Understanding Risk Management and Compliance, What Is Different After Monday, December 1, 2014 (Understanding Risk Management and Compliance, December 2014)
Book Details
Author(s)George Lekatis
ISBN / ASINB00QCM4CD6
ISBN-13978B00QCM4CD0
Sales Rank3,526,497
MarketplaceUnited States 🇺🇸
Description
You receive an email and there is an interesting attachment:
Love-Letter-For-You.txt
Would you open it? It looks like a .txt file!
If you open it, perhaps you're looking for love in the wrong places.
It is not even a TXT file …
Windows operating systems contain an option to "Hide file extensions for known file types."
The option is enabled by default, but a user may choose to disable this option in order to have file extensions displayed by Windows.
Multiple email-borne viruses are known to exploit hidden file extensions.
The first major attack that took advantage of a hidden file extension was the VBS/LoveLetter worm which contained an email attachment named "LOVE-LETTER-FOR-YOU.TXT.vbs".
Did you see this vbs after the TXT? It was hidden… by default.
VBScript (Visual Basic Scripting Edition) is an Active Scripting language developed by Microsoft that is modeled on Visual Basic.
According to Microsoft, scripts can not only make your work go faster, they can make your job easier.
“The Scripting Guys” at Microsoft (technet.microsoft.com) discuss the positives of scripting:
“A long time ago, even before any of the Scripting Guys were born, people used to walk from one place to another. Not for exercise or recreation, but because they had to get somewhere.
Those who were fortunate enough to have other forms of transportation could move along a little more quickly on their horses, camels, elephants, or whatever the local pack animal happened to be.
(And to those of you still using any of the preceding as your primary mode of transportation—we’ll be thinking of you the next time we’re stuck in traffic.)
Then this thing came along known as the horseless carriage.
Many people laughed.
They said things like “It’s just a fad,” “Why would I ever want one of those?” and even “That looks too dangerous.”
Then there were the very few visionaries who said “Wow, cool, I want to try one of those.”
These last people were the ones who recognized not only how much fun a car could be, but how it could someday save them hours, even days, of travel time in getting from place to place.
People today have experienced some of the same reactions to scripting as those people had to cars all those years ago.
“Why would I want to script?”; “Scripting is just for those fanatics who don’t want to run their systems like everyone else does”; and even, “Scripts are dangerous.”
But actually, you don’t need to be visionary or adventurous to try scripting, you just need to be the type of person who wants to save some time.
(It’s still only the fanatics who think it’s fun though.)
Scripts can not only make your work go faster, they can make your job easier.
And once you learn the basic rules of the road, they’re not all that difficult to operate.
(And there are very few traffic jams.)”
There is a dark side in scripting too.
I will resist the temptation and I will not write one of my favorite Microsoft jokes.
Today we will learn more about the risks and the risk management principles in home / personal computing and “always on” devices (about packet sniffing, hidden file extensions, email spoofing, unprotected Windows shares, back door and remote administration programs).
NO, you don’t know all these things for a long time …
For example, on Windows computers, three tools commonly used by intruders to gain remote access to your computer are BackOrifice, Netbus, and SubSeven.
These back door or remote administration programs, once installed, allow other people to access and control your computer.
Intruders (also referred to as hackers, attackers, or crackers) want to gain control of your computer so they can use it to launch attacks on other computer systems.
Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as ...
Love-Letter-For-You.txt
Would you open it? It looks like a .txt file!
If you open it, perhaps you're looking for love in the wrong places.
It is not even a TXT file …
Windows operating systems contain an option to "Hide file extensions for known file types."
The option is enabled by default, but a user may choose to disable this option in order to have file extensions displayed by Windows.
Multiple email-borne viruses are known to exploit hidden file extensions.
The first major attack that took advantage of a hidden file extension was the VBS/LoveLetter worm which contained an email attachment named "LOVE-LETTER-FOR-YOU.TXT.vbs".
Did you see this vbs after the TXT? It was hidden… by default.
VBScript (Visual Basic Scripting Edition) is an Active Scripting language developed by Microsoft that is modeled on Visual Basic.
According to Microsoft, scripts can not only make your work go faster, they can make your job easier.
“The Scripting Guys” at Microsoft (technet.microsoft.com) discuss the positives of scripting:
“A long time ago, even before any of the Scripting Guys were born, people used to walk from one place to another. Not for exercise or recreation, but because they had to get somewhere.
Those who were fortunate enough to have other forms of transportation could move along a little more quickly on their horses, camels, elephants, or whatever the local pack animal happened to be.
(And to those of you still using any of the preceding as your primary mode of transportation—we’ll be thinking of you the next time we’re stuck in traffic.)
Then this thing came along known as the horseless carriage.
Many people laughed.
They said things like “It’s just a fad,” “Why would I ever want one of those?” and even “That looks too dangerous.”
Then there were the very few visionaries who said “Wow, cool, I want to try one of those.”
These last people were the ones who recognized not only how much fun a car could be, but how it could someday save them hours, even days, of travel time in getting from place to place.
People today have experienced some of the same reactions to scripting as those people had to cars all those years ago.
“Why would I want to script?”; “Scripting is just for those fanatics who don’t want to run their systems like everyone else does”; and even, “Scripts are dangerous.”
But actually, you don’t need to be visionary or adventurous to try scripting, you just need to be the type of person who wants to save some time.
(It’s still only the fanatics who think it’s fun though.)
Scripts can not only make your work go faster, they can make your job easier.
And once you learn the basic rules of the road, they’re not all that difficult to operate.
(And there are very few traffic jams.)”
There is a dark side in scripting too.
I will resist the temptation and I will not write one of my favorite Microsoft jokes.
Today we will learn more about the risks and the risk management principles in home / personal computing and “always on” devices (about packet sniffing, hidden file extensions, email spoofing, unprotected Windows shares, back door and remote administration programs).
NO, you don’t know all these things for a long time …
For example, on Windows computers, three tools commonly used by intruders to gain remote access to your computer are BackOrifice, Netbus, and SubSeven.
These back door or remote administration programs, once installed, allow other people to access and control your computer.
Intruders (also referred to as hackers, attackers, or crackers) want to gain control of your computer so they can use it to launch attacks on other computer systems.
Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as ...
More Books by George Lekatis
