The view from close analysis of the virus
On 10 July 2008 and CHIP opportunity to see FSecure laboratory in Kuala Lumpur. What is there? Seoul following. Andi Desmal
Before entering the laboratory area, it Heinonen, Vice President FSecure for Asia Pasiik, provide a brief explanation about FSecure have 20 years to handle the virus in the world. Currently, FSecure already has 15 offices in 15 countries and three laboratories in the world. In addition, in Malaysia, two other laboratories in the United States and Finland. According to it, until now, the focus FSecure still analyzing the virus and various other gadfly to the end user because the virus type is the most Internet users in the world.
There are many things that have been done FSecure security services to the Internet in the next 20 years. Even since 2000, FSecure not only to focus on handling the virus only a PC, but also in the mobile phone virus.
Laboratory
In the laboratory security FSecure this, FSecure monitor the development of the virus in the world. In the activities, not less than 70,000 examples of the virus viruses into the lab. Around 2,000 species can be directly detected. For other types, FSecure will analyze further. The results of this analysis will be out in the form of updates in the seven to nine days. Watched the development of this virus by FSecure through various ways, such as user reports FSecure own that send virus samples, special radar, Google maps, and the International beritaberita discuss Internet security issues. According to Wing Fei Chia, Security Response Team Manager FSecure Security Labs, the creator of the virus at this time to focus more money. Viruses are expected to steal the data of various important information from users of the Internet. These data will be used to dredge sebanyakbanyaknya money from the victims. " Targettarget the virus of course, from individuals, organizations, governments, to a social networking service users. Therefore, analysts and antivirus always work the maximum to prevent widespread virus.
In laboratory security FC this, the staff FSecure also observe the development of viruses for mobile phones. Smartphones become the target of frequent diincar by the virus because it has a system in operation. To examine this mobile phone virus, FSecure utilize a special room, which also is in the laboratory. In this space, the security level of a handheld communication device can be analyzed. The researchers mengotakatik free of the virus in this space without having to worry that the virus will contaminate other ponselponsel outside the special room. CHIP also see some of the phone when tested in the room. Some mobile phone began to open. The phone has not had a virus protector will be contaminated with the virus when switched bluetooth facilities. According to Chia Wing Fei, the development of features in the communication devices that encourage the virus tries to log into the device. Moreover, now there are no restrictions in the mobile phone. Phone not only can be used for communication only. Users can now be used for various activities, ranging from games to financial transactions in the bank.
Source: Ed Chip Magazine. 08/2008
Tampilkan postingan dengan label Security. Tampilkan semua postingan
Tampilkan postingan dengan label Security. Tampilkan semua postingan
Selasa, 25 November 2008
Senin, 10 November 2008
Security
Shadow Passwords
By: Cygnus - Necromancer
In general technique "Shadow Password" in the bucket as follows:
For all entry in the directory '/ etc / passwd_file', that is encrypted password files moved to the other, such as'
/ etc / shadow '.
While the '/ etc / passwd' can be read by everyone in the system, 'etc / shadow' can only be read by the group
concerned, may even read only by the superuser. This is necessary to anticipate the list
encrypted password that the program be solved by the dictionary.
Ideas on the "information" (hiding information) is one of many techniques contained in the category
"Security through Obscurity". According to those communities LINUX, 2 opinions on the "Security through Obscurity", namely:
1. "It can help and can not be destroyed, then let us use it"
2. "In fact, can be destroyed, because he makes a wrong on security, and should not be used"
But there are many more people will be good from the shadow password, it will be raised from third-baikan shadow password. The main assumption when people use the system to the shadow password is that the use of this system promises that no one does not have the rights, will be able to see the password list.
But somehow, some people can make mistakes with the release list it. Perhaps the opponent (Adversary), which has root access before, with the "work" sysadmin on the right time, he will be able to obtain the information needed. Adversary may not be enough time to install the program "backdoor", but he can "fly wallop on the password file.
Or by making an error in the permissions settings from the 'etc / shadow,' or giving instructions "chmod ar / etc / *" without thinking involvement in the '/ etc / shadow'.
Or another possibility is that there is a security problem just after the correct use "CERT advisory," this will create a list of passwords will be read by anyone, too! And there are many ways to release the contents of the '/ etc / shadow', when we had to be an experienced sysadmin.
