Transcription
April 2010www.infosecawareness.inInformation Security AwarenessProgram byInformation Security Education and Awareness (ISEA)Department of Information TechnologyMinistry of Communications and Information TechnologyGovernment of IndiaInfoSec TipLock your Desktop before you leave your deskSome More Tips Install Anti Key Loggers Always scan Attachmentswith latest anti virus Always logout or lockdesktops while in breaks Keep Password moreIf you walk away from your desk, even for a brief moment, and your PC is leftunlocked, someone will walk in, and send mail to a broad distribution list withsomething silly. Like "I Love You", or worse things, some downright embarrassing.For some reason this is called "Goating".If you are running Windows NT, Windows 2000, or Windows XP Professional , TypeCtrl-Alt-Del and then selecting "Lock Computer" to lock your computer. To unlockyour computer, hit Ctrl-Alt-Del again and enter in your passwordYou can also set your screen saver to require a password to return to your computer.InfoSec Quotesecure Use Single disposal creditcards numbers as somelarger banks are offeringthe same“If you reveal your secrets to the wind, you should not blame the wind forrevealing them to the trees.” Kahlil GibranInfoSec Cartoon Always use two wayauthentication or threeway authenticationmethods to participateonline Use separate credit cardfor online transaction.Be careful about shoulder surfingExecuted by :Centre for Development of Advanced ComputingHyderabad
www.infosecawareness.inInfoSec Quiz1) The following is the program yourpersonal computer's microprocessoruses to get the computer system startedafter you turn it onJan '10 – Mar '10Contest AnswersInfoSec Quiz1) D2) B3) C 4) B5) AInfoSec Crossword(a) Boot(b) source code(c) initialization(d) BIOS2) A person that will talk people in torevealing passwords or information thatwill compromise his personal orcompany data(a) Social Networker(b) Social Engineer(c) Social Manager(d) Social Sciences Teacher4) The following is an attempt to trickan audience into believing thatsomething false is real(a) Hoax(b) Baiting(c) Logic Bomb(d) Virus5) Which of the following is the mostimportant to install and keep up todate on your personal computer?(a)(b)(c)(d)Anti Virus and Anti spywareDesktop FirewallOperating System UpdatesAll of the above3) Junk e mail, as in mass mailings, isannoying but harmless(a) True(b) FalseInfoSec CrosswordACROSS1. Person employed to verify,independently, the quality andintegrity of the work that hasbeen undertaken within aparticular area, with reference toaccepted proceduresLogon towww.infosecawareness.in6. The process whereby a personapproves a specific event oractionto participate in theInfoSec ContestCongratulationsLast EditionContest WinnersInfoSec CrosswordMr. Rahul MaheshwariMadhya PradeshInfoSec QuizMr. RamaSubramanianChennai7. An fault in a computer system8. Its a program which captures andanalyses packets of data as itpasses across a network.DOWN2. The process by which encrypted data is restored to its original form into be understood or usable by another computer or personorder3. A small identifier file placed on a user's computer by a Web site4. The process of recording events at the time that they occur5. A mechanical device used by software developers to prevent unlicensed use of theirproduct.
www.infosecawareness.inInfoSec Virus AlertTrojan:Win32/SpyeyeOriginal issue date: March 26, 2010It has been observed that Trojan Win32/Spyeye is in the wild. It is a family of password-stealing andbackdoor Trojans and is downloaded unknowingly by a user when visiting a malicious Web site. It can alsobe dropped by other malware. (TrojanDropperWin32/Spyeye)The trojan is able to download files, log user keystrokes, depicts rootkit behavior, performs bot relatedfunctionality etc. The Trojan then upload captured account credentials to Web sites specified by theattacker.It also provides certain rootkit capabilities thereby hide its own process on injected processes, hide andprevent access to its own binary code, Hide and prevent access to its startup registry entry.Aliases:Win-Trojan/Pincav.125952.B (AhnLab) Win32/SpyEye.B (CA), Trojan.Win32.Pincav.rvy (Kaspersky),BackDoor-Spyeye (McAfee), Mal/Spyeye-A (Sophos), Trojan.SpyEYE (Symantec), TSPY EYEBOT.SMA(Trend Micro)For more details: http://www.cert-in.org.in/virus/Win32 Spyeye.htmInfoSec News1New malware overwrites software updaters, It's the first timeresearchers have seen malware overwrite rather than mask itself asan updateFor the first time security researchers have spotted a type of malicious software that overwrites updatefunctions for other applications, which could pose additional long-term risks for users.The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' productsand other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa InternetworkSecurity (BKIS), a Vietnamese security company, on its .BKIS showed screen shots of a variant of the malware that imitates Adobe Reader version 9 and overwritesthe AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software isavailable.Users can inadvertently install malware on computers if they open malicious email attachments or visitwebsites that target specific software vulnerabilities. Adobe's products are one of the most targeted byhackers due to their wide installation base.After this particular kind of malware gets onto a machine, it opens a DHCP (Dynamic Host ConfigurationProtocol) client, a DNS (Domain Name System) client, a network share and a port in order to receivedcommands, BKIS said.Malware that poses as an updater or installer for applications such as Adobe's Acrobat or Flash are nothingnew, said Rik Ferguson, senior security advisor for Trend ent&
