Тексты на английском
<<  Architecture and Gardens at the Getty Villa Architecture Весне для 1класса  >>
Types of Malware
Types of Malware
Code Red (2001)
Code Red (2001)
Картинки из презентации «CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security» к уроку английского языка на тему «Тексты на английском»

Автор: . Чтобы познакомиться с картинкой полного размера, нажмите на её эскиз. Чтобы можно было использовать все картинки для урока английского языка, скачайте бесплатно презентацию «CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security.ppt» со всеми картинками в zip-архиве размером 219 КБ.

CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security

содержание презентации «CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security.ppt»
Сл Текст Сл Текст
1CS 305 Social, Ethical, and Legal 22Code Red (2001). Targeted indexing
Implications of Computing Chapter 6 service used in Windows IIS web server
Computer Networks and Security. Herbert G. Spreads as a bad HTTP request (buffer
Mayer, PSU CS status 6/24/2012 Slides overflow) Infected server creates 99
derived from prof. Wu-Chang Feng. threads to attack random IP addresses
2Syllabus. Malware Virus Worms Examples windowsupdate.microsoft.com was infected
Backdoor Trojan Horse Rootkit Botnet too Infection rate Over 20,000 infections
Hackers and Phreaks Enforcement In-Class in less than 10 minutes Over 250,000
Exercise. infections in less than 9 hours Over
3Malware. Malware: unwanted SW attack, 975,000 total infections Payload DDoS
instructing your computer to do something attack against whitehouse.gov’s IP.
an attacker wants, but you don’t want, 23Code Red (2001). People don’t patch
such as: Delete files to render your IIS vulnerability was fixed months before
computer inoperable Infect other systems Code Red launched Infected machines
--worms, viruses Monitor activity observed years later.
--webcams, keystroke loggers Gather 24Santy (2004). Attacks PHP Bulletin
information on you, your habits, web sites Board (phpBB) website software. Exploit
you visit Provide unauthorized access URL descrambling error in PHP on input
--Trojans, backdoors Steal files, store allows arbitrary PHP script to execute.
illicit files Send spam or attack other Novel target selection algorithm How do
systems Stepping stone to launder activity you find vulnerable phpBB2 software to
--frame you for a crime Hide activity attack? The same way you do. It Googles
--rootkits. for it. 40000 phpBB2 servers hit Google
4Types of Malware. Viruses Worms eventually started blocking/censoring
Trojans Backdoors Rootkits (user & searches to slow down worm Result: New
kernel level). variant of Santy used AOL and Yahoo search
5What is a Virus? Self-replicating engines “Ethical” worm developed 1 week
piece of code that attaches itself to later Anti-Santy worm used same method
other programs; usually requires human Google used Defaced webpage:
interaction to propagate. “viewtopic.php secured by Anti-Santy-Worm
6Two Virus Components. Payload The V4. Your site is a bit safer, but upgrade
malicious/anti-social action that viruses to >= 2.0.11.”.
& worms perform that make them highly 25Ethical Worms. Suppose you create a
irritating or worse Examples: wiping your worm that… Exploits the vulnerability
hard drive, deleting files, encrypting Patches the system Removes itself Should
files for blackmail purposes Propagation you release it? What if it spreads out of
mechanism How do viruses spread? control? What if it doesn’t work? Patching
7Virus Propagation. Locally Simplest could bring about problems E.g. Critical
method Write to file system Local files, application depends on vulnerability to
executables, documents Write it into the work correctly E.g. Application depends on
boot sector/operating system Removable a certain interpretation of the
storage Initial viruses propagated through specification Patches have to be tested
tapes and floppies Today through thumb thoroughly! Are ethical worms an oxymoron?
drives and CDs Rarely target CDs Perhaps not worth the trouble? How would
specifically but Chernobyl (CIH) on Yamaha one analyze this using ethical frameworks?
CDR update CD NIMDA on Visual Studio .net 26Ethical Disclosure. Publishing
in Korea Modern media Compact Flash, SD, zero-day exploits Zero-Day worms
USB Keys. especially dangerous as they target brand
8Virus Propagation. Network Most common new exploits No patch available! (Have to
currently Email (Iloveyou) Web Newsgroups hope that your system/network is
(Melissa) P2P Networks (Fastrack, adequately hardened) Is it ethical to
Gnutella, IRC, Torrent) 2003 study showed disclose such vulnerabilities? How long
45% of executable files downloaded from should one wait to disclose them?
KaZaA had viruses or Trojan horses Beware Publishing better ways to design worms
of Warez! NFS, Samba mounts Social Staniford, Paxson, Weaver, “How to 0wn the
networks. Internet in your own spare time”, in
