The Basics Of Trapdoor Hacking Information Technology Essay

The Basics Of Trapdoor Hacking Information Technology Essay For a programmer, trap doors make sense. If the programmer needs to modify the program sometime in the future, he can use the trap door instead of having to go through all of the normal, customer-directed protocols just to make the change. Trap doors should be closed or eliminated in the final version of the program after all testing is complete, but, intentionally or unintentionally, some are left in place. Other trap doors may be introduced by error and only later discovered by crackers who are roaming around, looking for a way into system programs and files. Typical trap doors use such system features as debugging tools, program exits that transfer control to privileged areas of memory, undocumented application calls and parameters, and many others. Trap doors make obvious sense to expert computer criminals as well, whether they are malicious programmers or crackers. Trap doors are an easy way to get into a system or to gain access to privileged information or to introduce viruses or other unauthorized programs into the system. Cases In 1993 and 1994, an unknown group of computer criminals repetitively broke into systems on the Internet using passwords captured by password sniffers. Once on the system, they exploited software flaws to gain privileged access. They installed modified login and network programs that allowed them reentry even if the original passwords were changed. In 1996, Philip Myers described the insertion and exploitation of back doors as subversion in his MSc thesis at the Naval Postgraduate School.   He pointed out that subversion, unlike penetration attacks, can begin at any phase of the system development life cycle, including design, implementation, distribution, installation and production. Donn B. Parker described interesting back-door cases in some papers (no longer available) from the 1990s.   For example, a programmer discovered a back door left in a FORTRAN compiler by the writers of the compiler. This section of code allowed execution to jump from a regular program file to code stored in a data file. The criminal used the back door to steal computer processing time from a service bureau so he could execute his own code at other users expense.   In another case, remote users from Detroit used back doors in the operating system of a Florida timesharing service to find passwords that allowed unauthorized and unpaid access to proprietary data and programs. Even the US government has attempted to insert back doors in code. In September 1997, Congress proposed legislation to ban domestic US encryption unless the algorithm included a back door allowing decryption on demand by law enforcement authorities moved famed Ron Rivest to satire.   The famed co-inventor of the Public Key Cryptosystem and founder of RSA Data Security Inc. pointed out that some people believe the Bible contains secret messages and codes, so the proposed law would ban the Bible. More recently, devices using the Palm operating system (PalmOS) were discovered to have no effective security despite the password function.   Apparently developer tools supplied by Palm allow a back-door conduit into the supposedly locked data. Dumpster Diving What is Dumpster Diving? Dumpster diving is a name given to a very simple type of security attack, which is scavenging through materials that have been thrown away, as shown below. This type of attack isnt illegal in any obvious way. If papers are thrown away, it means that nobody wants them, right? Dumpster diving also isnt unique only to computer facilities. All kinds of sensitive information ends up in the trash, and industrial spies through the years have used this method to get information about their competitors. http://oreilly.com/catalog/crime/chapter/f_02_01.gif Dumpster Diving in Process There is another type of computer-related trash that we might not consider. In the system itself are files that have been deleted, but that havent actually been erased from the system. Computers and users used only to save data, not destroying it, and sometimes some data is saved that shouldnt be saved. Electronic trashing is easy because of the way that systems typically delete data. Usually, deleting a file, a disk, or a tape doesnt actually delete data, but simply rewrites a header record. Using MS-DOS, for example, a file can be deleted via the DEL command, however, someone else can retrieve the contents of the file simply by running UNDELETE. System utilities are available that make it easy to retrieve files that may seem to be completely gone. Although there are methods for truly erasing files and magnetic media, most users who work on large systems do not take the time to erase disks and tapes when they are finished with them. They may discard old disks and tapes with data still on them. They simply write the new data over the old data already on the tape. Because the new data may not be the same length as the old, there may be sensitive data left for those skilled enough to find it. It is far safer to explicitly write over storage media and memory contents with random data and to degauss magnetic tapes. Cases One computer company in Texas that does business with a number of oil companies noticed that whenever a certain company asked them to mount a temporary storage (scratch) tape on the tape drive, the read-tape light would always come on before the write-tape light. The ingenious oil company was scavenging the tape for information that might have been put on it by competitors that used the tape before them. Trashing can have deadly consequences. When some old Department of Justice computers were sold off, they had on their disks information on the whereabouts of witnesses in the Federal Witness Protection Program. Although the data had been deleted, it had not been completely erased from the disk. The DOJ was able to get back some of the computers, but not all, and was forced to relocate the compromised families as a result. In 1991, spies posed as garbage collectors outside of a U.S. defense contractor executives home, dug through trash cans looking for information. One of the collectors was actually Frances consul general and claimed he was collecting fill for a hole in his yard. Upon investigation, the FBI determined that this operation was part of a French secret-searching mission, aimed at finding U.S. military or scientific information. Then in 1999, two key members of a group called the Phonemasters were convicted of theft and possession of unauthorized access devices and unauthorized access to a federal interest computer. This international group of cyber criminals had allegedly penetrated the computer systems of MCI, Sprint, ATT, Equifax and the National Crime Information Center. The Phonemasters skills had enabled them to download hundreds of calling card numbers and distribute them to organized crime groups around the world. Part of their method included dumpster diving and collecting old phone books and system manuals. These tools, combined with social engineering, led to the attacks on the mentioned systems. In 2000, in a widely publicized case, the CEO of Oracle, Larry Ellison, hired private investigators to dig through corporate dumpsters at Microsoft. This was an effort aimed at finding information about Microsofts possible development of grassroots organizations to support its side in an anti-trust lawsuit. One of the investigators unsuccessfully tried to pay off a member of the janitorial service in exchange for the garbage of one of these organizations. Ellison held that his actions were a civic duty, to uncover Microsofts secret funding of such groups, but his opponents assert that the incident was distasteful and scandalous. Microsoft complained that various organizations allied to it have been victimized by industrial espionage agents who attempted to steal documents from trash bins. The organizations include the Association