Hands-On Project 1-4 (Page 35)

Objective ad verbatim:

“When Microsoft Windows updates are installed on your computer (if you have it set to automatically install updates), an updated version of the Microsoft Windows Malicious Software Removal Tool is installed and runs in the background. It checks computers for infections by specific malware and helps remove any infection found. This tool can also be downloaded and run at any time. In this project you will download and run the Microsoft Windows Malicious Software Removal Tool.” (Ciampa, 2009)

Process:

1. Firstly, I created a System Restore Checkpoint. (Just in case something goes wrong)

2. Next, I opened up Mozilla Firefox (the only browser to use) and pointed the URL to http://www.microsoft.com/security/malwareremove/default.aspx. I then followed the steps to download the Microsoft Windows Malicious Software Removal Tool.

3. When the download completed, I ran the program (not before scanning the file with my virus scanner first though!) and selected ‘Quick Scan’.

4. I then left the program to run.

5. After a few minutes, I returned to check the results of the scan. I was happy to see that my computer was proclaimed malware-free.

Reflection:

The benefit that I, as a user, have derived from this exercise is the newfound awareness of the Microsoft Windows Malicious Software Removal Tool, a particularly useful tool to run regularly on a system. This allows the user to scan his or her Windows Systems with relative ease.

Also, it serves as a sort of general assessment in terms of malicious presences in the computer system.

Sine Cera,

Jeremy Heng

"Quis custodiet ipsos custodes?"

Hands-On Project 1.4 Sources

Hands-On Project 1-3 (Page 33)

Objective ad verbatim:

“It is critical that security updates be applied in order that computer systems remain secure. Unpatched application software programs are increasingly becoming the target of attackers. Although Microsoft has developed a process through which user are notified of security updates each month, most other software vendors do not have this feature and many applications are unpatched.

One solution is to use an online software scanner that will compare all applications on your computer with a list of known patches from software vendors. The online software canner can alert you to any applications that are not properly patched. In this project you will use Secunia’s Software Inspector to identify any applications that need to be patched.” (Ciampa, 2009)

Process:

1. First of all, I created a System Restore Point. Something I will do regularly and before any practical that involves the installation of software or manipulation of files at a high level in any way.

2. I started up my web browser (nothing but Firefox, of course!) and pointed it to the URL: http://secunia.com/vulnerability_scanning/online/. I then navigated using the navigation bar to the programs covered by Secunia’s Online Software Inspector.

3. After scanning through the list to assess the scanner’s thoroughness, I returned to the previous page to begin the scan.

4. After clicking on ‘Start Scanner’, Java prompts me to allow Secunia’s application to run. Satisfied that the certificate is legit, I allowed Secunia access to run its application.

5. I then checked the ‘Enable thorough system inspection’ check box and clicked ‘Start’. I left it to scan my system for unpatched software.

6. The results were pretty appalling. There were exactly eight (8) insecure versions of applications detected in the system, some of which are used frequently. For obvious reasons, I will not be posting a list of them.

7. The next step in remedying this ensanguined flaw in the computer system would be to begin patching the offending programs. Simply click upon the ‘Download’ button and download the patched version. The picture shows Mozilla Thunderbird’s latest patched version being downloaded. (Version information is withheld for obvious reasons.)

Reflection:

This Hands-On Project is a good example of the current state of User Awareness. Many users are not aware of the security implications or some find it a bother to regularly patch and update their software. Personally, I have found that certain software on my one-year old system were unpatched and therefore were security risks. Most were programs that were not frequently used.

However, there were exceptions. One of which was Mozilla Firefox, a pretty crucial piece of software to update. I realize that without running a Software Inspector, offline or online like Secunia’s, one would find it hard to keep track of software requiring patching and would thus leave vulnerabilities open in their systems. This is especially the case with older computers with more programs installed.

Hands-On Project 1.3 Sources

Hands-On Project 1-2 (Page 31)

The Objective ad verbatim:

“Just as Google can be used to locate almost anything stored on Web servers, it can also be used by attackers in order to uncover unprotected information or information that can be used in an attack. This is sometimes called “Google Reconnaissance”. In this project you will perform Google reconnaissance.” (Ciampa, 2009)

Process:

1. I first opened up Firefox, and entered my homepage, “Google”.

2. Clicking ‘Advanced Search’ then brought me to a page where I could enter in a more in depth set of Search Strings and Parameters. Entering “login:*” “password=*” into the ‘All these words” field and selecting the .xls format from the drop-down menu, I then allowed the search to run.

