Chapter #10 deals a lot with security, different types of penetration, encryption and so on, but I think it misses one fundamental part of the equation. And that is that people are the weakest link in that particular system. What exactly do I mean:
1. Users continuously disregard IT recommendations for better password, they often use birthday+name of child/spouse or something similar, making it easy for hackers.
2. Not following security protocols. While I was working as system administrator, we had to support a media business, which had a Linux server with all necessary components, plus an ORACLE database for their specific needs.
The server, the main PBX switch, the routers were all in the communication room, which is supposed to have its own cooling system and should be locked all the time. The specific problem arose when someone unlocked the door, stopped the cooling cause according to them it was too loud for the neighbours, but in the end of the day left the door open. Later the same night while I was working remotely on the server, my connection was dropped around 1AM. I thought it is a power problem, and even though until 3AM the server was not back on, I decided to go to bed, thinking I will just have an early morning when the power was on.
Imagine my surprise when I get a phone call in the morning that this was not a power problem, but a burglary. They cut the phone lines, the cable lines and went in the office. Now, that particular firm had very good database, worth several milion, and because the door to the server was left open - the thiefs could just pick up the server and leave. Thanks to their own stupidity, and not being from the competition, they only took the office safe box, that had inside no more than 3000$, leaving the server and the important information intact. But because of several people in the office this story could have a bad ending.
Another example is employee stealing - the managers in another business did not contact IT to say one particular employee is leaving and that his access should be terminated, resulting in his ability to download an entire HR database and going with it to the competition.
One of the last examples is the so called "Social engineering" - which is is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases.These biases, sometimes called "bugs in the human hardware," are exploited in various combinations to create attack techniques like:
Pretexting
Pretexting is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.
Phishing
Phishing is a technique of fraudulently obtaining private information. Also there is a phone phishing, extracting information from an employee through a phone call.
Quid pro quo
Quid pro quo means something for something:
An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them.
There are many other techniques, and a lot of them are described in Kevin Mitnick's book "The art of deception". And even if you think that people should be aware and trained not to fall victims to that kind of social engineering, actually it is quite often.
Tuesday, February 22, 2011
Friday, February 18, 2011
Social Commerce
In chapter #9 Schneider talks about electronic commerce software, the different functions and capabilities it provides, and solutions for different company's size.
But I think it is important to mention the rise of the subset of electronic commerce - the social commerce. This is getting more important now, when 500 million Facebook users are plotting their social graphs, 145 million Twitter users Tweet and ReTweet, 3 million people are checking-in on FourSquare, and app. 35 million users are using Groupon.
Venture capitalist David Beisel is credited with coining the term “social commerce” in 2005 in a blog post describing the trend of e-commerce sites publishing user-generated advertorial content – user pick lists, wish lists, reviews, recommendations etc – to help sell. In the post he says: "With social commerce specifically, what better way to advertise a product than to have a friend recommend it to you? When a product is directly integrated into becoming content itself, it bypasses the normal filter that consumers put up to ignore or at least be skeptical of the advertising."
Of course there is not one single definition about social commerce, in fact there are more then 20, because the concept of social commerce has been expanded beyond e-commerce to include the use of social technologies in the context of retail – whether online or in-store.
Here is a short explanation about social commerce:
For me interesting comment from the video is: ”Social commerce is better for brands than social networking because social networking is about people connecting with people and at best brands are inserting themselves into that conversation”.
In a post in 2009 Paul Marsden in 2009 tried to organize social commerce into six dimensions:
Dimension 1: Social Shopping
Dimension 2: Ratings & Reviews
Dimension 3: Recommendations & Referrals
Dimension 4: Forums & Communities
Dimension 5: SMO (Social Media Optimisation)
Dimension 6: Social Ads & Apps
Also in an journal article from Columbia university Andrew Stephen and Olivier Toubia mention that social commerce marketplaces have four defining characteristics: "(i) sellers (or shopkeepers) are individuals instead of firms, (ii) sellers create product assortments organized as personalized online shops, (iii) sellers’ can create hyperlinks between their personalized shops, and (iv) sellers’ incentives are based on being paid commissions on sales made by their shops. What emerges is a consumer-driven online marketplace of personalized, individual-curated shops that are connected in a network."
Lets not forget the expected trends for 2011, which according to Paul Chaney will be– Facebook, Group Couponing, Local, Niche, Mobile:
But I think it is important to mention the rise of the subset of electronic commerce - the social commerce. This is getting more important now, when 500 million Facebook users are plotting their social graphs, 145 million Twitter users Tweet and ReTweet, 3 million people are checking-in on FourSquare, and app. 35 million users are using Groupon.
Venture capitalist David Beisel is credited with coining the term “social commerce” in 2005 in a blog post describing the trend of e-commerce sites publishing user-generated advertorial content – user pick lists, wish lists, reviews, recommendations etc – to help sell. In the post he says: "With social commerce specifically, what better way to advertise a product than to have a friend recommend it to you? When a product is directly integrated into becoming content itself, it bypasses the normal filter that consumers put up to ignore or at least be skeptical of the advertising."Of course there is not one single definition about social commerce, in fact there are more then 20, because the concept of social commerce has been expanded beyond e-commerce to include the use of social technologies in the context of retail – whether online or in-store.
