Avast is well known for their free antivirus software, but they've also expanded their product line to include Internet security software.
While it's certainly not a bad transition, avast Internet Security 2012 emerged only with average results during our tests. In fact, due to it's lackluster firewall, avast came in towards the end our list this year. Without a solid firewall, we can't consider avast an effective Internet security suite.
TOP FEATURES
Nice User Interface
Lite Resource Usage
Good Real-time Protection
On the plus side, avast has adequate real-time protection as well as decent scanning functions. Email protection and anti-phishing were only average, but they've got a nice user interface with plenty of easy-to-use settings. We just hope to see better performance to go along with those nice options in the future.
For overall Internet security, avast Internet Security 2012 isn't going to cut it this year. With a poor firewall, average real-time protection, and questionable technical support, we're forced to send avast to the back of the line.
secure etiketine sahip kayıtlar gösteriliyor. Tüm kayıtları göster
secure etiketine sahip kayıtlar gösteriliyor. Tüm kayıtları göster
20 Ekim 2011 Perşembe
BitDefender Internet Security 2012
BitDefender comes through again this year with another excellent antivirus software. BitDefender Internet Security 2012 continues to be that same great antivirus protection but with a new an improved user interface.
How well does BitDefender Internet Security 2012 actually protect your computer? Let's put it this way: all of the top testing labs in the world have given BitDefender high scores for excellent real-time antivirus protection, resource usage, and virus removal. They put BitDefender through the ringer, and it keeps coming up strong.
Our system resource tests showed BitDefender to be light to average when scanning your system. We found no significant system drain.
We like the new, clean user interface. It's much easier to use and find any information you need.
Customer service continues to be a problem with BitDefender, but they provide adequate self-help options that will satisfy most people.
Overall, BitDefender remains one of our top choices yet again this year. Why? It's light, it's easy to use. It's stable. And most importantly, it has one of the best records for protecting your computer against viruses and other malware.
How well does BitDefender Internet Security 2012 actually protect your computer? Let's put it this way: all of the top testing labs in the world have given BitDefender high scores for excellent real-time antivirus protection, resource usage, and virus removal. They put BitDefender through the ringer, and it keeps coming up strong.
Our system resource tests showed BitDefender to be light to average when scanning your system. We found no significant system drain.
We like the new, clean user interface. It's much easier to use and find any information you need.
Customer service continues to be a problem with BitDefender, but they provide adequate self-help options that will satisfy most people.
Overall, BitDefender remains one of our top choices yet again this year. Why? It's light, it's easy to use. It's stable. And most importantly, it has one of the best records for protecting your computer against viruses and other malware.
30 Eylül 2011 Cuma
What does digital citizenship mean to you?
Digital citizenship is usually defined as the "norms of behavior with regard to technology use." It encompasses digital literacy, ethics, etiquette, online safety, norms, rights, culture and more. Microsoft recognizes that good digital citizenship, when you use computers, gaming consoles, or mobile devices, promotes a safer online environment for all.
The visual whitepaper, "Fostering Digital Citizenship," discusses why digital citizenship matters and outlines the education young people need as they explore, learn, and essentially "grow-up" online. This paper also addresses the three types of risks you might encounter in online activities: Content, Contact, and Conduct.
Managing your online behavior and monitoring your reputation are important elements of good digital citizenship. Microsoft recently surveyed teen and parental attitudes, awareness of, and behaviors toward managing their online reputations.
Teens share considerably more information online than their parents and, as a result, expose themselves to more risk; they also feel more in control of their online reputations.
Teens believe the benefits of sharing information online outweigh the risks, with the exception of sharing a physical location.
Teens and parents worry about different things. Teens are most concerned about getting into college (57%), landing a job (52%,) and being embarrassed (42%). Parents worry about fraud (54%), being embarrassed (51%,) and career (43%).
The encouraging results suggest that American parents and teens are actively managing their online reputations—and with an eye toward good digital citizenship.
The visual whitepaper, "Fostering Digital Citizenship," discusses why digital citizenship matters and outlines the education young people need as they explore, learn, and essentially "grow-up" online. This paper also addresses the three types of risks you might encounter in online activities: Content, Contact, and Conduct.
Managing your online behavior and monitoring your reputation are important elements of good digital citizenship. Microsoft recently surveyed teen and parental attitudes, awareness of, and behaviors toward managing their online reputations.
