SLAC Computer Security Annual Safety and Security Briefing 2006.
-
Upload
ismael-purnell -
Category
Documents
-
view
222 -
download
3
Transcript of SLAC Computer Security Annual Safety and Security Briefing 2006.
![Page 1: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/1.jpg)
SLAC Computer SecuritySLAC Computer SecurityAnnual Safety and Security Briefing Annual Safety and Security Briefing
20062006
![Page 2: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/2.jpg)
PresentersPresenters
Teresa DowneyTeresa Downey Spear Phishing & Web Security MarkersSpear Phishing & Web Security Markers
Heather Larrieu Heather Larrieu Everything Else…Everything Else…
![Page 3: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/3.jpg)
Spear PhishingSpear Phishing
No dangerous pointy objects involved…No dangerous pointy objects involved…
but they ARE hunting YOU!but they ARE hunting YOU!
![Page 4: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/4.jpg)
Spear Phishing – Step by StepSpear Phishing – Step by Step
1.1. A targeted company is A targeted company is researched by researched by scammerscammer
2.2. Emails and websites Emails and websites forged – easy to do!!forged – easy to do!!
3.3. HTML emails sentHTML emails sent
4.4. They need you to click They need you to click on the fake URLon the fake URL
5.5. There goes your $$$There goes your $$$You cannot see true URL in HTML email
![Page 5: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/5.jpg)
Plain Text Can Prevent Scam Plain Text Can Prevent Scam
Scammers don’t want Scammers don’t want us to use plain textus to use plain text
True URL is normally displayed in plain text email
![Page 6: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/6.jpg)
Spear Phishing – Last StepSpear Phishing – Last Step
Security markers are missing…
where is https ?
where is lock in border?
Just a useless picture of a lock to trick you
Faking web sites is very easy!
Not a SLAC website!
![Page 7: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/7.jpg)
Secure Website MarkersSecure Website MarkersInternet Explorer Firefox
![Page 8: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/8.jpg)
What’s Behind That Lock?What’s Behind That Lock?
Scammer can just create or buy a Scammer can just create or buy a certificatecertificate
Look at URL closely, these are invalid: Look at URL closely, these are invalid: http://www.slac.standford.edu http://www.slac.standford.edu http://0x47763ae7/www.slac.stanford.eduhttp://0x47763ae7/www.slac.stanford.edu
Might get error:Might get error:
![Page 9: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/9.jpg)
Avoiding Phishing ScamsAvoiding Phishing Scams
1.1. Read ALL e-mail in plain textRead ALL e-mail in plain text Convert to HTML with one click if you trust the e-Convert to HTML with one click if you trust the e-
mailmail
2.2. Look for valid URL in e-mail and browserLook for valid URL in e-mail and browser Does it match where you intended to be?Does it match where you intended to be?
3.3. Look for security markers in browser windowLook for security markers in browser window
4.4. Stop if you get any Security AlertsStop if you get any Security Alerts
5.5. Do they REALLY need this information??Do they REALLY need this information??
![Page 10: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/10.jpg)
Regarding SLAC Websites…Regarding SLAC Websites…
SLAC HR wouldn’t ask for bank info via a SLAC HR wouldn’t ask for bank info via a web pageweb page
If you are suspicious of web site then call If you are suspicious of web site then call the SLAC Department directlythe SLAC Department directly
![Page 11: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/11.jpg)
Everything else…Everything else…
Well, okay at least… Well, okay at least…
scammer’s motivationsscammer’s motivations
PIIPII
wirelesswireless
perils of ordering pizzaperils of ordering pizza
![Page 12: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/12.jpg)
Making Money - Method 1Making Money - Method 1
Adware and Spyware
Tracking cookies
Spam usually touting counterfeit goods
Sell Something
![Page 13: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/13.jpg)
AdblockAdblock
Firefox: Tools -> Adblock -> Preferences Firefox: Tools -> Adblock -> Preferences IE: Nothing built-in. “Adblock” for IE is actually adware so don’t go IE: Nothing built-in. “Adblock” for IE is actually adware so don’t go
get it. get it.