Here is a short explanation about social commerce:
For me interesting comment from the video is: ”Social commerce is better for brands than social networking because social networking is about people connecting with people and at best brands are inserting themselves into that conversation”.
In a post in 2009 Paul Marsden in 2009 tried to organize social commerce into six dimensions:
Dimension 1: Social Shopping
Dimension 2: Ratings & Reviews
Dimension 3: Recommendations & Referrals
Dimension 4: Forums & Communities
Dimension 5: SMO (Social Media Optimisation)
Dimension 6: Social Ads & Apps
Also in an journal article from Columbia university Andrew Stephen and Olivier Toubia mention that social commerce marketplaces have four defining characteristics: "(i) sellers (or shopkeepers) are individuals instead of firms, (ii) sellers create product assortments organized as personalized online shops, (iii) sellers’ can create hyperlinks between their personalized shops, and (iv) sellers’ incentives are based on being paid commissions on sales made by their shops. What emerges is a consumer-driven online marketplace of personalized, individual-curated shops that are connected in a network."
Lets not forget the expected trends for 2011, which according to Paul Chaney will be– Facebook, Group Couponing, Local, Niche, Mobile:
- Facebook will continue to dominate the social commerce scene
- Group coupon deal buying will either mature or die
- Social media will continue to become more local
- Social commerce will become more “niche-global”
- Expect a mobile commerce surge
Social commerce is a recent phenomenon and has not been studied extensively, but there is no doubt it will have many implications for businesses.
Monday, February 14, 2011
Server hacking techniques
(This is a post corresponding to Chapter #8 "Electronic commerce" textbook about web server hardware and software)In todays world, where almost everything is on servers it is important to know not only how to use, configure and manage them, but also how to secure them, and which are the methods a server could be compromised.
There are multiple reasons why a webserver gets compromised or hacked, one of the major reason is installing the webserver with default and lack of updates and weak passwords.
A denial of service attack (DOS) is an attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the resources, so that no one can access it.
There are two general forms of DoS attacks: those that crash services and those that flood services. Attacks can be directed at any network device, including attacks on routing devices and web, electronic mail, or Domain Name System servers.
A DoS attack can be perpetrated in a number of ways. Popularly, the attacks are divided into three classes:
- bandwidth attacks,
- protocol attacks,
- logic attacks
Address Resolution Protocol (ARP) spoofing, also known as ARP flooding, ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network. ARP Spoofing may allow an attacker to sniff data frames on a local area network (LAN), modify the traffic, or stop the traffic altogether. The attack can only be used on networks that actually make use of ARP and not another method of address resolution.Ping flood is based on sending the victim an overwhelming number of ping packets, usually using the "ping" command from unix-like hosts (the -t flag on Windows systems has a far less malignant function). It is very simple to launch, the primary requirement being access to greater bandwidth than the victim.
Peer-to-peer attacks
With peer-to-peer there is no botnet and the attacker does not have to communicate with the clients it subverts. Instead, the attacker acts as a "puppet master," instructing clients of large peer-to-peer file sharing hubs to disconnect from their peer-to-peer network and to connect to the victim's website instead
Keyloggers And Trojans
DNS Cache Poisoning Attack
If a hacker can manage to insert fake address records for a domain name into DNS server and can make the webserver accept the fake address record then the hacker or intruder can easily control your browser, This attack is extremely dangerous as it happens without the users knowledge
Wednesday, February 2, 2011
How Egypt lost its Internet connection
(This is a post corresponding to Chapter #2 "Electronic commerce" textbook about the birth of the Internet, concepts and protocols)
@politisite: The world has indeed changed.. when demands are not for food or shelter but Twitter and facebook #egypt
This is a twitter post from several days concerning the unprecedented attempt of the Egyptian government to block the Internet from 27 January 2011. They successfully blocked the social media sites - Twitter, Facebook, and limited access to Yahoo and Google, Youtube.
According to Jillian York, a project coordinator at Harvard University's Berkman Center for Internet & Society, "The government does not have a central control point for the Internet, which means it must rely on being able to force ISPs to comply." Which is exactly what happened.
The easiest way to disconnect a country from the Internet is to cut the cables that leave the country. Egypt has a bunch of sea cables that go across the Mediterranean to Italy, and a few others that visit other Mediterranean destinations. Other cables run through the Red Sea towards east Africa and in the direction of India and beyond. But actually the fiber backbone that runs under the sea and across Egypt for international traffic seems unaffected. So something else happened. It should be noted that Egypt has only 4 major ISPs.
Renesys, an internet security firm based in Manchester, N.H., has observed that nearly all of the routes to Egypt were simultaneously withdrawn, starting at about 5 p.m. Eastern Standard Time Thursday night and 12:34 a.m. in Egypt. "Approximately 3,500 individual BGP routes were withdrawn," the company wrote, "leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt's service providers."
A chart prepared by RIPE provides a glimpse at how Egypt's network went dark, shutting down 90% drop in data traffic to and from Egypt. Egyptian authorities are also reported to have stunted net access by shutting down official Domain Name Servers (DNS) in Egypt.
