Brainfoldb4u's Blog

Just another WordPress.com weblog

Posts Tagged ‘Information Security’

Spam trend

Posted by brainfoldb4u on December 30, 2009

With almost more than half of the emails being reported as unsolicited. Spam tops the list as one of the most bothersome internet irritations. And despite the evolution of spam filters, spam blockers and other anti spam softwares, the negative effects are still felt by people and businesses. It is estimated to have sent 14.5 billion spam messages per day.  According to a research conducted by Palo Alto, spam costs business around $20.5 billion annually and future predictions seems to be around $198 billion in next four years if spam continues to flourish at its current rate.  Figure below shows the spam by  country of origin (source: M86 Security)

Spam Definition:

In order to effectively combat spam we first need to know what spam is. According to definition , Spam is an anonymous(spoofed sender address to hide the real sender), unsolicited (users unwillingness to accept) bulk email (Sent in mass measure). IT is important to make it clear that the words ‘advertising’ and ‘commercial’are not used as perfect spam definitions.

How spam works:

Spammers use advanced programs and technologies in a dedicated way to generate and send spam in billions and billions of spam message every day. Spam overall life cycle is a five stage process, knowing about those stage may help in preparing to not to be a victim in future.

Stage One: Gathering Information:

First stage in spam cycle is in collecting information and creating a database of email address with different categories (geographical location, different accounts, personal entries, others).  Methods used to collecting email address include scanning public resources like forums, websites, chat rooms, who-is databases. Stealing databases from web services and ISPs,.

Created databases address will then be verified by test mail. Testing is to make sure whether the users are reading the spam or not. Spam usually has images and if a message is opened then image will automatically be downloaded and logged in server and thus spammers will make sure that email address is valid.

Stage 2: Choosing the delivery method

Now its time to deliver the spam to mass users. They deliver in millions and more widely used are  following three methods. First is direct mailing from rented servers, this option proves no good to them as anti-spam organisations are monitoring mass mailing and black listing them. Second is to use proxies or open relays but this option is costly and also time-consuming as spammers need to search the internet for vulnerable servers and then the server has to be penetrated. Spammers can’t use the same proxy or relays for long as after a successful mailing, these servers will be detected and blacklisted.

Third and most current trend is to create or buy bot networks. A botnet is a collection of computers, also known as zombies or robots, that can all be controlled remotely by one person. This control is achieved by installing malicious software on a PC via illicit means, such as a virus or email attachment.

Step 3: Actual spam message

Sending millions of messages within a limited time frame requires right technology and spammers are using specialized programs to be able to send mail via infected machines, create dynamic texts, dynamic images and so on..

Basic and traditional way of sending spam is to include a random text string, words or invisible text with either beginning or end of the message body.  It is possible to embed an invisible test within an HTML message and send it to email address but current day spam filters are with inbuilt HTML encoders smart enough to flag those emails as spam.

Some other means are by graphical spam (text in graphics format), dynamic text (same text in many ways. a smart ways to confuse anti spam filter program).

Spam life cycle overall involves team of different specialists, professional programmers, virus writers and business mans. Each playing a part in spam cycle.

Ways to prevent spam:

There are certain measures along with using a spam filter or spam blocker that you can take to prevent this spam message to reach your inbox. Some of them are:

  1. Try having more than one email address. Use one for personal and confidential reasons and others for day-to-day use like subscription and other stuff which are not your primary concern.
  2. Try to hide your email address. Say if you have a website or forum and you need to use your email address, you can try using for example: brainfold dot security at Gmail DOTcom instead of brainfold.security@gmail.com
  3. Make sure your spam filter and your email services are on highest setting
  4. In public forums and chat messages or wherever you need to register, try having a username instead of email address. Use your secondary email address for this purposes.
  5. Never reply to or click on any links in a spam message. Before you get to click any link check details like sender name, domain address, message relevance. If any of these sound irrelevant to you try not to click the email link.
  6. Read your message as text, reading message as text other than HTML prevents you from accidentally clicking the email links which may include virus, ad-ware or spyware. (remember 80% of email flying are spam).
  7. If you are using Outlook you can preview your messages in a preview screen before actually opening them.
  8. View message header: Analyse the header information, pay attention to the FROM and REPLY TO addresses. If the reply to discuss is not same as from address then it may be a spam.
  9. Forwarded emails tend to list the email address of every one who has forwarded the message, along with the email address of every one its forwarded to. So it’s an easy target for spammers to get access to bulk of email address. Unless it is important to do so try not to use send email with bulk email address.