for Competitive Technology in Washington, D.C., the Independent Institute in Oakland, California, and Citizens for a Sound Economy, another Washington D.C. based entity. Microsoft said, We have sort of always known that our competitors have been actively engaged in trying to define us, and sort of attack us. But these revelations are particularly concerning and really show the lengths to which theyre willing to go to attack Microsoft. Saying he was exercising a civic duty, Oracle chairman and founder Lawrence J. Ellison defended his company of suggestions that Oracles behavior was Nixonian when it hired private detectives to scrutinize organizations that supported Microsofts side in the antitrust suit brought against it by the government. The investigators went through trash from those organizations in attempts to find information that would show that the organizations were controlled by Microsoft. Ellison, who, like his nemesis Bill Gates at Microsoft, is a billionaire, said, All we did was to try to take information that was hidden and bring it into the light, and added: We will ship our garbage to Microsoft, and they can go through it. We believe in full disclosure. The only thing more disturbing than Oracles behavior is their ongoing attempt to justify these actions, Microsoft said in a statement. Mr. Ellison now appears to acknowledge that he was personally aware of and personally authorized the broad overall strategy of a covert operation against a variety of trade associations. During the year 2001, industrial espionage came to light concerning the shampoo market between fierce competitors Proctor Gamble and Unilever. Private Investigators hired by Proctor Gamble sifted through garbage bins outside of the Unilever corporation, succeeding in gathering viable information about market analysis, predictions and future products.[16] Upon legal action by Unilever, the two corporations settled out-of-court, because these actions broke Proctor Gambles internal policy on information gathering. Logic Bombs What is a Logic Bomb? Logic bombs are small programs or sections of a program triggered by some event such as a certain date or time, a certain percentage of disk space filled, the removal of a file, and so on. For example, a programmer could establish a logic bomb to delete critical sections of code if she is terminated from the company. Logic bombs are most commonly installed by insiders with access to the system. Logic bombs are a malicious programming code that is inserted into a network system or a single computer for the purpose of deleting data or creating other malicious acts on a specified date. A logic bomb works similar to a time bomb because it can be set to go off at a specific date. A logic bomb does not distribute malicious codes until the specified date is reached. How Logic Bombs Work Logic bombs are created by criminals who are well-versed in computer programming and are generally used to perform acts with malicious intent that threaten network security. The criminal acts include setting a virus to be released into a network system or PC at a specified date or other actions such as deleting or corrupting data and completely reformatting a computer hard drive. A logic bomb works through a code that is inserted into existing software on a network or in a computer where it will lie dormant until a specific event occurs such as a date or time or other command from the computer programmer. When the bomb finally releases the code it can delete files, send confidential information to unauthorized parties, wipe out databases, and disable a network for a period of days. Why a Logic Bomb is Used A logic bomb can be used by a disgruntled employee or other IT personnel that has the knowledge of how to program a logic bomb to threaten network security. Other than targeting a specific computer or network system, a logic bomb can also be used to demand money for software by creating a code that makes the software application into a trial version. After a specific period of time the user must pay a specified sum of money to continue to use the software. Logic bombs can also be used for blackmail and if the demand is not met, the logic bomb will detonate into a computer system or network to destroy data and perform other malicious acts that are included in the command codes. Logic bombs are fairly easy to create if you have a lot of knowledge in computer programming and they do not replicate like other malicious programs. For this reason, logic bombs are usually targeted to specific victims and will not spread to unintended victims. A logic bomb can be rather difficult to detect, however you can take security measures such as constantly monitoring the network system for any suspicious activity, using antivirus applications and other scanning programs that can detect any new activity in the data on a network system. The scanning systems should also monitor the entire network and the individual computers connected to the network. Cases A former system administrator for UBS PaineWebber, Roger Duronio, was charged in a New Jersey federal court on charges of sabotaging two-thirds of the companys computer systems. His alleged motive was to undermine the companys stock price and make a bunch of money in the process. He is alleged to have shorted over 30,000 shares of UBS stock prior to unleashing his attack which means the potential was there to make 30,000 times the amount by which the stock dropped when the media got wind of the attacks. In a recent stock manipulation case involving Emulex, shares fell 50 percent. Based on the trading range of UBS PaineWebber stock at the time of Duronios alleged attack, it is reasonable to say his profits could have exceeded half a million dollars. The flaw in Duronios alleged scheme was the obviously unexpected ability of UBS PaineWebber to prevent news of the attack getting out. This was quite a feat on the companys part because the logic bombs activated on about 1,000 of its nearly 1,500 computers and the malicious programs did actually delete files. Indeed, the company says attack cost it $3 million. In the end, the federal grand jury charged Duronio with one count of securities fraud and one count of violating the Computer Fraud and Abuse Act. Duronio was hit with up to 20 years in prison and fines of more than $1.25 million. In September 1990, Donald Burleson, a programmer at the Fort Worth-based insurance company, USPA, was fired for allegedly being quarrelsome and difficult to work with. Two days later, approximately 168,000 vital records erased themselves from the companys computers. Burleson was caught after investigators went back through several years worth of system files and found that, two years before he was fired, Burleson had planted a logic bomb that lay dormant until he triggered it on the day of his dismissal. Burleson became the first person in America to be convicted of harmful access to a computer. In early 2009, Timothy Allen Lloyd was sentenced to 41 months in prison for leaving behind malicious programs that deleted critical data from the servers of Omega Engineering, a high-tech measurement company that claimed the cost of the attack was $10 million. According to a report in the National Computer Security Association section on CompuServe, the Orlando Sentinel reported in January 1992 that a computer programmer was fined $5,000 for leaving a logic bomb at General Dynamics. His intention was to return after his program had erased critical data and get paid lots of money to fix the problem. In 1995, a disgruntled computer security officer at an insurance brokerage firm in Texas set up a complex series of Job Control Language (JCL) and RPG programs described later as trip wires and time bombs. For example, a routine data retrieval function was modified to cause the IBM System/38 midrange computer to power down. Another routine was programmed to erase random sections of main memory, change its own name, and reset itself to execute a month later.

