Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security The problem of insecure PCs – and its consequences Why does this problem exist? Solutions – what you can do – what the industry can do.

Published byLoren Martin Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Security The problem of insecure PCs – and its consequences Why does this problem exist? Solutions – what you can do – what the industry can do."— Presentation transcript:

1 Computer Security The problem of insecure PCs – and its consequences Why does this problem exist? Solutions – what you can do – what the industry can do Research in Computer Security

2 Insecure PCs virus malware phishing spam spyware botnets DNS spoofing identity theft Trojan horse buffer overflow DoS attack worm keyloggers cross-site scripting

3 data theft (inc. ID theft) create botnet exploit software vulnerabilities DNS spoofing hardware keylogger send spam install malware XS S phishing promotion destruction (inc. vandalism) DDoS α β means β is a possible way to achieve α hardware theft

4

5

6 Malware is –software intended to intercept or take partial control of a computer's operation without the user's informed consent. –It subverts the computer's operation for the benefit of a third party. Also called spyware. –The term “spyware” taken literally suggests software that surreptitiously monitors the user. But it has come to refer more broadly to any kind of malware, Malware covers all kinds of intruder software –including viruses, worms, backdoors, rootkits, Trojan horses, stealware etc. These terms have more specific meanings.

7 Trojan horse –a malicious program that is disguised as useful and legitimate software. Can be part of, or bundled with, the carrier software. Virus –Self-replicating program that spreads by inserting copies of itself into other executable code or documents. Worm –Self-replicating program, similar to virus, but is self- contained (does not need to be part of another program). Spreads by exploiting service vulnerabilities. Drive-by –installs as side-effect of visiting a website; exploits browser vulnerability. Detail from "The Procession of the Trojan Horse in Troy“, Giovanni Domenico Tiepolo How malware spreads

8

9

10 Why does this problem exist? Why can't engineers create systems that are not vulnerable to this plethora of attacks? Compare: cars aircraft telephone system electricity production

11 We have the technology...

12 Why does this problem exist? complexity immaturity – of technology: “release and fix” – of designers/programmers: bad culture – of users: a new one born every day... open platform monoculture

13 Trusting Trust backdoor How to create an undetectable backdoor: –Change the compiler so that, when compiling the login program, it adds the hard-coded username/password check to the login program. Thus, the login program source code looks completely normal. –As an extra twist, change the compiler so that, when compiling the compiler, it adds the code to add the code to the login program. Thus, even if the compiler is recompiled, the backdoor will still be inserted. And none of the source code reveals the backdoor. Described in a paper by Ken Thompson, Reflections on Trusting Trust, 1995.

14 What you can do Don't connect directly to the Internet – connect via a router instead Don't install anything! – no third-party toolbars, extensions, helpers, freebies – unless you really know where they came from Be sceptical about e-mail from nice people who want to give you $20,000,000 or help you reduce your mailbox usage or help your computer to go faster Stop using Windows – use Linux, *BSD (or derivative, including Mac OS X) Update/patch frequently

15 What industry is doing better engineering thin clients – cloud computing trusted computing – protected capabilities outside software control – virtualisation, to support throw-away OS

16 The Trusted Platform Module p := SHA1(p || x)

17 Computer security research electronic voting trusted computing privacy in the digital world

18 Electronic voting

19 ballot secrecy and coercion resistance usability election verifiability ?

20 Privacy in the digital world Facebook blogs Gmail Web searches instant messaging Oyster card Government űberdatabase IS P Google Docs

21 “A face is exposed for AOL searcher no. 4417749” From New York Times, August 9, 2006 In August 2006, Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher's anonymity, but it was not much of a shield. No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from"numb fingers" to "60 single men" to "dog that urinates on everything." And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for "landscapers in Lilburn", and several people with the last name Arnold. It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, GA “

22 Balancing global security and individual privacy securityprivacy

Download ppt "Computer Security The problem of insecure PCs – and its consequences Why does this problem exist? Solutions – what you can do – what the industry can do."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) 494 1523

Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309)
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Threats To A Computer Network

Threats To A Computer Network
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA 92697 USA

How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA USA
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Quiz Review.

Quiz Review.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.

Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
Unit 2 - Hardware Computer Security.

Unit 2 - Hardware Computer Security.
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Lions? And Tigers? And Bears? Oh my!. In The Wizard of Oz, Dorothy, Tinman and Scarecrow were frightened of what may be out there as they traveled the.

Lions? And Tigers? And Bears? Oh my!. In The Wizard of Oz, Dorothy, Tinman and Scarecrow were frightened of what may be out there as they traveled the.
 We all know we need to stay safe while using the Internet, but we may not know just how to do that. In the past, Internet safety was mostly about.

 We all know we need to stay safe while using the Internet, but we may not know just how to do that. In the past, Internet safety was mostly about.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Viruses & Destructive Programs

Viruses & Destructive Programs

Similar presentations

Ads by Google