MM College Assignment Submission Cover Sheet Student Name:
Stuti Shah
Student No:
2672051
Unit Code:
CP 795
Unit Name:
Emerging technologies.
Assignment No: if applicable Assignment Name:
Tutor 7
Date Due: Lecturer Name: Tutor Name:
Faculty / Staff only Date Received: Received by (Name): Signature or initials:
Case Study Folder Q7.1 Using Internet search tools or other resources such as those mentioned at the end of Chapter 7 of the text, research network or web site hacking events that have occurred in the past 10 years. Create a description of at least three such events.
• Paris Hilton may be victim of T-Mobile Web holes (2005) The hacking may have exploited the company's Web site. A flaw in a Web site feature to reset T-Mobile account passwords is believed to have played a role in the hack of Hilton's T-Mobile Sidekick account, which resulted in her star-studded address book, photos, e-mail messages and voice mail being posted for public consumption on the Internet. The password-reset hole is just one of hundreds or even thousands of similar flaws in the mobile provider's Web page that could give malicious hackers easy access to customer information, according to an analysis by a security expert. •
A cracker has broken into a leading computer security information website that survives hundreds of attempted hacks every week. (Oct, 2000)
A cracker has broken into a leading computer security information website that survives hundreds of attempted hacks every week. AntiOnline, which has the strapline 'Hackers know the weaknesses in the system”, and carries security news and information, was defaced on 30th October 2000 by a hacker known as n1nor. The hacker replaced the front page of the site with a message boasting about the security flaw he had found.
• Network Associates hit by cyber criminals (Nov, 2000) Computer security giant Network Associates has become a victim of cyber crime, after two of its corporate websites were broken into. Two of the company's Brazilian websites, www.nai.com.br and www.mcafee.com.br, were vandalized this week by a group of crackers called Insanity Zine Corp. Front pages on both sites were replaced with rants from the crackers in English and Portuguese. The pages show the Network Associates logo and state: "And their Anti-virus software is owned too!" and "god save the script kiddies". Case Study Folder Q7.2 Using Internet search tools or other resources such as those mentioned at the end of Chapter 7 of the text, research one white or black hat hacking event that has happened in the last 5 years.
Describe the event and the consequences of the event, that is, was the hacker rewarded for his/her efforts or was he/she dealt with by the authorities. Gary McKinnon will likely be sent to the United States to stand trial for various
computer
crimes
(
April
4th,
2007)
A British hacker accused of breaking into secured government computers and causing more than $700,000 in computer damages lost an extradition appeal in the U.K. Last May, McKinnon was indicted in northern Virginia and New Jersey, at the same time a British judge decided that the hacker should be extradited to face charges. This time, two leading British judges rejected the challenge -- McKinnon now wants his case to be heard in the House of Lords, England's
highest
appeals
court.
McKinnon compromised around 100 computer systems, some of which were operated by the Pentagon and NASA. The alleged intrusions took place from February 2001 to March 2002, leading to McKinnon's arrest in 2002. He was caught because some of the software he used in the attacks was later traced back to an e-mail address
his
girlfriend
used.
McKinnon admitted that he made the intrusions, along with saying the damage was unintentional and he was looking for evidence of UFOs. The U.S. government has spent a considerable amount of time
reassuring U.K. prosecutors that McKinnon would be given a fair trial once
in
U.S.
jurisdiction.
If convicted, the man who carried out "the biggest military hack of all time" could face up to 70 years in prison along with fines up to $1.7 million. Case Study Folder Q7.3 Using Internet search tools or other resources such as those mentioned at the end of Chapter 7 of the text, research at least one security focussed web site (such as SecurityFocus.com). Then write a few paragraphs that describe at least three security issues.
One of the issues should be related to
wireless security. I have chosen UPEK Company for my security focussed website. UPEK, Inc., the global leader in biometric fingerprint security solutions,
offers
integrated
end-to-end
solutions
including
comprehensive design & integration services to the world’s leading consumer and industrial products companies. UPEK solutions enable the strongest fingerprint authentication security available and effortless user convenience. UPEK security solutions are easy to deploy and integrate with existing infrastructure and network architectures.
UPEK biometric security products enable a wide range of applications
including
password
applications,
centralized
replacement
management
for
for
PCs
corporate
and
network
security, secure mobile transactions, protection of portable data, identity verification for government and military applications, and physical
access
control.
