7 strategies and simple methods of protection

1. False Wireless access point

False WAP (wireless access point) has become the world's easiest to complete the attack strategy, anyone using some simple software and a wireless card can disguise their computer as available WAP, and then connect this WAP to a local real, legitimate WAP.

Think about the free Wi-Fi that you or your users use every time they are in a local café, airport or public gathering place, and the hacker at Starbucks names its wap as "Starbucks Wireless network" and the hacker at Atlanta airport named it "Atlanta Airport. Free Wireless ", you can imagine in a few minutes there are people from all walks of life access.

Hackers can then easily read these unprotected streams of data, and if you understand, you'll be amazed at the content of the data, even if the passwords are sent through plaintext.

A more sinister attacker might ask the user to set up an account on their WAP, and, worse, users would normally use a common username or email. The attackers then use the generic authentication information to log on to popular websites, such as Facebook, Twitter, Amazon, itunes, and so on, and the victims are unaware of this.

Lesson: You can't trust a public WAP, because your confidential information is always sent through these WAP messages. Try to use a VPN link that will protect your communications and not use the same authentication information on some public or private sites.

　　2. Stealing cookies

browser cookies by saving the user "State" to enhance the user's web browsing experience, the site to the user host to send these small text to track user behavior, greatly facilitate the user's related operations. So what is the bad aspect of cookies to users?

When an attacker steals a user cookie, he or she can use the files to mimic the user and log on to these sites through the authentication information, a strategy that has become an increasingly frequent attack path today.

Yes, stealing cookies can be traced back to the web, but new tools have been developed to complete the entire theft process with only a single tap of space, such as Firesheep, a Firefox add-on that allows users to steal other people's cookies. When used in conjunction with false WAP, the theft of cookies will become extremely simple. Firesheep can display the name and location of the cookie being found, simply tapping the mouse, and the attacker can steal the session (for more details, visit Codebutler's blog "How easy it's to use Firesheep").

Worse, the attackers can now even steal cookies protected by Ssl/tls and easily discover them. In September 2011, an attack by the creator in the name of "BEAST" confirms that the SSL/TLS-protected cookie can also be obtained. After these days of improvement and refinement, including crime, it is easier to steal and reuse encrypted cookies.

After each cookie attack was released, the website and application developers were told how to protect their users. Sometimes the answer to this question is to use the latest encryption technology and sometimes to turn off features that people don't use very often. The crux of the problem is that all Web developers must use secure development techniques to reduce cookie theft. If your site has not updated encryption technology for several years, the risk arises.

Lesson: Even though encrypted cookies still have the potential to be stolen, connect to a Web site that uses secure development and frequently updates encryption technology. Your HTTPS site also needs to use the latest encryption technology, including TLS Version 1.2.

　　3. FileName spoofing

Since malware was born, attackers have been using file name spoofing to lure users into executing malicious code. Early use of trusted methods to name files (such as annakournikovanudepics) and to use multiple file extensions (such as AnnaKournikovaNudePics.Zip.exe). Until now, Microsoft windows and some other operating systems still hide some "common" file extensions, This has led to the same display of AnnaKournikovaNudePics.Gif.Exe and annakournikovanudepics.gif.

A few years ago, common malware programs (such as "twins", "spawners", or "companion viruses") relied on some of the lesser-known features of Microsoft Windows/dos, Here, even if you just type in the filename start.exe,windows will go to find, if found then executed. Companion viruses will look for all the. exe files on the disk and create a file that is exactly the same as the exe extension, while using the. com suffix. Although the problem has long been patched up by Microsoft, it lays the foundation on which this approach depends.

Now, this strategy has become more complex, using Unicode characters to disguise the file name presented to the user. For example, Unicode characters (u+202e), called the right to left Override, can fool many systems into displaying AnnaKournikovaNudeavi.exe as Annakournikovanudexe.avi.

Lessons learned: If possible, be sure to know the true and complete name of any file before execution.