www.infosecawareness.inInfoSec News2( Contd. )New Twitter feature looks for malicious URLsTwitter has added a new service that detects malicious URLs in an effort to quell the rise in spamand phishing on the microblogging social network.The new security feature ultimately will scan all URLs before they hit the Twitter feed, but initially isonly doing so for URLs sent via Twitter direct messages [DMs] and email notifications about DMs.Twitter is using its own URL shortener for these links: "For the most part, you will not notice thisfeature because it works behind the scenes but you may notice links shortened to twt.tl in DirectMessages and email notifications," said Del Harvey, Twitter's director of trust and safety, in arecent blog post.Twitter's security feature comes amid new data revealing the level of abuse on the socialnetwork: One in eight Twitter accounts last year was malicious, suspicious, or suspended,according to a report issued more recently by Barracuda Networks. The surge in celebritiesjoining Twitter in 2009 resulted in a major jump in spam, phishing, and other abuse on thesite, according to the report.And those numbers have remained steady to date. "We are still seeing Twitter identify 3 to 4percent of Twitter accounts as malicious. And, meanwhile, 9 to 10 percent of accounts onTwitter are actively engaging in malicious activity," says Paul Judge, chief research officerat Barracuda.Twitter's abuse rate increased 66 percent during what Barracuda calls the "Twitter RedCarpet Era," the period during November 2008 to April 2009 when a wave of celebritiesjoined the social network3Zeus malware now has Windows-like piracy protectionThe newest version of Zeus, a do-it-yourself crimeware kit responsible for millions of dollars in lossesby consumers and businesses, comes with anti-piracy provisions similar to those used by Microsoft’sWindows, a researcher said today. Like Windows, Zeus 1.3 ties itself to a specific computer using akey code based in part on the machine’s hardware configuration, said Kevin Stevens, a securityresearcher with Atlanta-based SecureWorks, and a co-author of a report on Zeus published lastweek.Know More at: http://news.hackerjournals.com/?p 10366Hi Friends, I share my personal details withthe Internet world only if necessary, withthe confirmation that its not visible to public.DO YOU ?Visit www.infosecawareness.in for more details
www.infosecawareness.inInfoSec Concept ISocialEngineeringWhat is Social Engineering?What do you do if youthink you are a Victim?HOW DO THEY DO?A Social Engineer may meet yououtside of your work place ororganization and may ask you aboutyour work or how your organizationdoes the things.A Social Engineer may approach youeither a telephone or e-mail and pose asa person from your In formationTechnology Department or Help Deskand may ask for user id, password andother details like systems and networkinformation.A Social Engineer may come to yourorganization to pres ent business needsand may ask for network connectivity toknow about network informa tion or anysensitive information.A Social Engineer may ask your identitycard to know aboutyour personalinformationaboutyourschool,organization etc.A Social Engineer may approach you tojoin as friend in your so cial networkingsite and may send applications throughlinks to your ID and may do trick ingto get your personal details.Social Engineering is a collection of techniques used to manipulatepeople into perform actions or divulging confidential information.While similar to a confidence trick or a simple fraud, the termtypically applies to trickery for information gathering or computersystem access. In most of the cases the attacker never comes toface-to-face with the victims and later seldom realizes that theyhavebeen manipulated.In computer security, social engineering is a term that describes anon-technical kind of intrusion that relies heavily on humaninteraction and often involves tricking other people to break normalor Help Desk and may ask for user security procedures.Why Social Engineering?Social Engineering uses human error or weakness (i.e. cognitivebiases) to gain access to any system despite the layers ofdefensive security controls that have been implemented.An Attacker may have to invest a lot of time and effort in breakingan access control system, but he or she will find it much easier inpersuading a person to allow admittance to a secure area or evento disclose confidential information.Due to no replacement of human interface in automated systemsand networks today, Human interfaces will always be there toprovide information and perform maintenance of the system.Reasons for Social EngineeringCareless talking is one of the reason for social engineeringCareless talking about business, the office, home, personaland the people and discussing with those who not authorizedto talk, and also gives the sensitive information indirectly tosomeone who may use it for a specific reason such asbreaking into your computer, your organization details etcWho is affectedAny IndividualMembers of an OrganizationChildrenWomen etc
