1 / 24

SLAC Computer Security

SLAC Computer Security Annual Safety and Security Briefing 2006 Presenters Teresa Downey Spear Phishing & Web Security Markers Heather Larrieu Everything Else… Spear Phishing No dangerous pointy objects involved… but they ARE hunting YOU! Spear Phishing – Step by Step

johana
Download Presentation

SLAC Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SLAC Computer Security Annual Safety and Security Briefing 2006

  2. Presenters • Teresa Downey • Spear Phishing & Web Security Markers • Heather Larrieu • Everything Else…

  3. Spear Phishing No dangerous pointy objects involved… but they ARE hunting YOU!

  4. Spear Phishing – Step by Step • A targeted company is researched by scammer • Emails and websites forged – easy to do!! • HTML emails sent • They need you to click on the fake URL • There goes your $$$ You cannot see true URL in HTML email

  5. Plain Text Can Prevent Scam • Scammers don’t want us to use plain text True URL is normally displayed in plain text email

  6. Spear Phishing – Last Step Not a SLAC website! Security markers are missing… where is https ? where is lock in border? Just a useless picture of a lock to trick you Faking web sites is very easy!

  7. Secure Website Markers Internet Explorer Firefox

  8. What’s Behind That Lock? • Scammer can just create or buy a certificate • Look at URL closely, these are invalid: • http://www.slac.standford.edu • http://0x47763ae7/www.slac.stanford.edu • Might get error:

  9. Avoiding Phishing Scams • Read ALL e-mail in plain text • Convert to HTML with one click if you trust the e-mail • Look for valid URL in e-mail and browser • Does it match where you intended to be? • Look for security markers in browser window • Stop if you get any Security Alerts • Do they REALLY need this information??

  10. Regarding SLAC Websites… • SLAC HR wouldn’t ask for bank info via a web page • If you are suspicious of web site then call the SLAC Department directly

  11. Everything else… Well, okay at least… scammer’s motivations PII wireless perils of ordering pizza

  12. Making Money - Method 1 SellSomething Adware and Spyware Tracking cookies Spam usually touting counterfeit goods

  13. Adblock • Firefox: Tools -> Adblock -> Preferences • IE: Nothing built-in. “Adblock” for IE is actually adware so don’t go get it.

  14. Browser Configuration • IE: Tools -> Internet Options • Firefox: Tools -> Options

  15. Javascript for Profiling

  16. Making Money - Method 2 Scams, Fraud, Identity Theft Nigerian 419 scams Click-through fraud Steal some Personally Identifiable Information

  17. What people are doing with stolen PII ? Credit card, Bank, Loan fraud Phone or Utilities fraud Applying for Government documents or benefits Magazine subscription (~0.2 % each year!) Scope of the problem – FTC data (2003-2005) 10 million victims of identity theft in U.S. Victims spend an average of $1,500 and 175 hours to recover  Not including losses by vendors, merchants, or financial institutions Personally Identifiable Information PII is essentially data that can be used to facilitate identity theft  

  18. Making Money - Method 3 Be the “Middleman”

  19. Botnets • Herder deploys malware • 2. Infected PCs log into an IRC server or other communications medium, forming a network with a central C&C structure • 3. Spammer purchases access to botnet • 4. Spammer sends instructions to the botnet • 5. The infected PCs send the spam messages from Wikipedia on Botnets

  20. POST http://www.XXXXXXXXXXXX.com:80/Software/ShoppingCart/CheckOut.asp?CatID=01&CatName=XXXXXXXX%20XXXXXX%20XX%20XXX%20XXXX&VisitorID=1 HTTP/1.1 Host: www.XXXXXXXXXXXXcom User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://www.XXXXXXXXXXX.com/Software/ShoppingCart/CheckOut.asp?CatID=01&CatName=XXXXXXXX%20XXXXXX%20XX%20XXX%20XXXX&VisitorID=1 Cookie: ASPSESSIONIDSCQDDCRC=IIBBDKKBCAOBKBIGABPBHNAI; ASPSESSIONIDCSDTABCC=KCGNNPKBABOIEJKIPBHEJHAH; ASPSESSIONIDSCTDADRC=OAOJABLBFFJKLGIDHPLLMDGM Content-Type: application/x-www-form-urlencoded Content-length: 268 LName=AAAAAAA&FName=AAAAAAA&TelePhone=888888888&ModeOfPayment=2&Rem=IS+THIS+SECURE%3F+&CreditCardType=3&CreditCardNo=123456781234567&ExpiryMonth=6&ExpiryYear=2009&VisitorID=1&CatID=01&CatName=XXXXXXX+XXXXX+XX+XXX+XXXX&hLName=&hFName=&hTelephone=&hCreditCardNo=&hRem=

  21. Wireless

  22. Final Thoughts • Report all suspicious activity • Send email to: security@slac.stanford.edu • Urgent: call HelpDesk at x4357 • See Teresa, Heather, Bob Cowles, Gary Buhrmaster, John Halperin and Steffen Luitz at Computer Security table in breezeway for your questions

More Related