Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Jitter Bugslec


Published on

A lecture on Jitterbugs.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Jitter Bugslec

  1. 1. Operating System What Can We Do?
  2. 2. Sources <ul><li> </li></ul>
  3. 3. JitterBugs <ul><li>Attached to a keyboard -- could be a new security threat? </li></ul><ul><li>Piggyback onto network connections to discreetly send passwords and other sensitive data over the Internet </li></ul>
  4. 4. How does this work? By causing calculated &quot;jitters&quot; in keyboard input while such a program is running, a JitterBug could slightly delay data sent over the network. Certain amounts of delay could represent a one or a zero in each packet that is linked to keyboard use, allowing an attacker to send secret information in otherwise innocuous data without modifying software or initiating any new connections.
  5. 5. What Can We Do? <ul><li>Get rid of keyboards? </li></ul>
  6. 6. Stealing data with iPods <ul><li>Hi-tech thieves are using iPods to download data </li></ul><ul><li>Blackberries, mobile phones with in-built storage, data pens and memory sticks that fit onto a key ring can be surreptitiously plugged into a computer port and used to steal bank account details, insurance information or even medical records. </li></ul>
  7. 7. Points <ul><li>Industry analyst Gartner says 70 per cent of security losses are as a result of insider activity. </li></ul><ul><li>Protiviti says computer-based crime costs UK businesses up to $540,000 an hour, or an average of more than $1100 a business per year. </li></ul>
  8. 8. iPod Bad? <ul><li>An iPod can easily be configured to behave like a regular hard disk, which is capable of stealing confidential data quickly. </li></ul><ul><li>‘ Podslurping' – Using an iPod to copy corporate data without permission </li></ul>
  9. 9. What Can We DO? <ul><li>'lock down' ports to stop unwanted peripherals downloading data? </li></ul><ul><li>ban iPods and other data-downloading equipment? </li></ul>
  10. 10. P2P ( Peer to Peer) <ul><li>P2P Users Beware -- Your Personal Info Could Be Out There </li></ul>Medical records, financial information and router passwords have all popped up on P2P network file shares
  11. 11. What Can We Do? <ul><li>Just say no? </li></ul>
  12. 12. IT Managers Ignore Removable Media Risk <ul><li>The survey, of 248 IT professionals who had attended the Infosecurity Europe 2006 conference in London </li></ul><ul><li>A survey conducted by the Mobile Security Company, revealed that 56% of employees downloaded corporate information onto their memory sticks, up from 31% last year </li></ul>
  13. 13. Things to think on <ul><li>The most popular use of the memory sticks was the storage of corporate data such as contracts, proposals and other business documents </li></ul><ul><li>Only 21% secured flashdrives with passwords and encryption </li></ul><ul><li>12% of organizations banned them completely from the workplace </li></ul>
  14. 14. Things to think on <ul><li>Removable media is plummeting in price, have soaring memory capacities, and more people are using them at work </li></ul>
  15. 15. What Are We to Do? <ul><li>Companies need to be educated about using them securely </li></ul><ul><li>Ban their use? </li></ul>
  16. 16. Trojan horses steal bank details and passwords <ul><li>Banks in the United Kingdom, Germany and Spain have been targeted by MetaFisher, otherwise known as Spy-Agent and PWS. </li></ul><ul><li>After infecting a computer, the Trojan horse waits until the user visits a legitimate bank Web site, and then injects malicious HTML into certain fields there. </li></ul>
  17. 17. Points <ul><li>What is a Trojan Horse? </li></ul><ul><li>The attackers attempt to place the Trojan on a computer using an exploit for the Windows Meta File flaw in Microsoft's Internet Explorer </li></ul><ul><li>The potential victim must visit a malicious Web site to infect their system, and attackers may use e-mails to direct them there. </li></ul>
  18. 18. What Do We Do? <ul><li>Don’t allow users to download executable programs? </li></ul>