Presentation is loading. Please wait.

Presentation is loading. Please wait.

Plug-in and Automatic update security Presented by Maxamed Hilowle.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Plug-in and Automatic update security Presented by Maxamed Hilowle."— Presentation transcript:

1 Plug-in and Automatic update security Presented by Maxamed Hilowle

2 The topic Presentation Insecurities within automatic update systems Can patching let a cracker in?.

3 Abstract Model 1.Confidentiality Secure Compound 2.Integrity A cyclic redundancy check (CRC) / Hash Certificates Development 3.Availability Several update sources

4 Process Model In order to translate a CIA model to the Security update mechanism, the following process was established;

5 Confidentiality Confidentiality is an import criteria for security. And the users would consider to be a threat when confidentiality is compromised.

6 Attacks In order to capture all data from all systems on a network, the attacker can use a technique called Address Resolution Protocol (ARP) spoofing.

7 Attacks In that case an attacker might derive how update systems work. Confidentiality is compromised when data is intercepted to obtain sensitive information

8 Integrity Integrity refers to the validity of data. Validity might be impaired by transmission faults and alteration of the contents by attackers. Reassurance to the receiver that the message has not been altered since it was transmitted by the sender.

9 The attacker stands between the system and update server.

10 This attacks know as Domain Name System DNS spoofing, and it can be a powerful attack method for hacking update mechanisms. The attacker can redirect the update program to our own server and maybe even update the application with his own malicious code (Man- in-the-middle).

11 Availability Updates frequently fix security issues in programs. If a vulnerability is known, and the available patch not applied, the system is vulnerable for attackers. Therefore, updates should be easy to acquire.

12 Automatic update Sun provides an automatic update system to keep the virtual machine updated with the latest patches, This system called jusched.exe is automatically installed under Windows operating systems. If the update system finds a new update, it notifies the user and automatically install updates.

13 Windows users they ignore these warnings, and most users run as administrator under Windows, it might silently install a virus while installing a modified version of JRE.

14 Conclusion The developers can make the update mechanism itself more secure. The users can be more cautious when using such a system.

15 You can find more details and how DNS, ARP spoofing and other well known attacks work http://technorati.com/videos/youtube.com%2Fwatch%3 Fv%3D9z8i9SQr_s8 http://technorati.com/videos/youtube.com%2Fwatch%3 Fv%3D9z8i9SQr_s8 http://technorati.com/videos/tag/arp+spoofing http://technorati.com/videos/youtube.com%2Fwatch%3 Fv%3DHppWr3mKwW4 http://technorati.com/videos/youtube.com%2Fwatch%3 Fv%3DHppWr3mKwW4 http://technorati.com/videos/tag/dns+spoofing http://www.parosproxy.org http://www.slavasoft.com/hashcalc/index.htm http://ettercap.sourceforge.net/ http://www.wireshark.org/

Download ppt "Plug-in and Automatic update security Presented by Maxamed Hilowle."

Similar presentations

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.

Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Information Security Rabie A. Ramadan GUC, Cairo Room C7 -310 Lecture 2.

Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may. 2010 University of Palestine.

Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Similar presentations

Ads by Google