Teens share considerably more information online than their parents and, as a result, expose themselves to more risk; they also feel more in control of their online reputations.
Teens believe the benefits of sharing information online outweigh the risks, with the exception of sharing a physical location.
Teens and parents worry about different things. Teens are most concerned about getting into college (57%), landing a job (52%,) and being embarrassed (42%). Parents worry about fraud (54%), being embarrassed (51%,) and career (43%).
The encouraging results suggest that American parents and teens are actively managing their online reputations—and with an eye toward good digital citizenship.
23 Eylül 2011 Cuma
What if my computer is infected?
Unfortunately, it may happen occasionally that the antivirus installed in your computer with its latest updates is incapable of detecting a new virus, worm or a Trojan. Sadly but true: no antivirus protection software gives you a 100% guarantee of complete security. If your computer does get infected, you need to determine the fact of infection, identify the infected file and send it to the vendor whose product missed the malicious program and failed to protect your computer.
However, users on their own are typically unable to detect that their computer got infected unless aided by antivirus solutions. Many worms and Trojans typically do not reveal their presence in any way. By way of exception, some Trojans do inform the user directly that their computer has been infected – they may encrypt the user’s personal files so as to demand a ransom for the decryption utility. However, a Trojan typically installs itself secretly in the system, often employs special disguising methods and also covertly does its activity. So, the fact of infection can be detected by indirect evidence only.
Symptoms of infection
An increase in the outgoing web traffic is the general indication of an infection; this applies to both individual computers and corporate networks. If no users are working in the Internet in a specific time period (e.g. at night), but the web traffic continues, this could mean that somebody or someone else is active on the system, and most probably that is a malicious activity. In a firewall is configured in the system, attempts by unknown applications to establish Internet connections may be indicative of an infection. Numerous advertisement windows popping up while visiting web-sites may signal that an adware in present in the system. If a computer freezes or crashes frequently, this may be also related to a malware activity. Such malfunctions are more often accounted for by hardware or software malfunctions rather than a virus activity. However, if similar symptoms simultaneously occur on multiple or numerous computers on the network, accompanied by a dramatic increase in the internal traffic, this is very likely caused by a network worm or a backdoor Trojan spreading across the network.
An infection may be also indirectly evidenced by non-computer related symptoms, such as bills for telephone calls that nobody made or SMS messages that nobody sent. Such facts may indicate that a phone Trojan is active in the computer or the cell phone. If unauthorized access has been gained to your personal bank account or your credit card has bee used without your authorization, this may signal that a spyware has intruded into your system.
However, users on their own are typically unable to detect that their computer got infected unless aided by antivirus solutions. Many worms and Trojans typically do not reveal their presence in any way. By way of exception, some Trojans do inform the user directly that their computer has been infected – they may encrypt the user’s personal files so as to demand a ransom for the decryption utility. However, a Trojan typically installs itself secretly in the system, often employs special disguising methods and also covertly does its activity. So, the fact of infection can be detected by indirect evidence only.
Symptoms of infection
An increase in the outgoing web traffic is the general indication of an infection; this applies to both individual computers and corporate networks. If no users are working in the Internet in a specific time period (e.g. at night), but the web traffic continues, this could mean that somebody or someone else is active on the system, and most probably that is a malicious activity. In a firewall is configured in the system, attempts by unknown applications to establish Internet connections may be indicative of an infection. Numerous advertisement windows popping up while visiting web-sites may signal that an adware in present in the system. If a computer freezes or crashes frequently, this may be also related to a malware activity. Such malfunctions are more often accounted for by hardware or software malfunctions rather than a virus activity. However, if similar symptoms simultaneously occur on multiple or numerous computers on the network, accompanied by a dramatic increase in the internal traffic, this is very likely caused by a network worm or a backdoor Trojan spreading across the network.
An infection may be also indirectly evidenced by non-computer related symptoms, such as bills for telephone calls that nobody made or SMS messages that nobody sent. Such facts may indicate that a phone Trojan is active in the computer or the cell phone. If unauthorized access has been gained to your personal bank account or your credit card has bee used without your authorization, this may signal that a spyware has intruded into your system.