UPEK has been pioneering biometric fingerprint technology since 1996 and shipping product in volume since 1999. UPEK is headquartered near Berkeley, California with offices in Prague, Singapore, Taipei and Tokyo. UPEK offers premium quality fingerprint authentication solutions to the world’s largest brands in PCs, portable storage, mobile phones, access control, and more. UPEK’s “trusted endpoint” security architecture is designed to provide trust in the untrusted environments of the PC, the network, and the Internet. UPEK gives security for PC and Networking, Wireless, Portable storage, Government ID, Physical Access and many more. 1. PC and Networking:
Securing PC: UPEK’s secure fingerprint authentication module leverages existing PC security architecture to protect access to notebook and desktop PCs. PC users enjoy easy-to-use access to sensitive data with hardware-based security that counters notebook theft and hacking.
Match-on-chip - Dedicated hardware-based security that protects user
privacy
Pre-boot Authentication - Protect PCs at the BIOS-level during power-on Single Sign-on (SSO) Logon to Windows®- One single swipe authenticates the user at power-on and for the Windows logon prompt Integration with Trusted Platform Module (TPM) - “Trusted Path” with the TPM allows use of strong encryption for protection of data. Securing Network: UPEK fingerprint authentication solutions are designed for scalability and central management by IT managers. Corporate PC users enjoy simplified access to VPNs and Wi-Fi connections, while corporate IT departments benefit from reduced help desk costs and the ability to establish a strong audit trail for regulatory compliance. •
Positive User ID - Identifies the actual user rather than relying on a MAC address to simply identify a machine
•
Unique Hardware Identifier - Unique identifier for each fingerprint device enables verification of authorized hardware
•
Finger-to-Server Match - Secure matching on a centralized server from any network-connected UPEK device
•
User Policy Management and Roaming Passport - Easy-toadminister user permissions for IT managers and seamless access to permission-specific applications and credentials for corporate PC users
•
Active Directory / Microsoft Management Console (MMS) Integrates directly with Active Directory for easy setup
2. Physical Access: UPEK physical access solutions enable access to safes, door locks, buildings, time and attendance systems and automobiles, obviating the need for keys and passwords that can be lost or forgotten. By processing the enrollment and verification processes on a companion chip, UPEK embedded solutions provide highly secure authentication that is easy to integrate into physical access devices. For the highest level of security, biometric fingerprint sensors complement access control smartcards to provide multi-factor authentication. UPEK authentication solutions also integrate into time and attendance systems to verify employee presence and prevent buddy-punching. 3. Wireless UPEK wireless solutions make your life more convenient by protecting your privacy and giving you access to your wireless world with the simple touch of your finger. UPEK wireless solutions leverage the same award-winning biometric technology that has made UPEK the leader in the notebook PC market. Major PC and flash drive brands, governments and enterprises rely on UPEK technology to protect physical and digital assets. UPEK wireless solutions offer these benefits:
Privacy - protect access to your personal information such as contacts, email, music downloads, mobile wallet credentials and more. Authentication - restrict access to mobile enterprise applications and data, and ensure easy, safe transactions such as mobile banking and wireless payments. Menu Navigation - minimize keystrokes needed to access contacts, browsers and other applications. Shortcuts - call any contact or launch any application with a swipe of a single finger. Case Study Folder Q7.4 Using the Virus Information Library at McAfee.com, the Antiviral Toolkit Pro Virus Encyclopaedia, Symantec’s Virus Encyclopaedia note 10 recently identified computer viruses. Then create a table that identifies the following attributes of each virus: • Name • Date identified • Type (Trojan, worm etc) • Destructive behaviour
Name
Date
identified Downloader.MisleadApp 06/11/2007 Spy-Agent.cj 09/13/2007 W32.Googbot@mm 09/17/2007 Trojan.Simpdax!inf 09/15/2007 Bloodhound.Exploit.161 09/14/2007 Verbegon 09/14/2007 VBS.Runauto.B 09/14/2007 Exploit-DXMEDIA 09/13/2007 FrogExer 09/11/2007 Bloodhound.Exploit.160 09/13/2007
Type
Destructive
Behaviour. Trojan Low Trojan Low Worm Medium Trojan Low Trojan, Virus Low Trojan Low Worm Medium Trojan Low Trojan Low Trojan, Low Virus, Worm