Hacker Attack P1

Chia sẻ: Tran Thach | Ngày: | Loại File: PDF | Số trang:30

0
118
lượt xem
54
download

Hacker Attack P1

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Ihope that this book is as much fun to read as it was to research and write. My goal was to cover all the major topics surrounding computer security: hackers, viruses, and the rapid erosion of personal privacy.

Chủ đề:
Lưu

Nội dung Text: Hacker Attack P1

  1. Hacker Attack
  2. Hacker Attack Richard Mansfield San Francisco Paris Düsseldorf Soest London
  3. Associate Publisher: Jordan Gold Contracts and Licensing Manager: Kristine O’Callaghan Acquisitions and Developmental Editor: Diane Lowery Editor: Malka Geffen Production Editor: Leslie E. H. Light Technical Editor: Michelle A. Roudebush Book Designer: Maureen Forys, Happenstance Type-O-Rama Electronic Publishing Specialist: Maureen Forys Proofreaders: Erika Donald, Nancy Riddiough, Laura Schattsneider Indexer: Nancy Guenther CD Technician: Keith McNeil CD Coordinator: Kara Eve Schwartz Cover Designer: Daniel Ziegler Cover Illustrator/Photographer: Daniel Ziegler/Corbis Images Copyright © 2000 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. The author(s) cre- ated reusable code in this publication expressly for reuse by readers. Sybex grants readers permission to reuse for any purpose the code found in this publication or its accompanying CD-ROM so long as Richard Mansfield is attributed in any application con- taining the reusable code and the code itself is never distributed, posted online by electronic transmission, sold or commercially exploited as a stand-alone product. Aside from this specific exception concerning reusable code, no part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, mag- netic, or other record, without the prior agreement and written permission of the publisher. Library of Congress Card Number: 00-106242 ISBN: 0-7821-2830-0 SYBEX and the SYBEX logo are trademarks of SYBEX Inc. in the USA and other countries. Screen reproductions produced with FullShot 99. FullShot 99 © 1991–1999 Inbit Incorporated. All rights reserved. FullShot is a trademark of Inbit Incorporated. TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any par- ticular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book. Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1
  4. Software License Agreement: Terms and Conditions The media and/or any online materials accompanying this book not available from SYBEX in any other form or media than that that are available now or in the future contain programs and/or enclosed herein or posted to www.sybex.com. If you discover a text files (the “Software”) to be used in connection with the book. defect in the media during this warranty period, you may obtain SYBEX hereby grants to you a license to use the Software, subject a replacement of identical format at no charge by sending the to the terms that follow. Your purchase, acceptance, or use of the defective media, postage prepaid, with proof of purchase to: Software will constitute your acceptance of such terms. The Software compilation is the property of SYBEX unless oth- SYBEX Inc. erwise indicated and is protected by copyright to SYBEX or other Customer Service Department copyright owner(s) as indicated in the media files (the “Owner(s)”). 1151 Marina Village Parkway You are hereby granted a single-user license to use the Software for Alameda, CA 94501 your personal, noncommercial use only. You may not reproduce, (510) 523-8233 sell, distribute, publish, circulate, or commercially exploit the Soft- Fax: (510) 523-2373 ware, or any portion thereof, without the written consent of e-mail: info@sybex.com SYBEX and the specific copyright owner(s) of any component WEB: HTTP://WWW.SYBEX.COM software included on this media. After the 90-day period, you can obtain replacement media of In the event that the Software or components include specific identical format by sending us the defective disk, proof of pur- license requirements or end-user agreements, statements of condi- chase, and a check or money order for $10, payable to SYBEX. tion, disclaimers, limitations or warranties (“End-User License”), those End-User Licenses supersede the terms and conditions Disclaimer herein as to that particular Software component. Your purchase, SYBEX makes no warranty or representation, either expressed or acceptance, or use of the Software will constitute your acceptance implied, with respect to the Software or its contents, quality, per- of such End-User Licenses. formance, merchantability, or fitness for a particular purpose. In no By purchase, use or acceptance of the Software you further agree event will SYBEX, its distributors, or dealers be liable to you or to comply with all export laws and regulations of the United States any other party for direct, indirect, special, incidental, consequen- as such laws and regulations may exist from time to time. tial, or other damages arising out of the use of or inability to use the Software or its contents even if advised of the possibility of Reusable Code in This Book such damage. In the event that the Software includes an online The authors created reusable code in this publication expressly for update feature, SYBEX further disclaims any obligation to pro- reuse for readers. Sybex grants readers permission to reuse for any vide this feature for any specific duration other than the initial purpose the code found in this publication or its accompanying posting. CD-ROM so long as all three authors are attributed in any appli- The exclusion of implied warranties is not permitted by some cation containing the reusable code, and the code itself is never states. Therefore, the above exclusion may not apply to you. This sold or commercially exploited as a stand-alone product. warranty provides you with specific legal rights; there may be other Software Support rights that you may have that vary from state to state. The pricing Components of the supplemental Software and any offers associ- of the book with the Software by SYBEX reflects the allocation of ated with them may be supported by the specific Owner(s) of that risk and limitations on liability contained in this agreement of material but they are not supported by SYBEX. Information Terms and Conditions. regarding any available support may be obtained from the Shareware Distribution Owner(s) using the information provided in the appropriate This Software may contain various programs that are distributed as read.me files or listed elsewhere on the media. shareware. Copyright laws apply to both shareware and ordinary Should the manufacturer(s) or other Owner(s) cease to offer commercial software, and the copyright Owner(s) retains all rights. support or decline to honor any offer, SYBEX bears no responsi- If you try a shareware program and continue using it, you are bility. This notice concerning support for the Software is provided expected to register it. Individual programs differ on details of trial for your information only. SYBEX is not the agent or principal of periods, registration, and payment. Please observe the requirements the Owner(s), and SYBEX is in no way responsible for providing stated in appropriate files. any support for the Software, nor is it liable or responsible for any support provided, or not provided, by the Owner(s). Copy Protection The Software in whole or in part may or may not be copy- Warranty protected or encrypted. However, in all cases, reselling or redis- SYBEX warrants the enclosed media to be free of physical defects tributing these files without authorization is expressly forbidden for a period of ninety (90) days after purchase. The Software is except as specifically provided for by the Owner(s) therein.
