The Last Hope

I know that you are probably not reading this now that school is over, but just in case, I thought that would remind you about The Last Hope (2600) going on this summer July 18-20. It costs $75 for three days and is hosted at the Hotel Pennsylvania. Kevin Mitnick and Steven Rambam are set to speak there, so you will get a chance to see them.

It should be interesting...

Capture the queen

I forgot to post this earlier, but we talked about this ID theft case in class.

48 hours coverage

CNN coverage of arrest

Kevin Mitnick

This week we are watching 2600's video Freedom Downtime about Kevin Mitnick

Legal Documents:
U.S. vs. Mitnick and DePayne
US v. Mitnick [appeal]

There are also interviews with him for more of the story:

From 60 minutes:



From the end if Freedom Downtime:

Interview

Kevin Mitnick now runs a security company:

Kevin Mitnick's Security Company

Here are some links for Tsutomu Shimomura:

Wikipedia
Takedown website

Second Life

There was an article not too long ago about online investigations:

Cops learning how to extend beats online [USA today]

I just thought it was interesting that Second Life is mentioned as a
valuable resource, though it makes some sense.

BTW, there was a CSI NY episode (slightly more glamorous) about this recently called ``Down the Rabbit Hole''. We watched this in class last Thursday before the break. You can watch it on cbs.com.

Also apropos Second Life, there was an article not too long ago regarding a Virtual Mugging that was accomplished by exploiting a flaw in Quicktime.

Wireshark

We talked about wireshark before the break. You can download it from here: Wireshark.org.

I will post a homework project related to this later.

Creative Commons

In class we talked about Lawrence Lessig, the creator of the Creative Commons. The Creative Commons is a non-profit organization that allows copyright holders to grant some rights to their work while retaining some rights.

You can find the video here:

• Fast connection
• Slow connection

There are several points that he makes in this talk. The most striking one is: excessive copyright laws are resulting in a loss of culture. He describes a society of ``rip, mix, burn'' and how it is not necessarily a bad thing. He also mentions that the mere holding of copyrights gives the owner such power, such that s/he can prevent any opposition to his/her work.

There are several copyright terms mentioned such as:

• RIAA: Recording Industry Association of America
• DMCA: Digital Millennium Copyright Act
• DRM: Digital Rights Management

The last two terms are interesting in light of computers. The DMCA makes it criminal to circumvent copyright protections in software. This is even if the ``hack'' would make the product better! [Lessig mentions this when he discusses the AIBOs.] Since it is too easy to create copies of software, just because you bought it doesn't mean that you can do anything you want with it. That is: it's not the same as purchasing a tangible item, like furniture, that you can modify to your content. If the software sucks, your just stuck.... at least legally...

Privacy is Dead, Get Over It!

Steve Rambam recently gave a talk about how little privacy we actually have. It's scary:



The link is: here.

Rambam was arrested by the FBI before he was able to give his talk for 2600's HOPE conference in 2006. He talks about how much information is accessible in various Databases, and why it may not necessarily be a good thing.

As Rambam says, information that is compiled into these databases is often used (or misused) by others.

Viruses (or virii) - Part 2

As you may or may not know (until now), you can write executable code in Windows Office Documents using Macros. Viruses can use this as a way to spread and infect computers. The Melissa virus is a good example of this. Melissa used the Document_Open() subroutine of a word document (circulating via email) to execute its code and deleted several system critical files.

Popular subroutines used are:

• Document_Open()
and
• Document_Close()

So we could write code in these subroutines that will execute when either the document is opened or closed.

We will create a word document and open the Visual Basic Editor:



Right click on the word document shown and click ``View Code'':



Choose ``Document'' on the right hand side and ``Open'' on the left:



We'll have a message box come out when the document is opened and we'll delete a file called ``test.txt''. Another message box will come out when the document is closed. The resulting code is shown below:



If macros are enabled on for MS Word, then the code will execute. An execution is shown below:





You should disable most macros to make sure that you are safe and to avoid viruses that use this method of transportation. You can do that by going to Tools->Options->Security->Macros and setting the setting to either High or Very High:





If you have your setting to Medium you will be prompted as to whether or not you want to execute macros:

HTML Codes Part 1 - Basics

Sorry for the delay. Here are some useful HTML codes that we have used in class.

Every webpage has to have the following tags:

<html> </html>   indicates that it is an html page
<head> </head>   for information about the page
<title> </title> allows you to set the title bar
<body> </body>   where you will put your html stuff

Inside the body of the html page, is where you will have your paragraphs about you, pictures, links and anything else that you would like to display. In this tag, you can also change the color of the webpage.