20 Eylül 2011 Salı
Famous Hackers
Steve Jobs and Steve Wozniak, founders of Apple Computers, are both hackers. Some of their early exploits even resemble the questionable activities of some malicious hackers. However, both Jobs and Wozniak outgrew their malicious behavior and began concentrating on creating computer hardware and software. Their efforts helped usher in the age of the personal computer -- before Apple, computer systems remained the property of large corporations, too expensive and cumbersome for average consumers.
Linus Torvalds, creator of Linux, is another famous honest hacker. His open source operating system is very popular with other hackers. He has helped promote the concept of open source software, showing that when you open information up to everyone, you can reap amazing benefits.
Richard Stallman, also known as "rms," founded the GNU Project, a free operating system. He promotes the concept of free software and computer access. He works with organizations like the Free Software Foundation and opposes policies like Digital Rights Management.
On the other end of the spectrum are the black hats of the hacking world. At the age of 16, Jonathan James became the first juvenile hacker to get sent to prison. He committed computer intrusions on some very high-profile victims, including NASA and a Defense Threat Reduction Agency server. Online, Jonathan used the nickname (called a handle) "c0mrade." Originally sentenced to house arrest, James was sent to prison when he violated parole.
Kevin Mitnick
Greg Finley/Getty Images
Hacker Kevin Mitnick, newly released from the Federal Correctional Institution in Lompoc, California.
Kevin Mitnick gained notoriety in the 1980s as a hacker who allegedly broke into the North American Aerospace Defense Command (NORAD) when he was 17 years old. Mitnick's reputation seemed to grow with every retelling of his exploits, eventually leading to the rumor that Mitnick had made the FBI's Most Wanted list. In reality, Mitnick was arrested several times for hacking into secure systems, usually to gain access to powerful computer software.
Kevin Poulsen, or Dark Dante, specialized in hacking phone systems. He's famous for hacking the phones of a radio station called KIIS-FM. Poulsen's hack allowed only calls originating from his house to make it through to the station, allowing him to win in various radio contests. Since then, he has turned over a new leaf, and now he's famous for being a senior editor at Wired magazine.
Adrian Lamo hacked into computer systems using computers at libraries and Internet cafes. He would explore high-profile systems for security flaws, exploit the flaws to hack into the system, and then send a message to the corresponding company, letting them know about the security flaw. Unfortunately for Lamo, he was doing this on his own time rather than as a paid consultant -- his activities were illegal. He also snooped around a lot, reading sensitive information and giving himself access to confidential material. He was caught after breaking into the computer system belonging to the New York Times.
It's likely that there are thousands of hackers active online today, but an accurate count is impossible. Many hackers don't really know what they are doing -- they're just using dangerous tools they don't completely understand. Others know what they're doing so well that they can slip in and out of systems without anyone ever knowing.
Linus Torvalds, creator of Linux, is another famous honest hacker. His open source operating system is very popular with other hackers. He has helped promote the concept of open source software, showing that when you open information up to everyone, you can reap amazing benefits.
Richard Stallman, also known as "rms," founded the GNU Project, a free operating system. He promotes the concept of free software and computer access. He works with organizations like the Free Software Foundation and opposes policies like Digital Rights Management.
On the other end of the spectrum are the black hats of the hacking world. At the age of 16, Jonathan James became the first juvenile hacker to get sent to prison. He committed computer intrusions on some very high-profile victims, including NASA and a Defense Threat Reduction Agency server. Online, Jonathan used the nickname (called a handle) "c0mrade." Originally sentenced to house arrest, James was sent to prison when he violated parole.
Kevin Mitnick
Greg Finley/Getty Images
Hacker Kevin Mitnick, newly released from the Federal Correctional Institution in Lompoc, California.
Kevin Mitnick gained notoriety in the 1980s as a hacker who allegedly broke into the North American Aerospace Defense Command (NORAD) when he was 17 years old. Mitnick's reputation seemed to grow with every retelling of his exploits, eventually leading to the rumor that Mitnick had made the FBI's Most Wanted list. In reality, Mitnick was arrested several times for hacking into secure systems, usually to gain access to powerful computer software.
Kevin Poulsen, or Dark Dante, specialized in hacking phone systems. He's famous for hacking the phones of a radio station called KIIS-FM. Poulsen's hack allowed only calls originating from his house to make it through to the station, allowing him to win in various radio contests. Since then, he has turned over a new leaf, and now he's famous for being a senior editor at Wired magazine.
