WEB SECURITY

With the transformation of the Internet from a network used primarily by universities and research laboratories to a worldwide communications medium, attacks on the World Wide Web and Internet can have serious consequences. These attacks can involve nuisance attacks, phishing, criminal exploits, and, in information warfare, incapacitation of a nation’s critical infrastructure. Thus, there is a need for protecting nodes on the Internet and for providing for the confidentiality, integrity, and availability of information utilizing these networks.

Phishing

Phishing is a term that refers to a large groups of exploits using the Internet to commit identity theft. Simply, phishing is the automated stealing of personal information for financial gain. Phishers use a variety of means to accomplish this, including:

• Social engineering through e-mail and brand spoofing
• Infected Web sites and cookies
• Trojan horses and spyware
• Browser hijacking and redirection
• Keyloggers and spybots

Spyware and Trojans, in addition to viruses, are commonly distributed via phishing exploits also, although some of these aren’t specifically designed to perpetrate identity theft or financial loss.

Browser Hijacking

Browser hijackers change Web browser settings to switch home pages or hijack search functions. A browser hijacker is a type of malware program that alters your computer’s browser settings so that you are redirected to Web sites that you had no intention of visiting.

REDIRECTION

Redirection is a technique for moving visitors to a different site when its address has been changed and visitors are familiar with the old address. Redirection is used legitimately when users visit the Web site of a company whose name has changed or that has been acquired by another company. In either case, the website probably includes a new domain name and has a new Uniform Resource Locator (URL).

Redirection is often combined with browser hijackers to surreptitiously change the user’s browser settings and direct users to an inappropriate site.

For example, browser hijackers can set browser home pages and search settings to point to pornographic sites or generate pornographic pop-up windows faster than the user can shut them. Some browser hijackers have a financial incentive, altering default home pages and search pages to those of their customers, who pay for that service per referral or click-through. More virulent versions may redirect users to sites that install spyware.

Browser hijackers can create incidental problems because of the nature of the material they download, such as leaving pornography or other inappropriate material on the hard drive. Poorly coded browser hijackers may severely impact infected computer’s performance. Software may freeze and cause the computer to crash or reboot.

SSL/TLS

The Secure Sockets Layer (SSL) Protocol was developed by Netscape in 1994 to protect the confidentiality of information transmitted between two applications, to verify the integrity of the communications, and to provide an authentication means in both directions. SSL implements these functions using public- and private-key encryption and a message authentication code (MAC).

Microsoft has developed a newer version of SSL, Transport Layer Security (TLS). As with SSL, TLS implements confidentiality, integrity, and authentication above the Transport Layer and is application independent. Because SSL and TLS ride on the Transport Layer protocol, they are independent of the application. Thus, SSL and TLS can be used with applications such as Telnet, FTP, HTTP, and e-mail protocols.

Both SSL and TLS use certificates for public-key verification that are based on the X.509 standard.

SSL 3.0

The design goals of SSL 3.0 were to provide:

• Cryptographic security - protection of the confidentiality of transmitted messages
• Interoperability - applications should be able to be developed using SSL 3.0 by groups of individuals without knowledge of each other’s code
• Extensibility - the ability to incorporate different encryption algorithms into SSL 3.0 without major changes to SSL 3.0
• Relative efficiency - efficient utilization of computing and network resources

Session keys generated during SSL private-key cryptography transactions are either 40 bits or 128 bits in length. Newer browsers support 128-bit encryption.

The SSL Protocol comprises two layers: the SSL Record Protocol and the SSL Handshake Protocol. The SSL Record Protocol is layered above a transport protocol, such as TCP. This Record Protocol is used for encapsulation of higher-level protocols, such as the SSL Handshake Protocol. The latter protocol is used for client/server mutual authentication, negotiation of a cryptographic algorithm, and exchange of cryptographic keys.

Thus, through these mechanisms, SSL provides:

• Mutual authentication using public-key cryptography based on algorithms such as the Digital Signature Standard (DSS) and RSA
• Encryption of messages using private-key cryptography based on algorithms such as IDEA, 3DES, and RC4
• Integrity verification of the message using a keyed message authentication code (MAC) based on hash functions such as MD5 and SHA.