Comparing Clay Dilham in Up the Slide with Gary Paulsen in A Glow in the Dark Essay

The main character of â€Å"Up the slide† is Clay Dilham who is a young prospector. He decided to get a sled-load of firewood in half an hour. After a hard struggle, he succeeded. The main character of â€Å"a glow in the dark† is Gary Paulsen who ran an eight-dog team in an unknown and dark forest. A strange light frightened him but he finally found what the light was. Both of Clay and Gary have great courage but Clay is braver than Gary. Clay faced a more dangerous situation and more difficulties. First, Clay was very young who was only 17 years old and became a young prospector who traveled to a hostile environment. † The Yukon Territory is located in the northwestern corner of Canada. It is part the subarctic zone, where temperatures have been known to plunge to -80F! †(p315). It is really hard for people to survive in such terrible environment, especially for a 17-year-old teenager. Most of teenager at that age are sitting in a warm classroom and receiving good education. But Clay as a young prospector worked in such terrible place. So he must have great courage and is really very brave. Second, during his trip, he could die every second if he lost his caution. â€Å"A slip at that point meant a plunge over the edge and a twenty-foot fall to the ice. A hundred feet farther along, and a slip would mean a fifty-foot fall. †(p316). It was really dangerous and difficult for people who wanted to survive. For Clay, a young prospector didn’t have so much experience. So he would not expect such a difficult but he keeps being calm it must be his bravery and great courage to support him solve all these difficult problems. Gary faced a less dangerous situation than Clay. First, the ghost and other terrifying things were all created by his imagination. It means that they couldn’t create any physical danger for him. â€Å"Ghosts and goblins and dark nights and snakes under the bed and sounds I didn’t know and bodies I had found and graveyards under covered pale moons and death, death, death †¦Ã¢â‚¬ ¦Ã¢â‚¬ (p323) These imaginary things will not make him die at once but in â€Å"Up the slide â€Å" if Gary has a momentary oversight, he will die at once. So the situation that Gary faced is less dangerous than the situation that Clay faced. But he still felt very terrified and didn’t know what to do at that moment. So Clay is braver than Gary. Second, the motivation that pushed Gary to go forward is his curiosity, not his courage or bravery. â€Å"But curiosity was stronger. My legs moved without my wanting them to move and my body followed them. †(p323) Although Gary still went forward with great fear, he didn’t have strong belief like Clay that had great courage to go forward. So Clay is braver than Gary. In conclusion, first Clay faced a more dangerous situation than Gary. Second, Clay had to overcome both physical and metal fear but Gary only needed to overcome his imagination. Third, Clay was always calm but Gary didn’t know what to do when they faced frightening things. So Clay is braver than Gary. When students face some difficulties like problems they can’t solve, keeping calm is always the best solution. So they will come up some good ideas and solve the problem successfully.

