Steve Rambam recently gave a talk about how little privacy we actually have. It's scary:
The link is: here.
Rambam was arrested by the FBI before he was able to give his talk for 2600's HOPE conference in 2006. He talks about how much information is accessible in various Databases, and why it may not necessarily be a good thing.
As Rambam says, information that is compiled into these databases is often used (or misused) by others.
Thursday, March 27, 2008
Tuesday, March 25, 2008
Viruses (or virii) - Part 2
As you may or may not know (until now), you can write executable code in Windows Office Documents using Macros. Viruses can use this as a way to spread and infect computers. The Melissa virus is a good example of this. Melissa used the Document_Open() subroutine of a word document (circulating via email) to execute its code and deleted several system critical files.
Popular subroutines used are:
So we could write code in these subroutines that will execute when either the document is opened or closed.
We will create a word document and open the Visual Basic Editor:
Right click on the word document shown and click ``View Code'':
Choose ``Document'' on the right hand side and ``Open'' on the left:
We'll have a message box come out when the document is opened and we'll delete a file called ``test.txt''. Another message box will come out when the document is closed. The resulting code is shown below:
If macros are enabled on for MS Word, then the code will execute. An execution is shown below:
You should disable most macros to make sure that you are safe and to avoid viruses that use this method of transportation. You can do that by going to Tools->Options->Security->Macros and setting the setting to either High or Very High:
If you have your setting to Medium you will be prompted as to whether or not you want to execute macros:
Popular subroutines used are:
- Document_Open() and
- Document_Close()
So we could write code in these subroutines that will execute when either the document is opened or closed.
We will create a word document and open the Visual Basic Editor:
Right click on the word document shown and click ``View Code'':
Choose ``Document'' on the right hand side and ``Open'' on the left:
We'll have a message box come out when the document is opened and we'll delete a file called ``test.txt''. Another message box will come out when the document is closed. The resulting code is shown below:
If macros are enabled on for MS Word, then the code will execute. An execution is shown below:
You should disable most macros to make sure that you are safe and to avoid viruses that use this method of transportation. You can do that by going to Tools->Options->Security->Macros and setting the setting to either High or Very High:
If you have your setting to Medium you will be prompted as to whether or not you want to execute macros:
Thursday, March 20, 2008
HTML Codes Part 1 - Basics
Sorry for the delay. Here are some useful HTML codes that we have used in class.
Every webpage has to have the following tags:
Inside the body of the html page, is where you will have your paragraphs about you, pictures, links and anything else that you would like to display. In this tag, you can also change the color of the webpage.
Some other tags of interest:
To change the font properties (size or color for example):
<font size="5">Makes this text bigger</font>
<font color="red">Makes this text red</font>
<font color="blue" size="5">Makes this text bigger and blue</>
To add a link to the page:
<a href="http://www.qc.edu">Makes a link to QC</a>
To add an image to the page:
<img src="images/cat.jpg">
<img src="http://www.example.com/images/cat.jpg">
The first img tag places a local picture of a cat on the webpage. The second one adds a picture from a link elsewhere.
Here is a skeleton of a basic webpage:
Every webpage has to have the following tags:
<html> </html> indicates that it is an html page
<head> </head> for information about the page
<title> </title> allows you to set the title bar
<body> </body> where you will put your html stuff
Inside the body of the html page, is where you will have your paragraphs about you, pictures, links and anything else that you would like to display. In this tag, you can also change the color of the webpage.
Some other tags of interest:
<p></p> indicates a paragraph
<h1></h1> indicates a headline
<h2></h2> smaller headline
<h3></h3> even smaller headline
<b></b> makes text bold
<u></u> underlines text
<i></i> italicizes text
To change the font properties (size or color for example):
<font size="5">Makes this text bigger</font>
<font color="red">Makes this text red</font>
<font color="blue" size="5">Makes this text bigger and blue</>
To add a link to the page:
<a href="http://www.qc.edu">Makes a link to QC</a>
To add an image to the page:
<img src="images/cat.jpg">
<img src="http://www.example.com/images/cat.jpg">
The first img tag places a local picture of a cat on the webpage. The second one adds a picture from a link elsewhere.
Here is a skeleton of a basic webpage:
<html>
<HEAD><TITLE>This is my website</TITLE></HEAD>
<body bgcolor="yellow">
<p>Hello, this is my website</p>
</html>
Wednesday, March 19, 2008
Viruses (or virii) - Part 1
Now we come to the more interesting part of the class, a more detailed description of some of the more malicious things we have been discussing. Today we will discuss viruses (or virii if you are pretentious enough to keep with true Latin grammar).
Viruses are not complete programs. They must reside in a host program in order to function and need human intervention in order to execute. Viruses can reside in any file, but are only affective if they are within a file that can be executed.
There are two types of executable files on Windows systems:
Companion Infection Technique
The virus may masquerade as a known program such as cmd or notepad and may use a different extension than the traditional program or may use a misspelled variation of the traditional program name. Since the virus needs to be executed in order to be affective, a program masquerading as a legitimate one could fool the user into executing it.
As we know we can run programs by going to Start->Run and typing the name of the program we want to run without the extension:
So if there is a program that contains the name written in the Run box above in the Windows path, it will execute. So we could see how easy it would be for a program with a name like notpad.exe (notice that the e is missing) to execute when the user mistakenly mistypes notepad in the Run box.
Another interesting thing about Windows is that .COM files are executed before .EXE files. It may be because the files come first alphabetically, or it may be due to the configuration of Windows. Either way, an attacker can use this to his/her advantage by creating an executable with a .COM extension and placing it in the same folder as the original executable. We will do that now.
