Just now I listened to a brdocast by MIT guy on Malware threats and I encountered an attack technique known as Buffer Overflow Attack. I had heard about this attack before but to know how it works I did some research. I am posting what I understood and perhaps you will like it.

Buffer overflow is one of the most common attack techniques used by hackers. Most importantly it is often undetectable, and above that, most of the home build programs or code are vulnerable to such threats. I can gaurantee that all the codes that you wrote since your school and all the applications you build till date is vulnearable to buffer overflow attack. Code wriiten in unsafe languages such as C++ are more prone to such threats. Infact these days buffer overflows are a favorite exploit for hackers. You will be surprised to know that the vast majority of patches that Microsoft releases oftten in its updates actually fix unchecked buffer problems. However the applications developed in our house just as susceptible as commercial applications to buffer-overflow attack. And this is the only reason why freewares are not accepted as standard software in IT firms.

A buffer overflow takes advantage of a program that is waiting on a user’s input. Buffer overflow attacks can of two types – first is stack based and the other is heap based. Heap is nothing but a free pool of memory used by compilers to dynamically allocate the memory to running program. Heap-based attack basically flood the memory space reserved for a program, however this attack is rare due to the complexity involved. On the other hand stack-based buffer overflow is much easier and often used.

I could explain you this in my own words but it would be better if I quote from a technical article published at SearchWindowsSecurity.com as it would an unaltered version for you. Article goes like this:

“In a stack-based buffer overrun, the program being exploited uses a memory object known as a stack to store user input. Normally, the stack is empty until the program requires user input. At that point, the program writes a return memory address to the stack and then the user’s input is placed on top of it. When the stack is processed, the user’s input gets sent to the return address specified by the program.

I hope you liked this article from SearchWindowsSecurity.com. Please post your comment and some other security issues if you have encountered or solutions which think is applicable. If you want to know about how You can prevent buffer-overflow attacks then follow the link associated.

Those who have some knowledge about the Computer Networks and Network Security, Kerberos might not be a new term. Kerberos Protocol is basically an authentication service which was originally worked out at Massachusetts Institute of Technology (MIT) as a part of Project Athena. Kerberos is the term derived somewhere from the Greek Mythology. Kerberos in Greek Mythology is a three headed dog and serpent tail who guard the entrance of Hades. The function of Kerberos in computer networks is analogous to that, authentication, accounting, and audit being its three heads. However the later two have not been implemented yet. Kerberos enable the servers in the distributed environment to restrict access to authorized users and to authenticate requests for service for the users at workstations. In distributed environment server can not always identify the users correctly as one may impersonate and gain access to the network. Moreover there is always the risk of Eavesdropping which can result in allowing the unauthorized user to gain the access the services restricted otherwise. That is why Kerberos came to existence as it provides a centralized authentication server that uses Symmetric Encryption techniques to authenticate the users to servers as well as server to users.

Kerberos have 5 known Versions of which first three versions were the just the development versions. Kerberos Version 4 was implemented as the original Kerberos. However Kerberos Version 5 has also evolved which corrects some pitfalls of the previous version. You should refer to RFC 1510 for detailed description of the versions of Kerberos.

If you are very interested to know about the victory of Barack Obama in the US presidential elections or any other information about Barack Obama on the internet then you could be the easy target for spams, Trojans and viruses. Don’t get surprised, it isn’t personally related to US president but the attackers and the hackers are exploiting the people’s curiosity about the election result. You must not trust any link which you think can open a video or give information you need about the election results as they may redirect you to the malicious website downloading Trojans and rootkit to your PC, and may steal some vital information from your system. Recently when users were trying to open a video link to listen to the Obama’s acceptance speech, Trojan got installed to their system via malicious website. According to some websites hackers also infected and stole information from a renowned Travel Website in similar fashion. The Trojan file’s name was BarackObama.exe. Earlier this year some ticks such as a survey on the election etc were used to spread the virus.

So do not trust on any anonymous links or video. View the result and reviews on trusted and known websites, such as news channel websites. Do not give your credits card details at any website which promises to offer you the free gift. It could be phishing website i.e. fake website simulating the authenticated websites like PayPal etc. Nothing is free in this internet world my dear and you need to believe this. Phishing Websites may use the name of good brands and reputed names like CNN, Time Magazine etc. So beware and stay safe.