The Debate Over Nozick s Experiment Thought Machine

I. Introduction In what may seem a harsh generalization, I would like to begin by considering the likelihood that a Christian would commit suicide? On first inclination we know that they would not because they perceive suicide to be a sin. Even with a less nuanced version we know that in spite of the belief of heaven and a perfect afterlife there has not been a wide scale mass extinction of Christians any time lately. In asking a person this it is more than likely that they would likely they were being played a joke on. My point is to say, in a sense, this is similar to why we see time and time again philosophers in debate over Nozick’s experiment thought machine. We see philosophers like Nozick advocate that a life plugged into the machine is not in fact a life at all, and that if people were to be given the option to stay plugged into this machine that provided them endless bliss they still would not take it. If the question of why would a person not chose to plug into the experience machin e is not clear, I once again bring up the idea of a Christian committing suicide, which may people may find incredulous. Why is it that it would be incredulous for a Christian to chose to live another life of more happiness, yet it would not be so for someone to plug into Nozick’s own experience thought machine? If Nozick’s experience machine ultimately offers happiness through a chosen series of experiences and the gist/selling point of heaven is that there everything you would wantShow MoreRelatedGame Theory and Economic Analyst83847 Words   |  336 Pagesthe theoretical understanding of games is presented as relevant to the analysis of economic behavior. However seductive it may seem, this saga is nonetheless deceptive. To look a little closer, the bonds that connect Von Neumann’s mathematical thought to economic theory are more fragile, and partially contingent. The applicability of strategic games, in the sense of the 1928 article, is obviously not limited to the domain of economics. The connection between the minimax theorem and the saddle

Loneliness and Desire for Companionship in the Play A Streetcar Named Desire Free Essay Example, 1000 words

One of the fundamental determinants of the play is a romance and realism that provoked by the desire to have companionship (Page 419). Blanche takes streetcars that were named "Desire and Cemeteries. " This was a symbolic act and like the French's "la petite mort, " the racing of the cars symbolized the run towards Blanche's final destination (Hezaveh 56). The play, therefore, uses imagery, and figurative actions approach to exemplify its central theme. One of the fundamental determinants of the play is a romance and realism that provoked by the desire to have companionship (Page 419). Blanche takes streetcars that were named "Desire and Cemeteries. " This was a symbolic act and like the French's "la petite mort, " the racing of the cars symbolized the run towards Blanche's final destination (Hezaveh 56). The play, therefore, uses imagery, and figurative actions approach to exemplify its central theme. However, Blanche appears to be living in her world full of pretence and lies. Sh e asserts her loneliness in broad daylight but pretends to be a woman of a different social class whom Stanley and partying friends were far from her reach. We will write a custom essay sample on Loneliness and Desire for Companionship in the Play A Streetcar Named Desire or any topic specifically for you Only $17.96 $11.86/page Her encounter with the partying group that she describes them as dirty and uneducated reveals her prejudice and negative attitude despite her consistent efforts to remain relevant in the love affairs and kill loneliness. In contrast, Stella is portrayed as a person who enjoys others companionship. Her case is a self-fulfilling relationship adventure in companionship with her husband, she enjoys both the darkness and the light. She has nothing t hide, life appears to be real and nothing treats her badly unlike what Blanche thinks of her husband.