The problem with using the system as is the shadow password system will provide a sense of security (false sense of security). In this case, they will think that the list of passwords is secure and Protected. This often makes sense sysadmin lazy to use the method that is more superior, and more pro-active (pro-active method) to password protect their files.
The most easy and most inexpensive method on a pro-active way is the directory password swap. No other system is changed, - just change the position of the directory '/ bin / passwd'. There are several utility programs and UNIX to the default directory password swap, such as "Matt Bishop's passwd" from darmouth.edu: / pub / security and "Mark Henderson's ANLpasswd" from info.mcs.anl.gov: / pub / systems.
Basically, each one password to change, programs will compare with the previous dictionary (and to gecos field), this is similar to the way the program works ceacker. When users choose a password that "weak", a pro-active program will force users to change their password option.
Without using a program pro-active, we must also mengkawatirkan attacks on the program cracker (on risetm, more than 15 years without a pro-active program, most users will choose passwords that are easy, can in the Crack, often a first name women). When the system relies on a shadow passwords to secure password we, the direktory '/ etc / shadow /' will be guaranteed vulnerable.
However, when using a pro-active password checker, we can announce to the world outside the names of the password vulnerable. Forcing the user to change their passwords regularly will also reduce the possibility uncover security.
By: Cygnus - Necromancer
In general technique "Shadow Password" in the bucket as follows:
For all entry in the directory '/ etc / passwd_file', that is encrypted password files moved to the other, such as'
/ etc / shadow '.
While the '/ etc / passwd' can be read by everyone in the system, 'etc / shadow' can only be read by the group
concerned, may even read only by the superuser. This is necessary to anticipate the list
encrypted password that the program be solved by the dictionary.
Ideas on the "information" (hiding information) is one of many techniques contained in the category
"Security through Obscurity". According to those communities LINUX, 2 opinions on the "Security through Obscurity", namely:
1. "It can help and can not be destroyed, then let us use it"
2. "In fact, can be destroyed, because he makes a wrong on security, and should not be used"
But there are many more people will be good from the shadow password, it will be raised from third-baikan shadow password. The main assumption when people use the system to the shadow password is that the use of this system promises that no one does not have the rights, will be able to see the password list.
But somehow, some people can make mistakes with the release list it. Perhaps the opponent (Adversary), which has root access before, with the "work" sysadmin on the right time, he will be able to obtain the information needed. Adversary may not be enough time to install the program "backdoor", but he can "fly wallop on the password file.
Or by making an error in the permissions settings from the 'etc / shadow,' or giving instructions "chmod ar / etc / *" without thinking involvement in the '/ etc / shadow'.
Or another possibility is that there is a security problem just after the correct use "CERT advisory," this will create a list of passwords will be read by anyone, too! And there are many ways to release the contents of the '/ etc / shadow', when we had to be an experienced sysadmin.
The problem with using the system as is the shadow password system will provide a sense of security (false sense of security). In this case, they will think that the list of passwords is secure and Protected. This often makes sense sysadmin lazy to use the method that is more superior, and more pro-active (pro-active method) to password protect their files.
The most easy and most inexpensive method on a pro-active way is the directory password swap. No other system is changed, - just change the position of the directory '/ bin / passwd'. There are several utility programs and UNIX to the default directory password swap, such as "Matt Bishop's passwd" from darmouth.edu: / pub / security and "Mark Henderson's ANLpasswd" from info.mcs.anl.gov: / pub / systems.
Basically, each one password to change, programs will compare with the previous dictionary (and to gecos field), this is similar to the way the program works ceacker. When users choose a password that "weak", a pro-active program will force users to change their password option.
Without using a program pro-active, we must also mengkawatirkan attacks on the program cracker (on risetm, more than 15 years without a pro-active program, most users will choose passwords that are easy, can in the Crack, often a first name women). When the system relies on a shadow passwords to secure password we, the direktory '/ etc / shadow /' will be guaranteed vulnerable.
However, when using a pro-active password checker, we can announce to the world outside the names of the password vulnerable. Forcing the user to change their passwords regularly will also reduce the possibility uncover security.
Langganan:
Postingan (Atom)