  5. This book is dedicated to the memory of James Carl Coward.
  6. Acknowledgments ditor Diane Lowery deserves the primary credit for bringing this book to life. E Not only is she a thoughtful acquisitions editor, she’s a most helpful develop- mental project editor—I find her suggestions uniformly wise. She was instru- mental in shaping the overall structure of this book as well as offering excellent advice on individual chapters. And it doesn’t hurt that she’s simply a pleasure to work with. Malka Geffen is another outstanding editor. She made many sensitive, useful recom- mendations throughout the book. I hope she’ll return to editing soon because authors who get to work with her are indeed lucky. Technical editor Michelle Roudebush asked for a double-check when my facts or con- clusions seemed suspect. These queries were, of course, quite worthwhile and prevented me more than once from embarrassing myself. I thank Production Editor Leslie Light for efficiently guiding this project through the production process—from edited manuscript to page layout, to galley proofs, then finally off to the printer. Not least, I would like to acknowledge Maureen Forys for her extraordinary and, I think, highly effective book design.
  7. Contents at a Glance Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Part 1 Hackers, Crackers, and Whackers . . . . . . . . . . . . . . . . . . . . . . . . . . 1 CHAPTER 1 Danger on the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 CHAPTER 2 Phone Phreaks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 CHAPTER 3 Hackers, Crackers, and Whackers . . . . . . . . . . . . . . . . . . . . . . 19 CHAPTER 4 Bypassing Passwords and Doing the Rat Dance . . . . . . . . . . . 31 CHAPTER 5 The Venus Flytrap and Other Anti-Hacks . . . . . . . . . . . . . . . 41 CHAPTER 6 Between a Rock and a Hard Place . . . . . . . . . . . . . . . . . . . . . . 49 CHAPTER 7 The Dangers of High-Speed Connections . . . . . . . . . . . . . . . . 59 CHAPTER 8 How to Protect Your Exposed Broadband . . . . . . . . . . . . . . . . 65 PART 2 Personal Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 CHAPTER 9 Internet Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 CHAPTER 10 The Elements of Cryptography . . . . . . . . . . . . . . . . . . . . . . . . 99 CHAPTER 11 The Great Leap Forward . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 CHAPTER 12 The Computer Steps In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 CHAPTER 13 Infinite Monkeys: Brute Force Attacks and Other Curiosities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 CHAPTER 14 DES: A Public Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 CHAPTER 15 Making Keys Public . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 CHAPTER 16 Electric Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 CHAPTER 17 Encryption Implementations in Windows 2000 . . . . . . . . . . 171 CHAPTER 18 Hiding Data in Photon Streams . . . . . . . . . . . . . . . . . . . . . . . 191 CHAPTER 19 The Perfect, Unbreakable Encryption System . . . . . . . . . . . . 201
  8. Contents at a Glance xi Part 3 Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 CHAPTER 20 The Great Worm Escapes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 CHAPTER 21 Logic Bombs, Worms, and Trojan Horses— The Varieties of Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 CHAPTER 22 How Melissa Changed the Rules . . . . . . . . . . . . . . . . . . . . . . 243 CHAPTER 23 Documents that Attack (and What You Can Do to Protect Yourself ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259 CHAPTER 24 Prevention, Detection, and Elimination . . . . . . . . . . . . . . . . 271 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
  9. Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi Part 1 Hackers, Crackers, and Whackers . . . . . . . . . . . . . . . . . . . . . . . . . . 1 CHAPTER 1 Danger on the Internet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Like Spiders to Flies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 I Know Where You Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Exploring the Three Windows Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Understanding Windows Internet Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 File Sharing Is a No-No . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Knocking at Your Own Door . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Testing Your Shields and Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 It’s Creepy When Your Personal Information Leaks . . . . . . . . . . . . . . . . . . 10 The Best Solutions to Hacker Probing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 CHAPTER 2 Phone Phreaks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Who Are Phone Phreaks? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Devilish Dialers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Beep Beep . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 CHAPTER 3 Hackers, Crackers, and Whackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 How to Tell a Whacker from a Hacker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Hackers with Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 How to Anonymously Send E-Mail or Newsgroup Messages . . . . . . . . . . . . . 24 Speaking of Spam: How to Get Rid of It . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Leave Out the E-Mail Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Disguising Your E-Mail Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
  10. Contents xiii Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 AOL Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Fight Back with These Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 One Further Warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 CHAPTER 4 Bypassing Passwords and Doing the Rat Dance . . . . . . . . . . . . . . . . . . . . . . . . 31 How Hackers Get In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Spoofing Around . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Hi, I’m New Here! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 The Faux Technician Scam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 The Problem with Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Opening the Mystery Briefcase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 The Rat Dance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 CHAPTER 5 The Venus Flytrap and Other Anti-Hacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Companies Fight Back . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Bait and Trace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Constant Vigilance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 The 10-Finger Interface Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Practical Solutions for Business . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Send in the Marines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Consider Insurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 The “Secure Walls Paradox” Revisited . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Thinking of All the Possibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 CHAPTER 6 Between a Rock and a Hard Place . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Steps toward a Secure Workplace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Reverse Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Develop and Maintain a Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Identity Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Tunnels, Virtual Privacy, and Other Ways to Authenticate Computer Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
