Impersonation. CS 161: Computer Security. Prof. Vern Paxson. TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin
|
|
- Stephanie Ward
- 6 years ago
- Views:
Transcription
1 Impersonation CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin March 1, 2011
2 Announcements Midterm next Tuesday March 8th Scope is course material up through today You can bring a single sheet of notes Two-sided, viewable w/o assistance (FYI: you might want to keep this for the final) My office hours the week of March 7th will be by appointment Guest lecture this Thursday (March 3rd), Prof. David Wagner Reminder, HW #2 due 5PM on Friday
3 Goals For Today A broad look at the problem of impersonation: threats based on something not being what it appears to be Web attacks: misleading users regarding their clicks Phishing: misleading users regarding with whom they are interacting CAPTCHAs: telling humans apart from bots Analyzing headers for legitimacy (time permitting)
4 Attacks on User Volition Browser assumes clicks & keystrokes = clear indication of what the user wants to do Constitutes part of the user s trusted path Attack #1: commandeer the focus of user-input Attack #2: mislead the user regarding true focus ( click-jacking )
5 Click-Jacking Demo #1: you think you re typing to a familiar app, but you re not (demo)
6 Click-Jacking Demo #1: you think you re typing to a familiar app, but you re not Demo #2: you don t think you re typing to a familiar app, but you are (demo)
7
8
9 Let s click here!
10 Click-Jacking Demo #1: you think you re typing to a familiar app, but you re not Demo #2: you don t think you re typing to a familiar app, but you are You might click on what the attacker wants no matter where you click! (demo)
11 Click-Jacking Demo #1: you think you re typing to a familiar app, but you re not Demo #2: you don t think you re typing to a familiar app, but you are Demo #3: you definitely meant to click somewhere else
12
13
14
15
16
17
18 Why Does Firefox Make You Wait? to keep you from being tricked into clicking!
19 Defending Against Clickjacking Main defense: frame busting Web site ensures that its vulnerable pages can t be included as a frame inside another browser frame
20 Attacker implements this by placing Twitter s page in a Frame inside their own page. Otherwise they wouldn t overlap.
21 Defending Against Clickjacking Main defense: frame busting Web site ensures that its vulnerable pages can t be included as a frame inside another browser frame So user can t be looking at it with something invisible overlaid on top nor have the site invisible above something else Conceptually implemented with Javascript like: if (top.location!= self.location) top.location = self.location; (Note: actually quite tricky to get this right!)
22 Related UI Sneakiness Demo #1: you think you re typing to a familiar app, but you re not Demo #2: you don t think you re typing to a familiar app, but you are Demo #3: you definitely meant to click somewhere else Demo #4: you ve got a lot on your mind (demo) 22
23 Related UI Sneakiness Demo #1: you think you re typing to a familiar app, but you re not Demo #2: you don t think you re typing to a familiar app, but you are Demo #3: you definitely meant to click somewhere else Demo #4: you ve got a lot on your mind (demo) Tabnabbing 23
24 Related UI Sneakiness Demo #1: you think you re typing to a familiar app, but you re not Demo #2: you don t think you re typing to a familiar app, but you are Demo #3: you definitely meant to click somewhere else Demo #4: you ve got a lot on your mind (demo) Tabnabbing Demo #5: you re living in The Matrix 24
25 Browser in Browser Apparent browser is just a fully interactive image generated by script running in real browser!
26 5 Minute Break Questions Before We Proceed?
27 Phishing
28
29
30
31
32
33
34 The Problem of Phishing Arises due to mismatch between reality & user s: Perception of how to assess legitimacy Mental model of what attackers can control Both and Web Coupled with: Deficiencies in how web sites authenticate In particular, replayable authentication that is vulnerable to theft How can we tell when weʼre being phished?
35
36
37 Check the URL before clicking? <a href=" onclick="location='
38
39 Exploits a misfeature in IE that interprets a number here as a 32-bit IP address
40 0xbd5947e3 = dig - x ; <<>> DiG APPLE- P2 <<>> - x ;; global options: +cmd ;; Got answer: ;; - >>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ; in- addr.arpa. IN PTR ;; ANSWER SECTION: in- addr.arpa IN PTR cliente.interjato.com.br. ;; AUTHORITY SECTION: in- addr.arpa IN NS ns2.interjato.com.br in- addr.arpa IN NS ns1.interjato.com.br. ;; Query time: 511 msec ;; SERVER: #53( ) ;; WHEN: Tue Mar 1 17:37: ;; MSG SIZE rcvd: 132
41 whois # The following results may also be obtained via: # e # NetRange: CIDR: /8 OriginAS: NetName: NET189 NetHandle: NET Parent: NetType: Allocated to LACNIC inetnum: /20 aut- num: AS28184 abuse- c: EMR5 owner: TECHNET NETWORKING LTDA ownerid: / responsible: Erich matos Rodrigues country: BR