TLS 1.0

Similar to SSL, the TLS Protocol comprises the TLS Record and Handshake Protocols. The TLS Record Protocol is layered on top of a transport protocol such as TCP and provides privacy and reliability to the communications. The privacy is implemented by encryption using symmetric-key cryptography such as DES or RC4. The secret key is generated anew for each connection; however, the Record Protocol can be used without encryption. Integrity is provided through the use of a keyed Message Authentication Code (MAC) using hash algorithms such as SHA or MD5.

The TLS Record Protocol is also used to encapsulate a higher-level protocol such as the TLS Handshake Protocol. The server and client use this Handshake Protocol to authenticate each other. The authentication can be accomplished using asymmetric-key cryptography such as RSA or DSS. The Handshake Protocol also sets up the encryption algorithm and cryptographic keys to enable the application protocol to transmit and receive information.

HTTP/S

URLs of Web pages using the SSL Protocol start with HTTPs, denoting the Hypertext Transfer Protocol with SSL.

Since TLS is based on SSL, they have similar functionality and goals; however, SSL and TLS have enough differences that they cannot interoperate. In order to address this situation, TLS has a built-in mechanism that can be used to make TLS compatible with SSL 3.0.

S-HTTP

Secure HTTP (S-HTTP) is a communications protocol designed to provide secure messaging over HTTP. S-HTTP provides equal and symmetric capabilities to both client and server, but one entity that is S-HTTP-enabled can communicate with another entity that is not S-HTTP capable. In that instance, the security features would not be operable. S-HTTP implements secure, end-to-end transactions.

S-HTTP supports a symmetric-key encryption-only mode and, therefore, does not require public-key encryption for key exchanges. It is flexible, however, and permits the clients and servers to use different forms of transactions related to the signing of messages, encryption of messages, algorithms used, and types of certificates.

In summary, S-HTTP is a protocol that supports:

• Option negotiations for defining the type of transactions desired
• A variety of key management approaches
• Different trust models
• Multiple cryptographic algorithms
• Multiple operation modes
• Different encapsulation formats

F8 - NEXT VERSION OF FACEBOOK PLATFORM

Facebook announced the next version of facebook platform that puts user at the center of the web. As part of that you have more personalized experience on other websites using the new tool called facebook plugin. You all have known about facebook like button. You can like your friend’s photo, status and links by clicking. Every user of facebook clicks this button 9 times a month. Now you can see this button in many popular websites. You can like the contents of these websites. Some of the websites are NYTimes.com, IMDb, CNN.com, TIME.com, LIFE.com, Fandango, NHL.com, USA Networks, Levis.com, Univision and ABC.com. Facebook is already working with more than 75 websites to make the web faster and simpler.

INSTANT MESSAGING SECURITY

Instant messaging supports the real-time exchange of messages between two parties using the Internet. In order to use this service, the user has to have instant messaging client software on his or her computer. The client software then communicates with an instant messaging server. The user provides the server with a contact or “buddy” list of people with which he or she desires to set up instant messaging.

To use instant messaging, the user logs on to the instant messaging server with the user’s ID and password. The server authenticates the user. Then the client sends to the server the user’s IP address and the port number on the user’s computer that is being used by the instant messaging client. The server stores this information as well as identical information from any other individuals on the user’s contact list that are logged in at that time. An important point to note is that once an individual, A, is logged on to the server, the server sends the IP addresses and port numbers of all the others logged on to the server at that time to A’s client software. Thus, all people on the contact list who are logged on to the instant messaging server at that time are notified of the online presence and contact information of the others who are also logged on.

A user can send a message to another individual on the contact list who is logged on, and that message will instantly appear on the screen of the receiving individual. Because a user’s client knows the IP address and port number of the receiving individual, the user’s message is sent directly to the intended recipient and does not have to go through the instant messaging server.

With instant messaging, communication takes place between only two individuals. If the situation requires instant conferencing among more than two individuals, a chat room can be set up. A chat room is similar to instant messaging, but everyone logged on to the “room” can see a message that is sent by any individual.

