and techniques highlighted in this chapter affect not just individuals, but can also have a devastating impact on the organizations they work for. If you consider that everyone from CEO to shipping clerk uses this software for nearly 90 percent of their daily activities (namely, email reading and web browsing), it might dawn on you that this is indeed a serious issue for corporate users, as well as for the average consumer Internet surfer. Also consider the potential public relations embarrassment and potential down- stream liability for a company that perpetuated the spread of malicious code like worms by not taking the appropriate security measures. Worried yet? Hacking the Internet user is snowballing in popularity among the underground if the hail of Internet client software security advisories released in 2001 is any indication. Client- side hacking requires only a slightly different mindset from that which seeks to compro- mise major Internet servers such as www.amazon.com. The difference is one of degree of effort and scale. Instead of focusing intense intellectual effort against one unique target or specific web server application, user hacking seeks to find a common denominator among the widest range of potential victims. Typically, this common denominator is a combination of frequent Internet usage, Microsoft’s overwhelmingly popular and widely used software products, and lack of security savvy among the biological organisms oper- ating that software. We’ve already covered some of the many ways that these omnipresent factors can be exploited. Chapter 4 discussed attacks against Microsoft’s consumer operating systems most used by Internet denizens (Win 9x/ME/XP HE). Chapters 4 and 14 covered Trojans and back doors often planted on unsuspecting user’s systems, as well as the technique of “social engineering” that is so effective in getting a computer’s human operator to per- form the malicious hacker’s bidding by nontechnical means. This chapter will build on some of this work. It will introduce entirely different and more insidious paths by which back doors can be planted, as well as a more technical route for launching some of the most subliminal social attacks (that is, the subject line of an email message). Before we begin, we must warn those of faint heart that what we are about to show you is incredibly volatile if used unwisely. Unquestionably, we will be criticized for ex- plaining in detail how all these attacks are actually implemented. To which we will an- swer, as we have throughout this book: only in understanding the ways of the enemy in intimate detail will we protect potential victims. Our own journey of discovery through the material presented here was quite a jarring eye-opener. Read on to learn how to pro- tect your personal slice of the Internet. P:\010Comp\Hacking\381-6\ch16.vp Monday, September 10, 2001 9:44:14 AM ColorProLib8 profile:/ Hacking Generic Exposed: CMYK printer Network profile Security Secrets and Solutions, Third Edition / McClure, Scambray & Kurtz / 9381-6 / Chapter 16 Composite Default screen Chapter 16: Hacking the Internet User 637 MALICIOUS MOBILE CODE Mobile code was important in the genesis of the Internet from a static, document-based medium to the dynamic, spontaneously generated community that it is today. Some evo- lution of current mobile code technologies may yet prove to be the dominant model for computing of the future. However, current trends have moved away from reliance on such client-side execution models and toward dynamic HTML (DHTML), style sheets, and server-side scripting functionality. (Some may argue that the execution is still occur- ring on the client side, it’s just migrating deeper into the web browser.) In any case, mo- bile code, which traverses a network during its lifetime and executes at a destination machine, remains a critical part of the fabric of the Net today (see http://www.computer .org/internet/v2n6/w6gei.htm). The two dominant paradigms for mobile code, Sun’s Java and Microsoft’s ActiveX, will still be found executing in browsers everywhere and thus are critically important to any discussion of Internet client security. See Chapter 6 for a discussion of Microsoft’s .NET Frameworks, a new mobile code paradigm around which the company is building its next-generation software products. Inevitably, comparisons are drawn between ActiveX and Java. We won’t get into the debate here, but rather will talk neutrally about actual vulnerabilities discovered in each system. For a strong technical discussion of the pluses and minuses of the two mobile code models from a security perspective, see “A Comparison Between Java and ActiveX Security” by David Hopwood at http://www.users.zetnet.co.uk/hopwood/papers/ compsec97.html. Microsoft ActiveX Microsoft dubbed its first attempt at a mobile code model ActiveX. ActiveX is often de- scribed simply as Object Linking and Embedding (OLE) compound-document technology revamped for the Web. This is a vast oversimplification of the set of APIs, specifications, and ambitious development paradigms, such as COM, that actually undergird the technol- ogy, but it is the easiest way to grasp it. ActiveX applications, or controls, can be written to perform specific functions (such as displaying a movie or sound file). They can be embed- ded in a web page to provide this functionality, just like OLE supports embedding of Excel spreadsheets within Word documents. ActiveX controls typically have the file extension .ocx. (ActiveX controls written in Java are an exception.) They are embedded within web pages using the <OBJECT> tag, which specifies where the control is downloaded from. When Internet Explorer encounters a web page with an embedded ActiveX control (or multiple controls), it first checks the user’s lo- cal system Registry to find out if that component is available on his or her machine.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages60 Page
-
File Size-