Adrian Lamo hacked into computer systems using computers at libraries and Internet cafes. He would explore high-profile systems for security flaws, exploit the flaws to hack into the system, and then send a message to the corresponding company, letting them know about the security flaw. Unfortunately for Lamo, he was doing this on his own time rather than as a paid consultant -- his activities were illegal. He also snooped around a lot, reading sensitive information and giving himself access to confidential material. He was caught after breaking into the computer system belonging to the New York Times.
It's likely that there are thousands of hackers active online today, but an accurate count is impossible. Many hackers don't really know what they are doing -- they're just using dangerous tools they don't completely understand. Others know what they're doing so well that they can slip in and out of systems without anyone ever knowing.
Hackers and the Law
In general, most governments aren't too crazy about hackers. Hackers' ability to slip in and out of computers undetected, stealing classified information when it amuses them, is enough to give a government official a nightmare. Secret information, or intelligence, is incredibly important. Many government agents won't take the time to differentiate between a curious hacker who wants to test his skills on an advanced security system and a spy.
Laws reflect this attitude. In the United States, there are several laws forbidding the practice of hacking. Some, like 18 U.S.C. § 1029, concentrate on the creation, distribution and use of codes and devices that give hackers unauthorized access to computer systems. The language of the law only specifies using or creating such a device with the intent to defraud, so an accused hacker could argue he just used the devices to learn how security systems worked.
Another important law is 18 U.S.C. § 1030, part of which forbids unauthorized access to government computers. Even if a hacker just wants to get into the system, he or she could be breaking the law and be punished for accessing a nonpublic government computer [Source: U.S. Department of Justice].
Punishments range from hefty fines to jail time. Minor offenses may earn a hacker as little as six months' probation, while other offenses can result in a maximum sentence of 20 years in jail. One formula on the Department of Justice's Web page factors in the financial damage a hacker causes, added to the number of his victims to determine an appropriate punishment [Source: U.S. Department of Justice].
Hacking a Living
Hackers who obey the law can make a good living. Several companies hire hackers to test their security systems for flaws. Hackers can also make their fortunes by creating useful programs and applications, like Stanford University students Larry Page and Sergey Brin. Page and Brin worked together to create a search engine they eventually named Google. Today, they are tied for 26th place on Forbes' list of the world's most wealthy billionaires [source: Forbes].
Other countries have similar laws, some much more vague than legislation in the U.S. A recent German law forbids possession of "hacker tools." Critics say that the law is too broad and that many legitimate applications fall under its vague definition of hacker tools. Some point out that under this legislation, companies would be breaking the law if they hired hackers to look for flaws in their security systems [source: IDG News Service].
Hackers can commit crimes in one country while sitting comfortably in front of their computers on the other side of the world. Therefore, prosecuting a hacker is a complicated process. Law enforcement officials have to petition countries to extradite suspects in order to hold a trial, and this process can take years. One famous case is the United States' indictment of hacker Gary McKinnon. Since 2002, McKinnon fought extradition charges to the U.S. for hacking into the Department of Defense and NASA computer systems. McKinnon, who hacked from the United Kingdom, defended himself by claiming that he merely pointed out flaws in important security systems. In April 2007, his battle against extradition came to an end when the British courts denied his appeal [Source: BBC News].
In the next section, we'll look at some famous and notorious hackers.
Laws reflect this attitude. In the United States, there are several laws forbidding the practice of hacking. Some, like 18 U.S.C. § 1029, concentrate on the creation, distribution and use of codes and devices that give hackers unauthorized access to computer systems. The language of the law only specifies using or creating such a device with the intent to defraud, so an accused hacker could argue he just used the devices to learn how security systems worked.
Another important law is 18 U.S.C. § 1030, part of which forbids unauthorized access to government computers. Even if a hacker just wants to get into the system, he or she could be breaking the law and be punished for accessing a nonpublic government computer [Source: U.S. Department of Justice].
Punishments range from hefty fines to jail time. Minor offenses may earn a hacker as little as six months' probation, while other offenses can result in a maximum sentence of 20 years in jail. One formula on the Department of Justice's Web page factors in the financial damage a hacker causes, added to the number of his victims to determine an appropriate punishment [Source: U.S. Department of Justice].
