Internet Security Whitepapers

Stronger Password Authentication Using Browser Extensions

Internet Security Whitepapers Web Based Password Cracking

In this paper, we describe the design, user interface, and implementation of a browser extension, PwdHash, that strengthens web password authentication. We believe that by providing customized passwords, preferably over SSL, we can reduce the threat of password attacks with no server changes and little or no change to the user experience. Since the users who fall victim to many common attacks are technically unsophisticated, our techniques are designed to transparently provide novice users with the benefits of password practices that are otherwise only feasible for security experts. We have experimented with Internet Explorer and Mozilla Firefox implementations and report the result of initial user studies.

Symantec Cyberterrorism

Internet Security Whitepapers Cyber Warfare and Terrorism

The term cyberterrorism is becoming increasingly common in the popular culture, yet a solid definition of the word seems hard to come by. While the phrase is loosely defined, there is a large amount of subjectivity in what exactly constitutes cyberterrorism. In the aftermath of the September 11th attacks, this is somewhat disconcerting.

T-Sight Realtime Tutorial

Internet Security Whitepapers Session Hijacking

This section contains a tutorial on how to use T-Sight to monitor your network in realtime for suspicious activity, and then to respond to that activity with T-Sight's Active Countermeasures. After installing T-Sight under Windows NT 4.0 (including the device driver) and rebooting, you should now be able to run T-Sight Realtime Monitor.

Take Control of Your iPhone

Internet Security Whitepapers Hacking Mobile Phones, PDA & Handheld Devices

The iPhone is for Mac OS X, Windows XP, and Windows Vista users. What about this book? I estimate that roughly 90 percent of the material is appropriate for both platforms. This is obviously so when covering the iPhone’s features. Even when an iPhone is connected to a computer, differences are slight. Still, when it comes to troubleshooting, differences exist, such as when describing where iPhone information is stored on a computer’s hard drive. In this case, the book has more information for Mac users, since I am a die-hard Mac user and Mac troubleshooting is in my blood. Still, I firmly believe this book is valuable for users of either platform.

TeleSweep Secure - Distributed Dial-Up Vulnerability Scanner

Internet Security Whitepapers Scanning

The TeleSweep Secure® system is a telecommunications scanning tool that performs advanced dialing and vulnerability assessments of an organization's telephone network. In the TeleSweep Secure system, a Dialer performs a scan by calling a list of user-defined phone numbers. Each specified telephone line is characterized as fax, modem, or voice. A scan can be configured to identify the operating system or software controlling a remote modem, and can also attempt to penetrate the computer to which the modem is attached by using default and system-specific username/password combinations.

Terror's Digital Jihad

Internet Security Whitepapers Cyber Warfare and Terrorism

Globalization and the Internet are accelerating terrorist activity and their quest for digital jihad. Terrorists use the Internet to achieve many of their objectives. The Internet allows small groups of nonstate foes to finance, plan, supply, and execute terrorist operations globally with little regard to borders, laws, and governments.

The Danger of Email Exploits

Internet Security Whitepapers Hacking Email Accounts

This white paper explains what email exploits are, provides examples of common email exploits, and discusses why a non signature-based approach (i.e., not a virus engine) is needed to protect against email exploits. Virus-writers are using increasingly complex and sophisticated techniques in their bid to circumvent anti-virus software and disseminate their viruses. A case in point was the notorious Nimda virus that used multiple methods to spread itself and was based on an exploit rather than on the virus/Trojan behavior that anti-virus products typically search for. Anti-virus software, though essential, cannot combat such threats alone; an email exploit detection tool is also necessary.

The Difficulties of Tracing Spam Email

Internet Security Whitepapers Spamming

The email system design can easily be exploited by spammers who send inaccurate information. All email on the Internet is sent via a protocol called Simple Mail Transfer Protocol(" smtp"). Ostensibly, smtp is designed to capture information about the route that an email message travels from its sender to its recipient. In actuality, the smtp protocol provides no security: email is not private, it can be altered en route, and there is no way to validate the identity of the email source. In other words, when a user receives an email message, there is no way to tell who sent the email and who has seen it. The lack of security in smtp, and specifically the lack of reliable information identifying the email source, is regularly exploited by spammers and allows for considerable fraud on the Internet (such as identity theft or "phishing"). This section describes a few features of smtp relevant to spam.

The Evolution of Email Security: Symantec Brightmail Integrated Email Security Appliance

Internet Security Whitepapers Hacking Email Accounts

Email security is increasingly moving away from a focus on a single type of protection, such as antivirus, toward a focus on broad protection from a wide range of emerging threats to enterprise security. While antivirus software remains the foundation of email security, emerging threats are forcing organizations to approach email security with a more comprehensive solution. Corporate concerns about spam, viruses, worms, legal liability, regulatory compliance, and employee productivity are driving the need for a more complete solution. Moreover, there is an increasing need for integration between individual security technologies in order to reduce the cost and time associated with managing point products.

The Filtering Matrix: Filtering and Surveillance Practices Worldwide

Internet Security Whitepapers Internet Content Filtering Techniques

Internet content filtering is a term that refers to the techniques by which control is imposed on access to information on the Internet. The motivations for statedirected Internet filtering include those with: a specific emphasis on ecommerce (tax, copyright, VoIP); a specific emphasis on children: child pornography, violence; a specific emphasis on content.