When an individual, A, wants to terminate the instant messaging session, A closes his or her message window and exits the instant messaging client. The client then sends a message to the instant messaging server indicating that A has logged off. The server, in turn, sends a message to all the active participants of the contact list that A has exited the session. The members of the contact list still logged on will see the status of A on their windows change from “online” to “offline.”

Instant messaging software packages also offer other services, including chat room setup, image and sound transmission, voice communication, and streaming content.

Some of the more popular instant messaging utilities are the freeware ICQ (for “I seek you” at www.icq.com), AIM (America Online’s Instant Messenger), Microsoft’s instant messaging utility in MSN Explorer, and Yahoo Instant Messenger.

One problem with instant messaging is the lack of interoperability. An individual with an instant messaging utility from one source or vendor may not be able to communicate with a person using a different instant messaging package. In order to address this situation, the Internet Engineering Task Force (IETF) has developed a standard protocol for instant messaging - the Instant Messaging Presence Protocol (RFC2779).

IM Vulnerabilities

IM brings with it a variety of security risks by providing a fertile ground for developing smarter worms, sophisticated enough to deliver Trojan horses or even chat with you in your native language. IDC Research estimates that the nearly 12 billion IMs sent every day offer a potent malware transmission vector, with IM Trojans and worms increasing from 21 in 2004 to over 300 in 2005.

Messages sent by means of instant messaging are not inherently secure and safe from prying eyes. The instant messaging server is particularly vulnerable because it contains both the messages and the connection information of the participants.

Corporate users have often installed IM clients without the IT departments’ authority on their companies’ computers, thereby opening their corporate infrastructure to a myriad of security threats, such as:

• Privacy issues - IP address exposure, loss of confidentiality, and eavesdropping
• Authentication issues - identity impersonation
• Malware - worms, viruses, Trojan horses
• Client bugs - buffer overflows enabling denial-of-service and other types of attacks

Since consumer IM clients bypass corporate security defenses, they don’t provide encryption or message auditing, logging, and archiving, functions an organization requires to maintain its security posture. IM worms can hijack buddy lists, spread much more rapidly than e-mail-borne viruses or worms, and are similar to phishing because they appear to be coming from a trusted source (social engineering). Some examples of recent IM worms are:

• Kelvir-A - A worm that spreads through Windows Messenger and instructs recipients to visit a Web site to download a file called patch.exe
• Opanki.A - A worm that spreads using AOL Instant Messaging and infects PCs with the worm
• Sdbot-AAH - A worm that spreads via MSN Messenger, IRC, and Windows Messenger and installs poker3.exe, a file that permits hackers to steal passwords and upload files to an infected PC

Some of the older IM worms that are still circulating are:

• W32.Goner. A@mm
• W95.SoFunny.Worm@m
• W32.Led@mm
• W32.Seesix.Worm
• W32.Choke

IM Solutions

All of this can add up to enormous potential for organizational liability. When determining the impact IM use may have on an organization, it’s important to consider:

• Level of access - What level of employees can have IM access
• Access authorization - How IM access should be authorized by the appropriate level of management
• Type of access - Whether employees are allowed to use IM services for personal use or company business only
• Means of access - Whether IM will be installed on networked workstations, laptops, or wireless appliances
• Record keeping - What the IM session logging and records retention policies should be

If it’s determined that the organization absolutely needs IM, Information Systems Security Officers (ISSO) or other corporate security personnel should take definite steps:

• Creating security policies specifiying IM usage restrictions
• Implementing integrated antivirus products on all workstations
• Hardening company firewalls to block IM traffic
• Upgrading existing IM software to more secure versions

Also, if the organization decides that the IM risk is not very high, third-party instant messaging software utilities may provide adequate additional security features, including:

• Encryption, integrity, and authentication services using SSL
• Authentication against propriety databases, domains, or LDAP
• Secure file transfer guarantee
• Web-based tools for administration of the instant messaging network on the instant messaging server, including tools for user account administration, logging of critical data, and analysis of log information

MAKE FIREFOX FAST

Firefox is already pretty fast but did you know that you can tweak it and improve the speed even more?