Hacking a Living
Hackers who obey the law can make a good living. Several companies hire hackers to test their security systems for flaws. Hackers can also make their fortunes by creating useful programs and applications, like Stanford University students Larry Page and Sergey Brin. Page and Brin worked together to create a search engine they eventually named Google. Today, they are tied for 26th place on Forbes' list of the world's most wealthy billionaires [source: Forbes].
Other countries have similar laws, some much more vague than legislation in the U.S. A recent German law forbids possession of "hacker tools." Critics say that the law is too broad and that many legitimate applications fall under its vague definition of hacker tools. Some point out that under this legislation, companies would be breaking the law if they hired hackers to look for flaws in their security systems [source: IDG News Service].
Hackers can commit crimes in one country while sitting comfortably in front of their computers on the other side of the world. Therefore, prosecuting a hacker is a complicated process. Law enforcement officials have to petition countries to extradite suspects in order to hold a trial, and this process can take years. One famous case is the United States' indictment of hacker Gary McKinnon. Since 2002, McKinnon fought extradition charges to the U.S. for hacking into the Department of Defense and NASA computer systems. McKinnon, who hacked from the United Kingdom, defended himself by claiming that he merely pointed out flaws in important security systems. In April 2007, his battle against extradition came to an end when the British courts denied his appeal [Source: BBC News].
In the next section, we'll look at some famous and notorious hackers.
Hacker Culture
Individually, many hackers are antisocial. Their intense interest in computers and programming can become a communication barrier. Left to his or her own devices, a hacker can spend hours working on a computer program while neglecting everything else.
Computer networks gave hackers a way to associate with other people with their same interests. Before the Internet became easily accessible, hackers would set up and visit bulletin board systems (BBS). A hacker could host a bulletin board system on his or her computer and let people dial into the system to send messages, share information, play games and download programs. As hackers found one another, information exchanges increased dramatically.
Some hackers posted their accomplishments on a BBS, boasting about infiltrating secure systems. Often they would upload a document from their victims' databases to prove their claims. By the early 1990s, law enforcement officials considered hackers an enormous security threat. There seemed to be hundreds of people who could hack into the world's most secure systems at will [source: Sterling].
There are many Web sites dedicated to hacking. The hacker journal "2600: The Hacker Quarterly" has its own site, complete with a live broadcast section dedicated to hacker topics. The print version is still available on newsstands. Web sites like Hacker.org promote learning and include puzzles and competitions for hackers to test their skills.
When caught -- either by law enforcement or corporations -- some hackers admit that they could have caused massive problems. Most hackers don't want to cause trouble; instead, they hack into systems just because they wanted to know how the systems work. To a hacker, a secure system is like Mt. Everest -- he or she infiltrates it for the sheer challenge. In the United States, a hacker can get into trouble for just entering a system. The Computer Fraud and Abuse Act outlaws unauthorized access to computer systems [source: Hacking Laws].
Hackers and Crackers
Many computer programmers insist that the word "hacker" applies only to law-abiding enthusiasts who help create programs and applications or improve computer security. Anyone using his or her skills maliciously isn't a hacker at all, but a cracker.
Crackers infiltrate systems and cause mischief, or worse. Unfortunately, most people outside the hacker community use the word as a negative term because they don't understand the distinction between hackers and crackers.
Not all hackers try to explore forbidden computer systems. Some use their talents and knowledge to create better software and security measures. In fact, many hackers who once used their skills to break into systems now put that knowledge and ingenuity to use by creating more comprehensive security measures. In a way, the Internet is a battleground between different kinds of hackers -- the bad guys, or black hats, who try to infiltrate systems or spread viruses, and the good guys, or white hats, who bolster security systems and develop powerful virus protection software.
Hackers on both sides overwhelmingly support open source software, programs in which the source code is available for anyone to study, copy, distribute and modify. With open source software, hackers can learn from other hackers' experiences and help make programs work better than they did before. Programs might range from simple applications to complex operating systems like Linux.
There are several annual hacker events, most of which promote responsible behavior. A yearly convention in Las Vegas called DEFCON sees thousands of attendees gather to exchange programs, compete in contests, participate in panel discussions about hacking and computer development and generally promote the pursuit of satisfying curiosity. A similar event called the Chaos Communication Camp combines low-tech living arrangements -- most attendees stay in tents -- and high-tech conversation and activities.
