Nt1310 Unit 1 Research Paper
Identify Risks, Threats, and Vulnerabilities of Social Networks and Web Applications
By
BARRY S KREMBS II
February 2013
Certification Statement
Title of Assignment: Identify Risks, Threats, and Vulnerabilities of Social Networks and Web Applications
CERTIFICATION OF AUTHORSHIP: I certify that I am the author of this paper/project and that any assistance I received in its preparation is fully acknowledged and disclosed in the paper.
I have also cited any sources from which I used data, ideas, or words, either quoted directly or paraphrased. I also certify that this paper/project was prepared by me specifically for this course.
Student Signature (electronic) Barry S Krembs II
ABSTRACT While Social Media and Web Services …show more content…
are a part of life and an everyday occurrence, it is obvious that the threats of using these avenues, wrought with danger and only the most diligent observation prevents a system from being compromised if it is a target. Zero-Day exploits, Session Hacking, Email takeovers, “Botnets” have become a way of life, and dealing with these is critical to maintaining control of your computer. Cybercrime evolved from a take of one billion dollars in 2007 to over one trillion dollars in 2009 (Imperva, 2010). Consider that it is quadruple that now and that no one is safe, not even Presidents or Presidential Candidates. The Bamital botnet took over one million dollars a year and controlled hundreds of thousands of computers before it was taken down by Microsoft and Symantec last week (Finkle, 2013) “The most critical thing is that you have people looking, watching and using their brain.” Stated by Ryan Barnett, Director of application security research in 2010 (Westervelt, 2010). It is imperative that Web Applications have firewalls and that these are providing the basic protection from Technical Web Attacks, Business Logic Threats, Online Fraud, Network Security, and understand how these Firewalls are Strategic for Business (Imperva, 2012a).
Project Scope While Social Media and Web Services are a part of life and an everyday occurrence, it is obvious that the threats of using these avenues, wrought with danger and only the most diligent observation prevents a system from being compromised if it is a target. Zero-Day exploits, Session Hacking, Email takeovers, “Botnets” have become a way of life, and dealing with these is critical to maintaining control of your computer. Cybercrime evolved from a take of one billion dollars in 2007 to over one trillion dollars in 2009 (Imperva, 2010). Attackers design malicious applications using free interfaces with social media and injecting their own codes into places that have loopholes and errors (Westervelt, 2010).
Zero-Day Exploits These exploits take advantage of vulnerabilities that the software vender does not know about let alone prevent.
Hackers formulate different variations of Malware to take advantage of these areas before the Developers can patch and protect against these vulnerabilities (Wikipedia, 2013). Oracle’s Java is an example of an application that is vulnerable. Their latest patch JAVA 7 Update 11 is in place to prevent up to fifty of these vulnerabilities as it just recently experienced some of these exploits. Many users are disabling this application in a Browser setting, likening it to “Kissing a black rat, in London, during the plague.” As stated in the Inquirer (Neal, …show more content…
2013).
Session Hacking Recently, there has been an increase in the hijacking of sessions and thus causing a Hacker the ability to take over a User’s session while they are ordering something and being able to continue transactions on a vulnerable Web application.
These transactions are resulting in the exploitation of resources of the Web site and of the Credit Card Providers for these users after the User’s reaches their responsible percentage quickly. The Hacker uses their methods to exploit found vulnerabilities or have a User click on an application that allows them to take control undetected while the user continues their shopping. Once the User signs off and leaves the transaction it supposedly closes its session, the Hacker suspends the transaction until the coast is clear and then continues undetected, (Imperva, 2012b).
E-Mail Takeover Emails can be hacked by various methods, and no one is immune. Recently even Presidents G.H. and G.W. Bush have had their emails hacked and information downloaded (Kim, 2013), (Rumors, 2013). By using different methods and the internet, Hackers are using Social Engineering, Google Hacking and Workplace Sabotage from a disgruntled former employee or ones who feels that they have an injustice done to them and are motivated for revenge (Link, 2013).
Botnets A Botnet is a Server system under Hacker control and takes over a computer without the user’s knowledge. Once a User clicks on a posting or application for a regularly used item on the Web that is infected, a hidden code injects an application into their computer. It then clicks on pay per click ads that they charge to companies for each click. These Botnets can cause these actions completely unaware by the User, passes this on to their email contacts, and networks accessed (Finkle, 2013).