Some other tags of interest:

<p></p>        indicates a paragraph
<h1></h1>      indicates a headline
<h2></h2>      smaller headline
<h3></h3>      even smaller headline
<b></b>        makes text bold
<u></u>        underlines text
<i></i>        italicizes text

To change the font properties (size or color for example):
<font size="5">Makes this text bigger</font>
<font color="red">Makes this text red</font>
<font color="blue" size="5">Makes this text bigger and blue</>

To add a link to the page:
<a href="http://www.qc.edu">Makes a link to QC</a>

To add an image to the page:
<img src="images/cat.jpg">
<img src="http://www.example.com/images/cat.jpg">

The first img tag places a local picture of a cat on the webpage. The second one adds a picture from a link elsewhere.

Here is a skeleton of a basic webpage:

<html> 
<HEAD><TITLE>This is my website</TITLE></HEAD>

<body bgcolor="yellow">

<p>Hello, this is my website</p>

</html>

Viruses (or virii) - Part 1

Now we come to the more interesting part of the class, a more detailed description of some of the more malicious things we have been discussing. Today we will discuss viruses (or virii if you are pretentious enough to keep with true Latin grammar).

Viruses are not complete programs. They must reside in a host program in order to function and need human intervention in order to execute. Viruses can reside in any file, but are only affective if they are within a file that can be executed.

There are two types of executable files on Windows systems:

• COM
  files that end in the COM extension which are relics of the old CP/M OS
• EXE
  files ending in EXE extension. Also includes PE (Portable Extendable) format (.SYS, .DLL, .OCX, .CPL, .SCR)

Companion Infection Technique

The virus may masquerade as a known program such as cmd or notepad and may use a different extension than the traditional program or may use a misspelled variation of the traditional program name. Since the virus needs to be executed in order to be affective, a program masquerading as a legitimate one could fool the user into executing it.

As we know we can run programs by going to Start->Run and typing the name of the program we want to run without the extension:



So if there is a program that contains the name written in the Run box above in the Windows path, it will execute. So we could see how easy it would be for a program with a name like notpad.exe (notice that the e is missing) to execute when the user mistakenly mistypes notepad in the Run box.

Another interesting thing about Windows is that .COM files are executed before .EXE files. It may be because the files come first alphabetically, or it may be due to the configuration of Windows. Either way, an attacker can use this to his/her advantage by creating an executable with a .COM extension and placing it in the same folder as the original executable. We will do that now.

In this example a program will be written in Visual Basic which you can get for free here. All it will do is flash a couple of message boxes and then run the real application. Here is the code:



After we compile the code and obtain the executable, we will set the property to ``hidden'' and rename the extension to .com:





The new program is then copied into the C:\Windows\System32 folder. Since it is a hidden file, it will not show up when you do a directory listing:



Now if we try to run notepad by using Start->Run we will get the following execution before notepad launches for real:





Now we see just how close we were to potential catastrophe. Most viruses will run without you knowing that they have executed and will run the program that was requested so that the user will not suspect anything. Viruses often multiply by writing themselves into other files that will be sent to other potential victims or executed later.

Other Virus Methods

A virus can also completely overwrite the host file, thereby replacing the original file with itself. Obviously this could alert the user, since previously working programs will no longer work.

A virus may also prepend (put itself at the beginning of the file) or append itself to a host file.

Viruses can also infect document files (Word Documents, Excel Documents etc) to activate when opening, closing or doing various other tasks. We will look at a document example later.

Networks

We learned about networks in the last class and we learned about the following terms:

IP (internet protocol) address
NIC (network interface card)
MAC (Media Access Control) address
Port
DNS (Domain Name System)
Packet
netstat
ipconfig/ifconfig
ping
traceroute

We also learned about different internet protocols:
IP (Internet Protocol)
TCP (Transmission Control Protocol)
HTTP (HyperText Transfer Protocol)
HTTPS (The secure HyperText Transfer Protocol)
ICMP (Internet Control Message Protocol
UDP (User Datagram Protocol)
As well as a few others.

We also talked about a few applications that can be used to watch the network:

Etherape, shown below can allow you to see the traffic on your network. Unfortunately for most of you, it only installs under Linux and Mac OS/X:



Etherape Fullscreen


Wireshark is a packet analyzer that you can use to see the packets of information coming in and out of your computer. It easily installs under Windows and Linux. Here we are using it to get the password and username from a fake myspace account:



Wireshark Fullscreen


Here is a video of ping and traceroute commands:



Ping/Traceroute Fullscreen

HTML

Shana has provided us with a nice HTML tutorial that you can use for the Webpage Assigment due at the end of the semester:

http://venus.cs.qc.edu/~shyvat/articles/cs12webpage.html

Other examples can be found here:

http://www.w3schools.com/html/html_examples.asp

Revolution OS

Direct link here

SSH Connection (as part of the webpage assignment)

We will now begin to learn about Linux machines and commands for interacting with them.