In the next section, we'll learn about hackers and legal issues
Computer networks gave hackers a way to associate with other people with their same interests. Before the Internet became easily accessible, hackers would set up and visit bulletin board systems (BBS). A hacker could host a bulletin board system on his or her computer and let people dial into the system to send messages, share information, play games and download programs. As hackers found one another, information exchanges increased dramatically.
Some hackers posted their accomplishments on a BBS, boasting about infiltrating secure systems. Often they would upload a document from their victims' databases to prove their claims. By the early 1990s, law enforcement officials considered hackers an enormous security threat. There seemed to be hundreds of people who could hack into the world's most secure systems at will [source: Sterling].
There are many Web sites dedicated to hacking. The hacker journal "2600: The Hacker Quarterly" has its own site, complete with a live broadcast section dedicated to hacker topics. The print version is still available on newsstands. Web sites like Hacker.org promote learning and include puzzles and competitions for hackers to test their skills.
When caught -- either by law enforcement or corporations -- some hackers admit that they could have caused massive problems. Most hackers don't want to cause trouble; instead, they hack into systems just because they wanted to know how the systems work. To a hacker, a secure system is like Mt. Everest -- he or she infiltrates it for the sheer challenge. In the United States, a hacker can get into trouble for just entering a system. The Computer Fraud and Abuse Act outlaws unauthorized access to computer systems [source: Hacking Laws].
Hackers and Crackers
Many computer programmers insist that the word "hacker" applies only to law-abiding enthusiasts who help create programs and applications or improve computer security. Anyone using his or her skills maliciously isn't a hacker at all, but a cracker.
Crackers infiltrate systems and cause mischief, or worse. Unfortunately, most people outside the hacker community use the word as a negative term because they don't understand the distinction between hackers and crackers.
Not all hackers try to explore forbidden computer systems. Some use their talents and knowledge to create better software and security measures. In fact, many hackers who once used their skills to break into systems now put that knowledge and ingenuity to use by creating more comprehensive security measures. In a way, the Internet is a battleground between different kinds of hackers -- the bad guys, or black hats, who try to infiltrate systems or spread viruses, and the good guys, or white hats, who bolster security systems and develop powerful virus protection software.
Hackers on both sides overwhelmingly support open source software, programs in which the source code is available for anyone to study, copy, distribute and modify. With open source software, hackers can learn from other hackers' experiences and help make programs work better than they did before. Programs might range from simple applications to complex operating systems like Linux.
There are several annual hacker events, most of which promote responsible behavior. A yearly convention in Las Vegas called DEFCON sees thousands of attendees gather to exchange programs, compete in contests, participate in panel discussions about hacking and computer development and generally promote the pursuit of satisfying curiosity. A similar event called the Chaos Communication Camp combines low-tech living arrangements -- most attendees stay in tents -- and high-tech conversation and activities.
In the next section, we'll learn about hackers and legal issues
The Hacker Toolbox
The main resource hackers rely upon, apart from their own ingenuity, is computer code. While there is a large community of hackers on the Internet, only a relatively small number of hackers actually program code. Many hackers seek out and download code written by other people. There are thousands of different programs hackers use to explore computers and networks. These programs give hackers a lot of power over innocent users and organizations -- once a skilled hacker knows how a system works, he can design programs that exploit it.
Malicious hackers use programs to:
Log keystrokes: Some programs allow hackers to review every keystroke a computer user makes. Once installed on a victim's computer, the programs record each keystroke, giving the hacker everything he needs to infiltrate a system or even steal someone's identity.
Hack passwords: There are many ways to hack someone's password, from educated guesses to simple algorithms that generate combinations of letters, numbers and symbols. The trial and error method of hacking passwords is called a brute force attack, meaning the hacker tries to generate every possible combination to gain access. Another way to hack passwords is to use a dictionary attack, a program that inserts common words into password fields.
Infect a computer or system with a virus: Computer viruses are programs designed to duplicate themselves and cause problems ranging from crashing a computer to wiping out everything on a system's hard drive. A hacker might install a virus by infiltrating a system, but it's much more common for hackers to create simple viruses and send them out to potential victims via email, instant messages, Web sites with downloadable content or peer-to-peer networks.