![Page 14: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/14.jpg)
Browser ConfigurationBrowser Configuration
IE: Tools -> Internet Options IE: Tools -> Internet Options Firefox: Tools -> OptionsFirefox: Tools -> Options
![Page 15: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/15.jpg)
Javascript for ProfilingJavascript for Profiling
![Page 16: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/16.jpg)
Making Money - Method 2Making Money - Method 2
Scams, Fraud, Identity TheftScams, Fraud, Identity Theft
Nigerian 419 scams
Click-through fraud
Steal some Personally Identifiable Information
![Page 17: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/17.jpg)
Personally Identifiable InformationPersonally Identifiable Information
What people are doing with What people are doing with stolen PII ?stolen PII ?
Credit card, Bank, Loan fraudCredit card, Bank, Loan fraud
Phone or Utilities fraudPhone or Utilities fraud
Applying for Government Applying for Government documents or benefitsdocuments or benefits
Magazine subscription (~0.2 % Magazine subscription (~0.2 % each year!)each year!)
Scope of the problem – FTC data Scope of the problem – FTC data (2003-2005)(2003-2005)
10 million10 million victims of identity victims of identity theft in U.S. theft in U.S.
Victims spend an average of Victims spend an average of $1,500$1,500 and and 175 hours175 hours to to recover recover
Not including losses by Not including losses by
vendors, merchants, or vendors, merchants, or financial institutionsfinancial institutions
PII is essentially data that can be used to facilitate identity theft
![Page 18: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/18.jpg)
Making Money - Method 3Making Money - Method 3
Be the “Middleman”
![Page 19: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/19.jpg)
BotnetsBotnets1. Herder deploys malware
2. Infected PCs log into an IRC server or other communications medium, forming a network with a central C&C structure
3. Spammer purchases access to botnet
4. Spammer sends instructions to the botnet
5. The infected PCs send the spam messages
from Wikipedia on Botnets
![Page 20: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/20.jpg)
![Page 21: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/21.jpg)
![Page 22: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/22.jpg)
POST http://www.XXXXXXXXXXXX.com:80/Software/ShoppingCart/CheckOut.asp?CatID=01&CatName=XXXXXXXX%20XXXXXX%20XX%20XXX%20XXXX&VisitorID=1 HTTP/1.1Host: www.XXXXXXXXXXXXcomUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5Accept-Language: en-us,en;q=0.5Accept-Encoding: gzip,deflateAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7Keep-Alive: 300Proxy-Connection: keep-aliveReferer: http://www.XXXXXXXXXXX.com/Software/ShoppingCart/CheckOut.asp?CatID=01&CatName=XXXXXXXX%20XXXXXX%20XX%20XXX%20XXXX&VisitorID=1Cookie: ASPSESSIONIDSCQDDCRC=IIBBDKKBCAOBKBIGABPBHNAI; ASPSESSIONIDCSDTABCC=KCGNNPKBABOIEJKIPBHEJHAH; ASPSESSIONIDSCTDADRC=OAOJABLBFFJKLGIDHPLLMDGMContent-Type: application/x-www-form-urlencodedContent-length: 268LName=AAAAAAA&FName=AAAAAAA&TelePhone=888888888&ModeOfPayment=2&Rem=IS+THIS+SECURE%3F+&CreditCardType=3&CreditCardNo=123456781234567&ExpiryMonth=6&ExpiryYear=2009&VisitorID=1&CatID=01&CatName=XXXXXXX+XXXXX+XX+XXX+XXXX&hLName=&hFName=&hTelephone=&hCreditCardNo=&hRem=
![Page 23: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/23.jpg)
WirelessWireless
![Page 24: SLAC Computer Security Annual Safety and Security Briefing 2006.](https://reader036.fdocuments.net/reader036/viewer/2022062515/56649c7e5503460f94934635/html5/thumbnails/24.jpg)
Final ThoughtsFinal Thoughts
Report all suspicious activityReport all suspicious activity Send email to: Send email to: [email protected]@slac.stanford.edu Urgent: call HelpDesk at x4357 Urgent: call HelpDesk at x4357
See Teresa, Heather, Bob Cowles, Gary See Teresa, Heather, Bob Cowles, Gary Buhrmaster, John Halperin and Steffen Buhrmaster, John Halperin and Steffen Luitz at Computer Security table in Luitz at Computer Security table in breezeway for your questionsbreezeway for your questions