Sybex grants readers permission to reuse for any purpose the code found in this publication or its accompanying CD-ROM so long as Richard Mansfield is attributed in any application con-
Trang 1Hacker Attack
Trang 3Hacker Attack
Richard Mansfield
San Francisco Paris Düsseldorf Soest London
Trang 4Associate Publisher: Jordan Gold
Contracts and Licensing Manager: Kristine O’Callaghan
Acquisitions and Developmental Editor: Diane Lowery
Editor: Malka Geffen
Production Editor: Leslie E H Light
Technical Editor: Michelle A Roudebush
Book Designer: Maureen Forys, Happenstance Type-O-Rama
Electronic Publishing Specialist: Maureen Forys
Proofreaders: Erika Donald, Nancy Riddiough, Laura Schattsneider
Indexer: Nancy Guenther
CD Technician: Keith McNeil
CD Coordinator: Kara Eve Schwartz
Cover Designer: Daniel Ziegler
Cover Illustrator/Photographer: Daniel Ziegler/Corbis Images
Copyright © 2000 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501 World rights reserved The author(s) ated reusable code in this publication expressly for reuse by readers Sybex grants readers permission to reuse for any purpose the code found in this publication or its accompanying CD-ROM so long as Richard Mansfield is attributed in any application con- taining the reusable code and the code itself is never distributed, posted online by electronic transmission, sold or commercially exploited as a stand-alone product Aside from this specific exception concerning reusable code, no part of this publication may
cre-be stored in a retrieval system, transmitted, or reproduced in any way, including but not limited to photocopy, photograph, netic, or other record, without the prior agreement and written permission of the publisher.
mag-Library of Congress Card Number: 00-106242
ISBN: 0-7821-2830-0
SYBEX and the SYBEX logo are trademarks of SYBEX Inc in the USA and other countries.
Screen reproductions produced with FullShot 99 FullShot 99 © 1991–1999 Inbit Incorporated All rights reserved.
FullShot is a trademark of Inbit Incorporated.
TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer.
The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s) The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any par- ticular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
Trang 5The media and/or any online materials accompanying this book
that are available now or in the future contain programs and/or
text files (the “Software”) to be used in connection with the book.
SYBEX hereby grants to you a license to use the Software, subject
to the terms that follow Your purchase, acceptance, or use of the
Software will constitute your acceptance of such terms.
The Software compilation is the property of SYBEX unless
oth-erwise indicated and is protected by copyright to SYBEX or other
copyright owner(s) as indicated in the media files (the “Owner(s)”).
You are hereby granted a single-user license to use the Software for
your personal, noncommercial use only You may not reproduce,
sell, distribute, publish, circulate, or commercially exploit the
Soft-ware, or any portion thereof, without the written consent of
SYBEX and the specific copyright owner(s) of any component
software included on this media.
In the event that the Software or components include specific
license requirements or end-user agreements, statements of
condi-tion, disclaimers, limitations or warranties (“End-User License”),
those End-User Licenses supersede the terms and conditions
herein as to that particular Software component Your purchase,
acceptance, or use of the Software will constitute your acceptance
of such End-User Licenses.
By purchase, use or acceptance of the Software you further agree
to comply with all export laws and regulations of the United States
as such laws and regulations may exist from time to time.
Reusable Code in This Book
The authors created reusable code in this publication expressly for
reuse for readers Sybex grants readers permission to reuse for any
purpose the code found in this publication or its accompanying
CD-ROM so long as all three authors are attributed in any
appli-cation containing the reusable code, and the code itself is never
sold or commercially exploited as a stand-alone product.
Software Support
Components of the supplemental Software and any offers
associ-ated with them may be supported by the specific Owner(s) of that
material but they are not supported by SYBEX Information
regarding any available support may be obtained from the
Owner(s) using the information provided in the appropriate
read.me files or listed elsewhere on the media.
Should the manufacturer(s) or other Owner(s) cease to offer
support or decline to honor any offer, SYBEX bears no
responsi-bility This notice concerning support for the Software is provided
for your information only SYBEX is not the agent or principal of
the Owner(s), and SYBEX is in no way responsible for providing
any support for the Software, nor is it liable or responsible for any
support provided, or not provided, by the Owner(s).
Warranty
SYBEX warrants the enclosed media to be free of physical defects
for a period of ninety (90) days after purchase The Software is
not available from SYBEX in any other form or media than that enclosed herein or posted to www.sybex.com If you discover a defect in the media during this warranty period, you may obtain
a replacement of identical format at no charge by sending the defective media, postage prepaid, with proof of purchase to: SYBEX Inc.