Gain backdoor access: Similar to hacking passwords, some hackers create programs that search for unprotected pathways into network systems and computers. In the early days of the Internet, many computer systems had limited security, making it possible for a hacker to find a pathway into the system without a username or password. Another way a hacker might gain backdoor access is to infect a computer or system with a Trojan horse.
Create zombie computers: A zombie computer, or bot, is a computer that a hacker can use to send spam or commit Distributed Denial of Service (DDoS) attacks. After a victim executes seemingly innocent code, a connection opens between his computer and the hacker's system. The hacker can secretly control the victim's computer, using it to commit crimes or spread spam.
Spy on e-mail: Hackers have created code that lets them intercept and read e-mail messages -- the Internet's equivalent to wiretapping. Today, most e-mail programs use encryption formulas so complex that even if a hacker intercepts the message, he won't be able to read it.
In the next section, we'll get a glimpse into hacker culture.
Malicious hackers use programs to:
Log keystrokes: Some programs allow hackers to review every keystroke a computer user makes. Once installed on a victim's computer, the programs record each keystroke, giving the hacker everything he needs to infiltrate a system or even steal someone's identity.
Hack passwords: There are many ways to hack someone's password, from educated guesses to simple algorithms that generate combinations of letters, numbers and symbols. The trial and error method of hacking passwords is called a brute force attack, meaning the hacker tries to generate every possible combination to gain access. Another way to hack passwords is to use a dictionary attack, a program that inserts common words into password fields.
Infect a computer or system with a virus: Computer viruses are programs designed to duplicate themselves and cause problems ranging from crashing a computer to wiping out everything on a system's hard drive. A hacker might install a virus by infiltrating a system, but it's much more common for hackers to create simple viruses and send them out to potential victims via email, instant messages, Web sites with downloadable content or peer-to-peer networks.
Gain backdoor access: Similar to hacking passwords, some hackers create programs that search for unprotected pathways into network systems and computers. In the early days of the Internet, many computer systems had limited security, making it possible for a hacker to find a pathway into the system without a username or password. Another way a hacker might gain backdoor access is to infect a computer or system with a Trojan horse.
Create zombie computers: A zombie computer, or bot, is a computer that a hacker can use to send spam or commit Distributed Denial of Service (DDoS) attacks. After a victim executes seemingly innocent code, a connection opens between his computer and the hacker's system. The hacker can secretly control the victim's computer, using it to commit crimes or spread spam.
Spy on e-mail: Hackers have created code that lets them intercept and read e-mail messages -- the Internet's equivalent to wiretapping. Today, most e-mail programs use encryption formulas so complex that even if a hacker intercepts the message, he won't be able to read it.
In the next section, we'll get a glimpse into hacker culture.
cryptographic technology
Our work in cryptography is making an impact within and outside the Federal government. Strong cryptography improves the security of systems and the information they process. IT users also enjoy the enhanced availability in the marketplace of secure applications through cryptography, Public Key Infrastructure (PKI), and e-authentication. Work in this area addresses such topics as secret and public key cryptographic techniques, advanced authentication systems, cryptographic protocols and interfaces, public key certificate management, biometrics, smart tokens, cryptographic key escrowing, and security architectures. This year, the work called for in the Homeland Security Presidential Directive 12 (HSPD-12) has continued. A few examples of the impact this work has had include changes to Federal employee identification methods, how users authenticate their identity when needing government services online, and the technical aspects of passports issued to U.S. citizens.
CSD collaborates with a number of national and international agencies and standards bodies to develop secure, interoperable security standards. Federal agency collaborators include the Department of Energy, the Department of State, the National Security Agency (NSA), and the Communications Security Establishment of Canada, while national and international standards bodies include the American Standards Committee (ASC) X9 (financial industry standards), the International Organization for Standardization (ISO), the Institute of Electrical and Electronic Engineers (IEEE) and the Internet Engineering Task Force (IETF). Industry collaborators include BC5 Technologies, Certicom, Entrust Technologies, Hewlett Packard, InfoGard, Microsoft, NTRU, Pitney Bowes, RSA Security, Spyrus, and Wells Fargo.