9Examples. Benign Brain virus (1986) Usenix Secuirty 02 Warhol Worms/Flash
Determine level of software piracy in Worms Infect the entire Internet in 15
Pakistan Malicious Michelangelo (1991) minutes/30 seconds. (!) Is it ethical to
Erased boot sector on March 6, 1991 Love disclose such techniques?
bug (2000) Deleted files Collected 27Backdoors. A backdoor is a program
passwords and e-mailed them Author was a that allows attackers to bypass normal
23 year old Filipino CS student No hacking security controls on a system, gaining
laws in Philippines so no prosecution. access on the attacker’s own terms.
10Worms. A worm is a self-replicating 28Types of Backdoors. Local escalation
piece of code that spreads via networks; of privileges Allow attackers with account
usually does not require human interaction administrator privileges Remote execution
to propagate. of individual commands Remote attackers
11Virus vs. Worm. Similarities Goal is can send a message to a victim machine
to infect other machines Both may contain that allows them to execute a single
a payload Virus Infects other files (must command on the victim machine Remote
have executable sections) Transmitted via command-line access (aka remote shell)
removable storage or network Require user Remote attacker can type directly into a
interaction for propagation -- e.g. Open a command prompt of the victim machine
file, boot from floppy, launch an across the network Remote control of GUI
executable, click on e-mail attachment or Remote attacker controls the GUI of the
simply open an email Worm Travels through victim machine across the network.
the network only ? key May infect other 29Trojan Horse. Origin of term: The
files (might be cleared through reboot) ancient Greeks laying siege to Troy,
Does not require human interaction Target gaining access via a “loaded” horse That
misconfiguration or flaws/vulnerability in famous horse is generally spelled the
systems --buffer overflows! “Trojan Horse” Yet the term, alluding to
12Why are Worms Powerful? Fast scaling infamously sneaky access to your computer
Can take control of a vast number of system, is seen as being spelled “Troyan
machines, each of which will act as a Horse” A Trojan Horse is a program which
launch point to infect other machines appears to have some useful or benign
Goal: Infect 10,000s of machines Serial capability, but conceals some hidden,
example Suppose an average of 1 hour per malicious functionality.
machine Includes time to find a vulnerable 30Rootkits. Rootkits are Trojan backdoor
machine, as well as infecting it 10000 tools that modify existing operating
hours = 416 days > 1 year! Worm example system software so that attacker can keep
Again, suppose an average of 1 hour per access to and hide on a machine without
machine, Infected machines will owner’s consent.
subsequently take an hour to infect 31Botnets. Short for: network of robots,
another 1st hour: 1 infection 2nd hour: 3 or robot net A bot is a software program
infections 3rd hour: 7 infections 14th that responds to commands sent by a
hour: 16,383 infections = 714 times faster command-and-control program located on an
than serial. external computer Botnets are coordinated
13Anatomy of Worm. A worm is composed of collections of bots under a single central
Warhead Propagation Engine Target control Launch denial-of-service attacks
Selection Algorithm Scanning Engine Send spam Host phishing sites.
Payload. 32Hackers and Phreaks. Hackers – two
14Warhead. Warhead – the mechanism by definitions: good and bad Someone highly
which a worm gains entry into a system skilled in programming and use of computer
This is the part that we protect our systems (sign of respect in some circles)
systems against. The warhead contains the Someone that breaks into computer systems
exploitation code Buffer overflow, copying (sign of bad behavior in public circles)
into open file shares Password attacks. Phone phreak – someone that manipulates
15Propagation Engine. Propagation Engine the telephone system in order to
– How the worm transports a new copy of communicate with others without paying
itself into another machine Often, Stealing access codes, using outlawed
warheads contain the entire worm, but not hardware.
always Warhead code can download the rest 33Early Hacking Incidents. PDP-11
of the worm code, e.g. remote root shell Programmable minicomputer shared by many
exploit followed by an ftp. students at MIT Students forbidden to
16Target Selection Algorithm. Target modify hardware Stewart Nelson (1960s)
Selection Algorithm – How a worm selects Added a new hardware instruction in the
its next target Want to choose nearby middle of the night to “improve”
targets. Nearby targets are much faster to performance Also did it to demonstrate his
infect than far away targets IP address skills Ethical evaluation Does it depend
proximity, network neighborhood, e-mail on the outcome? What good is an ethical