Renesys also noted that the only unaffected was Noor Group, which had 83 live routes, and which supports the Egyptian Stock Exchange. According to the article, this is an excellent planning on behalf of the Stocke Exchange, which was probably left online in order to continue work on 31 January.
Renesys reported: "Our new observation is that this was not an instantaneous event on the front end; each service provider approached the task of shutting down its part of the Egyptian Internet separately.
• Telecom Egypt (AS8452), the national incumbent, starts the process at 22:12:43.
• Raya joins in a minute later, at 22:13:26.
• Link Egypt (AS24863) begins taking themselves down 4 minutes later, at 22:17:10.
• Etisalat Misr (AS32992) goes two minutes later, at 22:19:02
• Internet Egypt (AS5536) goes six minutes later, at 22:25:10.
First impressions: this sequencing looks like people getting phone calls, one at a time, telling them to take themselves off the air."
After Egypt fell of the grid, the world saw a new way of activism - offering dial-up connections to people so they can connect and to continue informing the world through social media, pictures, videos, and to organize the protest online. Here are some examples:
Today (01/02/2011), the internet access was resumed and according to renesys blog post all major Egyptian ISPs looked like they readvertised routes to their domestic customer networks in the global routing table:
________________________________________
Update (13:36 UTC): We confirm that Facebook and Twitter are up and available inside Egypt, at least from the places we can monitor. No traffic blocks are in place, DNS answers are clean, IP addresses match,
no funny business. For now.
________________________________________
Resources:
http://www.computerworld.com/s/article/9206980/Egypt_s_Internet_block_aims_at_social_media
http://www.bbc.co.uk/news/technology-12306041
http://www.zdnet.com/blog/networking/the-internet-goes-dark-in-egypt/613
http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml
@politisite: The world has indeed changed.. when demands are not for food or shelter but Twitter and facebook #egypt
This is a twitter post from several days concerning the unprecedented attempt of the Egyptian government to block the Internet from 27 January 2011. They successfully blocked the social media sites - Twitter, Facebook, and limited access to Yahoo and Google, Youtube.
According to Jillian York, a project coordinator at Harvard University's Berkman Center for Internet & Society, "The government does not have a central control point for the Internet, which means it must rely on being able to force ISPs to comply." Which is exactly what happened.
The easiest way to disconnect a country from the Internet is to cut the cables that leave the country. Egypt has a bunch of sea cables that go across the Mediterranean to Italy, and a few others that visit other Mediterranean destinations. Other cables run through the Red Sea towards east Africa and in the direction of India and beyond. But actually the fiber backbone that runs under the sea and across Egypt for international traffic seems unaffected. So something else happened. It should be noted that Egypt has only 4 major ISPs.
Renesys, an internet security firm based in Manchester, N.H., has observed that nearly all of the routes to Egypt were simultaneously withdrawn, starting at about 5 p.m. Eastern Standard Time Thursday night and 12:34 a.m. in Egypt. "Approximately 3,500 individual BGP routes were withdrawn," the company wrote, "leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt's service providers."
A chart prepared by RIPE provides a glimpse at how Egypt's network went dark, shutting down 90% drop in data traffic to and from Egypt. Egyptian authorities are also reported to have stunted net access by shutting down official Domain Name Servers (DNS) in Egypt.
Renesys also noted that the only unaffected was Noor Group, which had 83 live routes, and which supports the Egyptian Stock Exchange. According to the article, this is an excellent planning on behalf of the Stocke Exchange, which was probably left online in order to continue work on 31 January.
Renesys reported: "Our new observation is that this was not an instantaneous event on the front end; each service provider approached the task of shutting down its part of the Egyptian Internet separately.
• Telecom Egypt (AS8452), the national incumbent, starts the process at 22:12:43.• Raya joins in a minute later, at 22:13:26.
• Link Egypt (AS24863) begins taking themselves down 4 minutes later, at 22:17:10.
• Etisalat Misr (AS32992) goes two minutes later, at 22:19:02
• Internet Egypt (AS5536) goes six minutes later, at 22:25:10.
First impressions: this sequencing looks like people getting phone calls, one at a time, telling them to take themselves off the air."
After Egypt fell of the grid, the world saw a new way of activism - offering dial-up connections to people so they can connect and to continue informing the world through social media, pictures, videos, and to organize the protest online. Here are some examples:
Today (01/02/2011), the internet access was resumed and according to renesys blog post all major Egyptian ISPs looked like they readvertised routes to their domestic customer networks in the global routing table:
________________________________________
Update (13:36 UTC): We confirm that Facebook and Twitter are up and available inside Egypt, at least from the places we can monitor. No traffic blocks are in place, DNS answers are clean, IP addresses match,
no funny business. For now.
________________________________________
Resources:
http://www.computerworld.com/s/article/9206980/Egypt_s_Internet_block_aims_at_social_media
http://www.bbc.co.uk/news/technology-12306041
http://www.zdnet.com/blog/networking/the-internet-goes-dark-in-egypt/613
http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml
Subscribe to:
Posts (Atom)