In: Categories » Computers and technology » Software » Break ins
|
Break-ins are unauthorized access to one or more systems in which the attacker masquerades as a legitimate user, usually (but not always) by entering the correct username and password. When authenticated as a user, the attacker can do virtually anything that the legitimate user can do, including read email messages in the user's email queue, send messages, access the home directory and any subdirectories and files therein, and so on. In most break-ins, however, the intruder's goal is not simply to reach another user's account. The goal instead is often to gain shell access, meaning access to a command shell such as /bin/sh or /bin/tsh in UNIX or cmd.exe in Windows systems. With access to a shell, intruders can run programs or scripts that can expand the intruder's access to the system and/or network, usually by escalating the privilege level, as you will see shortly. Too often, unfortunately, senior-level managers trivialize break-ins, thinking they are caused by pimply-faced teenagers who cannot really cause any damage. Sometimes this preconception is true, but a large body of evidence strongly indicates that break-ins are performed by a wide range of perpetrators, often even by members of an organized crime ring or a country's intelligence agency. Break-ins can result in theft of valuable data and/or software. Break-ins to systems of several vendors, for example, have resulted in theft of source code for operating systems and other products. Additionally, a break-in can result in compromise of integrity. Consider, for example, the break-in to a U.S. government laboratory once in which the intruders changed the value of pi in a critical scientific application to 3.8! Even if data or programs are not stolen or altered, break-ins can result in sizeable loss. A break-in into a single system in a National Aeronautics and Space Administration (NASA) site once disrupted space flight operations for several weeks. The victim machine, operated by the Missions Operation Directorate (MOD), was critical in controlling functions for manned space flights. This machine had to be carefully inspected, restored, and tested before NASA officials approved it for use in operations again. The financial cost was high; the delay substantially ran up the cost of the launch.
|
legal disclaimer
1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service
Useful tools and features
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.
related articles
This detection searches the memory in the V86 mode for the WINICE.BR string. Because this method is infrequently used, it's worth considering, though it can only be used in Windows 9x. This routine can be easily hidden because it doesn't use calls (neither API nor INT). This will make it impossible to detect, and, if you use it well, it may discover a debugging attempt—for an attacker to make the program continue, he will have to change its code or the register's contents. To discover the debugging attempt, all you need to ...
2. Detecting SoftICE by Calling INT 68h
Here's a way to detect the presence of SoftICE in memory by calling INT contain the value 43h before calling INT be in the AX register. 68h. The AH register must 68h. If SoftICE is active in memory, the return value 0F386h will This is a well-known method of detecting SoftICE that is safe and commonly used, but only in Windows 9x. You can see it in action, for example, in SafeDisc: .386 .MODEL FLAT,STDCALL locals jumps UNICODE=0 include w32.inc Extrn SetUnh...
3. Detecting SoftICE by Calling INT 3h
This is one of the most well known anti-debugging tricks, and it uses a back door in SoftICE itself. It works in all versions of Windows, and it is based on calling INT 3h with registers containing the following values: EAX=04h and EBP=4243484Bh. This is actually the "BCHK" string. If SoftICE is active in memory, the EAX register will contain a value other than 4. This trick has often been used in the code of various compression and encoding programs, and it is well known because of its wide use. When used well, it may cau...
4. Remote Access Services (RAS) under Windows XP Professional
Authentication protocols • EAP - Extensible Authentication Protocol. A set of APIs in Windows for developing new security protocols as needed to accommodate new technologies. MD5-CHAP and EAP-TLS are two examples of EAP. • EAP-TLS - Transport Level Security. Primarily used for digital certificates and smart cards. • MD5-CHAP - Message Digest 5 Challenge Handshake Authentication Protocol. Encrypts usernames and passwords with an MD5 algorithm. • RADIUS - Remote...
If you want to return to a first-rate online source, you’re likely to use a shortcut, such as a bookmark or a favorite. If you use the Netscape browser, you bookmark the Web page. This acts as a shortcut to the online source.If you use the Internet Explorer browser, you save the page as a favorite. (I refer to both of these types of shortcuts as bookmarks for this section of the article.) If you’ve used the Internet for a while, you likely have a long list of bookmarks. Today h...
6. Monitoring and Optimizing System Performance and Reliability in Windows XP Professional
Task scheduler: • Used to automate events such as batch files, scripts and system backups. • Tasks are stored in the Scheduled Tasks folder in Control Panel. • Running task with a user name and password allows an account with therequired rights to perform the task instead of an administrative account. • Set security for a task by group or user. Using offline files • Offline files replaces My Briefcase and works a lot like Offl...
7. Computer Tips and Tricks ~ How Do I Send Pictures via Email
One of the first things that new digital camera owners love to do is send a batch of images to family members or friends. As you may have already discovered yourself, the warmth of reception is inversely proportional to the size of the images that land in your recipients' inboxes. All too often, budding photographers send full-sized 2-, 4-, or even 6-megapixel pictures as email attachments. Unfortunately, these files take forever to download on all but the fastest Internet connections and are too large to view comfortably on a c...
8. Communication Protocols Used by Windows Systems
TCP/IP protocol • TCP is an industry-standard suite of protocols • It is routable and works over most network topologies • It is the protocol that forms the foundation of the Internet • It is Installed by default in Windows XP • Can be used to connect dissimilar systems • Uses Microsoft Windows Sockets interface (Winsock) • IP addresses can be entered manually or be provided automatically by a DHCP server • DNS is used to resolve compute...