address books. framework if you can only tell afterwards
17Scanning Engine. Scanning Engine – if an action is right or wrong?
Code that probes machines to determine if 34U.S. Law on Hacking. Computer Fraud
addresses generated by the targeting and Abuse Act Transmitting code that
algorithm are vulnerable. Pretty simple causes damage to a computer system
usually – send probing packets (TCP SYN) Accessing without authorization any
to targets, wait for response If computer connected to the Internet
successful in opening a socket, attempt to Transmitting classified government
compromise. information Trafficking in computer
18Payload. Payload – The malicious code passwords Computer fraud Computer
that the worm actually delivers Early extortion Maximum penalty – 20 years and
worms often had no payload, just the mere $250k fine Other acts that can be applied
act of spreading itself around will damage to Internet-based crime Wire Fraud Act
the Internet Install a backdoor, Trojan, National Stolen Property ace Identity
or rootkit Alter or destroy files Theft and Assumption Deterrence Act.
(immediately, timed, on-demand) Encrypt 35Recent Enforcement. Ancheta (2005)
your data, delete the originals, hold it Created botnet of hundreds of thousands of
for ransom Form a botnet (e-mail spam, machines Some within the DoD Used to spam
search engine spam, phishing) Launch DoS Arrested and convicted under Computer
attacks. Fraud Abuse act and CAN-SPAM act in May
19Examples. The first few worms were 2005 57 months in prison, $15,000 in
“ethical” worms – worms that tried to restitution to US government Forfeiture of
perform a useful service Creeper First illegal proceeds and computer equipment
worm developed for the assistance of air Gonzalez (2009) With Russian
traffic controllers by Bob Thomas in 1971 co-conspirators, obtained 130 million
Notified air traffic controllers when the credit/debit card numbers Indicted Success
controls of a plane moved from one of enforcement few and far between due to
computer to another Traveled from one stealth measures that are easy to
computer screen to the other on the implement.
network showing the message, "I'm 36Blue Security. Fighting bots with bots
creeper! Catch me if you can!" Did Users sign up for Blue Security service
not reproduce itself. Whenever they mark a message as spam,
20Examples. Xerox PARC worms John Shock inform BlueSecurity service Blue Security
and Jon Hepps of Xerox PARC, early bot automatically sends opt-out message to
eighties Worms as efficient carriers of spammer Spammers target Blue Security and
software "town crier" worm its users with enormous volume of spam
posted announcements on all computers of Service discontinued.
network More complex – activated only at 37In-Class Exercise. Oberlin College in
night to consume unused CPU cycles Escaped Ohio requires that every computer brought
laboratory into Xerox’s network One to campus by a student be inspected for
morning the employees returned to find viruses. System administrators remove all
that all the computers had crashed. When viruses from the students’ computers.
they tried to restart the computers, they Students whose computers subsequently pick
crashed again One of the worms up and spread a virus may be fined $25,
malfunctioned and had created havoc in the whether they knew about the virus or not.
network A "vaccine" had to be Is this a morally justifiable policy?
created so as to deactivate the worm. 38In-Class Exercise. SATAN hacker
21Examples. Infamous, accidental toolkit Security Administrator Tool for
Internet worm (1988) Robert Morris Analyzing Networks Probe computers for
(student at Cornell) discovers multiple security weaknesses Could be used for good
security holes in Unix (ftp, sendmail, and and evil Morality of publishing SATAN
fingerd) Wanted to research whether one using ethical frameworks?
could create an automated means for 39In-Class Exercise. On-line voting Used
exploiting them Goal was to infect in many countries to render elections
quickly, but do no other damage (i.e. cheap, easily accessible Local elections
files left alone) In the middle of the in the UK (since 2001) U.S. primary
design, a patch was released for one elections in Alaska and Arizona (2000)
vulnerability Morris quickly launched worm Controversial Election goals
before it was completed Released November Tamper-resistance One vote per person
2, 1988 Brought down the Internet Morris Prevent vote trading/selling Audit trail
suspended from Cornell and convicted of to ensure proper tallying Authenticating
felony under U.S. Computer Fraud and Abuse both the voter and the election service
act. (Given probation) Went back to school Privacy Ease of use to avoid voter
at Princeton, now a professor at MIT disenfranchisement (e.g. “Butterfly”
Ethics? Malicious or selfish? ballot of 2000) Ethical evaluation?
CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security.ppt
cсылка на страницу

CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security

другие презентации на тему «CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security»

«Computer» - this is a very popular technique. in this business a lot of competitors who are trying to thee . on the earned money I help the children's kindergartens. Computer equipment enjoys good success. and I will be happy to open such a beneficial. many people buy computers. I love my job. I very like a computer. and I want to open computer business.

«Conflict» - Between parents and children. The main stages of the conflict. Social. The development of open conflict. Types of conflicts. Interpersonal conflict. Intrapersonal conflict. Conflict - rivalries, it is a struggle, but manifests itself in many different forms. Between groups. Depending on the number of participants.

«Different subcultures» - Rockers -. Bikers. Enthusiasts and fans of motorcycles. Have created the need for a rocker style and practicality. Skinheads -. Gamers. On their heads they are often quite fashionable leather caps. Rappers. Emo -. hairstyle - mohawk. DJ -. Street artists known writers, or graffery graffittery . Cyber ??Goth.

«Family and friends» - Some misunderstandings between parents and children. Smoking. Do your parents understand you. School problems. Речевая разминка. Drinks. New words. Dieting. Films. Friends. Write the correction alongside. Семья и друзья. Look at the photos and find more appropriate word. Computer games. Look at the photos.

«Food» - Cyclospora (Protozoan) 1996, imported raspberries Listeria monocytogenes Sources Ready-to-eat meats, soft cheeses Signs Human abortions and stillbirths Septicemia in young or low-immune. Economic Research Service - USDA Cost of top 5 foodborne pathogens $6.9 billion annually Medical cost Productivity losses (missed work) Value estimate of premature death.

«Kinds of sports» - Football (soccer). Rugby. English proverbs about sports and health. Figure skating. Motor racing. Hockey. Billiards. Cycling. Please, read. It is a game played between two teams of eleven players. Riddles. Physical exercises. Horse racing. Basketball. Sailing. Do you know english poems. Darts. Gymnastics.

Тексты на английском

46 презентаций о текстах на английском

Английский язык

29 тем
900igr.net > Презентации по английскому языку > Тексты на английском > CS 305 Social, Ethical, and Legal Implications of Computing Chapter 6 Computer Networks and Security