  11. xiv Contents Firewalls for Every Need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Layer upon Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Security via Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Security through Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 CHAPTER 7 The Dangers of High-Speed Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 What to Do? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Can You Become a Zombie? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 CHAPTER 8 How to Protect Your Exposed Broadband . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Safety First . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 How to Attract Hackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Set Up a ZoneAlarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Lock ’Em Out Completely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Other Personal Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Test Yourself Right Now . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Watch Out for PWS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Are There Strangers in Your Computer? . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Try the Free Symantec Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Honeypots and Other Tactics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Try Shields Up! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 For Solid Information, See SANS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Not Your Ordinary Girl Scout Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Fighting the Cookie Monsters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 PART 2 Personal Privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 CHAPTER 9 Internet Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Cyber Spying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Tools of the Trade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
  12. Contents xv Fighting Back . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 P3P Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Disposable E-Mail Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Anonymous Remailers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 The Greatest Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Surfing in Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Private Surfing with Anonymizer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Confidentiality with Freedom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 They’re Also Watching Your Busy Fingers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Fighting Back . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Encryption Is a Powerful Defense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 CHAPTER 10 The Elements of Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Codes versus Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 An Ancient Perfection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 How to Crack Secret Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 People Use Tricks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 The Goal of Cryptology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 CHAPTER 11 The Great Leap Forward . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 The Celebrated Alberti . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 A Thought Experiment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Alberti’s Second Great Idea . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 A Useless Result . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Decryption Reverses the Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 The Kerckhoffs Superimposition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Constructing an Anti-Tableau . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 The Polyalphabet Crumbles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
  13. xvi Contents CHAPTER 12 The Computer Steps In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Speed and Perfect Accuracy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Some Common Computer Encryption Flaws . . . . . . . . . . . . . . . . . . . . . . . . . 124 Embedded Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Too Easy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Elementary Computer Ciphering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Employing a Built-in Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 A Fatal Flaw in XOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 CHAPTER 13 Infinite Monkeys: Brute Force Attacks and Other Curiosities . . . . . . . . . . . . 131 A Problem with XOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 A Fatal Flaw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 The Numeric Zero . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Password Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Extending Password Length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Saving Spaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 CHAPTER 14 DES: A Public Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Making It Public . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 What’s Really Strange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 How DES Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 The Technical Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Brute Deciphering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 CHAPTER 15 Making Keys Public . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Solving Old Problems with Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Put It in a Bag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Using a Key Distribution Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154 The Elegant RSA Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Profound Enciphering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