IF you would to know more about spam-ware and ad-ware please follow the below references

Conclusion:

Spam market is growing exponentially with growing value of several hundred million dollars annually. Entire spam cycles are run by professionals in-house taking advantage of our  ignorance in protecting our own information.

Though it is illegal to collect and misuse others personal information due to massive growth in technology it is not an easy task for government, law enforcement agencies or info sec professionals to protect every single data from prying eyes. So it is our responsibility to be conscious in protecting our personal informations. Money flowing in spam industry is good enough to keep the spam cycle  going and potentially enabling people to take more risk.

If you would like any more topics to be discusses feel free to send me a comment. Thanks again for your time..

Posted in Hacking, Information Security | Tagged: , | Leave a Comment »

Browser Security 1

Posted by brainfoldb4u on December 25, 2009

Web browsers:

Web browsers are software applications operate between your computer and web server. Computer browser contacts web server and requests information or resources, web server then locates the web page and send the information to the web browsers located in our computer. There are various sorts of information like applications, programs, animations and similar materials created with programming languages (Java, Active X) scripting languages (php, Perl, Java scripting) and AJAX a browser has to interpret and display in our computer a browser interpret . The most commonly used web browsers are Internet Explorer (70%, Firefox (20%), Chrome (5%), Opera(5%), Safari (5%), Konqueror (1%). So the theory is, more popular a web browser is, more successful it got attacked in the past.  I am planning to write about Microsoft IE browser security as a separate column as it got lots to talk about. So you may not find IE browser content in this page.

Web browser security became one the hot topic in information security industry not choosing the right browser and not updating it may lead you to variety of problems like spy-ware being installed, intruder taking control of your computer and many. The software attacks that take control of browser vulnerabilities are increasing much and hence it is significant for users to choose browsers that well address our needs.   Unauthorized disclosure of content stored in the computer running the web browser is a major threat needed to be addressed. For example, Apple fixed a flaw on their 2009-001 security updates which allowed access to files on local hard drive due to execution of arbitrary javascript in the local computer. Trend micro 2008 threat information indicates that more than half of thee most common infections were due to direct downloading from  the internet. Attackers can do this in low-cost way with focus will be to take control of your computer, steal your information, destroy your files and also can be used to attack other computer by using yours as a proxy. Some of the common factors that leads to browser exploit are as follows

  • User tend to click on links without thinking about the risk and consequences it could bring
  • Not running the updates.
  • Web browsers are configured for increased functionality without worrying about security
  • clicking the links that takes you to malicious site
  • Configuring computer systems with additional softwares without knowing its functionality and that increases the number of vulnerability that may be attacked.
  • Third party software that has no mechanism to receive software updates
  • Some websites requires additional features or install more software putting our computer at risk.
  • And as a result exploiting vulnerabilities in web browser has become a famous way to attackers to compromise security.  I thought of putting together an article to emphasize the balance between usability and security of web browser.

    Some software features that provide functionality to a web browser, such as ActiveX, Java, Scripting (JavaScript, VBScript, etc), may also introduce vulnerabilities to the computer system. These may stem from poor implementation, poor design, or an insecure configuration. For these reasons, you should understand which browsers support which features and the risks they could introduce. Some web browsers permit you to fully disable the use of these technologies, while others may permit you to enable features on a per-site basis. You may have multiple web browsers installed in your system. software applications on your computer, such as email clients or document viewers, may use a different browser than the one you normally use to access the web. Also, certain file types may be configured to open with a different web browser. Using one web browser for manually interacting with web sites does not mean other applications will automatically use the same browser. For this reason, it is important to securely configure each web browser that may be installed on your computer. One advantage to having multiple web browsers is that one browser can be used for only sensitive activities such as online banking, and the other can be used for general purpose web browsing.  This can minimize the chances that a vulnerability in a web browser, web site, or related software can be used to compromise sensitive information