42 Check the URL in address bar?
43
44
45 Homograph A;acks Interna=onal domain names can use interna=onal character set E.g., Chinese contains characters that look like /.? = A"ack: Legi=mately register var.cn buy legi=mate set of HTTPS cer=ficates for it and then create a subdomain: webapp unsec homepage.var.cn
46 Check for padlock?
47
48 Add a clever.favicon with a picture of a padlock
49 Check for green glow in address bar?
50 Check for everything?
51 Browser in Browser
52 Spear Phishing Targeted phishing that includes details that seemingly must mean it s legitimate
53 Yep, this is itself a spear-phishing attack!
54 Sophisticated phishing Context-aware phishing 10% users fooled Spoofed includes info related to a recent ebay transaction/listing/purchase Social phishing 70% users fooled Send spoofed appearing to be from one of the victim s friends (inferred using social networks) West Point experiment Cadets received a spoofed near end of semester: There was a problem with your last grade report; click here to resolve it. 80% clicked.
55 CAPTCHAs
56
57 CAPTCHAs Reverse Turing Test: present user a challenge that s easy for a human to solve, hard for a program to solve One common approach: distorted text that s difficult for character-recognition algorithms to decipher
58 Problems?
59 Issues with CAPTCHAs Inevitable arms race: as solving algorithms get better, defense erodes, or gets harder for humans
60
61 Issues with CAPTCHAs Inevitable arms race: as solving algorithms get better, defense erodes, or gets harder for humans Accessibility: not all humans can see! Granularity: not all bots are bad! (e.g., crawlers)
62 Issues with CAPTCHAs, con t If generating a CAPTCHA is somewhat expensive, the mechanism itself is a DoS vulnerability
63
64 Issues with CAPTCHAs, con t If generating a CAPTCHA is somewhat expensive, the mechanism itself is a DoS vulnerability Final problem: CAPTCHAs are inherently vulnerable to outsourcing attacks Attacker gets real humans to solve them
65
66
67
68 Analyzing Headers
69
70 Delivery- Date: Wed Feb 10 10:51: Received: from mailhost.icsi.berkeley.edu [ ] by vpmini.icir.org with IMAP (fetchmail ) for (single- drop); Wed, 10 Feb :51:5 Received: Headers from ee.lbl.gov in (ee.lbl.gov the [ ]) message by fruitcake.icsi.berkeley.edu ( / ) wi for Wed, 10 Feb :51: Received: from uw03.uniweb.no (uw03.uniweb.no [ ]) by ee.lbl.gov (8.14.4/8.14.4) with ESMTP id o1aipmof for Wed, 10 Feb :51: (PST) Authentication- Results: ee.lbl.gov; sender- id=softfail header.from=j Received: from w63697 by uw03.uniweb.no with local (Exim 4.66) (envelope- from id 1NfHf9-0002n7- Md for Wed, 10 Feb :51: To: Subject: RE: Russian spear phishing attack against.mil and.gov emp From: Message- Id: <E1NfHf9-0002n7- Date: Wed, 10 Feb :51: X- Virus- Scanned: clamav- milter at ee.lbl.gov X- Virus- Status: Clean Content- Length: 1116
71 Delivery- Date: Wed Feb 10 10:51: Received: from mailhost.icsi.berkeley.edu [ ] by vpmini.icir.org with IMAP (fetchmail ) for (single- drop); Wed, 10 Feb :51:5 Received: from ee.lbl.gov (ee.lbl.gov [ ]) by fruitcake.icsi.berkeley.edu ( / ) wi for Wed, 10 Feb :51: Received: from uw03.uniweb.no (uw03.uniweb.no [ ]) by ee.lbl.gov (8.14.4/8.14.4) with ESMTP id o1aipmof for Wed, 10 Feb :51: (PST) Authentication- Results: ee.lbl.gov; sender- id=softfail header.from=j Received: from To/Subject/From/etc. w63697 by uw03.uniweb.no are with completely local (Exim 4.66) (envelope- from under the attacker s control id 1NfHf9-0002n7- Md for vern@ee.lbl.gov; Wed, 10 Feb :51: To: vern@ee.lbl.gov Subject: RE: Russian spear phishing attack against.mil and.gov emp From: jeffreyc@cia.gov Message- Id: <E1NfHf9-0002n7- Md@uw03.uniweb.no> Date: Wed, 10 Feb :51: X- Virus- Scanned: clamav- milter at ee.lbl.gov X- Virus- Status: Clean Content- Length: 1116
