Class 5: Project Presentations

by

Team 5: MyDoom Virus

Team 6: Amazon Cloud Attack

Team 7: ZBot

Advertisements

12 Responses to “Class 5: Project Presentations”

  1. Karthik Rangarajan Says:

    The paper that explains Code Red 1, 2 and other worms. The last part of the paper is a hard read, but the initial few pages are amazing.

    http://www.icir.org/vern/papers/cdc-usenix-sec02/cdc.pdf

  2. Karthik Rangarajan Says:

    Also, if people haven’t heard of it before, this suddenly came to me in class when we were talking about IRC. Check out bash.org. Its hilarious.

    Jon Giffin recommended this, by the way. 🙂

  3. Karthik Rangarajan Says:

    This paper is called ‘How to 0wn the Internet in your spare time’ and talks about Code Red, Nimda and the rest of the worms. A nice read, until they start off with their CDC idea.

    http://www.icir.org/vern/papers/cdc-usenix-sec02/cdc.pdf

  4. Karthik Rangarajan Says:

    http://www.icir.org/vern/papers/cdc-usenix-sec02/cdc.pdf

  5. Karthik Rangarajan Says:

    Why is a comment with a link not getting through? I was trying to post the link for the paper ‘How to 0wn the Internet in your spare time’, but WordPress isn’t letting me do it. Its a really nice paper, until they get into the details of their CDC.

  6. Matthew Flaschen Says:

    Since we’re posting funny websites tangentially related to things we were thinking in class, I have to post today’s xckd strip (xkcd.com/694/). When the presenters were explaining how I should be careful to keep Windows and my AV updated, and not to run strange ActiveX scripts, I couldn’t help but thinking “Who uses Windows, let alone ActiveX? Who actually gets viruses?” I suppose single-booting GNU/Linux on your desktop gives you an unusual perspective. I know there is Linux malware, but I have yet to hear of someone I actually know (even distantly) getting infected. I also don’t think even most Windows users install many third-party ActiveX controls anymore. Silverlight is being pushed instead these days (on Windows and Linux, actually).

  7. Andrew Mishoe Says:

    Just keep in mind that IT departments and computer security companies exist because of the “average” user, not just the computer security elite =)

  8. Matthew Flaschen Says:

    Andrew, that’s obviously true. But another another perspective is that the IT department has a lot of say in what their employees/students/partners use, and they can choose the software they believe to be best (considering security as well as other factors). Then, of course, they will usually have to provide the associated training.

    Security companies, like other kinds, have an inherent tension between satisfying customers and keeping ’em coming back for more.

    • Kelsey Francis Says:

      Who uses Windows? On the desktop, almost everyone. Of course the so-called network effect has more to do with this than technical merit. Regardless, it would take an awful lot of momentum to break everyone away from Windows, even if every IT head in the world dictated it from on high. Suppose, for example, I enjoy playing popular video games on my computer. What other choice do I really have?

  9. Karthik Rangarajan Says:

    There has actually been a research paper, that did a study on whether a user pressed “Yes” or “No” when he was thrown a security error. The study showed that a large percentage of the user would blindly pressed Yes, even when the question was “Your cookies are going to another website. Is that OK?”, or something like that. The use of Linux doesn’t really solve problems for users like that, and it is usually assumed that Linux users aren’t that stupid..but if it ever became as popular as Windows, you would be amazed at the number of people who did sudo rm -r *.

  10. Matthew Flaschen Says:

    I probably wasn’t clear. I meant the question “Who uses Windows?” in a metaphorical sense. I’m well aware Linux is a minority on the desktop. What I was really wondering was more like “Are people stuck in a Windows monoculture, and if so can we help them find their way out?” You present a good point about the difficulties that network effects pose. Still, people are definitely making progress.

    I also realize that there are plenty of stupid Linux users, but of course this is only relevant for social engineering attacks. For traditional worms and viruses, the security of the OS is more important.

    • Karthik Rangarajan Says:

      That’s actually an interesting point you make – “security of the OS”. Agreed, Windows is universally considered to be insecure. But, you would be amazed at the number of security holes that Linux does have. Yes, your usual worms and viruses might not be able to attack it, but when people write something that attacks a Linux system, they’re past the usual worms and viruses. Its specific to a particular kernel, for a particular program, for a particular class of systems, and its devastating. While data that shows Windows systems have been attacked is massive, it must be pointed out that Microsoft passes out security patches more often than Linux folks do. That’s actually one of the interesting points a couple of folks at Google – yes, Google – made. Of course, they went on to trash Windows thereafter..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: