#acl SecurityClass2010Group:read,write,admin All:read

== Internet Client Vulnerabilities ==

 * Of the numerous techniques to exploit internet end users.

  * Software exploits are the most the despicable.

  * This is because software usually permits hackers to do their bidding with little of no visibility on the part of the victim. 

== ActiveX ==

 * Microsoft ActiveX
  * Microsoft answer to Java
  * First real attempt a a model for portable, remotely consumable software applications
  * ActiveX applications or controls
  * Can be written to perform specific functions 
  * Such as displaying a movie or sound file
  * Can be embedded in a web page to provide this functionality
   * Example
   * Like Microsoft’s Object Linking and Embedding (OLE) supports embedding of Excel spreadsheets within Word docs
   * Usually the .ocx file extension  
  
  * When Internet Explorer encounters a web page with an embedded ActiveX control (or Multiple Controls) 
  * First checks user’s local system Registry to find to find out whether that component is available on the user’s machine
  * If it is, IE displays the webpage, loads the control into the browser’s memory address space, and executes it’s code.
  * If the control is not already installed on the user’s computer, IE downloads and installs the control using    the location specified within the <OBECT> tag.
  * Optionally, it verifies the origin of the code using Authenticode and then executes that code
   * Controls are downloaded to the location specified by the Registry string value
  * (REG_SZ)HKLM\SOFTWARE\MICROSOFT\WINDOWS\CurrentVersion\Internet Settings\ActiveXCache
  * Default in XP is %systemroot%\Downloaded Program Files   

=== ActiveX Security Model ===
 * Acting within the model described in the previous section malicious programmers could write ActiveX controls to  do just about anything they want to a user’s machine.
 * The thing that stands in the way is the Microsoft’s Authentication paradigm.
 * Authenticode allows developers to “sign” their code using cryptographic mechanism that can be authenticated by IE and a third party before the code is executed. (VeriSign Corporation is typically the third party)
  * Example of how ActiveX could be used to for malicious activity
  * 1996 Fred Mclain wrote an ActiveX control that shutdown the user’s system cleanly (if it was running Windows 95 with advanced power management). 
  * Called Internet Exploder
  * Safe for Scripting
  * Was the next significant security challenge 
  * The way people could get a malicious program on your computer by simply visiting their website is manipulating the Scriptlet ActiveX control  
  * Scriptlet.typelib can create, edit, and overwrite files on the hard disk.
  * Eyedog  has the ability to query the Registry and gather machine characteristics 

=== ActiveX Abuse Countermeasures ===

 * From a developers perspective, don’t write safe-for-scripting controls that could perform privileged actions on a user’s system.
 * Restrict or disable ActiveX through the use of Microsoft Internet Explorer security zones.

== Java ==

 * Created by Sun Micro Systems.
 * Was created primarily to enable portable, remotely consumable software applications.
 * Differed from ActiveX in that it included a security ”sandbox” that restrains the programmers from making many of the mistakes that lead to security problems, such as buffer overflows.
  * Vulnerabilities Found.
  * November 2004, Jouko Pynnonene published an advisory on a devastating vulnerability in Sun’s Java Plug-in, which permits browsers to run java applets.
  * The vulnerability essentially allowed malicious web pages to disable Java’s security restrictions and break out of the Java sandbox, effectively neutering the security of the platform.

=== Java Countermeasures ===

 * Restrict Java trough the use of Microsoft Internet Explorer security zones.
 * Non-IE consult documentation on how to restrict. 

== JavaScript and Active Scripting ==

 * Originally “LiveScript” and is still associated with Sun’s Java, but is actually a separate scripting language created by Netscape.
 * Blend of Perl- like ease-of-use with c/c++ like power. 
  * Made it popular.
  * Also makes it attractive to hackers.
  * Makes it easy to fool the user into entering sensitive information.
  *Microsoft platforms execute JavaScript and other client-side scripting languages using Component Object Model (COM) – Based technology called Active Scripting.
  * Security issues not caused by technology, but by the abuse of power and accessibility they give you.