In this example a program will be written in Visual Basic which you can get for free here. All it will do is flash a couple of message boxes and then run the real application. Here is the code:
After we compile the code and obtain the executable, we will set the property to ``hidden'' and rename the extension to .com:
The new program is then copied into the C:\Windows\System32 folder. Since it is a hidden file, it will not show up when you do a directory listing:
Now if we try to run notepad by using Start->Run we will get the following execution before notepad launches for real:
Now we see just how close we were to potential catastrophe. Most viruses will run without you knowing that they have executed and will run the program that was requested so that the user will not suspect anything. Viruses often multiply by writing themselves into other files that will be sent to other potential victims or executed later.
Other Virus Methods
A virus can also completely overwrite the host file, thereby replacing the original file with itself. Obviously this could alert the user, since previously working programs will no longer work.
A virus may also prepend (put itself at the beginning of the file) or append itself to a host file.
Viruses can also infect document files (Word Documents, Excel Documents etc) to activate when opening, closing or doing various other tasks. We will look at a document example later.
Viruses are not complete programs. They must reside in a host program in order to function and need human intervention in order to execute. Viruses can reside in any file, but are only affective if they are within a file that can be executed.
There are two types of executable files on Windows systems:
- COM
files that end in the COM extension which are relics of the old CP/M OS - EXE
files ending in EXE extension. Also includes PE (Portable Extendable) format (.SYS, .DLL, .OCX, .CPL, .SCR)
Companion Infection Technique
The virus may masquerade as a known program such as cmd or notepad and may use a different extension than the traditional program or may use a misspelled variation of the traditional program name. Since the virus needs to be executed in order to be affective, a program masquerading as a legitimate one could fool the user into executing it.
As we know we can run programs by going to Start->Run and typing the name of the program we want to run without the extension:
So if there is a program that contains the name written in the Run box above in the Windows path, it will execute. So we could see how easy it would be for a program with a name like notpad.exe (notice that the e is missing) to execute when the user mistakenly mistypes notepad in the Run box.
Another interesting thing about Windows is that .COM files are executed before .EXE files. It may be because the files come first alphabetically, or it may be due to the configuration of Windows. Either way, an attacker can use this to his/her advantage by creating an executable with a .COM extension and placing it in the same folder as the original executable. We will do that now.
In this example a program will be written in Visual Basic which you can get for free here. All it will do is flash a couple of message boxes and then run the real application. Here is the code:
After we compile the code and obtain the executable, we will set the property to ``hidden'' and rename the extension to .com:
The new program is then copied into the C:\Windows\System32 folder. Since it is a hidden file, it will not show up when you do a directory listing:
Now if we try to run notepad by using Start->Run we will get the following execution before notepad launches for real:
Now we see just how close we were to potential catastrophe. Most viruses will run without you knowing that they have executed and will run the program that was requested so that the user will not suspect anything. Viruses often multiply by writing themselves into other files that will be sent to other potential victims or executed later.
Other Virus Methods
A virus can also completely overwrite the host file, thereby replacing the original file with itself. Obviously this could alert the user, since previously working programs will no longer work.
A virus may also prepend (put itself at the beginning of the file) or append itself to a host file.
Viruses can also infect document files (Word Documents, Excel Documents etc) to activate when opening, closing or doing various other tasks. We will look at a document example later.
Thursday, March 13, 2008
Networks
We learned about networks in the last class and we learned about the following terms:
IP (internet protocol) address
NIC (network interface card)
MAC (Media Access Control) address
Port
DNS (Domain Name System)
Packet
netstat
ipconfig/ifconfig
ping
traceroute
We also learned about different internet protocols:
IP (Internet Protocol)
TCP (Transmission Control Protocol)
HTTP (HyperText Transfer Protocol)
HTTPS (The secure HyperText Transfer Protocol)
ICMP (Internet Control Message Protocol
UDP (User Datagram Protocol)
As well as a few others.
We also talked about a few applications that can be used to watch the network:
Etherape, shown below can allow you to see the traffic on your network. Unfortunately for most of you, it only installs under Linux and Mac OS/X:
Etherape Fullscreen
Wireshark is a packet analyzer that you can use to see the packets of information coming in and out of your computer. It easily installs under Windows and Linux. Here we are using it to get the password and username from a fake myspace account:
Wireshark Fullscreen
Here is a video of ping and traceroute commands:
Ping/Traceroute Fullscreen
IP (internet protocol) address
NIC (network interface card)
MAC (Media Access Control) address
Port
DNS (Domain Name System)
Packet
netstat
ipconfig/ifconfig
ping
traceroute
We also learned about different internet protocols:
IP (Internet Protocol)
TCP (Transmission Control Protocol)
HTTP (HyperText Transfer Protocol)
HTTPS (The secure HyperText Transfer Protocol)
ICMP (Internet Control Message Protocol
UDP (User Datagram Protocol)
As well as a few others.
We also talked about a few applications that can be used to watch the network:
Etherape, shown below can allow you to see the traffic on your network. Unfortunately for most of you, it only installs under Linux and Mac OS/X:
Etherape Fullscreen
Wireshark is a packet analyzer that you can use to see the packets of information coming in and out of your computer. It easily installs under Windows and Linux. Here we are using it to get the password and username from a fake myspace account:
Wireshark Fullscreen
Here is a video of ping and traceroute commands:
Ping/Traceroute Fullscreen
Tuesday, March 4, 2008
HTML
Shana has provided us with a nice HTML tutorial that you can use for the Webpage Assigment due at the end of the semester:
http://venus.cs.qc.edu/~shyvat/articles/cs12webpage.html
Other examples can be found here:
http://www.w3schools.com/html/html_examples.asp
http://venus.cs.qc.edu/~shyvat/articles/cs12webpage.html
Other examples can be found here:
http://www.w3schools.com/html/html_examples.asp
Subscribe to:
Posts (Atom)