Customer Service Department
1151 Marina Village Parkway Alameda, CA 94501 (510) 523-8233 Fax: (510) 523-2373 e-mail: info@sybex.com WEB: HTTP://WWW.SYBEX.COM After the 90-day period, you can obtain replacement media of identical format by sending us the defective disk, proof of pur- chase, and a check or money order for $10, payable to SYBEX.
Disclaimer
SYBEX makes no warranty or representation, either expressed or implied, with respect to the Software or its contents, quality, per- formance, merchantability, or fitness for a particular purpose In no event will SYBEX, its distributors, or dealers be liable to you or any other party for direct, indirect, special, incidental, consequen- tial, or other damages arising out of the use of or inability to use the Software or its contents even if advised of the possibility of such damage In the event that the Software includes an online update feature, SYBEX further disclaims any obligation to pro- vide this feature for any specific duration other than the initial posting.
The exclusion of implied warranties is not permitted by some states Therefore, the above exclusion may not apply to you This warranty provides you with specific legal rights; there may be other rights that you may have that vary from state to state The pricing
of the book with the Software by SYBEX reflects the allocation of risk and limitations on liability contained in this agreement of Terms and Conditions.
Shareware Distribution
This Software may contain various programs that are distributed as shareware Copyright laws apply to both shareware and ordinary commercial software, and the copyright Owner(s) retains all rights.
If you try a shareware program and continue using it, you are expected to register it Individual programs differ on details of trial periods, registration, and payment Please observe the requirements stated in appropriate files.
Copy Protection
The Software in whole or in part may or may not be protected or encrypted However, in all cases, reselling or redis- tributing these files without authorization is expressly forbidden except as specifically provided for by the Owner(s) therein.
copy-Software License Agreement: Terms and Conditions
Trang 7This book is dedicated
to the memory of James Carl Coward
Trang 9Editor Diane Lowery deserves the primary credit for bringing this book to life
Not only is she a thoughtful acquisitions editor, she’s a most helpful mental project editor—I find her suggestions uniformly wise She was instru-mental in shaping the overall structure of this book as well as offering excellent advice onindividual chapters And it doesn’t hurt that she’s simply a pleasure to work with
develop-Malka Geffen is another outstanding editor She made many sensitive, useful mendations throughout the book I hope she’ll return to editing soon because authorswho get to work with her are indeed lucky
recom-Technical editor Michelle Roudebush asked for a double-check when my facts or clusions seemed suspect These queries were, of course, quite worthwhile and prevented
con-me more than once from embarrassing myself I thank Production Editor Leslie Light forefficiently guiding this project through the production process—from edited manuscript
to page layout, to galley proofs, then finally off to the printer
Not least, I would like to acknowledge Maureen Forys for her extraordinary and, Ithink, highly effective book design
Trang 10Contents at a Glance
Introduction xxi
Part 1 Hackers, Crackers, and Whackers 1
CHAPTER 1 Danger on the Internet 3
CHAPTER 2 Phone Phreaks 13
CHAPTER 3 Hackers, Crackers, and Whackers 19
CHAPTER 4 Bypassing Passwords and Doing the Rat Dance 31
CHAPTER 5 The Venus Flytrap and Other Anti-Hacks 41
CHAPTER 6 Between a Rock and a Hard Place 49
CHAPTER 7 The Dangers of High-Speed Connections 59
CHAPTER 8 How to Protect Your Exposed Broadband 65
PART 2 Personal Privacy 77
CHAPTER 9 Internet Privacy 79
CHAPTER 10 The Elements of Cryptography 99
CHAPTER 11 The Great Leap Forward 107
CHAPTER 12 The Computer Steps In 121
CHAPTER 13 Infinite Monkeys: Brute Force Attacks and Other Curiosities 131
CHAPTER 14 DES: A Public Scheme 141
CHAPTER 15 Making Keys Public 151
CHAPTER 16 Electric Signatures 163
CHAPTER 17 Encryption Implementations in Windows 2000 171
CHAPTER 18 Hiding Data in Photon Streams 191
CHAPTER 19 The Perfect, Unbreakable Encryption System 201