www.infosecawareness.inNon-TechnicalHoaxingTypes of Social EngineeringA Hoax is an attempt to trick an audience into believing that something false is real. Unlike afraud, A hoax is often perpetrated as a practical joke, to cause embarrassment, or to provokesocial change by making people aware of somethingTip: Hoaxes are often sent as “send this to everyone you know” requests, frequently includetechnical jargon and may sometimes appear to come from a credible-sounding source (likeMicrosoft, Adobe etc). Do not bother forwarding these warnings to anyonePretextingPretexting is the act of creating and using an invented scenario (the pre text) to engage atargeted victim in a manner that increases the chance the victim will divulge information orperform actions that would be unlikely in ordinary circumstancesTip: The above technique can be used to trick a business or personal into disclosing sensi tiveinformation by attackers to obtain Credit card details, Telephone Bills, Banking Records andother information directly from your or your ChildrenDumpster DivingDumpster Diving, also known as Trashing, is another popular method of Social Engineering. Ahuge amount of information can be collected through company dumpsters or wastage fromhome.Tip: Never dump any confidential papers into trash, before dumping make sure you don’t haveany important information in itTechnicalPhishingPhishing is the criminally fraudulent process of attempting to acquire sensitive informationsuch as usernames, passwords and credit card details by masquerading as a trustworthyentity in an electronic communication.Tip: Never respond to requests for personal information via e-mail.VishingVishing is the criminal practice of using social engineering over the telephone system, mostoften using features facilitated by Voice over IP (VoIP), to gain access to private personaland financial information from the public for the purpose of financial reward.Tip: If you receive a call for asking personal details, do not respond.PopupsPop-up ads or pop-ups are a form of online advertising on the World Wide Web intended toattract web traffic or capture email addresses or hidden under another window. It workswhen certain web sites open a new web browser window to display advertisementsTip: Always block POPUPs
www.infosecawareness.inInfoSec Concept IICyber ActsCreating fake profiles in Social Networking sitesA fake profile of somebody is created on Social NetworkingSites such as Orkut, Facebook etc. The profile displays her/his original name and contact information ( Home Address,Mobile Numbers,Photographs etc) by describing her/ his as “loose character “ or containing defamatory information( Sexually weakness, immoral character) about victim so thatall users of that social networking site see that profile andmay start calling and disturbing them.The motive of doing such activity is for taking revenge orjealousy about those people or The School Children mayhatred about their teachers.As per Indian IT ACT 2000/2008 Amendment, Section 67,and Indian Penel Code (IPC) 500, 509, the following areliable* Director (s) of Social Networking Sites* All those who created such fake profilesOnline Hate CommunityAn online hate community is created sp that the community displaysobjectionable information against a particular country, religious orethnic group or even against national leaders and historical figures.The motive of doing such activity is desire to cause racialhatred such as community creating anti-India or Anti Americaonline communitiesAs per IPC Section 153A, 154A, The following are liable* Director (s) of Social Networking Sites* All those who created such fake profilesIf you are the victim of a cyber crimeReport it immediately. To know where to reportvisitwww.infosecawareness.in/report-abuse
www.infosecawareness.inVirus Attacks Keepyou Antivirussoftware up to dateand make sure that it isworking properly. Scan the files with anti-virus software beforeyou download it fromtheInternetandexecute it. Becarefulwhileexchanging the filesbetween the systemsthroughdisksorthrough network. While using the diskmake sure that it iswrite protected .Guidelines toPrevent VirusA highly skilled programmer creates a new type or strain of virusand releases it on the Internet so that it can spread all over theworld. Being a new virus, it goes undetected by many Antivirussoftware and hence is able to spread all over the world and cause alot of damage. Antivirus companies are usu ally able to find asolution within 12 to 48 hoursThe virus spreading all over the world and is not targeted atany specific person or organisationThe Creator of the virus is liable for such actions under IT ACT2000/2008 sections 43 and 66, and IPC Section 426.The motivation is simply getting thrill and pleasure indestroying the data or to make himself as popularA highly skilled programmer creates a new type or strain of virus. Hedoes not release it on the Internet. Instead he sells it for a hugeamount of money. The buyer uses the virus to target his rivalcompany. Be ing a new virus, it may be undetected by the victimcompany’s Antivirus software and hence would be able to cause alot of damage. Antivirus companies may never get to know aboutthe existence of the virusThe virus targets a particular organisation. This type of a virusis not known to antivirus companies as it is a new viruscreated specifically to target a particular organisationThe motivation is Illegal financial gain, revenge, businessrivalryThe Creator of the virus is liable for such actions under IT ACT2000/2008 sections 43 and 66, and IPC Section 426.