Web Securities Taking into consideration of the recent past, it is imperative that Web Applications have firewalls and that these are providing the basic protection from Technical Web Attacks, Business Logic Threats, Online Fraud, Network Security, and understand how these Firewalls are Strategic for Business (Imperva, 2012a). They have to provide at least these ten things to ensure the safety of a business firewall. They have to understand the protection layer of a given application. They have to stay ahead of the Hackers that are trying to defeat them. They have to include an Analytic Engine that will thwart Hackers in their attempts. With the use of automation and repeated attacks, they have to be able to recognize and stop these before they do damage. They have to recognize the difference between a client and a malicious attack. Patch vulnerabilities upon discovery and do this while running the application in a virtual environment for security reasons. Stopping these Malware attacks is critical to a business environment. Protection against payment and online account fraud is vital. Real time support and the ability to run in the Cloud are crucial to functionality. Finally, the ability to automate policies and deployments when seconds count is the difference in continuing to function as a business (Imperva, 2012a).
Conclusion While Social Media and Web Services are a part of life and an everyday occurrence, it is obvious that the threats of using these avenues, wrought with danger and only the most diligent observation prevents a system from being compromised if it is a target. The only protection out there is knowledge of the possibilities that are against you. We see how Zero-Day exploits, Session Hacking, Email takeovers, “Botnets” have become a way of life, and dealing with these is critical to maintaining control of your computer. Cybercrime evolved from a take of one billion dollars in 2007 to over one trillion dollars in 2009 (Imperva, 2010). Consider that the stakes are quadruple that now and that no one is safe, not even Presidents G.H. and G. W. Bush or Presidential Candidates such as Sarah Palin are proof that they are out there and ready to strike if the target is good. The Hacking industry has moved its focus from breaking perimeter defenses into a more lucrative business of going after data and the financial avenues associated with it (Imperva, 2013). Protection systems with frequent updates are critical more now days than ever. Microsoft and Symantec are doing it one-step further and offering to remove the Malware from these computers that are under control. The User receives a message that states, “You have reached this website because your computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer.” Microsoft has taken down Botnets six times now since 2010 (Finkle, 2013). “The most critical thing is that you have people looking, watching and using their brain.” Stated by Ryan Barnett, Director of application security research in 2010 (Westervelt, 2010).
You should update your Java as often as it is available due to vulnerabilities. If you want to and I do suggest it, you can disable Java by using the Control Panel in your computer and enable it only when you need it. Ever since Update 10 from Java, there is, a checkbox titled “Enable Java content in the browser.” Check out this reference if you need it for other browsers to function (Rubenking, 2013).
References
Imperva. (2010). The industrialization of hacking. Retrieved from http://www.imperva.com/docs/WP_Industrialization_of_Hacking.pdf
Finkle, J. (2013, February 07). Exclusive: Microsoft and symantec disrupt cyber crime ring. Retrieved from http://news.yahoo.com/exclusive-software-makers-disrupt-cyber-ring-halt-searches-201207523--finance.html?.tsrc=samsungwn
Westervelt, R. (2010, January 12). Social networks face user content risks, web application vulnerabilities. Retrieved from http://searchsecurity.techtarget.com/news/1378724/Social-networks-face-user-content-risks-Web-application-vulnerabilities
Neal, D. (2013, January 14). Oracle issues hot patch for zero day java exploit. Retrieved from http://www.theinquirer.net/inquirer/news/2236028/oracle-issues-hot-patch-for-zero-day-java-exploit
Imperva. (2012a). The future of web security; 10 things every web application firewall should provide. Retrieved from http://www.imperva.com/docs/WP_10_Things_Every_Web_Application_Firewall_Should_Provide.pdf
Imperva. (2012b). Retrieved 07/Feb/2013 from http://www.imperva.com/resources/glossary/session_hijacking.html
Wikipedia. (2013, January 21). Zero-day attack. Retrieved from http://en.wikipedia.org/wiki/Zero_day_attack
Kim, E. K. (2013, February 08). Hacker accesses email account of george h.w. bush. Retrieved from http://todaynews.today.com/_news/2013/02/08/16897728-hacker-accesses-email-account-of-george-hw-bush?lite
Rumors. (2013, February 08). Rumor: Hacker exposes bush family photos, emails. Retrieved from http://news.msn.com/rumors/rumor-hacker-exposes-bush-family-photos-emails
Link, M. (2013, February 10). Penalties for hacking email. Retrieved from http://www.ehow.com/about_5250531_penalties-hacking-email.html
Rubenking, N. (2013, January 11). How to disable java. Retrieved from http://www.pcmag.com/article2/0,2817,2414191,00.asp
By
BARRY S KREMBS II
February 2013
Certification Statement
Title of Assignment: Identify Risks, Threats, and Vulnerabilities of Social Networks and Web Applications
CERTIFICATION OF AUTHORSHIP: I certify that I am the author of this paper/project and that any assistance I received in its preparation is fully acknowledged and disclosed in the paper.
