Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Failure to Learn from the Past Presented by Chad Frommeyer CSC 493/593 Professors Charles E. Frank/James Walden.

Published byAbraham McLaughlin Modified over 9 years ago

Similar presentations

Presentation on theme: "A Failure to Learn from the Past Presented by Chad Frommeyer CSC 493/593 Professors Charles E. Frank/James Walden."— Presentation transcript:

1 A Failure to Learn from the Past Presented by Chad Frommeyer CSC 493/593 Professors Charles E. Frank/James Walden

2 Introduction Internet Worm and its Behavior Consequences to the Creator/Originator Resulting actions taken What have we learned?

3 Internet Worm October, 1988 Internet Contained 60,000 hosts Worm attack affected 3000-6000 (5%- 10%) Infection lasted 3-4 days Only Unix based systems affected

4 Internet Worms -- Terms Worm – Independent program that can replicate itself Virus – Code that requires a host, and cannot run independently Malware – Malicious Software

5 Inernet Worm -- Operation Fingerd – Buffer Overflow (C-Language gets() – altering fingerd functionality Sendmail – DEBUG options exploit allowed execution of commands Password discovery Identify Trusted Machines Cleanup after Execution Chronology

6 Consequences Author Robert T Morris No Prison, 400 Hours Community Service Fine of $13,776 Suspended from graduate studies at Cornell Malicious Intent not proven Ultimately received Ph.D from Harvard, and is currently an associate professor at MIT. Adequate?

7 Resulting Actions CERT (Computer Emergency Response Team) Central switchboard for computer emergencies on ARPAnet and MILnet Not enough?

8 What have we learned? Software Flaws Incident Response Laws and Ethics

9 Learned? (Software Flaws) 95% of reported malware is against Microsoft Trust Relationships –Software –Hardware –Personal Buffer Overflows Default Configurations

10 Learned? (Incident Response) CERT/CC Delayed Communications Not Comprehensive What communication is good enough?

11 Laws and Ethics Fewer than a dozen people convicted Expensive/Difficult to Investigate Lack of Tools/Expertise Lack of Foreign Laws Lack of international cooperation

12 Conclusion Punishment not adequate – Needed precedence Awareness needs to be heightened Software processes need to recognize lack of expertise Security should be a priority to product management

Download ppt "A Failure to Learn from the Past Presented by Chad Frommeyer CSC 493/593 Professors Charles E. Frank/James Walden."

Similar presentations

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.

Security Issues in Mobile Code Systems David M.Chess, High Integrity Computing Lab, IBM T.J. Watson Research Center Hawthorne, NY, USA Mobile code systems.
Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 3. Program Security -- Part I.

Computer Science CSC 405Dr. Peng Ning1 CSC 405 Introduction to Computer Security Topic 3. Program Security -- Part I.
C risis And A ftermath Eugene H. Spafford 발표자 : 손유민.

C risis And A ftermath Eugene H. Spafford 발표자 : 손유민.
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 32 Fall 2002.
Week 6 - Friday.  What did we talk about last time?  Viruses and other malicious code.

Week 6 - Friday.  What did we talk about last time?  Viruses and other malicious code.
COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.

COMP6005 An Introduction to Computing Session One: An Introduction to Computing Security Issues.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Hacking M***********s!!. Who is this guy? John Draper (aka Captain Crunch)

Hacking M***********s!!. Who is this guy? John Draper (aka Captain Crunch)
1 Presented by Ahmad Bahaitham Mohammad Felemban.

1 Presented by Ahmad Bahaitham Mohammad Felemban.
Chapter 3 (Part 1) Network Security

Chapter 3 (Part 1) Network Security
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]

________________ CS3235, Nov 2002 Viruses Adapted from Pfleeger[Chap 5]. A virus is a program [fragment] that can pass on malicious code [usually itself]
Computer Viruses and Worms By Rafael Albuernes What is a Virus? What is a Virus? What is a Worm? What is a Worm? Types of Infections Types of Infections.

Computer Viruses and Worms By Rafael Albuernes What is a Virus? What is a Virus? What is a Worm? What is a Worm? Types of Infections Types of Infections.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
The Internet Worm Crisis and Aftermath Miyu Nakagawa Cameron Smithers Ying Han.

The Internet Worm Crisis and Aftermath Miyu Nakagawa Cameron Smithers Ying Han.

Similar presentations

Ads by Google