　　4. Absolute and relative paths

Another interesting strategy is "relative versus absolute", in earlier versions of Windows (Windows XP, 2003, and earlier) and some other early operating systems, if you type a filename and press ENTER, Or the system is looking for a file according to your will, usually starting with your current folder or relative position. Although this approach seems highly efficient and harmless, it is exploited by attackers.

For example, if you want to use Windows Embedded and Harmless calculator (calc.exe), the quickest way is to open the command line and type calc.exe, and then press ENTER.

But an attacker might create a name Calc.exe folder and hide it under the current or home folder, and the calc.exe you execute might well be the one in disguise.

In general, this malware is used as a penetration tester to break the elevated privileges of the host. An attacker could select a known and vulnerable patch and put it in a temporary folder. In most cases, all you have to do is use a vulnerable executable file or a DLL replacement to make a complete patch. An attacker would type the executable file name of a program in a temporary folder, and then Windows load would be the vulnerable Trojan execution file in a temporary folder, rather than the version that was patched. This approach is very popular with attackers because a very simple file can play around the entire system.

Linux, UNIX, and BSD systems fixed this problem 10 years ago, and Windows made up for this weakness in 2006 through Windows vista/2008, although the problem still existed in earlier versions because of reverse compatibility. At the same time, Microsoft has been reminding and instructing developers to use absolute folders/paths in the application building process over the years. But until now, tens of thousands of vulnerable programs still exist, and attackers know this better than anyone.

Lessons learned: Using an operating system that performs absolute directories and file paths, the search for files is performed first in the default system area.

　　5. Hosts file redirection

Today, many computer users do not know the DNS-related file hosts, under Windows in c:windowssystem32driversetc This directory, Hosts file will record all the IP domain name of communications. The Hosts file was originally used by DNS as a way for the host to resolve the NAME-TO-IP address, without having to communicate with the DNS server and perform recursive domain name resolution. This is a good feature in most cases, but most users will never be involved in the hosts file.

Attackers are interested in writing their own malicious directories to hosts, so when a user accesses a commonly used domain name (such as Bing.com), it is redirected to a malicious Web site. Malicious redirects generally contain a near-perfect copy of the original web site, and so even know nothing about it, a method that is still widely used today.

Lesson: If you are unsure whether you have been redirected, please check your hosts file.

　　6. Waterhole attacks

Waterhole attacks derives its name from its unique approach, in which attackers typically place their targets in a particular geographic or virtual location, and then "poison" malicious targets to those victims.

For example: Most large companies have cafes, bars or restaurants nearby, and employees often patronize these places. Attackers will build a fake WAP to get more information about the company's authentication, and they may also modify a frequently visited site for similar purposes. The victims ' awareness of prevention will be very weak, as these target locations are mostly public and social portals.

Waterhole attacks this year's exposure is very high, similar to Apple, Facebook, Microsoft and other companies are suffering, received their developers frequently visited the Web site. These sites were affected by malicious JavaScript and redirected to implement malware installations on the developer's computer, and the hacked computers became the springboard for attacking companies.

Lesson: Let employees recognize that some popular "watering holes" will often be the target of attackers.

　　7. Induction and jump

One of the strategies that attackers are keen to use is "bait and switch", where the victim is told that they are downloading or running a software, but this is only temporary and is then jumped to a malicious option, an example that is endless.

Buying ads on popular websites to spread malware is everywhere, and when advertising is confirmed, the content and links displayed on the site may be quite normal; however, when popular websites approve and collect money, attackers will replace them with malicious content. If you access IP from an ad provider, the content or link is redirected to the normal content.

The most recent "bait and switch" is an attacker providing free content downloads that anyone can use, such as the admin console and the access controller at the bottom of the Web page. Often these small programs or free elements contain a clause that says, "as long as the original link is preserved, the download can be reused." "This is not subject to user suspicion and is widely used and retains the original link." Usually the original link doesn't contain too much content, a graphical marker, or some other little thing. When downloaded content is used by tens of thousands of websites, attackers will replace the contents of the original link into some harmful options, such as malicious Java redirection.

Lesson: Be careful of any uncontrolled content, because in the near future they will be able to replace it with anything without your consent.