    Google Chrome:

    • Chrome Mailer: Chrome Mailer is an add-on for Google Chrome which automatically opens and composes a Gmail message whenever you click on a mailto: link. Windows’ default mail client is bypassed in favor of Google’s Web-based offering, making this a very useful addition for those who favor Gmail when working within their Chrome browser. Toggling this behavior on and off is as simple as clicking a button within Chrome Mailer’s interface. Support for Google Apps users with domains other than gmail.com” is also included.”
    • Incognito Surfing: Lets you surf the web with relative anonymity, means details of your web surfing are not retained. This can be useful when browsing on public systems like library and school PC’s. With Incognito the sites you open and files you download are not logged in the browser history and all new cookies are removed when the session closes.
    • Sand Box type: While other browsers run one instance of the browser engine with multiple associated processes google chrome run in a sandbox like functionality. Which means even if one  or more browser windows or tab crashes, it will not crash the web browser engine and will not take down other tab/process running. Malware or issues in one tab can not affect other open browser instances, and the browser is unable to write to or change the operating system in any way- protecting your PC from attack.
    • Safe Browsing: This feature mainly relies on certificates to verify the authenticity of the server that connected to. Google Chrome compares the information provided in the certificate with the real server being connected to and alerts you if the information doesn’t jive. If Chrome detects that the address specified in the certificate and the actual server you connect to are not the same, it issues this warning “‘This is probably not the site you are looking for!” .
    While there have been a couple security flaws and vulnerabilities identified, no web browser is perfect and in Google’s defense Chrome is still in Beta testing.Chrome does have a variety of innovative features and a unique interface that many users have quickly come to prefer over Internet Explorer and Firefox. Many users also report that it is faster at loading pages than other web browsers. The more security controls should prove valuable in helping you surf the Web safely. Google Chrome is definitely worth taking a look at.
    Overall : Google Chrome is best suited for ever day causal browsing where usability comes first. If you want a browser to open fast, look simple and help you browse fast i guess Google chrome can be your best option. In Chrome, Google utilises tabbed browsing and in its version the tabs have individual processes with sandbox capabilities which restrict privileges for third-party apps,Additionally, Chrome uses a blacklist that alerts users of ‘bad’ sites and has an ‘incognito’ mode for private browsing. Fully customizable and supports huge amount of languages .  It has more than 70 language including Tamil to choose from. More over i love it because it can be translate into Tamil!!

    Mozilla Firefox:


    Mozilla Firefox supports many features of the same features as Internet Explorer, with the exception of ActiveX and the Security Zone model. Mozilla Firefox does have the underlying support for configurable security policies (CAPS), which is similar to Internet Explorer’s Security Zone model, however there is no graphical user interface for setting these options.

    • Firefox protection: Firefox protects your computer by not loading Active X controls. It also has huge variety of features specially designed for security to protect your privacy and personal information. Firefox are configured to cut pop-up ads from web browsing which is a major inconvenience with windows. Firefox seems to be more secure by default and, being open source, any issues that might arise should be addressed and patched more quickly.
    • Anti-Virus Software: Firefox integrates elegantly with your anti-virus software. When you download a file, your computer’s anti-virus program automatically checks it to protect you against viruses and other malware, which could otherwise attack your computer.
    • Anti-Malware: Firefox protects you from viruses, worms, Trojan horses and spy ware. If you accidentally access an attack site, it will warn you away from the site and tell you why it isn’t safe to use. Firefox checks every part of a Web page before loading it to make sure nothing harmful is sneaking in the back door.
    • Anti-Phishing: Shop and do business safely on the Internet. Firefox gets a fresh update of web forgery sites 48 times in a day, so if you try to visit a fraudulent site thats pretending to be a site you trust (like your bank), a browser message—big as life—will stop you.
    • Down-loadable Fonts: View a wider variety of fonts on Web sites while you surf. Site designers and developers can create custom fonts that will be displayed and rendered properly even if you don’t have the font installed on your computer
    • Developer Tools: If you’re a Web developer, Firefox’s developer tools will make your life easier. The Mozilla Add-ons site offers many tools to streamline the development process, including Firebug to edit, debug, and watch CSS, HTML, and JavaScript live in any Web page, Tamper Data to view and change HTTP/HTTPS headers and POST parameters, and the DOM Inspector to check any HTML or CSS element with a simple right-click.
    • Organic software:  Firefox, is created by an international movement of thousands, only a small percentage of whom are real employees. They are motivated by promoting openness, innovation and opportunity on the web and not business concerns like profits or the price of our stock .
    • Outdated Plugin Detection: Some web pages needed to install small applications called plugins to watch videos, play games or view documents. These plug-ins are written by other companies, and it can be hard to make sure they’re always up to date. Since outdated plugins are a security risk, Firefox will let you know when you have a plug-in that’s vulnerable to attack and direct you to the right site to get the updated version.
    • Private browsing: As Google chrome, Firefox supports under hood browsing , with this feature enabled you won’t leave a single browsing fingerprint behind for others to discover.

