Cscd 434 network security
1. Infamous hacker Andrew Auernheimer, aka "Weev", was convicted of conspiracy to access a protected computer without authorization, a violation of the Computer Fraud and Abuse Act (CFAA), as well as fraud in connection with personal information, in United States Third Circuit Court today (Nov. 20). All he did was exploit the weaknesses that AT&T ipads had its own cellular ID number, or integrated circuit card (ICC) ID, in the URL, or Web address, that it used to access the AT&T website. He then found that subtly altering the cellular ID numbers in the URL would generate different email addresses on the AT&T site.
Another hacker wrongfully accused was named Jonathan James, or c0mrade. He was convicted and sent to prison for hacking in the United States–all while he was still a minor. At only fifteen years of age, he managed to hack into a number of networks, including those belonging to Bell South, Miami-Dade, the U.S. Department of Defense, and NASA. James hacked into NASA’s network and downloaded enough source code to learn how the International Space Station worked. The total value of the downloaded assets equaled $1.7 million. To add insult to injury, NASA had to shut down their network for three whole weeks while they investigated the breach, which cost them $41,000. In 2007, a number of high profile companies fell victim to a massive wave of malicious network attacks. Even though James denied any involvement, he was suspected and investigated. In 2008, James committed suicide, believing he would be convicted of crimes that he did not commit. His scenario is pretty similar to that of Aaron Schwartz.
I may not know exactly how to fix these unfair laws, I think instead of putting these hackers away for years, why not use their skills to benefit society? Maybe a certain amount of hours required for them to teach a class at a community college or high school on how to program, hack, and defend securities. Have them make a choice, and monitor their progress, and I feel that would be much more beneficial then locking them away.
2. All the methods for detecting active rootkits depend on the fact that they disrupt system functioning in one way or another. It will be more difficult to write rootkits for future versions of Windows, where it is impossible to modify system code and the system architecture. This step taken by the developers of the operating system should reduce, if only temporarily, the number of new rootkits for new versions of Windows. Currently, malicious code for Windows is more common than for UNIX because Windows is the most widely used operating system. However, if UNIX starts to gain popularity, then the situation will naturally change; new rootkits for UNIX will be written, and new methods of combating them will be developed. Finally, it should be noted that the best protection against rootkits is taking preventative action by ensuring that all systems are appropriately protected. Some examples of rootkits are the ZeroAccess rootkit, which terminates any program that scans its processes or files and then changes permissions on them so you can no longer run them. Another is the skyNet rootkit, which is very similar that it steals confidential user information, like a Trojan. The safest way to prevent any rootkits is to just make sure your computer is fully protected. Using and maintaining anti virus software, firewall, using good passwords, and keeping software up to date are all ways to prevent rootkits from infiltrating your computer. 3. Hardening is one of the defenses mentioned in the text for this class, Chapter 4. Find one good paper on hardening for the system you typically use. Read it and describe or list how well you have done all of the things recommended to harden your system. Provide the url of the paper too. The hardening url: http://www.nsa.gov/ia/_files/factsheets/macosx_hardening_tips.pdf For the most part I...