72 Delivery- Date: Wed Feb 10 10:51: Received: from mailhost.icsi.berkeley.edu [ ] by vpmini.icir.org with IMAP (fetchmail ) for (single- drop); Wed, 10 Feb :51:5 Received: from ee.lbl.gov (ee.lbl.gov [ ]) by fruitcake.icsi.berkeley.edu ( / ) wi for Wed, 10 Feb :51: Received: from uw03.uniweb.no (uw03.uniweb.no [ ]) by ee.lbl.gov (8.14.4/8.14.4) with ESMTP id o1aipmof for Wed, 10 Feb :51: (PST) Authentication- Results: ee.lbl.gov; sender- id=softfail header.from=j Received: from Any w63697 headers by uw03.uniweb.no below them with may local also(exim 4.66) (envelope- from be under the attacker s control id 1NfHf9-0002n7- Md for vern@ee.lbl.gov; Wed, 10 Feb :51: To: vern@ee.lbl.gov Subject: RE: Russian spear phishing attack against.mil and.gov emp From: jeffreyc@cia.gov Message- Id: <E1NfHf9-0002n7- Md@uw03.uniweb.no> Date: Wed, 10 Feb :51: X- Virus- Scanned: clamav- milter at ee.lbl.gov X- Virus- Status: Clean Content- Length: 1116
73 Delivery- Date: Wed Feb 10 10:51: Received: from mailhost.icsi.berkeley.edu [ ] by vpmini.icir.org with IMAP (fetchmail ) for (single- drop); Wed, 10 Feb :51:5 Received: from ee.lbl.gov (ee.lbl.gov [ ]) by fruitcake.icsi.berkeley.edu ( / ) wi This header tells us about the first delivery for Wed, 10 Feb :51: Received: hop. from uw03.uniweb.no It s supposedly (uw03.uniweb.no reported by [ ]) a by ee.lbl.gov (8.14.4/8.14.4) with ESMTP id o1aipmof machine uw03.uniweb.no, but who knows for <vern@ee.lbl.gov>; Wed, 10 Feb :51: (PST) Authentication- Results: ee.lbl.gov; sender- id=softfail header.from=j Received: from w63697 by uw03.uniweb.no with local (Exim 4.66) (envelope- from <w63697@uw03.uniweb.no>) id 1NfHf9-0002n7- Md for vern@ee.lbl.gov; Wed, 10 Feb :51: To: vern@ee.lbl.gov Subject: RE: Russian spear phishing attack against.mil and.gov emp From: jeffreyc@cia.gov Message- Id: <E1NfHf9-0002n7- Md@uw03.uniweb.no> Date: Wed, 10 Feb :51: X- Virus- Scanned: clamav- milter at ee.lbl.gov X- Virus- Status: Clean Content- Length: 1116
74 Delivery- Date: Wed Feb 10 10:51: Received: from mailhost.icsi.berkeley.edu [ ] by vpmini.icir.org with IMAP (fetchmail ) However, for headers for subsequent (single- drop); hops Wed, are 10 prepended. Feb :51:5 Received: from ee.lbl.gov (ee.lbl.gov [ ]) by fruitcake.icsi.berkeley.edu ( / ) wi So we for can start at the top of the headers, Wed, 10 Feb which :51:50 came Received: from our from trusted uw03.uniweb.no mailer, and (uw03.uniweb.no decide how [ ]) much trustworthy by ee.lbl.gov information (8.14.4/8.14.4) we can find with ESMTP id o1aipmof for <vern@ee.lbl.gov>; Wed, 10 Feb :51: (PST) Authentication- Results: ee.lbl.gov; sender- id=softfail header.from=j Received: from w63697 by uw03.uniweb.no with local (Exim 4.66) (envelope- from <w63697@uw03.uniweb.no>) id 1NfHf9-0002n7- Md for vern@ee.lbl.gov; Wed, 10 Feb :51: To: vern@ee.lbl.gov Subject: RE: Russian spear phishing attack against.mil and.gov emp From: jeffreyc@cia.gov Message- Id: <E1NfHf9-0002n7- Md@uw03.uniweb.no> Date: Wed, 10 Feb :51: X- Virus- Scanned: clamav- milter at ee.lbl.gov X- Virus- Status: Clean Content- Length: 1116
75 Delivery- Date: Wed Feb 10 10:51: Received: from mailhost.icsi.berkeley.edu [ ] by vpmini.icir.org with IMAP (fetchmail ) for (single- drop); Wed, 10 Feb :51:5 Received: from ee.lbl.gov (ee.lbl.gov [ ]) by fruitcake.icsi.berkeley.edu ( / ) wi for Wed, 10 Feb :51: Received: from uw03.uniweb.no (uw03.uniweb.no [ ]) This header by ee.lbl.gov is my (8.14.4/8.14.4) own system (vpmini.icir.org) with ESMTP id o1aipmof stating that it for retrieved the message Wed, from 10 Feb :51: (PST) Authentication- Results: ee.lbl.gov; sender- id=softfail header.from=j Received: mailhost.icsi.berkeley.edu. from w63697 by uw03.uniweb.no with local (Exim 4.66) (envelope- from I trust id vpmini.icir.org, 1NfHf9-0002n7- Md and therefore I believe the previous for vern@ee.lbl.gov; Wed, 10 Feb :51: To: hop vern@ee.lbl.gov really was mailhost.icsi.berkeley.edu. Subject: RE: Russian spear phishing attack against.mil and.gov emp From: jeffreyc@cia.gov Message- Id: <E1NfHf9-0002n7- Md@uw03.uniweb.no> Date: Wed, 10 Feb :51: X- Virus- Scanned: clamav- milter at ee.lbl.gov X- Virus- Status: Clean Content- Length: 1116