Accounts have been made for all of you on the CS 12 server. The details are:

Host Name: cs12.cs.qc.cuny.edu
User Name:
        First 2 letters of LAST name, followed by
        First 2 letters of FIRST NAME, followed by
        Last 4 digits of Student ID.
Password: 9 digits student ID. 

In order to connect to the server you will have to use an SSH client. For those with Windows, you can install the SSH Secure Shell. If you don't want to install anything, you can also use PuTTY by downloading the appropriate executable file.

I have written an introduction to Linux tutorial. There are a few things that are beyond what we will do in this class, but feel free to read it if you like. I have also made the following videos to show just the connection to the Linux server.

Connection with SSH Secure Shell

If you install the SSH Secure Shell, you will hit the ``quick connect'' button shown below:



Then you will type in the correct information:



The video below shows this [By-the-way, you will NOT see the password since it is masked by asterisks *** So even though you might think you see it, you don't.]:




Connection with PuTTY

After you download putty.exe, double click it. You will have to fill in the appropriate information, such as the hostname and then press the open button:



Then you will be asked for your user name and password. You will not see your password when you type!



Here is a video of PuTTY in action:

Linux Commands

As you have discovered, Linux is somewhat different than Windows. The paths to files are much different, for example in Windows you have a path like:

    C:\Documents and Settings\jlevy\My Documents

However in Linux, there are no drive letters and the slashes go a different direction:

    /home/faculty/jlevy

Everything in the file system is mounted after the root directory, which is just a forward slash - /

We also learned that there are several users on the same Linux server and that each user has his/her own home directory (folder) that has the same name as the username. You can see above that I have my home directory with the same name as my username: jlevy. It is inside that folder that I have permission to create and use new files.

We also learned that when we log in, we can see who we are and which directory we are in by looking at the prompt:

    [jlevy@cs12 ~]$

You can see my username and the tilde ~ which indicates that I am in my home directory. After you log in, the commandline is simply waiting there for you to issue it a command.

Basic Commands

In the last class we covered some basic Linux commands such as:

   passwd                    changes your password

   clear                     clears the screen
   pwd                       print working directory
   tree                      print out a tree of all 
                             files from location

   mkdir                     create (or make) a new directory   
   rmdir [directory]         remove directory

   rm [file]                 remove file
   rm -Rf [dir]              remove directory and all files 
                             inside DANGEROUS!

   touch [file]              create (or update) a file 

   ls                        list out files
   ls -a                     list out all files including 
                             hidden files 

   ls -l                     list out files with permissions
   ls -al                    list out all files with permissions

   cd [path]                 change directory to [path]

   cp [oldfile] [newfile]    copy the oldfile to the newfile 
                             or location

   mv [oldfile] [newfile]    move the oldfile to the newfile 
                             or location

   chmod [perms] [file]      change the mode (permissions) 
                             to perms for file

   pico [file]               open file for editing with pico 
                             text editor

   exit                      end session (logout)

One thing to note about Linux: Commands ARE case sensitive so you have to type them in all lower case!

Privacy and the Internet (updated 2/15)

In our ever more Globalized society, privacy is often compromised. The Internet is adding to the loss of privacy as well. Some of it is at the fault of the individual. Some of it is at the fault of some miscreant aimed at an individual. And some of it is happenstance due to the progress of technology. The problem is, once content is on the internet it often stays on the internet. There is not anyway to take back something once it has been downloaded and passed around, or cached in google cache or saved on computer somewhere.

Other links:
Myspace
My Death Space (Even in death, there is no privacy...)
Washington Post Article

Google Maps Street View
boingboing Article
View of License Plate
Wired Article with Submissions of Weirdness

Youtube Invasion
Star Wars Kid
Star Wars Kid Files Lawsuit
Star Wars Kid a ``Cyber-lebrity''
Star Wars Kid Original Video
Remake of SWK Video with Special Effects
SWK Matrix Style

Numa Numa
Gary Brolsma's website
Numa Numa Original Video
Navy Numa Numa :-)
New Numa Numa

Clinton youtube video

Surveillance Cameras
Surveillance Cameras in NYC
Wired article on cameras in NYC
NYTimes Article: The New Security: Cameras That Never Forget Your Face
Yale course about surveillance cameras (includes abuses of this technology)

Think an image isn't that big of a deal? Look at this amazing video of how much information can be organized and manipulated:

Questions for Frontline Video

Here are the questions for the Frontline Video we watched in class:

1) The video portrays a struggle between parents and their children in the age of technology. Do you think there is a solution to the struggle and if so, what is it?

