General Windows Security |
Article is yet to be rated |
|
| Author:
| RadEvil
|
|
| Submitted: |
28-Apr-2007 19:41:03 |
| Imported From: |
The CyberArmy University (original author: )
|
| This tutorial shows the common threats that normal users of Internet are exposed to daily, and tries to give the basic knowledge of how and when they are victims of abuse on the Internet.
|
|
- 1.0 Overview
- 2.0 Threats on the Internet
- 2.1. Cookies
- 2.2. Denial of service
- 2.3. File and Print Sharing
- 2.4. Spyware
- 2.5. CTRL key in Internet Explorer
- 2.6. Trojans
- 3.0 Safe navigation
- 3.1. Proxies and utilities
1. OVERVIEW
This tutorial shows the common threats that normal users of Internet are
exposed to daily, and tries to give the basic knowledge of how and when they are
victims of abuse on the Internet.
2. THREATS ON THE INTERNET
2.1. Cookies
A cookie is a small text file placed on your computer by a web server to
tell that web server that you have returned to that particular web page and
sometimes they can be used to track your movement not only when you return
to the site, but when you surf, or exit that particular website and only
that website as well. It is more or less your personal identification card that can
only be read by the web server that gave it to you. They are normally kept
in a file called “Cookies” in your windows directory.
Web sites also use cookies to keep your account information up-to-date.
For instance, when you visit your web based e-mail account without being
logged on and then some hours later, you find yourself logged on, even if you
have turned off your computer. Your login and password was simply stored on your
harddrive in a cookie file. This is a security threat, if there are
more people who have access to your computer.
Some web sites can retrieve info about your e-mail using cookies, that's why
when you visit a porn site you start receiving spam in your web-based inbox.
2.2. Denial of Service (DoS)
A Denial of Service (DoS) attack occurs when a malicious person(s) sends
another user or server a large amount of data for the sole purpose of
disconnecting them from the internet, slowing down or disabling
their services, or crashing the remote system. DoS attacks are mainly just
used to cause destruction from a single person or a group a people who wish
to flood another person, website(s), or servers of companies or organizations.
To businesses, an attack on the company website could render the site
unreachable for hours or more by its consumers which could cause the
business to lose money or even damage the website servers
Protecting your computer from one of these attacks is not easy. People on
dial[*]up are the easier targets since their connections are slower and more
people nowadays use cable or DSL connections, which are much faster and can
easily send more data to a host to slow it down, disconnect it, or crash it.
The best way to protect yourself is to update your computer with the
necessary patches and install a good firewall. This should protect you from
a few of the attack tools that some attackers use online. For more
information on the tools these attackers use and patches for them, visit
http://www.irchelp.org or check the download section of http://www.ca-cia.org.
The best way to secure your PC from these attacks is by staying anonymous
while you're connected to the internet. This tutorial shows how to do that
in the third section.
2.3 File and Print Sharing
File and print sharing is an option that is part of the windows networking
which enables a user to share files and printers with any person over a
network or over the internet. When this option is turned on, the port 139
opens on your computer. This is the port in which file and print sharing
takes place on. Though this port serves a valuable purpose, it is also one
of the most dangerous ports there is and the port that most hacks occur on.
Malicious hackers love this port because it is very easy to gain entry to
another persons Windows computer when the file and print sharing option is
activated without a password protecting it. If you are not using file and
print sharing for anything then I strongly urge you to make sure it is
disabled in the networking options. If you are on a connection that is
online 24/7, such as cable or DSL, and file and print sharing is enabled
without your knowledge and your system has no firewall, then sooner or later
you will be hacked.
To enable/disable file and print sharing on Windows 9x:
1. Go to Start, and then to Settings, then press Control Panel.
2. Double click on the Network icon.
3. In the Network window that pops up click File and Print Sharing at the
bottom.
4. Make sure both boxes are de-selected then press OK, then Ok again.
5. Reboot your computer only if the boxes were checked.
To enable/disable file and print sharing on Windows NT/2000:
1. Go to Start, and then to Settings, then press Control Panel.
2. (Windows 2000 Only) Double click Administrative Tools.
3. Double click Services, then Server.
4. Select Disabled for Startup Type, then click Apply, then OK.
If you have a local network in your house or business, you must protect the
shared resources with passwords, and use a firewall that protects the 139
port in case somebody cracks the password security.