Gone are those days when low capacity Floppy diskettes were used for storing and transferring the data. Not only were they slow but also had short life time. After floppy disks, technical world switched to the Compact Disks. Re-Writable disk was a great achievement in this regard. But the 700 MB CDs are definitely not sufficient in today’s data centric world. So DVDs largely replaced CDs. Though both are still in use, but advent of USB i.e. universal serial bus technology has changed the trend followed in data. USB drives also known as PEN Drives are smaller than Floppy disks and depending on the prices it can have capacity varying from 64 MB to 64 GB. It offers an advantage over all the above as it is highly portable and has comparatively longer life. Owing to its low cost, low power consumption and small size it is now choice of every user, and needless to say that it has already reached to hands of most of the users. But the latest trend observed in the computer security breaches and spread of virus and worms have revealed that USB devices have become the easiest tool ever to spread the worm, infect your PCs and Laptops and attack other computers connected to your computer. USB drives are very insecure as mostly they are not write protected. Whenever you insert your USB drive to any infected PC, worms can ride on your USB data traveler, and when you use the device again with other PCs it get transmitted. USB allows the threat to spread even faster than plague. So before you use your USB you should be careful as either your USB or the machine you are working on may contain the virus. Your antivirus suit must be updated otherwise your PC can be infected easily while you are surfing on internet.

Actually autorun feature enables the virus to load into memory as soon as you insert your PEN drive. These threats were with CDs and DVDs too but since they could not be over written so the threats were limited. But in case of USB, worms get collected from all the PCs it was used with and the result could be disastrous. One of the recommended steps is to disable the autorun from the registry and scan the USB drive every time you plug it in. If your antivirus is out of date then view the content of USB drive using command prompt. I use the same procedure and it has worked well till now. Don’t know why but with command prompt the virus in the device were inactive. It could be due to the disabling the autorun from registry.

To disable the Autoplay visit How to disable Autoplay at ALC2005.com.

You can follow what I do often to check myself for worms and viruses:

1. Start|Run|cmd

// To open command prompt
2. I:

// changing the drive to USB’s drive assuming that it is I drive.

3. Dir /AH

// this is the DOS command to view the hidden content of the directory. It is highly useful especially when you “folder options” is disabled by the Trojans.

4. See the contents of the directory by above command and find if there is any unwanted file with suspected extensions such as .exe, .vbs or the file with multiple extensions such as xyx.txt.exe.

5. If such file exists then delete it forcefully as they may not be deleted by simple delete.
Type following:
I:> del /f /AH

Apart from this you should always access your PEN drives by right click and explore option. Hope these steps would help you. Please write comments for any queries and related threat problems.

You might have heard about the Kaspersky Lab, a leading antivirus developer, detected Koobface worms earlier this year. Now it has appeared again tiptoeing around the security filters and supposedly using Google’s websites for attack. When earlier this malicious program appeared it targeted the Facebook and MySpace users. It had two variants Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b as detected by the Kaspersky Lab. Their method of infecting the computers was a classic one. They used to send images looking like lucrative YouTube video and when a user clicked on it, it redirected the page to some other site which asks the user to download the flash player or codec required to view the video which was actually the worm. Once it was downloaded it uses the PC as zombie computer to form botnets.

Now the similar worm is said to be back with a bang detected by the researchers at unified threat management vendor Fortinet. According to them this is the similar program to the Koobface worm and uses Google Reader and Picasa Web sites to spread. The worm works in same way as earlier i.e. attracting users to click on the fake video and pictures which downloads the Trojan programs. Earlier its spread was checked by MySpace and Facebook by blocking the attack websites. So this time they have hosted files that appear to be YouTube videos on Picasa and Google Reader. Once user gets to these pages they are asked to download the codec and other stuffs. Facebook is just used as a medium to send YouTube and Picasa links to the victims.

Since Facebook is the most popular social networking website and hence such worms can be devastating due to its reach to such huge number of computers. Facebook is currently working with Google to curb this spread and they are positive about the results so far. This attack can in fact happen to any social networking website. Hence if you are Facebook or MySpace or any such website user then please don’t click blindly to all the links you come across.

Clickjacking is the most recent kind of threat being experienced by the internet world. Not only the flaws of internet browsers but also the website flaws are responsible for the problem of Clickjacking. It would be easy to understand Clickjacking if you know about the phishing. Phishing is the technique used by malicious web programmers to trick web users to reveal their secret information such as passwords and credit card information on a fake and forged website. Clickjacking has made it worst because now you never know whether the website has some malicious script running in the background without your consent. Moreover, what would you do if there is a link to any malicious and forged website is invisible to you and your data is being leaked. usually there is no way to know for users that whether the Submit Button they clicked on performs the same function which you expect. Specifically  for unverified or unauthorized websites there is no good solution available. Though you should take care that you do not reveal your confidential information on any un-verified website. For instance, if you are going to do transaction using PayPal, then first you should confirm that there is an authorization icon of VeriSign Inc. in the browser’s URL bar. If it is not there then you are being trapped in phishing.

These flaws were recently discussed in recen OWASP conference, however looking to the seriousness of the matter nothing was disclosed. However, it was decided to inform vendors of web browsers to rectify the flwas. There is much more tough task ahead as it would take lots of time to correct the vulnerabilities in website platforms and the web browsers. But till then surf carefully and avoid clicking or visiting unknown websites which asks for your personal informations. You can install good web-antivirus such as McAfee and modern browsers like Firefox 3.x which warns you about malicious websites.