Slac computer security
Download
1 / 24

SLAC Computer Security - PowerPoint PPT Presentation


  • 460 Views
  • Updated On :

SLAC Computer Security Annual Safety and Security Briefing 2006 Presenters Teresa Downey Spear Phishing & Web Security Markers Heather Larrieu Everything Else… Spear Phishing No dangerous pointy objects involved… but they ARE hunting YOU! Spear Phishing – Step by Step

Related searches for SLAC Computer Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SLAC Computer Security' - johana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slac computer security l.jpg

SLAC Computer Security

Annual Safety and Security Briefing 2006


Presenters l.jpg
Presenters

  • Teresa Downey

    • Spear Phishing & Web Security Markers

  • Heather Larrieu

    • Everything Else…


Spear phishing l.jpg
Spear Phishing

No dangerous pointy objects involved…

but they ARE hunting YOU!


Spear phishing step by step l.jpg
Spear Phishing – Step by Step

  • A targeted company is researched by scammer

  • Emails and websites forged – easy to do!!

  • HTML emails sent

  • They need you to click on the fake URL

  • There goes your $$$

You cannot see true URL in HTML email


Plain text can prevent scam l.jpg
Plain Text Can Prevent Scam

  • Scammers don’t want us to use plain text

True URL is normally displayed in plain text email


Spear phishing last step l.jpg
Spear Phishing – Last Step

Not a SLAC website!

Security markers are missing…

where is https ?

where is lock in border?

Just a useless picture of a lock to trick you

Faking web sites is very easy!


Secure website markers l.jpg
Secure Website Markers

Internet Explorer

Firefox


What s behind that lock l.jpg
What’s Behind That Lock?

  • Scammer can just create or buy a certificate

  • Look at URL closely, these are invalid:

    • http://www.slac.standford.edu

    • http://0x47763ae7/www.slac.stanford.edu

  • Might get error:


Avoiding phishing scams l.jpg
Avoiding Phishing Scams

  • Read ALL e-mail in plain text

    • Convert to HTML with one click if you trust the e-mail

  • Look for valid URL in e-mail and browser

    • Does it match where you intended to be?

  • Look for security markers in browser window

  • Stop if you get any Security Alerts

  • Do they REALLY need this information??


Regarding slac websites l.jpg
Regarding SLAC Websites…

  • SLAC HR wouldn’t ask for bank info via a web page

  • If you are suspicious of web site then call the SLAC Department directly


Everything else l.jpg
Everything else…

Well, okay at least…

scammer’s motivations

PII

wireless

perils of ordering pizza


Making money method 1 l.jpg
Making Money - Method 1

SellSomething

Adware and Spyware

Tracking cookies

Spam usually touting counterfeit goods


Adblock l.jpg
Adblock

  • Firefox: Tools -> Adblock -> Preferences

  • IE: Nothing built-in. “Adblock” for IE is actually adware so don’t go get it.


Browser configuration l.jpg
Browser Configuration

  • IE: Tools -> Internet Options

  • Firefox: Tools -> Options



Making money method 2 l.jpg
Making Money - Method 2

Scams, Fraud, Identity Theft

Nigerian 419 scams

Click-through fraud

Steal some Personally Identifiable Information


Personally identifiable information l.jpg

What people are doing with stolen PII ?

Credit card, Bank, Loan fraud

Phone or Utilities fraud

Applying for Government documents or benefits

Magazine subscription (~0.2 % each year!)

Scope of the problem – FTC data (2003-2005)

10 million victims of identity theft in U.S.

Victims spend an average of $1,500 and 175 hours to recover

 Not including losses by vendors, merchants, or financial institutions

Personally Identifiable Information

PII is essentially data that can be used to facilitate identity theft  


Making money method 3 l.jpg
Making Money - Method 3

Be the

“Middleman”


Botnets l.jpg
Botnets

  • Herder deploys malware

  • 2. Infected PCs log into an IRC server or other communications medium, forming a network with a central C&C structure

  • 3. Spammer purchases access to botnet

  • 4. Spammer sends instructions to the botnet

  • 5. The infected PCs send the spam messages

from Wikipedia on Botnets


Slide22 l.jpg

POST http://www.XXXXXXXXXXXX.com:80/Software/ShoppingCart/CheckOut.asp?CatID=01&CatName=XXXXXXXX%20XXXXXX%20XX%20XXX%20XXXX&VisitorID=1 HTTP/1.1

Host: www.XXXXXXXXXXXXcom

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Proxy-Connection: keep-alive

Referer: http://www.XXXXXXXXXXX.com/Software/ShoppingCart/CheckOut.asp?CatID=01&CatName=XXXXXXXX%20XXXXXX%20XX%20XXX%20XXXX&VisitorID=1

Cookie: ASPSESSIONIDSCQDDCRC=IIBBDKKBCAOBKBIGABPBHNAI; ASPSESSIONIDCSDTABCC=KCGNNPKBABOIEJKIPBHEJHAH; ASPSESSIONIDSCTDADRC=OAOJABLBFFJKLGIDHPLLMDGM

Content-Type: application/x-www-form-urlencoded

Content-length: 268

LName=AAAAAAA&FName=AAAAAAA&TelePhone=888888888&ModeOfPayment=2&Rem=IS+THIS+SECURE%3F+&CreditCardType=3&CreditCardNo=123456781234567&ExpiryMonth=6&ExpiryYear=2009&VisitorID=1&CatID=01&CatName=XXXXXXX+XXXXX+XX+XXX+XXXX&hLName=&hFName=&hTelephone=&hCreditCardNo=&hRem=


Wireless l.jpg
Wireless http://www.XXXXXXXXXXXX.com:80/Software/ShoppingCart/CheckOut.asp?CatID=01&CatName=XXXXXXXX%20XXXXXX%20XX%20XXX%20XXXX&VisitorID=1 HTTP/1.1


Final thoughts l.jpg
Final Thoughts http://www.XXXXXXXXXXXX.com:80/Software/ShoppingCart/CheckOut.asp?CatID=01&CatName=XXXXXXXX%20XXXXXX%20XX%20XXX%20XXXX&VisitorID=1 HTTP/1.1

  • Report all suspicious activity

    • Send email to: [email protected]

    • Urgent: call HelpDesk at x4357

  • See Teresa, Heather, Bob Cowles, Gary Buhrmaster, John Halperin and Steffen Luitz at Computer Security table in breezeway for your questions


ad