    http://www.youtube.com/watch?v=lrgf49fUWc8  

    Overall: I would say Firefox is best suited for heavy users and users who carry on sensitive tasks very often and who gives security top priority than usability. Fully customizable and supports huge amount languages .  It has more than 70 language including tamil to choose from.

    Opera Browser:

    pera is my third favorite browser with faster and safe web browsing experience. Opera takes less space to install and makes our browsing experience more efficient. It has many unique features like Opera unite (share content in quick and easy way), Opera Turbo (speed booster), Visual tabs, customizable speed dials, mouse gestures, Trash can (reopening closed tabs ). Many of these features can be seen in Firefox or chrome but opera has these features with unique identity.  As far as security is concern opera provides features like

    • Content blocking: Block images, pop-ups, and plug-ins you do not want to see. Right-click and choose “Block content” to disable annoying elements selectively. To make Web pages load more quickly, or to avoid offensive content, temporarily turn off images by pressing the image button. In Opera, smart pop-up blocking is turned on by default.
    • Auto Update: Opera makes it easier than ever to stay up-to-date with the latest version. With auto-update you can choose to have completely automatic updates or to be notified when an update is ready for you install. As always with Opera, it is your choice
    • Delete private data: Opera can be configured to clear the history and cache when exiting, to protect your privacy. Any kind of private data can easily be erased
    • Security Bar: Opera displays security information inside the address bar. By clicking on the yellow security bar, you get access to more information about the validity of the certificate.
    • Encryption: Opera supports Secure Socket Layer (SSL) version 3, and TLS. Opera offers automatic 256-bit encryption, the highest available security of any Web browser.
    • Fraud protection: Fraud Protection is enabled by default, automatically detecting and warning you about fraudulent Web sites. Fraud Protection is powered with phishing information from Netcraft and PhishTank and malware protection from TRUSTe. In addition, Opera supports Extended Validation certificates (EV). This provides added assurance and trust for secure Web sites. Read more about Opera Security.

    Apple Safari:

    Safari is another content rich web browser from apple.  After iphone release safari gained its popularity more than ever before due to the fact it comes inbuilt with iphone . iphone sales were 245% by 2009 and think about the number of users who uses safari.  It is designed to emphasize browsing more than the browser. Its browser frame is a single pixel wise and scroll bar are noted only when needed. IT comes with many features like , you can hide almost the entire interface, removing almost every distraction from the browser window. Safari gives an enjoyable browsing experience regardless of platform.  The first browser to deliver the “real” Internet to a mobile device, Safari renders pages on iPhone and iPod touch just as you see them on your computer. But this is more than just a scaled down mobile-version of the original. It takes advantage of the technologies built into these multi-touch devices. The page shifts and reformats to fill the window when you turn it on its side. You zoom in just by pinching and extending your fingers. Of course, no matter how you access it, Safari is always blazing fast and easy-to-use.