CSD collaborates with a number of national and international agencies and standards bodies to develop secure, interoperable security standards. Federal agency collaborators include the Department of Energy, the Department of State, the National Security Agency (NSA), and the Communications Security Establishment of Canada, while national and international standards bodies include the American Standards Committee (ASC) X9 (financial industry standards), the International Organization for Standardization (ISO), the Institute of Electrical and Electronic Engineers (IEEE) and the Internet Engineering Task Force (IETF). Industry collaborators include BC5 Technologies, Certicom, Entrust Technologies, Hewlett Packard, InfoGard, Microsoft, NTRU, Pitney Bowes, RSA Security, Spyrus, and Wells Fargo.
16 Eylül 2011 Cuma
Applications
Computer security is critical in almost any technology-driven industry which operates on computer systems. Computer security can also be referred to as computer safety. The issues of computer based systems and addressing their countless vulnerabilities are an integral part of maintaining an operational industry.
Cloud computing security
Security in the cloud is challenging[citation needed], due to varied degree of security features and management schemes within the cloud entitites. In this connection one logical protocol base need to evolve so that the entire gamet of components operates synchronously and securely.
Aviation
The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transportation infrastructure. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.
The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or well funded; for a power outage at an airport alone can cause repercussions worldwide. One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past.Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radar's sight controllers must rely on periodic radio communications with a third party.
Lightning, power fluctuations, surges, brown-outs, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on an electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.
Notable system accidents
In 1994, over a hundred intrusions were made by unidentified crackers into the Rome Laboratory, the US Air Force's main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome's networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user.
Cloud computing security
Security in the cloud is challenging[citation needed], due to varied degree of security features and management schemes within the cloud entitites. In this connection one logical protocol base need to evolve so that the entire gamet of components operates synchronously and securely.
Aviation
The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transportation infrastructure. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error.
The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.
A proper attack does not need to be very high tech or well funded; for a power outage at an airport alone can cause repercussions worldwide. One of the easiest and, arguably, the most difficult to trace security vulnerabilities is achievable by transmitting unauthorized communications over specific radio frequencies. These transmissions may spoof air traffic controllers or simply disrupt communications altogether. These incidents are very common, having altered flight courses of commercial aircraft and caused panic and confusion in the past.Controlling aircraft over oceans is especially dangerous because radar surveillance only extends 175 to 225 miles offshore. Beyond the radar's sight controllers must rely on periodic radio communications with a third party.
Lightning, power fluctuations, surges, brown-outs, blown fuses, and various other power outages instantly disable all computer systems, since they are dependent on an electrical source. Other accidental and intentional faults have caused significant disruption of safety critical systems throughout the last few decades and dependence on reliable communication and electrical power only jeopardizes computer safety.
Notable system accidents
In 1994, over a hundred intrusions were made by unidentified crackers into the Rome Laboratory, the US Air Force's main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome's networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user.
Secure coding
If the operating environment is not based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a 'low security' category because they rely on features not supported by secure operating systems (like portability, and others). In low security operating environments, applications must be relied on to participate in their own protection. There are 'best effort' secure coding practices that can be followed to make an application more resistant to malicious subversion.
In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. It is to be immediately noted that all of the foregoing are specific instances of a general class of attacks, where situations in which putative "data" actually contains implicit or explicit, executable instructions are cleverly exploited.
Some common languages such as C and C++ are vulnerable to all of these defects (see Seacord, "Secure Coding in C and C++"). Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion.
Recently another bad coding practice has come under scrutiny; dangling pointers. The first known exploit for this particular problem was presented in July 2007. Before this publication the problem was known but considered to be academic and not practically exploitable.
Unfortunately, there is no theoretical model of "secure coding" practices, nor is one practically achievable, insofar as the code (ideally, read-only) and data (generally read/write) is
In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. It is to be immediately noted that all of the foregoing are specific instances of a general class of attacks, where situations in which putative "data" actually contains implicit or explicit, executable instructions are cleverly exploited.
Some common languages such as C and C++ are vulnerable to all of these defects (see Seacord, "Secure Coding in C and C++"). Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion.
Recently another bad coding practice has come under scrutiny; dangling pointers. The first known exploit for this particular problem was presented in July 2007. Before this publication the problem was known but considered to be academic and not practically exploitable.
Unfortunately, there is no theoretical model of "secure coding" practices, nor is one practically achievable, insofar as the code (ideally, read-only) and data (generally read/write) is
Kaydol:
Kayıtlar (Atom)