That's the beauty of this program being open source.

Here's what you do:

In the URL bar, type “about:config” and press enter. This will bring up the configuration “menu” where you can change the parameters of Firefox.

Note that these are what I’ve found to REALLY speed up my Firefox significantly - and these settings seem to be common among everybody else as well. But these settings are optimized for broadband connections - I mean with as much concurrent requests we’re going to open up with pipelining… lol… you’d better have a big connection.

Double Click on the following settins and put in the numbers below - for the true / false booleans - they’ll change when you double click.

Code:

browser.tabs.showSingleWindowModePrefs – true

network.http.max-connections – 48

network.http.max-connections-per-server – 16

network.http.max-persistent-connections-per-proxy – 8

network.http.max-persistent-connections-per-server – 4

network.http.pipelining – true

network.http.pipelining.maxrequests – 100

network.http.proxy.pipelining – true

network.http.request.timeout – 300

One more thing… Right-click somewhere on that screen and add a NEW -> Integer. Name it “nglayout.initialpaint.delay” and set its value to “0”. This value is the amount of time the browser waits before it acts on information it receives. Since you’re broadband - it shouldn’t have to wait.

Now you should notice you’re loading pages MUCH faster now!

How To Remove and Add Right-Click Menu Items from Files and Folders

Removing Items

A lot of programs you install will add themselves to the right-click menu of your files and/or folders. And most times, you have no choice in the matter and, as a result, your right-click menu can get very long with added items you don't even use. The last person I was helping with this had a right context menu so long that the Rename option was no longer visible!

Fortunately, you can easily remove those unwanted menu items, if you know the registry values to edit. And it's not at all difficult once you know the keys responsible for the additions.

For Files, the secret lies in the "context menu handlers" under the shellex subkey for "All Files" which, in the registry, is nothing but an asterisk - like a dos wildcard, which means the values entered apply to all files. It is at the very top of the Root key, right here:

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Click the the + sign next to the ContextMenuHandlers key, to expand it.
Now you will see some of the programs that have added items to your right-click menu. Simply delete the program keys you don't want.
Yup! It's that simple. If deleting makes you uneasy, just export the key before deleting it. Or, instead of deleting the values, disable them. Simply double click the default value for the program on the right hand pane and rename the clsid value by placing a period or dash in front of it.

ie; - {b5eedee0-c06e-11cf-8c56-444553540000}

Then exit the registry, refresh, and right click a file to see if the item was removed from the menu.
Some programs - like WinZip or WinRar - will add several items to your right click menu but all of them will be removed by deleting or disabling their one context menu handler.

Note that the above key only applies to the right click menu of files.
To remove entries from the right click context menu of folders, you need to navigate to the Folder and Drive keys:

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers

All you have to do is follow the same procedure as for Files - either disable or delete items you wish to remove.

Adding Items

Adding Items to the right click menu of Files and Folders is also fairly simple using the Registry. It just involves the creation of a few new keys for each item you wish to add. You edit the same keys used for removing items. Let's use Notepad as an example of an item you'd like to add to the right click menu of all your files or folders.

For folders, go to this key:

HKEY_CLASSES_ROOT\Folder

Click the + sign next to Folder and expand it so that the Shell key is visible. Right click the Shell key and choose New>Key and name the key Notepad or whatever else you'd prefer (whatever the key is named is what will appear in the right-click menu). Now right click the new key you made and create another key named Command. Then, in the right hand pane, double click "Default" and enter Notepad.exe as the value.
Exit the registry, refresh, and right click any folder. Notepad should now be on the context menu.


For files, go here again:

HKEY_CLASSES_ROOT\*

Expand the * key and see if a Shell key exists. If it does exist, follow the same procedure as for folders. If it does not exist, you'll have to create a new Shell first. Just right click the * key and choose New>Key and name it Shell. Then right click the Shell key and continue on the same way you did for adding items to the right click menu of folders.

Once done, Notepad should appear as an option in the right click menu of all your files.