Trang 11Contents at a Glance xi
Part 3 Viruses 221
CHAPTER 20 The Great Worm Escapes 223
CHAPTER 21 Logic Bombs, Worms, and Trojan Horses—
The Varieties of Viruses 233
CHAPTER 22 How Melissa Changed the Rules 243
CHAPTER 23 Documents that Attack (and What You Can
Do to Protect Yourself ) 259
CHAPTER 24 Prevention, Detection, and Elimination 271
Index 283
Trang 12Introduction xxi
Part 1 Hackers, Crackers, and Whackers 1
CHAPTER 1 Danger on the Internet 3
Like Spiders to Flies 4
I Know Where You Live 5
Exploring the Three Windows Protocols 7
Understanding Windows Internet Security 8
File Sharing Is a No-No 8
Knocking at Your Own Door 9
Testing Your Shields and Ports 9
It’s Creepy When Your Personal Information Leaks 10
The Best Solutions to Hacker Probing 11
CHAPTER 2 Phone Phreaks 13
Who Are Phone Phreaks? 15
Devilish Dialers 16
Beep Beep 17
CHAPTER 3 Hackers, Crackers, and Whackers 19
How to Tell a Whacker from a Hacker 22
Hackers with Viruses 23
How to Anonymously Send E-Mail or Newsgroup Messages 24
Speaking of Spam: How to Get Rid of It 25
Leave Out the E-Mail Address 26
Disguising Your E-Mail Address 27
Trang 13Filtering 27
AOL Filters 28
Fight Back with These Programs 28
One Further Warning 29
CHAPTER 4 Bypassing Passwords and Doing the Rat Dance 31
How Hackers Get In 33
Spoofing Around 33
Hi, I’m New Here! 34
The Faux Technician Scam 35
The Problem with Passwords 35
Opening the Mystery Briefcase 36
The Rat Dance 37
CHAPTER 5 The Venus Flytrap and Other Anti-Hacks 41
Companies Fight Back 43
Bait and Trace 43
Constant Vigilance 43
The 10-Finger Interface Defense 44
Practical Solutions for Business 45
Send in the Marines 46
Consider Insurance 46
The “Secure Walls Paradox” Revisited 46
Thinking of All the Possibilities 47
CHAPTER 6 Between a Rock and a Hard Place 49
Steps toward a Secure Workplace 50
Reverse Social Engineering 50
Develop and Maintain a Security Policy 51
Identity Checks 52
Tunnels, Virtual Privacy, and Other Ways to Authenticate Computer Communications 53
Contents xiii
Trang 14Firewalls for Every Need 53
Layer upon Layer 54
Security via Firewall 55
Security through Encryption 57
CHAPTER 7 The Dangers of High-Speed Connections 59
What to Do? 61
Denial of Service 63
Can You Become a Zombie? 63
CHAPTER 8 How to Protect Your Exposed Broadband 65
Safety First 66
How to Attract Hackers 66
Set Up a ZoneAlarm 67
Lock ’Em Out Completely 68
Other Personal Firewalls 70
Test Yourself Right Now 70
Watch Out for PWS 70
Are There Strangers in Your Computer? 71
Try the Free Symantec Scan 73
Honeypots and Other Tactics 73
Try Shields Up! 73
For Solid Information, See SANS 74
Not Your Ordinary Girl Scout Cookies 74
Fighting the Cookie Monsters 76
PART 2 Personal Privacy 77
CHAPTER 9 Internet Privacy 79
Cyber Spying 81
Tools of the Trade 81
Contents xiv
Trang 15Fighting Back 86
P3P Privacy 87
Disposable E-Mail Accounts 87
Anonymous Remailers 87
The Greatest Security 89
Surfing in Privacy 89
Private Surfing with Anonymizer 89
Confidentiality with Freedom 90
They’re Also Watching Your Busy Fingers 94
Fighting Back 94
Encryption Is a Powerful Defense 96
CHAPTER 10 The Elements of Cryptography 99
Codes versus Ciphers 100
An Ancient Perfection 101
How to Crack Secret Messages 102
People Use Tricks 103
The Goal of Cryptology 105
CHAPTER 11 The Great Leap Forward 107
The Celebrated Alberti 108
A Thought Experiment 110
Alberti’s Second Great Idea 111
A Useless Result 112
Decryption Reverses the Process 113
The Kerckhoffs Superimposition 115
Constructing an Anti-Tableau 116
The Polyalphabet Crumbles 118
Contents xv
Trang 16CHAPTER 12 The Computer Steps In 121
Speed and Perfect Accuracy 123
Some Common Computer Encryption Flaws 124
Embedded Passwords 124
Too Easy 124
Elementary Computer Ciphering 125
Employing a Built-in Code 125
A Fatal Flaw in XOR 129
CHAPTER 13 Infinite Monkeys: Brute Force Attacks and Other Curiosities 131
A Problem with XOR 134
A Fatal Flaw 136
The Numeric Zero 136
Password Limitations 137
Extending Password Length 138
Saving Spaces 139
CHAPTER 14 DES: A Public Scheme 141
Making It Public 143
What’s Really Strange 144
How DES Works 145
The Technical Details 146
Brute Deciphering 149
CHAPTER 15 Making Keys Public 151
Solving Old Problems with Keys 153
Put It in a Bag 153
Using a Key Distribution Center 154
The Elegant RSA Solution 155
Profound Enciphering 155
Contents xvi