2) The internet is still considered the ``wild west'' at this point and teenagers are able to flourish without adult supervision. One concern about this however, is safety. As addressed in the video, studies have shown teens are able to take care of themselves when approached by strangers online. The media often broadcasts the opposite view, however. What are your thoughts about this topic?

3) Cases of cyberbullying have grown more rampant in the last few years. In the suicide cases we discussed, the bullies are not punished by the state due to a lack of laws in place. There may also be problems with jurisdictions since cyberbullying takes place on line and knows no boundaries. How do you think that cyberbullying can be punished? Should there be an special task force/cybercourt to handle online cases or should laws be updated by our governments to handle these items?

4) How aware do you feel you were about the items seen in the video?

5) How do you feel about the video overall?

Myspace passwords

Here are a couple of articles about Myspace password analysis:

Bruce Schneier's blog

Brian Kreb's blog

They also talk about a few exploits that were used to obtain the account names and passwords.

There was a recent case about a stalker who harassed Amor Hilton on Myspace.

Also, don't think that you are safe just because you have a ``Private Profile.'' Weaknesses in the Myspace website allowed access to people's private pictures and information. Myspace had known about the flaw for sometime, but still hadn't fixed it.

Pretending to be something you're not...

We had discussed an article from wired about a mole from the media who attended Defcon. The organizers suspected that she was in fact a reporter, in spite of the fact that she refused to buy the media pass instead of the regular one. She was hoping to out agents and others doing ``illegal activities'' and even commented on

How the people in Kansas would be interested in what takes place [at such events].

She then made the mistake of telling others her intent and revealing her hidden camera, so her unveiling was inevitable:

Social Engineering

We also discussed Social Engineering in the class and also talked a little about one of the best known social engineers. Here is a video on how to social engineer a free pizza:



Phishing

We also discussed Phishing, which is a type of social engineering. We even took a Phishing IQ test and saw how tricky some of these guys can be.

We even took a look at a fraudulent email I received the same day, and I showed you how to do a whois lookup to see which country the email is coming from. This is a Nigerian Letter or 419 fraud letter. There is a website called 419eater that is dedicated to fighting these fraudsters.

Hackers

We had talked in class about what ``Hackers'' are and even how to become one.

We even talked about how things can get exaggerated in the eyes of the media, by watching a Fox Special on ``Hackers on Steroids'':



One of the items mentioned here, however was how a boy's myspace account was ``compromised'' several times. We saw that myspace actually sends usernames and passwords in the clear, so it could be easily obtained. However, most of the time usernames and passwords are obtained by Phishing, where the user is tricked into giving their information. [We will talk more about phishing later...]

There is actually more to the story on the fellow in the Fox Special, however. You can search around for the details on your own ...

Growing up Online

Frontline on PBS had an interesting article about kids growing up online:
http://www.pbs.org/wgbh/pages/frontline/kidsonline/

There are interviews with some of the people involved in the making of this video that you can read:

http://www.pbs.org/wgbh/pages/frontline/kidsonline/interviews/

As well as interviews with the directors/researchers:

http://www.pbs.org/wgbh/pages/frontline/kidsonline/etc/notebook.html

You can also find updates about some of the kids in the video.

There's also a deeper look inside the issues. As well as other things located at the main website link.


Myspace Suicide

This video made me think some other cases that occured over the last few years, especially one in particular:

Megan Meier was a teenager with some teenage problems who was duped by some ``friends'' including the mother of one of these friends. They had created a fake profile of a teenage boy and engaged in conversation with Megan. Eventually, they started to harass Megan with the fake profile and she took it rather badly and killed herself.

Here are some articles:

http://www.news.com/8301-13860_3-9819394-56.html
http://blog.wired.com/27bstroke6/2007/11/blog-readers-ou.html
http://blog.wired.com/27bstroke6/2007/11/megan-meier-sui.html

Some readers became so outraged that they outed the adults that had duped Megan and posted not only their names, but places of business, phone number and address. Then one of the bloggers who had outed them got outed herself:

http://www.wired.com/politics/onlinerights/news/2007/11/vigilante_justice

An even odder turn in the case, is that of a blog that surfaced as a comment in another article called ``Megan Had it Coming.'' The writer of the blog at some point ``confessed'' to being Lori Drew, or the mother of the child who was friends with Megan, and had harassed her to her death.

http://www.dvorak.org/blog/?p=14913
http://sigmundcarlandalfred.wordpress.com/2007/11/19/megan-the-bitchhad-it-coming-or-how-to-kill-a-child-twice/
http://www.cnn.com/2007/US/12/08/internet.suicide.ap/index.html

The blog was posted here:

http://meganhaditcoming.blogspot.com/

and seems to have been taken over by some someone else. Most of the posts have since been erased. Either way, this is a tragic story with examples of invasion of privacy and questions about how children should be protected.