© 2001 By Default! A Free sample background from www.pptbackgrounds.fsnet.co.uk Slide 1 Eggs have the potential to cause catastrophic damage to private.

Slides:



Advertisements
Similar presentations
Intermediate 2 Computing
Advertisements

Higher Computing Computer Systems S. McCrossan Higher Grade Computing Studies 8. Supporting Software 1 Software Compatibility Whether you are doing a fresh.
Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Lecturer: Fadwa Tlaelan
Reflections on Trusting Trust Ken Thompson. Communication of the ACM, Vol. 27, No. 8, August 1984, pp Copyright 1984, Association for Computing.
Unit 18 Data Security 1.
Computer Viruses.
Security, Privacy, and Ethics Online Computer Crimes.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
1 Malicious Logic CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 25, 2004.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Tutorial Introduction Fidelity NTSConnect is an innovative Web-based software solution designed for use by customers of Fidelity National Title Insurance.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Unit 2 - Hardware Computer Security.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
32-1 Internet Safety/Security Issues Trojan/Virus precautions When you run an executable program from an untrusted source you’re opening yourself.
BUSINESS B1 Information Security.
D. Beecroft Fremont High School VIRUSES.
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
Security Issues, Ethics, & Emerging Technologies in Education
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
1 Higher Computing Topic 8: Supporting Software Updated
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Viruses, Computer Security & Ethical Issues Digital Communication Systems Ms. Powers.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
信息处理技术 Technology of Information Processing 潘晟旻 Instructor: Pan Shengmin 潘晟旻 Computer Center. Kun Ming University of Science & Technology.
Security System Ability of a system to protect information and system resources with respect to confidentiality and integrity.
Title of Selected Paper: IMPRES: Integrated Monitoring for Processor Reliability and Security Authors: Roshan G. Ragel and Sri Parameswaran Presented by:
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Computer Systems Viruses. Virus A virus is a program which can destroy or cause damage to data stored on a computer. It’s a program that must be run in.
Computer Security By Duncan Hall.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
Reflections on Trusting Trust Ken Thompson. Overview Introduction Introduction “Cutest Program” “Cutest Program” Stage 1 Stage 1 Stage 2 Stage 2 Stage.
Computer Ethics. Ethics Notes Ethics: standards of honesty, morality, and fairnessEthics: standards of honesty, morality, and fairness Public Data: information.
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
Securing Network Servers
IT Security  .
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
How to Get Rid of Online Threats Impacting your Computer Device?
Computer Security Elaine Munn Introduction to Computer Security.
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Unit 4: Data Communication
Chap 10 Malicious Software.
UNIT 18 Data Security 1.
Faculty of Science IT Department By Raz Dara MA.
Chap 10 Malicious Software.
Software Requirements Specification (SRS) Template.
Computer Security By: Muhammed Anwar.
Malicious Program and Protection
Presentation transcript:

© 2001 By Default! A Free sample background from Slide 1 Eggs have the potential to cause catastrophic damage to private users, corporations and government systems. By Stephen Greenberg CS 725fc © 14/05/2002, Shareef I. Mostafa Easter Egg Insertion, Detection & Deletion in Commercial Software

© 2001 By Default! A Free sample background from Slide 2 Outline Easter Eggs Defined Egg Threats and their Creators Software Development Process Easter Egg Insertion Easter Egg Detection Easter Egg Recommendations

© 2001 By Default! A Free sample background from Slide 3 So what is an Easter Egg? Easter Egg – Code inserted into a commercial software product, which is not documented and not meant to be part of the product. Trojan Horse – a program that, when activated, performs some undesirable action not anticipated by the person running it. Prof Denning, GeorgeTown Trojan Horse – a program that, when activated, performs some undesirable action not anticipated by the person running it. Prof Denning, GeorgeTown Time Bomb – Executes at a specific date and time Logic Bomb – Triggered by some user action So an Easter Egg is really just a Trojan Horse!

© 2001 By Default! A Free sample background from Slide 4 Egg Threats and Creators Potential Threats Consumer – Steal Passwords, Credit Card details… Corporations - Crash Computers, Financial Loss… Government Agencies - Breach National Security Egg Creators Elites - Pay homage to development team. Not necessarily malicious. Not necessarily malicious. Dark Siders - Write malicious eggs for profit. (coined by author I think) (coined by author I think) But how real are these threats?

© 2001 By Default! A Free sample background from Slide 5 Software Development Process Software Testing Hardware Integration Independent Testing Product Assembly & Shipping Software Developmen t Product Configuratio n Customers Every bug results in code returning to Software Development process for correction Every bug results in code returning to Software Development process for correction Eggs usually inserted after first 4 stages when product is in binary form Eggs usually inserted after first 4 stages when product is in binary form

© 2001 By Default! A Free sample background from Slide 6 Easter Egg Insertion Improved Insertion Method by George Kalb 1) Obtain executable file you wish to backdoor 2) Identify function or symbol to backdoor (hexEditor) 3) Insert compiled Egg code into executable (hexEditor) 4) Change the address of the backdoored function to the new address of the egg code. (backdooring) 5) Recompute the Checksum

© 2001 By Default! A Free sample background from Slide 7 Easter Egg Code Example Function B { Detect triggering event; if (triggering event) { Egg Code goes here; } Call Function A; Return; } Function B Main Function Function A Call Function A to maintain all existing functionality Call Function A to maintain all existing functionality

© 2001 By Default! A Free sample background from Slide 8 Detection & Recommendations Recommendations Protect File Format – Insider wont understand file format and so cant insert any Egg. Encrypt Symbol Table – Insider cant backdoor any function in symbol table. Detection of Eggs Emulator – Run program with every documented function and have it capture all instruction fetches. Locations in memory that should not have been called. (ie. Possilby the result of an Egg) Also gaps in memory accesses, possibly from backdooring, may hint at Egg code.

© 2001 By Default! A Free sample background from Slide 9 Conclusion Easter Eggs…should we be worried? - There have been no documented cases of malicious Eggs to date. - Easter Egg threats need to viewed relative to all other security threats. (They aren't at the top of the list) So what have we learned? So what have we learned? - What are and Who creates Eggs? - How do they actually get into Software? - The general idea of how to backdoor an object. - An overview of Egg Insertion, Detection, & Solutions

© 2001 By Default! A Free sample background from Slide 10 Sites (for those interested) - Very thorough listing of Eggs - Executable File Format Definitions - Info on BFD and GNU phrack.org/phrack/56/p56-0x09 – Backdooring Binary Objects

© 2001 By Default! A Free sample background from Slide 11 Easter Eggs MS Word 97 Egg MS Excel 97 Egg For thousands more check out

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.