Posted by arlene

Directed Attack over the Network

After more than a decade of computer viruses, PC users are beginning to appreciate the dangers of loading new software on their machines. A computer connected to a network, however, is subject to additional forms of attack, based on content and automatically installed software rather than user-installed software.

PC mail software has the ability to transmit attachments in addition to straight text. Attachments are arbitrary documents intended for manipulation and display by particular applications. If the application has security holes, such as unguarded scripting languages, a virus can be sent along with the document. When the unwary user clicks the document in order to see what is in it, the associated application is launched and the virus is in. Some e-mail applications may be subject to e-mail viruses even if the user does not click the attachment. These viruses (or worms) spread by remailing copies of themselves to yet other e-mail addresses found in the local address book.

World Wide Web applets have similar problems. An applet is an executable program attached to a page of Web content. Applets are typically written in the Java programming language or as ActiveX controls. The designers of applet systems appreciate the security risks of running arbitrary programs on unguarded computers, and the Java and ActiveX communities have taken different approaches to the problem. Java applets run in what is called a sandbox. The idea is that the applets‘ activities are confined to the sandbox, so it cannot do anything harmful. The problem with sandboxes is the tension between a sandbox that is sufficiently restrictive to be safe and one that is open enough for the applet to accomplish something useful. ActiveX controls take a different approach; they have full access to the machine but are digitally signed by the vendor. In this case, the question is not “Is this applet safe?” but rather “Do I trust that XYZ Corporation has made sure it is safe?” The Java community is also developing code-signing technology, so this may be the wave of the future—at least until PC software is no longer subject to virus attacks.

Protocol Attacks

An attacker may occasionally be able to exploit knowledge of the client computer to mount an attack against a network security protocol without actually breaking into the client at all. In 1995, students at the University of California at Berkeley, for example, used knowledge about client computers to mount an attack against the software used for generating cryptographic keys for a secure Web protocol. This permitted them to read messages to and from that particular computer.

Tempest

Tempest is the U.S. government code word for electromagnetic shielding of electronic devices. Most computers radiate electromagnetic energy according to their activities. For example, it is possible, at short and medium range, to pick up and re-create the screen image of a PC based on the radiation from its monitor. Hackers are not likely to launch such an attack, but governments are very good at this sort of thing.

Possibly related posts: (automatically generated)
Why your Computers get attacked and how? PC Privacy Security Issues continued

• Security Facilities in Java
• Why your Computers get attacked and how? PC Privacy Security Issues
• Java Database, J2EE Framework
• Website Designing and Enhancements
• Network and Programming: the .Net framework
• VBScript and JScript continue...
• The Apache Web server, a rich Java Web site continue...
• Basic Computer Security
• Basic Network Security Measures Part 1
• The Apache Web server, a rich Java Web site