I have also cited any sources from which I used data, ideas, or words, either quoted directly or paraphrased. I also certify that this paper/project was prepared by me specifically for this course.
Student Signature (electronic) Barry S Krembs II
ABSTRACT While Social Media and Web Services …show more content…
are a part of life and an everyday occurrence, it is obvious that the threats of using these avenues, wrought with danger and only the most diligent observation prevents a system from being compromised if it is a target. Zero-Day exploits, Session Hacking, Email takeovers, “Botnets” have become a way of life, and dealing with these is critical to maintaining control of your computer. Cybercrime evolved from a take of one billion dollars in 2007 to over one trillion dollars in 2009 (Imperva, 2010). Consider that it is quadruple that now and that no one is safe, not even Presidents or Presidential Candidates. The Bamital botnet took over one million dollars a year and controlled hundreds of thousands of computers before it was taken down by Microsoft and Symantec last week (Finkle, 2013) “The most critical thing is that you have people looking, watching and using their brain.” Stated by Ryan Barnett, Director of application security research in 2010 (Westervelt, 2010). It is imperative that Web Applications have firewalls and that these are providing the basic protection from Technical Web Attacks, Business Logic Threats, Online Fraud, Network Security, and understand how these Firewalls are Strategic for Business (Imperva, 2012a).
Project Scope While Social Media and Web Services are a part of life and an everyday occurrence, it is obvious that the threats of using these avenues, wrought with danger and only the most diligent observation prevents a system from being compromised if it is a target. Zero-Day exploits, Session Hacking, Email takeovers, “Botnets” have become a way of life, and dealing with these is critical to maintaining control of your computer. Cybercrime evolved from a take of one billion dollars in 2007 to over one trillion dollars in 2009 (Imperva, 2010). Attackers design malicious applications using free interfaces with social media and injecting their own codes into places that have loopholes and errors (Westervelt, 2010).
Zero-Day Exploits These exploits take advantage of vulnerabilities that the software vender does not know about let alone prevent.
Hackers formulate different variations of Malware to take advantage of these areas before the Developers can patch and protect against these vulnerabilities (Wikipedia, 2013). Oracle’s Java is an example of an application that is vulnerable. Their latest patch JAVA 7 Update 11 is in place to prevent up to fifty of these vulnerabilities as it just recently experienced some of these exploits. Many users are disabling this application in a Browser setting, likening it to “Kissing a black rat, in London, during the plague.” As stated in the Inquirer (Neal, …show more content…
2013).
Session Hacking Recently, there has been an increase in the hijacking of sessions and thus causing a Hacker the ability to take over a User’s session while they are ordering something and being able to continue transactions on a vulnerable Web application.
These transactions are resulting in the exploitation of resources of the Web site and of the Credit Card Providers for these users after the User’s reaches their responsible percentage quickly. The Hacker uses their methods to exploit found vulnerabilities or have a User click on an application that allows them to take control undetected while the user continues their shopping. Once the User signs off and leaves the transaction it supposedly closes its session, the Hacker suspends the transaction until the coast is clear and then continues undetected, (Imperva, 2012b).
E-Mail Takeover Emails can be hacked by various methods, and no one is immune. Recently even Presidents G.H. and G.W. Bush have had their emails hacked and information downloaded (Kim, 2013), (Rumors, 2013). By using different methods and the internet, Hackers are using Social Engineering, Google Hacking and Workplace Sabotage from a disgruntled former employee or ones who feels that they have an injustice done to them and are motivated for revenge (Link, 2013).
Botnets A Botnet is a Server system under Hacker control and takes over a computer without the user’s knowledge. Once a User clicks on a posting or application for a regularly used item on the Web that is infected, a hidden code injects an application into their computer. It then clicks on pay per click ads that they charge to companies for each click. These Botnets can cause these actions completely unaware by the User, passes this on to their email contacts, and networks accessed (Finkle, 2013).
