September 24, 2001-- Newsletter #149
Application Security Testing: An Integral Part of DevOps
Goodies to Go (tm)
September 24, 2001--Newsletter #149
This newsletter is part of the internet.com network.
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
I'd like to do a study regarding how many times a recorded on-hold message should proclaim, "Your call is important to us. Please continue to hold and our next available team member will be with you as soon as possible." I had the pleasure of being on hold, for long time, twice this past weekend. On the first call, the line was said to me once every 30 seconds. The second call had the line said almost twice as much, about every 15 seconds. Even though the two calls had pretty much the same on-hold duration, I was more upset with the one that said the line more often.
Hmmm. I think I'm on to something here.
Take the best parts of the SirCam and Code Red viruses and you get what's floating around the Web right now. The new virus is called W32/Nimda.A-mm and it is wicked to say the least. The report I read (on Wired.com) states that this virus can be tooled, in some email systems, so that even clicking on the subject line or visiting a Web site noted in the email will set it in motion. I'd like to say be careful, but if clicking on the subject will fire it, it's going to get so many people. I'm going back to answering my email right off the server. It's clunky and text-based, but nothing runs in that environment.
A new form of hacking is starting to pop up, Patriot Hackers. These are people that are defacing Taliban and other sites representing those people the hackers see as being responsible for the September 11th attack. You should also keep an eye out for emails that claim to be about the WTC bombing. The included images and files may contain viruses.
NetRatings and Nielsen Media Research have released the findings of a new study that shows Web use by African-Americans is outpacing overall Internet growth. The Web has grown 14 percent over the past year while use by African-Americans rose 19 percent.
Now on to today's topic
Let the Social Engineering begin!
Here we go again with more concerns over a new virus that will overrun the Web and destroy all in its path.
Wellmaybe. Then again, maybe this time we're smart enough. Maybe this time we'll catch the tricks and the cons and this time the virus will stop dead in its tracks.
Nah. This one will get us too. It won't destroy the earth, but it will play havoc with a few systems. This one's called, "Nimda." It sounds like a Disney character doesn't it? I think it was first seen in the Lion King if I'm not mistaken.
We keep getting hit again and again with these viruses. Wow. These virus-making programmers must be stunning at hacking and cracking, right?
Nope. They are good at something they termed, "Social Engineering."
If there were an easy way, and a difficult way, of getting the same job done, I would guess that most people would choose the easy way. These virus programmers are just like anybody else. They like the easy route. It's hard to hack into a system. It's time consuming to find passwords and get in there and place a virus.
It's easy to get you to install the virus yourself. That's Social Engineering.
It's a hacker mind game. How can we trick you, one more time, into opening and running our new virus? That's the question to be answered. Answer it correctly and you...wellwin, I guess.
Super hacker Kevin Mitnick describes Social Engineering as gaining the trust of another person. In his "day," he would get on the phone and call those who knew the passwords he needed. He knew the lingo. He knew how to phrase his questions. He would mind game his way right past any employee concern and kind people would give him what he needed in a three-minute phone call. Then he was off to the races.
Today the art of Social Engineering is much more sophisticated. These emailed and wormed-in viruses don't have a soothing, kind voice on the other end of a phone. They have to carry the persuasion right along with them.
Think back. Do you remember the ILOVEYOU virus? It was one of the first emailed viruses to hit it big. Can you see why? Psychologist Michelle Weil knows why. She states that the hacker played on the feelings of the reader. Who wouldn't want to open a love note? The timing of the hack was equally as brilliant. It was near Valentines Day.
That's some good Social Engineering right there!
What about others? Some offered a funny joke. Others offered naked pictures of famous celebrities. Others offered deals on mother's day gifts. If you hit the right person and tug on the right heartstring, your email is opened.
I think the epiphany in terms of hacking and Social Engineering was when someone figured out how to make one email program send messages to another without the user knowing it.
An email that shows up, in your mailbox, from a friend, is a very hard thing to resist. Let's have a round of applause for whoever came up with that one.
Let's turn it around now.
I stopped by some sites dealing with the psychology of virus makers and most were in agreement that someone creates a virus for one, or a combination, of three reasons.
1. To see if it can be done,by them. It's a test on one's skills.
2. To gain status as one who can write the most "successful" virus.
3. The thrill of the harm it brings. The same reason someone vandalizes.
That makes sense. It also leads me to believe that when the Melissa virus clogged up all of the email portals, that maybe the virus programmer was upset. He created a virus that was so well designed that it defeated itself. It blocked its own path to further explosion. But by then, the program was out there and so was the name of the programmer that did it. I won't include it here.
So here comes Nimda. From what I've read to this point, it's pretty nasty and it replicates with blinding speed. If it does what its creator wants, it'll spread all over the place. It'll bring problems all over the Web. And, maybe in his or her mind at least, we will have brought it on ourselves.
After all, all the programmer did was send it out. You pulled the trigger.
As John Lennon sang, "Keep on playing those mind games."
That's that. Thanks for reading.
Joe Burns, Ph.D.
And Remember: How about some Beatles trivia since I mentioned John Lennon just above? I was once asked who had the first number one hit as a solo artist after the Beatles broke up. That's easy. The Beatles broke up, officially, on April 17, 1970. That's when Paul McCartney said he'd had enough. George Harrison then popped off "My Sweet Lord" which reached number one in December of 1970.
Lennon wouldn't have his first number one as a solo artist until 1974 when "Whatever Gets You Through the Night" went to the top of the charts. No, "Imagine" was not a number one song. It peaked at number three. "Maggie May" by Rod Stewart was the number one song at the time "Imagine" sat in the top ten.
Ringo hit number one twice in a row. He's the only solo Beatle to do that. The first was "Photograph" and then "You're Sixteen," in October and December of 1973 respectively.
Now my favorite piece of solo Beatles trivia, name the only Beatle to not have a number one hit as a solo artist. Well, only one's left, not counting Pete Best. But, you say, Paul McCartney had a bunch of number one hits. Well, he wrote and sang a bunch of number one hits after the Beatles broke up. They are, "Uncle Albert/Admiral Halsey," "My Love," "Listen to What The Man Says," "Silly Love Songs," "With A Little Luck," and "Coming Up".
The problem is that Paul McCartney wasn't a solo artist. He was (is) part of the band "Wings."
Oh, I'll get some email off of that one, just please don't write me and say that the real name of the band was "Paul McCartney and Wings." It wasn't. I don't care what your local DJ called the band. The official name was just "Wings."
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...