    • ARIA: Safari supports Accessible Rich Internet Applications (ARIA). The ARIA standard helps web developers make dynamic web content more accessible for people with disabilities. With ARIA, sites taking advantage of advanced technologies like AJAX and JavaScript can now easily interoperate with assistive technologies.
    • Next gen standards support: Safari continues to lead the way, implementing the latest innovative web standards and enabling next-generation Internet experiences. With support for HTML 5 media tags, CSS animation, and CSS effects, web designers can create rich, interactive web applications using natively supported web standards. A standards-compliant browser, Safari renders current and future web applications as they were meant to be seen.
    • Acid 3 compliance: Apple claims that safari is the only browser to be acid 3 compliant Acid 3 tests a browser’s ability to fully make pages using the web standards used to build dynamic, next-generation websites, including CSS, JavaScript, XML, and SVG.
    • Database: Safari is the only browser that includes tools for managing the offline databases that will be part of the next generation of websites. The Databases pane in Safari 4 allows you to view tables and databases and even execute SQL queries.
    • powerful mac like tools for windows: Apple has brought its ability in Mac OS X and iPhone development tools to the web. Safari 4 includes a powerful set of tools that make it easy to debug, tweak, and optimize a website for peak performance and compatibility. To access them, turn on the Develop menu in Safari preferences

    Internet Explorer:

    Internet explorer 8 has got some security mechanisms that update it for the current threat environment. They have Smart-Screen Filter to help you avoid socially engineered malware phishing Web Sites and online fraud  when you browse.

    • Smart Screen Filter:  Checks Web sites against a dynamically updated list of reported phishing and sites, Checks software downloads against a dynamically updated list of reported malicious software sites, Helps prevent you from visiting phishing Web sites and other Web sites that contain malware that can lead to identity theft.
    • XSS Filter: Helps to prevent inclusion of target ed site by a frame. The Cross-Site Scripting Filter event is logged when Internet Explorer 8 detects and mitigates a cross-site scripting (XSS) attack. Cross-site scripting attacks occur when one Web site, generally malicious, injects (adds) JavaScript to otherwise legitimate requests to another Web site. The original request is generally innocent, such as a link to another page or a Common Gateway Interface (CGI) script providing a common service (such as a guestbook). The injected script generally attempts to access privileged information or services that the second Web site does not intend to allow. The response or the request generally reflects results back to the malicious Web site. The XSS Filter, a feature new to Internet Explorer 8, detects JavaScript in URL and HTTP POST requests. If JavaScript is detected, the XSS Filter searches evidence of reflection, information that would be returned to the attacking Web site if the attacking request were submitted unchanged. If reflection is detected, the XSS Filter sanitizes the original request so that the additional JavaScript cannot be executed. The XSS Filter then logs that action as a Cross-Site Script Filter event.
    • Data Execution protection: Data Execution Prevention/No Execute (DEP/NX) option in Internet Explorer 8 prevents code from running in non-executable memory. When a violation occurs, the browser stops responding instead of running malicious code. When Internet Explorer 8 has recovered from a crash caused by DEP/NX, this event is logged. Typically, DEP/NX failures occur due to attempts to exploit the browser or its add-ons. But it is possible that a browser add-on is not compatible with DEP/NX, and failures occur even without malicious content.
    • In-private browsing: As like Firefox, IE also comes with in-private browsing enabling reduced storage of browsing history information.

    Conclusion:

    Currently the threat to web browsers is severe. Flaws in the browsers and plugin’s are numerous and high impacting. In my opinion IE 8 got some security mechanism to face vulnerability but all these features make the a heavy weight browser and hence it impacts the browsing experience.  For mac and iPhone apple’s safari is a competent browser. Other than its frequent crash Opera is well customizable browser with rich content experience. Mozilla has some enterprise level lock-down capability and its security posture is substantially enhanced by the No-script add on. In my view light weight browser Google Chrome inches ahead with tabbed browsing and in its version the tabs have individual processes with sandbox capabilities which restrict privileges for third-party apps,Additionally, Chrome uses a blacklist that alerts users of ‘bad’ sites and has an ‘incognito’ mode for private browsing. smooth, fast and crash free browsing experience.

    Posted in Browser Security, Information Security | Tagged: , , , , | Leave a Comment »