Web Securities Taking into consideration of the recent past, it is imperative that Web Applications have firewalls and that these are providing the basic protection from Technical Web Attacks, Business Logic Threats, Online Fraud, Network Security, and understand how these Firewalls are Strategic for Business (Imperva, 2012a). They have to provide at least these ten things to ensure the safety of a business firewall. They have to understand the protection layer of a given application. They have to stay ahead of the Hackers that are trying to defeat them. They have to include an Analytic Engine that will thwart Hackers in their attempts. With the use of automation and repeated attacks, they have to be able to recognize and stop these before they do damage. They have to recognize the difference between a client and a malicious attack. Patch vulnerabilities upon discovery and do this while running the application in a virtual environment for security reasons. Stopping these Malware attacks is critical to a business environment. Protection against payment and online account fraud is vital. Real time support and the ability to run in the Cloud are crucial to functionality. Finally, the ability to automate policies and deployments when seconds count is the difference in continuing to function as a business (Imperva, 2012a).
Conclusion While Social Media and Web Services are a part of life and an everyday occurrence, it is obvious that the threats of using these avenues, wrought with danger and only the most diligent observation prevents a system from being compromised if it is a target. The only protection out there is knowledge of the possibilities that are against you. We see how Zero-Day exploits, Session Hacking, Email takeovers, “Botnets” have become a way of life, and dealing with these is critical to maintaining control of your computer. Cybercrime evolved from a take of one billion dollars in 2007 to over one trillion dollars in 2009 (Imperva, 2010). Consider that the stakes are quadruple that now and that no one is safe, not even Presidents G.H. and G. W. Bush or Presidential Candidates such as Sarah Palin are proof that they are out there and ready to strike if the target is good. The Hacking industry has moved its focus from breaking perimeter defenses into a more lucrative business of going after data and the financial avenues associated with it (Imperva, 2013). Protection systems with frequent updates are critical more now days than ever. Microsoft and Symantec are doing it one-step further and offering to remove the Malware from these computers that are under control. The User receives a message that states, “You have reached this website because your computer is very likely to be infected by malware that redirects the results of your search queries. You will receive this notification until you remove the malware from your computer.” Microsoft has taken down Botnets six times now since 2010 (Finkle, 2013). “The most critical thing is that you have people looking, watching and using their brain.” Stated by Ryan Barnett, Director of application security research in 2010 (Westervelt, 2010).
You should update your Java as often as it is available due to vulnerabilities. If you want to and I do suggest it, you can disable Java by using the Control Panel in your computer and enable it only when you need it. Ever since Update 10 from Java, there is, a checkbox titled “Enable Java content in the browser.” Check out this reference if you need it for other browsers to function (Rubenking, 2013).
References
Imperva. (2010). The industrialization of hacking. Retrieved from http://www.imperva.com/docs/WP_Industrialization_of_Hacking.pdf
Finkle, J. (2013, February 07). Exclusive: Microsoft and symantec disrupt cyber crime ring. Retrieved from http://news.yahoo.com/exclusive-software-makers-disrupt-cyber-ring-halt-searches-201207523--finance.html?.tsrc=samsungwn
Westervelt, R. (2010, January 12). Social networks face user content risks, web application vulnerabilities. Retrieved from http://searchsecurity.techtarget.com/news/1378724/Social-networks-face-user-content-risks-Web-application-vulnerabilities
Neal, D. (2013, January 14). Oracle issues hot patch for zero day java exploit. Retrieved from http://www.theinquirer.net/inquirer/news/2236028/oracle-issues-hot-patch-for-zero-day-java-exploit
Imperva. (2012a). The future of web security; 10 things every web application firewall should provide. Retrieved from http://www.imperva.com/docs/WP_10_Things_Every_Web_Application_Firewall_Should_Provide.pdf
Imperva. (2012b). Retrieved 07/Feb/2013 from http://www.imperva.com/resources/glossary/session_hijacking.html
Wikipedia. (2013, January 21). Zero-day attack. Retrieved from http://en.wikipedia.org/wiki/Zero_day_attack
Kim, E. K. (2013, February 08). Hacker accesses email account of george h.w. bush. Retrieved from http://todaynews.today.com/_news/2013/02/08/16897728-hacker-accesses-email-account-of-george-hw-bush?lite
Rumors. (2013, February 08). Rumor: Hacker exposes bush family photos, emails. Retrieved from http://news.msn.com/rumors/rumor-hacker-exposes-bush-family-photos-emails
Link, M. (2013, February 10). Penalties for hacking email. Retrieved from http://www.ehow.com/about_5250531_penalties-hacking-email.html
Rubenking, N. (2013, January 11). How to disable java. Retrieved from http://www.pcmag.com/article2/0,2817,2414191,00.asp