76 Delivery- Date: Wed Feb 10 10:51: Received: from mailhost.icsi.berkeley.edu [ ] by vpmini.icir.org with IMAP (fetchmail ) for (single- drop); Wed, 10 Feb :51:5 Received: from ee.lbl.gov (ee.lbl.gov [ ]) by fruitcake.icsi.berkeley.edu ( / ) wi for Wed, 10 Feb :51: Received: from uw03.uniweb.no (uw03.uniweb.no [ ]) by ee.lbl.gov (8.14.4/8.14.4) with ESMTP id o1aipmof for Wed, 10 Feb :51: (PST) Authentication- Results: ee.lbl.gov; sender- id=softfail header.from=j Received: from w63697 by uw03.uniweb.no with local (Exim 4.66) mailhost.icsi.berkeley.edu is integrated with (envelope- from fruitcake.icsi.berkeley.edu id 1NfHf9-0002n7- Md (that s why the name is different for in vern@ee.lbl.gov; this header). Wed, 10 Feb :51: To: vern@ee.lbl.gov Subject: RE: Russian spear phishing attack against.mil and.gov emp From: I trust jeffreyc@cia.gov the ICSI mailer, so I will trust this Received Message- Id: header too. <E1NfHf9-0002n7- Md@uw03.uniweb.no> It tells me that the prior hop was ee.lbl.gov Date: Wed, 10 Feb :51: X- Virus- Scanned: (which I also trust). clamav- milter at ee.lbl.gov X- Virus- Status: Clean Content- Length: 1116
77 Delivery- Date: Wed Feb 10 10:51: Received: from mailhost.icsi.berkeley.edu [ ] by vpmini.icir.org with IMAP (fetchmail ) for (single- drop); Wed, 10 Feb :51:5 Received: from ee.lbl.gov (ee.lbl.gov [ ]) by fruitcake.icsi.berkeley.edu ( / ) wi for Wed, 10 Feb :51: Received: from uw03.uniweb.no (uw03.uniweb.no [ ]) by ee.lbl.gov (8.14.4/8.14.4) with ESMTP id o1aipmof for Wed, 10 Feb :51: (PST) Authentication- Results: ee.lbl.gov; sender- id=softfail header.from=j Received: from w63697 by uw03.uniweb.no with local (Exim 4.66) (envelope- from ee.lbl.gov id 1NfHf9-0002n7- Md reports that the message came from for Wed, 10 Feb :51: uw03.uniweb.no. To: Subject: RE: Russian spear phishing attack against.mil and.gov emp From: I trust jeffreyc@cia.gov that information, but I do not trust that host. Message- Id: <E1NfHf9-0002n7- Md@uw03.uniweb.no> Date: So Wed, any 10 information Feb :51:47 from that point below is X- Virus- Scanned: untrustworthy. clamav- milter at ee.lbl.gov X- Virus- Status: Clean Content- Length: 1116
78 Delivery- Date: Wed Feb 10 10:51: Received: from mailhost.icsi.berkeley.edu [ ] by vpmini.icir.org with IMAP (fetchmail ) for (single- drop); Wed, 10 Feb :51:5 Received: from ee.lbl.gov (ee.lbl.gov [ ]) by fruitcake.icsi.berkeley.edu ( / ) wi However, for I have reliably learned Wed, that the 10 Feb message :51:50 was Received: sent by from a machine uw03.uniweb.no in Norway (uw03.uniweb.no probably [ ]) not where the by ee.lbl.gov (8.14.4/8.14.4) with ESMTP id o1aipmof CIA has a mail server! for <vern@ee.lbl.gov>; Wed, 10 Feb :51: (PST) Authentication- Results: ee.lbl.gov; sender- id=softfail header.from=j Received: from w63697 by uw03.uniweb.no with local (Exim 4.66) (envelope- from <w63697@uw03.uniweb.no>) id 1NfHf9-0002n7- Md for vern@ee.lbl.gov; Wed, 10 Feb :51: To: vern@ee.lbl.gov Subject: RE: Russian spear phishing attack against.mil and.gov emp From: jeffreyc@cia.gov Message- Id: <E1NfHf9-0002n7- Md@uw03.uniweb.no> Date: Wed, 10 Feb :51: X- Virus- Scanned: clamav- milter at ee.lbl.gov X- Virus- Status: Clean Content- Length: 1116
CS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Discussion 6 March 2, 2011 Question 1 Cross-Site Scripting (XSS) (10 min) As part of your daily routine, you are browsing through the news and status updates
More informationWeb Attacks, con t. CS 161: Computer Security. Prof. Vern Paxson. TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin
Web Attacks, con t CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 24, 2011 Announcements Guest lecture
More informationWeb Security: Authentication & UI-based attacks
Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada Popa April 12, 2016 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof.
