WEEK 11-12 Email Security and Web Components. Malicious Code Malicious code is the term used to describe any code in any part of a software system or.

WEEK 11-12

Email Security and Web Components

Malicious Code

• Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system.

cont

• Malicious Code can take the form of:• Java Applets• ActiveX Controls• Scripting languages• Browser plug-ins• Pushed content

cont

• Once inside your environment Malicious Code can enter network drives and propagate.

• Malicious Code can also cause network and mail server overload by sending email messages, stealing data and passwords, deleting document files, email files or passwords, and even re-formatting hard drives.

cont

• Viruses and worms are related classes of malicious code; as a result they are often confused.

• Both share the primary objective of replication.• However, they are distinctly different with respect to the

techniques they use and their host system requirements. • This distinction is due to the disjoint sets of host systems

they attack. • Viruses have been almost exclusively restricted to

personal computers, while worms have attacked only multi-user systems.

Definitions

• Trojan Horse - a program which performs a useful function, but also performs an unexpected action as well.

• Virus - a code segment which replicates by attaching copies to existing executables.

• Worm - a program which replicates itself and causes execution of the new copy.

• Network Worm - a worm which copies itself to another system by using common network facilities, and causes execution of the copy on that system.

Backdoor

• Backdoor is malicious code for hidden access to resources

• Evasion of authentication and access control mechanisms

• Different variants, e.g. code backdoor, network backdoor

Example of Backdoor code

• Famous examples – Script kiddie tools: Netbus, Sub7, Back Orifice – Ken Thompson’s compiler backdoor

• Replication: possible• Parasitism: no• Communication: yes • Appearance: ~1960

Logic Bomb

• Logic bomb is malicious code triggered at a certain event

• Trigger usually temporal, e.g. Friday the 13th » Main purpose automatic damage and sabotage

• Famous examples – Logic bomb of R. Duronio took down 2,000 UBS

servers – Michelangelo virus: Wiping of disk sectors on 6th

March

cont

• Replication: possible • Parasitism: no• Communication: no • Appearance: ~1960

How to Avoid Malicious Code

• One way to avoid Malicious Code in your applications is to add static analysis (also called “white-box” testing) to your software development lifecycle.

• Review your code for the presence of Malicious Code. Veracode’s static code analysis looks at applications in non-runtime environment.

cont

• This method of security testing has distinct advantages in that it can evaluate both web and non-web applications and through advanced modeling, can detect Malicious Code in the software’s inputs and outputs that cannot be seen through other testing methodologies.

Hoax Email

• What is a hoax email?• Hoax emails are also knows as 'spoof' emails, meaning

'falsified'. • A hoaxed/spoofed email is when the sender purposely

alters parts of the email to masquerade as though it was authored by someone else.

• Commonly, the sender’s name/address and the body of the message are formatted to appear from a legitimate source, as though the email came from a bank or a newspaper or legitimate company on the Web.

Why Would Someone Fraudulently 'Spoof' an Email?

• Purpose 1: the email spoofer is trying to “phish” your passwords and login names.

• Purpose 2: the email spoofer is a spammer trying to hide his true identity, while still filling your mailbox with advertising.

How to Protect from Spooked Email?

• If you don’t believe that the email is truthful, or that the sender is legitimate, then simply don’t click on the link and type your email address.

• If there is a file attachment, simply don’t open it, lest it contain a virus payload.

• If the email seems too good to be true, then it probably is, and your skepticism will save you from divulging your banking information.

Spamming

• Email spam, also known as unsolicited bulk email (UBE), junk mail, or unsolicited commercial email (UCE), is the practice of sending unwanted email messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients.

cont

• Pressure to make email spam illegal has been successful in some jurisdictions, but less so in others.

• Increasingly, e-mail spam today is sent via "zombie networks", networks of virus- or worm-infected personal computers in homes and offices around the globe.

• Many modern worms install a backdoor that allows the spammer to access the computer and use it for malicious purposes.

• This complicates attempts to control the spread of spam, as in many cases the spam does not obviously originate from the spammer.

Other Types of Spamming

• Mobile phone spam• Messaging spam• Social network spam

Mail Encryption Protocols

• Email encryption is encryption of email messages to protect the content from being read by other entities than the intended recipients.

• Email encryption may also include authentication.

cont

• Email is prone to disclosure of information. Most emails are currently transmitted in the clear (not encrypted).

• By means of some available tools, persons other than the designated recipients can read the email contents.

• Email encryption has been used by journalists and regular users to protect privacy.

Email Encryption Protocols

• Protocols for email encryption include:– Bitmessage– OpenPGP– S/MIME– TLS

Bitmessage

• Bitmessage is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers.

• Bitmessage encrypts each users' message inbox using public-key cryptography and replicates it inside its P2P network, mixing it with inboxes of other users in order to conceal user's identity, prevent eavesdropping and allow the network to operate in a decentralized manner.

• The Bitmessage communications protocol avoids sender-spoofing through authentication, and hides metadata from wiretapping systems.

OpenPGP

• Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication.

• PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.

• PGP and similar software follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data.

S/MIME

• S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data.

• S/MIME provides the following cryptographic security services for electronic messaging applications: authentication, message integrity, non-repudiation of origin (using digital signatures), privacy and data security (using encryption).

TLS

• Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.

• They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to negotiate a symmetric key.

• This session key is then used to encrypt data flowing between the parties.

Code-based Vulnerabilities

• These are weaknesses in the code due to error during its development.

• Cross-Site Scripting is a good example of this vulnerability.