  14. Contents xvii Rising Ghosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Prime Numbers Just Don’t Have What Other Numbers Have . . . . . . . . 157 It’s Purely Mathematical . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 CHAPTER 16 Electric Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 RSA Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Non-Repudiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 Congress Gets Involved . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Concerns Arise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Identify Theft Is on the Rise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Combining RSA with DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 CHAPTER 17 Encryption Implementations in Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . 171 The Basics of SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 The Windows 2000 Encrypting File System . . . . . . . . . . . . . . . . . . . . . . . . . . 174 It’s Automatic and Transparent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 You Can Copy, Others Can’t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Backing Up Encrypted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175 Enciphering an Individual File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Enciphering a Folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 Securing Your Key and Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Importing a .PFX Certificate and Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 Secret Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190 CHAPTER 18 Hiding Data in Photon Streams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Atomic Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Every Possible Combination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193 Things Become Strange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
  15. xviii Contents Quantum Entanglement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 250 Qubits = 1 Universe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 But They Are Shy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Inside Quantum Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197 Alice, Bob, and Eve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 How Do You Send the Key? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 CHAPTER 19 The Perfect, Unbreakable Encryption System . . . . . . . . . . . . . . . . . . . . . . . . 201 One-time Pad Drawbacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 The Solution: Randomness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Watch Out for XOR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 Curiosities about RND . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 A Huge Pad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 The History of the Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Locating the First Position . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 A Statistically Flat Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Working the Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 The Heart of the Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 How to Use the ROP Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 A Practical Encryptor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 For Programmers Only . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Alternative Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Part 3 Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 CHAPTER 20 The Great Worm Escapes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 The $2 Million Joke . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226 The Great Worm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 The Psychic Damage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 The Little Program that Could . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 The Good Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
  16. Contents xix How It All Happened . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Insects Run Amok . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Counter Inoculation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 What Went Wrong . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 Foiled Again! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 CHAPTER 21 Logic Bombs, Worms, and Trojan Horses—The Varieties of Viruses . . . . . . 233 How Viruses Spread . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 Easter Eggs and Bombs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 A Couple of Harmless Eggs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 Going through the Back Door . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 How to Smoke a Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Trojan Horses: Never Trust a Greek Bearing Gifts . . . . . . . . . . . . . . . . . . . . . 241 Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 A Couple of Harmless Eggs, Part II . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 CHAPTER 22 How Melissa Changed the Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 How Melissa Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 A Relatively Benign Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 What It Does . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Propagation via Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 Safety Measures that No Longer Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 The Love Bug Becomes the Fastest-Spreading Virus Ever . . . . . . . . . . . . . . . 252 Protecting Yourself . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 Turn Off Visual Basic Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 A Final Warning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 CHAPTER 23 Documents that Attack (and What You Can Do to Protect Yourself ) . . . . . . 259 Word Can Never Hurt Me . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 The Greatest Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 Built-in Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
  17. xx Contents Constructing Your Own Macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 Automatic Triggering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265 Is Ordinary E-Mail Dangerous? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Modular Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267 Protecting Yourself against Infected Objects . . . . . . . . . . . . . . . . . . . . . . . 267 CHAPTER 24 Prevention, Detection, and Elimination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 The Threat Is Mainly Hype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 My Confession . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274 Even Michael Jackson Gets a Cold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 Your Best Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 What Anti-virus Utilities Do for You . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Scanning for Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Hiding in Plain Sight: The Virus Fights Back . . . . . . . . . . . . . . . . . . . . . 277 The Mata Hari Technique: Detection by Decoy . . . . . . . . . . . . . . . . . . . . 278 Interrupt Hooking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 Typical Scanning for File Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
Đồng bộ tài khoản