More informationAttacks on DNS: Risks of Caching
Attacks on DNS: Risks of Caching CS 161: Computer Security Prof. David Wagner March 30, 2016 Today Midterm 2 grades available Reminder: Start Project 2, Part 2! Today, DNS: protocol for mapping hostnames
More informationWeb Attacks, con t. CS 161: Computer Security. Prof. Vern Paxson. TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin
Web Attacks, con t CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 22, 2011 Announcements See Still confused
More informationWeb Security, Part 2
Web Security, Part 2 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationNetwork Attacks. CS Computer Security Profs. Vern Paxson & David Wagner
Network Attacks CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationDenial-of-Service (DoS) & Web Attacks
Denial-of-Service (DoS) & Web Attacks CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 17, 2011 Goals For
More informationPrivacy. CS Computer Security Profs. Vern Paxson & David Wagner
Privacy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ March 31,
More informationECE 435 Network Engineering Lecture 7
ECE 435 Network Engineering Lecture 7 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 25 September 2018 HW#3 was Posted Announcements 1 HW#2 Review C code will be discussed next
More informationUser Authentication + Human Aspects
CSE 484 (Winter 2011) User Authentication + Human Aspects Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample
More informationCreating Your Virtual Data Center
NET201 Creating Your Virtual Data Center VPC Fundamentals and Connectivity Options Becky Weiss, Principal Engineer, EC2 Networking October 2015 2015, Amazon Web Services, Inc. or its Affiliates. All rights
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationMalicious s. How to Identify Them and How to Protect Yourself
Malicious Emails How to Identify Them and How to Protect Yourself 1.Identify the Sender This is the first thing you should do whenever you receive an email, especially if: It is requesting sensitive information
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner April 29, 2016 Announcements Final exam in RSF Fieldhouse, 5/10, arrive by 7PM HW4 due Monday, 5/2, 11:59pm Review
More informationBusiness Logic Attacks BATs and BLBs
Business Logic Attacks BATs and BLBs Noa Bar-Yosef Security Research Engineer Imperva 12/02/2009 noa@imperva.com Copyright The Foundation Permission is granted to copy, distribute and/or modify this document
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 Goals For Today State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored
More informationAdministrative Notes January 25, 2018
Administrative Notes January 25, 2018 If you re not comfortable moving around a lot, don t sit in the last 3 rows today Everyone not in the last 3 rows needs a writing implement Please move your backpacks
More informationOSN Attack Automated Identity Theft Attacks
OSN Attack Automated Identity Theft Attacks John LePage Department of Electrical & Computer Engineering Missouri University of Science and Technology jlpc5@mst.edu 9 November 2016 2014 John LePage Introduction
More informationPROTECTING YOUR BUSINESS ASSETS
PROTECTING YOUR BUSINESS ASSETS How to Spot Danger Before Your Computer Gets Infected, Your Site Hosts Malware, and Your Credit Card Number Gets Stolen A MyNAMS Presentation by Regina Smola @2012 Regina
More informationLocal DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Install and configure the DNS server. SEED Labs Local DNS Attack Lab 1
SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006-2015 Wenliang Du, Syracuse University. The development of this document is partially funded by the National Science Foundation s Course,
More informationCOSC 301 Network Management. Lecture 14: Electronic Mail
COSC 301 Network Management Lecture 14: Electronic Mail Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 14: Electronic Mail 1 Today s Focus Electronic Mail -- How does it work? -- How
More informationcs642 /introduction computer security adam everspaugh
cs642 computer security /introduction adam everspaugh ace@cs.wisc.edu definition Computer Security := understanding and improving the behavior of computing systems in the presence of adversaries adversaries
More informationWeb Security II. Slides from M. Hicks, University of Maryland
Web Security II Slides from M. Hicks, University of Maryland Recall: Putting State to HTTP Web application maintains ephemeral state Server processing often produces intermediate results; not long-lived
More informationSecuring Internet Communication
Securing Internet Communication CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationImplementing DNSSEC with DynDNS and GoDaddy
Implementing DNSSEC with DynDNS and GoDaddy Lawrence E. Hughes Sixscape Communications 27 December 2017 DNSSEC is an IETF standard for adding security to the DNS system, by digitally signing every resource
More informationThe Future of Authentication
The Future of Authentication Table of Contents Introduction Facial Recognition Liveness Detection and Multimodal Biometrics FIDO: Standards-Based, Password-Free Authentication Biometric Authentication
More informationAges Donʼt Fall for Fake: Activity 1 Don t bite that phishing hook! Goals for children. Letʼs talk
Ages 11-14 Donʼt Fall for : Activity 1 Don t bite that phishing hook! Children play a game where they study various emails and texts and try to decide which messages are legit and which are phishing scams.