2.4. Spyware
Spyware, also known as “adware”, is a program that is downloaded without the
user's knowledge when he/she downloads certain types of free programs from
the Internet. The spyware application runs in the background of the user's
computer without the user ever knowing it has been downloaded. Spyware
applications are created by the software authors to make money from the
product you downloaded through advertisements. Spyware contacts its server
constantly while you are on the internet, literally turning your computer
into a small server, sending its own server information about you which can
be anything from the sites you search, to information about your computer,
to personal information such as your email addresses, home addresses, phone
numbers, or possibly your credit card numbers. there are anti-spyware
programs for you to download that will find and remove spyware programs from
your computer. One of the best spyware removal programs is called Ad-aware,
which can be found at http://www.lavasoftusa.com/aaw.html or in the download
section of www.ca-cia.org.
2.5. CTRL key in Internet Explorer
Recently Microsoft was warned about a dangerous exploit that directly attacks
internet explorer's users.
Summary
Pressing CTRL in IE may result in arbitrary local file to be uploaded to a
remote server (no exact path needed). If special sensitive information is
uploaded, it may be used to run remote programs.
Details
A special crafted webpage can retrieve any local file using simple
JavaScript. This is possible by performing the following steps:
1. When a user presses the CTRL key an OnKeydown event can be set to fire.
In the event function the key pressed is changed to 'V'. The result will be
a paste operation with fewer restrictions.
2. The content of the clipboard is altered and focus is changed to a hidden
file upload form. The paste operation will be performed into the form,
yielding a change of value for the file upload field (not normally allowed).
3. The upload form is submitted automatically (legal JavaScript operation).
It isn't necessary to know the exact path to local files because it's
possible to refer to a file with "...filename".
Further on, if the local file "...LOCALS~1TEMPOR~1CONTENT.IE5index.dat"
is uploaded, then the random directories needed to get the exact path to the
temporarily internet folders can be retrieved. Knowing the exact path, a
compiled help file .chm can be dumped and launched with showHelp() (old .chm
attack). The compiled help file is allowed to have instructions to execute
arbitrary programs.
Vendor status:
02-06-16
Microsoft was contacted about the issue.
02-07-23
Microsoft sent the following statement:
"After investigation, our product team has confirmed that this does not meet
the bar of a security vulnerability. We will not be releasing a hotfix or
patch for this issue."
They proposed the following possible workarounds:
1. Disable or set to prompt - "Submit non-encrypted form data" option
2. Disable "allow paste operations via script" (best)
3. Disable "active scripting"
2.6. Trojans
"Derived from Greek legend in which the Greeks won the Trojan War by hiding
in a large, hollowed out horse to gain entrance to the City of Troy, the
computer version of a trojan will come off as (hidden inside of) a useful
application such as a free screensaver or chat program, only to later
display harmless messages, destroy files, or create a backdoor in your
system for an intruder to gain access to your computer. A trojan is not a
virus because it does not replicate itself."
You can get a trojan on your computer in many of the same ways you can get a
virus, but one of the main purposes of the trojan is for an intruder to
access your computer remotely and even control it. You do not want one of
these things on your system at all. If an attacker installs a trojan on your
computer by getting you to download some application, he/she can browse
through your files and even your registry, format your hard drive, spy on
you by viewing what you type on chats or instant messengers, spy on you
through your webcam, listen to you talking through your own microphone, read
your email messages, etc. Basically, just about anything you can do on your
computer locally, the attacker can do remotely.
Possible signs and symptoms due to trojan infections:
- Your CD
- ROM door opening and closing by itself (classic sign).
- Messages start popping up on your monitor screen that appear to be talking to you.
- Your printer may print out strange messages on its own.
- Your mouse pointer may start having a life of its own.
- An unknown person starts typing in your instant message window when you are talking to a friend.
- Anything weird and out of the ordinary that your Windows PC does (excluding the errors, screen freezes, and blue screens of death).
If you think you have a trojan then you should turn off your computer. Once
you sign on again (offline) you can find out if you have one by seeing if
there are any common trojan ports open by going to the DOS prompt and type
in the command “netstat –a” (without the quotes). For a list of common
Windows ports that trojans run on, you can go to
http://www.doshelp.com/trojanports.htm.
You can find more info here
3. SAFE NAVIGATION
3.1. Proxies and utilities
Proxies are servers you use for an anonymous navigation, you can find the
info you need about proxies and how to use them checking here.
You can find many utilities in the download section of http://www.ca-cia.org and if
you need some help with one of these pieces of software go to #msd in irc.cyberarmy.com
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|
You must be logged in to vote on an article
|
About Us | Privacy Policy | Mission Statement | Help
|