3. The results were astounding. There were over 19,800 results generated within 0.23 seconds all containing the fields. Most of them duds but some of them contained actual credential details, a treasure trove for attackers!

4. One .xls file even contained other sensitive information besides a login and password.

5. Continuing with my investigation, I returned to Google’s Advanced Search and revised my Search Arguments.

6. Again, a multitude of possible security breaches popped up within the second.

7. Although this time, Google seemed to have filtered out documents with sensitive material. Instead, I received many websites with the string “index.of passlist” detailing the methods attackers use when perform Google Reconnaissance. I then took a look at a blog post which shows readers the Google Search Commands one can use to discern passwords all over the Internet. (Password World, 2009)

Reflection:

Google Reconnaissance is an example of a double-edged sword. It has the ability to be used for great things when used in a benign manner but in the hands of a malicious attacker, it is a key to inner workings of your property. With login and password credentials in the clear accessible with such ease, it is a definite security threat.

However, a solution to the problem of attackers being able to simply search their way into someone’s private servers would be to develop smarter search engines. Methods that would provide security and at the same time, not compromising the power it can provide. Google for example, has shown that searching for “index.of passlist” will turn up rather interesting reads while revealing nothing of tangible value to the malicious attacker.

Sine cera,

Jeremy Heng

“Quis custodiet ipsos custodes?”

Hands-On Project 1.2 Sources

Hands-on Project 1-1 (Page 30)

The Objective ad verbatim:

“To keep your computer secure, it is important to know the latest security threats. Instead of making constant visits to security Web sites and scanning the pages looking for information, a new approach automates this process and makes it easier to have the information delivered to you. RSS (“Really Simple Syndication”) is an eXtensible Markup Language (XML) format for automatically retrieving content from a Web Page and delivering it to your browser.” (Ciampa, 2009)

Process:
(Click on the images to view in higher quality)

1. First, I opened up Google’s search engine and ran a search for “RSS Reader Tutorial” to turn up related web pages.



2. I then took a look at two videos on Youtube: “Video: RSS in Plain English” and “Creating an RSS feed in Firefox”.



3. Armed with the know-how, I ventured into www.securityincite.com to subscribe to their RSS feed. A simple click sufficed.



4. Google makes it easy for one to read his updates. It is possible to place the feed on your homepage or in a dedicated RSS Reader such as Google Reader.



5. Finalising this last step, I take a look at Google Reader. The interface is impressive, organised and easy to use. Reading your RSS Feeds would be a breeze once subscribed into Google Reader.

Reflection:

“The best way to guard against an enemy is to know your enemy.” When applied to any form of Security, it is a statement all too true. After all, Intelligence is one of the most important facets in a line of defence. Likewise, a constant stream of updates regarding the current IT security situation is a must. Keeping updated about new threats, new vulnerabilities, new attackers and new methods will allow one to pre-empt and target threats before it can cripple a system.

I subscribed to SingCERT’s Latest Security Updates and took a read through the available content. I came across "[SingCERT] Internet Explorer 8 Cross-Site Scripting Filter ’script’ Tag Cross-Site Scripting Vulnerability”, a security advisory from SingCERT. The attacker can make use of the vulnerability in systems that use Internet Explorer and Windows 7 Beta by exploiting a weak point in Internet Explorer 8 to run arbitrary code and bypass security measures. This allows theft of cookie-based authentication credentials and other sensitive data. ([SingCERT] Internet Explorer 8 Cross-Site Scripting Filter ’script’ Tag Cross-Site Scripting Vulnerability 2010)

In the modern world of everyday computing, people rely on the Internet for banking, Stock Market Trading and Foreign-exchange Trading. Money is electronically moving very quickly and in large amounts. Security cannot be compromised or it could potentially have devastating consequences. Thus, we can see how a vulnerability that can be exploited to reveal sensitive information can be a serious issue indeed.

Sine cera,

Jeremy Heng.

“Quis custodiet ipsos custodes?”

Hands-On Project 1.1 Sources