=== JavaScript Countermeasures ===

 * Restrict JavaScript and Active Scripting trough the use of Microsoft Internet Explorer security zones.

== Cookies ==

 * Underlies the World Wide Web, allows for tracking things from one visit to another.
 * Cookies, or special tokens contained with in HTTP requests and responses, that allow websites to remember who you are from visit to visit.
 * Attackers who get their hands on your cookies might be able to spoof your online identity or glean sensitive information.
 * The brute-force way to hijack cookies is to sniff them off the network and then replay them to the server.  
 
=== Cookie Abuse Countermeasures ===

 * Get a tool to manage cookies.
 * IE’s cookie screening feature.
 * Use SSL.
 * Disable cookies.

== Cross-Site Scripting (xss) ==

 * XXS typically results from a web application that takes input from one user and displays it to another user.
  * Example.
  * The server at evil.org is a rogue server set up by the hacker to capture the unsuspecting user input. (in this case it is set to after a little while to pop up and say the session has ended and to enter your password to continue.

== SSL Attacks ==

 * Based on public-key cryptography.
 * SSL is a security implementation, and as such it is open to interpretation by those who implement it.
 * IMPLEMENTATION flaws can reduce the security of any specification to zero.
 
=== SSL Countermeasures ===

 * Keep your Internet Client software fully updates and patched. 
 * Verify the SSL certificate.

== E-mail Hacking ==

 * Single most effective avenue into the computing space of the internet user.
 * Becomes a very powerful attack when embedded with ActiveX, JavaScript and is extended with its own powerful capabilities, such as file attachments.

=== File Attachments ===

 * One of the most convenient features of e-mail is the ability to attach files.
 * This can be used to deliver executable payloads directly to a end users desktop.
 * Greatest single vector of attack since the beginning. 
 * Disguising executables as MP3’s or other file types.

=== MIME ===

 * Underlying e-mail attachments also played a significant role in the history of client hacking.
 * Multipart Internet Mail Extensions (MIME)is the standard for attaching files to e-mail messages by breaking them in to manageable chunks and Base64-encoding. 

=== E-mail Hacking Countermeasures ===

 * Keep our software up to date.
 * Don’t open e-mail from people you don’t know or a chain forward.
 * Disable ActiveX and JavaScript for e-mail.

== General Microsoft Client-Side Countermeasures ==

 * Deploy a personal firewall.
 * Keep up to date on all software patches.
 * Run antivirus software.
 * Run with least privilege.
 * Administrators should run the mentioned software at choke points.
 * Read e-mail in plain text.
 * Configure office productivity programs as securely as possible.
 * Don’t be gullible.
 * Keep your computing devices physically secure.

== Malware ==

 * Includes.
  * Viruses.
  * Worms.
  * Rootkits and backdoors.
  * Bots and zombies.
  * Trojan horses.
 
=== Countermeasures ===

 * Always back up your system before you have any problems.
 * Clean it up with the appropriate tools.
  * Meaning anti-virus.
 * The book recommends.
  * McAfee.
  * Symantec.
  * Computer Associates. 
  * Panda. 
  * Microsoft.
 * I recommend.
  * Kaspersky. 
  * Web Root (SpySweeper with antivirus).
  * Computer Associates.

= Quiz =

1 What was Microsoft's answer to Java? ActiveX

2 Who created JavaScript? Netscape

3 What is the protocol over which the majority of e-commerce transactions occur? SSL

4 5 What are 3 of the General Microsoft Client-Side Countermeasures?

 * Deploy a personal firewall
 * Keep up to date on all software patches
 * Run antivirus software
 * Run with least privilege
 * Administrators should run the mentioned software at choke points
 * Read e-mail in plain text
 * Configure office productivity programs as securely as possible
 * Don’t be gullible
 * Keep your computing devices physically secure 



 










Back to Cptr427Winter2010