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationDenial-of-Service, con t / Web Security
Denial-of-Service, con t / Web Security CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationBIND-USERS and Other Debugging Experiences. Mark Andrews Internet Systems Consortium
BIND-USERS and Other Debugging Experiences Mark Andrews Internet Systems Consortium Mark_Andrews@isc.org http://isc.org BIND-USERS and Other Debugging Experiences We will look at some typical debugging
More informationCrear un centro de datos virtual en AWS
Crear un centro de datos virtual en AWS Fundamentos de VPC y opciones de conectividad Damián Arregui, Solutions Architect, AWS Jueves 1ro de Junio 2016 2016, Amazon Web Services, Inc. or its Affiliates.
More information6.033 Computer System Engineering
MIT OpenCourseWare http://ocw.mit.edu 6.033 Computer System Engineering Spring 2009 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms. M.I.T. DEPARTMENT
More informationFighting Phishing I: Get phish or die tryin.
Fighting Phishing I: Get phish or die tryin. Micah Nelson and Max Hyppolite bit.ly/nercomp_sap918 Please, don t forget to submit your feedback for today s session at the above URL. If you use social media
More informationELECTRONIC BANKING & ONLINE AUTHENTICATION
ELECTRONIC BANKING & ONLINE AUTHENTICATION How Internet fraudsters are trying to trick you What you can do to stop them How multi-factor authentication and other new techniques can help HELPING YOU STAY
More informationSegmentation for Security
Segmentation for Security Do It Right Or Don t Do It At All Vidder, Inc. Segmentation for Security 1 Executive Summary During the last 30 years, enterprises have deployed large open (flat) networks to
More informationHow Enterprise Tackles Phishing. Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong
How Enterprise Tackles Phishing Nelson Yuen Technology Manager, Cybersecurity Microsoft Hong Kong Hackers turning to easy marks - Social engineering Phishing was the #1 threat vector (> 50%) for Office
More informationAttacks on DNS: Risks of Caching. March 21, 2018
ttacks on DNS: Risks of Caching March 21, 2018 The Inside Story of How Facebook Responded to Tunisian Hacks It was on Christmas Day that Facebook's Chief Security Officer Joe Sullivan first noticed strange
More informationWeb Security: 1) UI-based attacks 2) Tracking on the web
Web Security: 1) UI-based attacks 2) Tracking on the web CS 161: Computer Security Prof. Raluca Ada Popa November 15, 2016 Contains new slides, slides from past CS 161 offerings and slides from Dan Boneh
More informationINTERNET SAFETY IS IMPORTANT
INTERNET SAFETY IS IMPORTANT Internet safety is not just the ability to avoid dangerous websites, scams, or hacking. It s the idea that knowledge of how the internet works is just as important as being
More informationCPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION
CPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION Department of Computer Science University of Calgary Professor: Carey Williamson March 2, 2012 This is a CLOSED BOOK exam. Textbooks, notes, laptops,
More informationSpam Protection Guide
Spam Email Protection Guide Version 1.0 Last Modified 5/29/2014 by Mike Copening Contents Overview of Spam at RTS... 1 Types of Spam... 1 Spam Tricks... 2 Imitation of 3 rd Party Email Template... 2 Spoofed
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More informationTURNING LEGAL WEBSITE into DDoS TOOL. OWASP Jakarta Tech Day Meetup Kalpin Erlangga Silaen
TURNING LEGAL WEBSITE into DDoS TOOL OWASP Jakarta Tech Day Meetup Kalpin Erlangga Silaen DISCLAIMER Segala cara, tehnik, peragaan serta alat yang digunakan dalam sesi presentasi ini adalah untuk tujuan
More informationData Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi.