www.infosecawareness.inInfoSec ToolsSomeSecurity ToolsVirus Protection & Cleaner Tools Windows based Mcafee Virus ScanComodo AntivirusClamav (open source)Winpooch (open source)Parental Control BARParental Control Bar is a simple, powerful tool to help shield yourchildren from explicit websites. Simply activate Child-Mode while yourchildren surf the internet, and the toolbar will block access to adultoriented websites.An important aspect of ensuring that your child is safe while using theAssessment of OS Security Levels Internet is the installation of parental control software. Microsoft security assessment tool (MSAT)-(Windows)Parental controls will provide you with the advantage of being able toNessus ( , Linux, Windows)Retina ( , Windows) Enforce time limits to child Internet activity set by parentsIBM internet scannerPatch link vulnerability assessment tool Block access to materials (pictures) identified as inappropriate forQualys guard ( , Linux, windows)kidsGFI LAN guard ( , windows) Monitor your child’s activity on the Internet by storing names of sitesAssessment of Database SecurityLevels IP Locks App Detectiveand/or snapshots of material seen by your child on the computer foryou to view later Set different restrictions for each family member Limit results of an Internet search to content appropriate for kidsFor more details Visit ol-barsGuess the tipwhich suits theabove cartoonpicture &win prizes.Logon towww.infosecawareness.into send the tip.
www.infosecawareness.inInfoSec Workshops – Mar '10 / Apr '10Information Security Trainers Training@ Hyderabad@ Patiala@ Mohali220MembersParticipatedInformation Security Awareness to Students@ Hyderabad@ Mohali@ Chandigarh850MembersParticipatedInformation Security Awareness to Others( NGO's / CSI Operators, Air Force, Govt. Employees )@ Hyderabad@ Rourkela@ Mohali261MembersParticipated
www.infosecawareness.inThe program wasvery good and itcreated awarenessfor us to access thenet with safety- Sangita RajanKV, PicketInfoSec Workshop Participants Comments. Keep upis sharedniotamroul infVery usef-DACservices Cthe goodeacherPadma, TayaijV.l,Mnal SchoonternatioIihd.aidnbeaSre, HyderMoinabadgood. Iop is reallyThis workshC.atures of Pabout the fewcame to knoParentD. Swapna,The seminar waswonderful and wewould like topractipate in maymore seminars-Harshad Reddy,Student KV, PicketHyderabad, gives useveryoneroflufeintoar is ust trappedegnThis seminacewture howkers.a clear pics or attacrekcahfothe handserhi,TeachM. Malatohl S c olernationatnIihidSreengus and tellind time withnesptouThanking yoingsabout new thth,M. SreekanV PicketStudent, KI like it very muchbecause it is verymuch interestedand givenknowledge verymuch.B. Rathik ,StudentKV, Picket
www.infosecawareness.inInterested to organize InfoSec Workshop at Your Location ?for more details visit .www.infosecawareness.in/isea piDO W NL OA DCartoon ess.in/downloadsHandbooksUsers Views on the Cartoon – Guess Tip ContestBeware of unknown websitesRajasekharProtect your PC from virus which may come from e mailattachments etc.AdityaDo not open unknown mails that could be dangerousRohit BodlaCentre for Development of Advanced Computing (C-DAC), a Scientific Society of Department ofInformation Technology, Ministry of Communications & Information Technology, Government of India,is primarily an R&D institution involved in design, development and deployment of AdvancedElectronics and Information Technology Solutions, including the celebrated PARAM series ofSupercomputers. The C-DAC, Hyderabad is working in R&D with a focus on system levelprogramming, web technologies and embedded programming in the application domains of NetworkSecurity, e-Learning, Ubiquitous Computing, India Development Gateway (www.indg.in), SupplyChain management and Wireless Sensor NetworksFor Information Security Awareness Workshops at your placecontact
InfoSec Quiz InfoSec Crossword ACROSS 1.Person employed to verify, independently, the quality and integrity of the work that has been undertaken within a particular area, with reference to accepted procedures 6.The process whereby a person approves a specific event or action 7.An fault in a computer system