Data Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi Lecture 18 Tries Today we are going to be talking about another data
More informationFranzes Francisco Manila IBM Domino Server Crash and Messaging
Franzes Francisco Manila IBM Domino Server Crash and Messaging Topics to be discussed What is SPAM / email Spoofing? How to identify one? Anti-SPAM / Anti-email spoofing basic techniques Domino configurations
More informationManually Create Phishing Page For Facebook 2014
Manually Create Phishing Page For Facebook 2014 While you are creating phishing page manually you have to do a lot of work Web Templates -- For importing premade template for Gmail, Facebook from SET.
More informationSecurity. SWE 432, Fall 2017 Design and Implementation of Software for the Web
Security SWE 432, Fall 2017 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Authorization oauth 2 Security Why is it important? Users data is
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 22 - Denial of Service November 15, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ 1 Denial of Service Intentional prevention of access to valued resource CPU,
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationCSE Computer Security (Fall 2006)
CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ 1 Denial of Service Intentional prevention of access to valued resource
More informationAnonymity / Sneakiness
Anonymity / Sneakiness CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 7, 2011 Today s Lecture A look at technical
More informationSky Social Media Guidelines for Contributors
Sky Social Media Guidelines for Contributors Social chatter around TV shows is inevitable and, for the most part, positive. However, contributors are advised that people have a tendency to publish things
More informationCS3: Introduction to Symbolic Programming. Lecture 5:
CS3: Introduction to Symbolic Programming Lecture 5: Spring 2006 Nate Titterton nate@berkeley.edu Announcements Nate's office hours this week only: - Thursday, 2-4, in 329 Soda - (Usually, they are Wed
More informationCS162 Operating Systems and Systems Programming Lecture 12. Address Translation. Page 1
CS162 Operating Systems and Systems Programming Lecture 12 Translation March 10, 2008 Prof. Anthony D. Joseph http://inst.eecs.berkeley.edu/~cs162 Review: Important Aspects of Memory Multiplexing Controlled
More informationNANOG29. The Relationship Between Network Security and Spam. Carl Hutzler, Director AntiSpam Operations Ron da Silva, Principal Architect
NANOG29 The Relationship Between Network Security and Spam Carl Hutzler, Director AntiSpam Operations Ron da Silva, Principal Architect America Online, Inc. 2 Executive Summary Spam is a large and growing
More informationNetwork Control, Con t
Network Control, Con t CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationIntroduction to Network. Topics
Introduction to Network Security Chapter 7 Transport Layer Protocols 1 TCP Layer Topics Responsible for reliable end-to-end transfer of application data. TCP vulnerabilities UDP UDP vulnerabilities DNS
More informationRSA and ECDSA. Geoff Huston APNIC. #apricot2017
RSA and ECDSA Geoff Huston APNIC It s all about Cryptography Why use Cryptography? Public key cryptography can be used in a number of ways: protecting a session from third party eavesdroppers Encryption
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationLecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015
Lecture 10 Denial of Service Attacks (cont d) Thursday 24/12/2015 Agenda DoS Attacks (cont d) TCP DoS attacks DNS DoS attacks DoS via route hijacking DoS at higher layers Mobile Platform Security Models
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationAustin Community College Google Apps Calendars Step-by-Step Guide
The topics that will be covered in this workshop: Access (p.2) Calendar Settings (p.2) o General Tab (p.2) o Calendar Tab (p.3) Change Calendar Color (p.3) Calendar Notifications (p.4) Sharing (p.4) o
More informationNetwork Attacks. CS Computer Security. Once again thanks to Vern Paxson and David Wagner
Network Attacks CS 334 - Computer Security Once again thanks to Vern Paxson and David Wagner 1 Layers 1 & 2: General Threats? 7 4 3 2 1 Application Transport (Inter)Network Link Physical Framing and transmission
More informationPhishing Discussion. Pete Scheidt Lead Information Security Analyst California ISO
Phishing Discussion Pete Scheidt Lead Information Security Analyst California ISO 2 Phish What is Phishing Types of Phish 3 Phish What is Phishing Attackers (Phishers) would email (cast their nets) far
More informationSecuring Internet Communication: TLS
Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases
More informationSecurity Using Digital Signatures & Encryption
Email Security Using Digital Signatures & Encryption CONTENTS. Introduction The Need for Email Security Digital Signatures & Encryption 101 Digital Signatures & Encryption in Action Selecting the Right
More information1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard)
Dr. Jelena Mirkovic (Y-Ellen-a) University of Southern California Information Sciences Institute If you wish to enroll and do not have D clearance yet, send an email to CSci530@usc.edu with: o Your name
More informationThe DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls
Network Security - ISA 656 Application Angelos Stavrou August 20, 2008 Application Distributed Why move up the stack? Apart from the limitations of packet filters discussed last time, firewalls are inherently
More informationDetecting Attacks, cont.
Detecting Attacks, cont. CS 161: Computer Security Prof. David Wagner April 8, 2016 Special request: Please spread out! Pair up. Each pair, sit far away from anyone else. If you re just arriving, sit next
More informationThe Mimecast Security Risk Assessment Quarterly Report May 2017
The Mimecast Email Security Risk Assessment Quarterly Report May 2017 The Mimecast Email Security Risk Assessment Quarterly Report May 2017 Many organizations think their current email security systems
More informationDetecting Attacks, Part 1
Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationSECURING INFORMATION SYSTEMS
SECURING INFORMATION SYSTEMS (November 7, 2016) BUS3500 - Abdou Illia - Fall 2016 1 LEARNING GOALS Understand security attacks preps Discuss the major threats to information systems. Discuss protection
More informationHi Bob, I got this from my colleagues near the end of last week and unfortunately lost track of it in my inbox to send you.
Robert Cook-Deegan To: "Rodriguez, Laura (NIH/NHGRI) [E]" Cc: Rachel Ankeny , Kathryn Maxson Reply-To: bob.cd@duke.edu
More informationMonetizing Attacks / The Underground Economy
Monetizing Attacks / The Underground Economy CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/
More informationshortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge
shortcut Your Short Cut to Knowledge The following is an excerpt from a Short Cut published by one of the Pearson Education imprints. Short Cuts are short, concise, PDF documents designed specifically
More informationComputer Security Exam 3 Review. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 2017 Exam 3 Review Paul Krzyzanowski Rutgers University Spring 2017 April 18, 2018 CS 419 2017 Paul Krzyzanowski 1 Exam 3: Grade vs. Completion Time 5 Question 1 A high False Reject Rate
More informationOnline Security: Breaking Down the Anatomy of a Phishing
Online Security: Breaking Down the Anatomy of a Phishing Email In today s world where everyone s information is online, phishing is one of the most popular and devastating online attacks, because you can
More informationMIND THE GOOGLE! Understanding the impact of the. Google Knowledge Graph. on your shopping center website.
MIND THE GOOGLE! Understanding the impact of the Google Knowledge Graph on your shopping center website. John Dee, Chief Operating Officer PlaceWise Media Mind the Google! Understanding the Impact of the
More informationWeb Security Computer Security Peter Reiher December 9, 2014
Web Security Computer Security Peter Reiher December 9, 2014 Page 1 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow around
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationIntroduction to Information Security Dr. Rick Jerz
Introduction to Information Security Dr. Rick Jerz 1 Goals Explain the various types of threats to the security of information Discuss the different categorizations of security technologies and solutions
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Usable Security. Fall Franziska (Franzi) Roesner
CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner,
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationOutline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016
Networks and Communication Department NET 412 NETWORK SECURITY PROTOCOLS Lecture 7: DNS Security 2 Outline Part I: DNS Overview of DNS DNS Components DNS Transactions Attack on DNS Part II: DNS Security
More informationMore attacks on clients: Click-jacking/UI redressing, CSRF
Web Security More attacks on clients: Click-jacking/UI redressing, CSRF (Section 7.2.3 on Click-jacking; Section 7.2.7 on CSRF; Section 7.2.8 on Defenses against client-side attacks) 1 Recall from last
More informationWeb 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
More informationCS118 Discussion 1A, Week 3. Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m.
CS118 Discussion 1A, Week 3 Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m. 1 Outline Application Layer Protocol: DNS, CDN, P2P Transport Layer Protocol: UDP, principles of reliable transport protocol
More informationPhishing Attacks. Mendel Rosenblum. CS142 Lecture Notes - Phishing Attack
Phishing Attacks Mendel Rosenblum Phishing Basic idea: Get unsuspecting users to visit an evil Web site Convince them that the evil Web site is actually a legitimate site (such as a bank or PayPal) Trick
More informationMODERN WEB APPLICATION DEFENSES
MODERN WEB APPLICATION DEFENSES AGAINST DANGEROUS NETWORK ATTACKS Philippe De Ryck SecAppDev 2017 https://www.websec.be SETUP OF THE HANDS-ON SESSION I have prepared a minimal amount of slides Explain
More informationCS168 Programming Assignment 2: IP over UDP
Programming Assignment 2: Assignment Out: February 17, 2011 Milestone: February 25, 2011 Assignment Due: March 4, 2011, 10pm 1 Introduction In this assignment you will be constructing a Virtual IP Network
More informationWeb Application Footprints and Discovery
Web Application Footprints and Discovery Methodology for Web servers hosting Multiple Web applications Abstract Web application assessment begins with IP address and ports (80/443) this is very common
More informationSecurity Principles & Sandboxes
Security Principles & Sandboxes CS 161: Computer Security Prof. Raluca Ada Popa January 25, 2018 Some slides credit Nick Weaver or David Wagner. Announcements Homework 1 is out, due on Monday Midterm 1
More information