HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 40 guests and 3 members online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Columnsarrow Wilsonarrow [Article]-Automatic Update: Good or Bad?
Ethical Hacker Community Forums
November 20, 2008, 11:00:38 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: [Article]-Automatic Update: Good or Bad?  (Read 5305 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 2347


Editor-In-Chief


View Profile WWW
« on: January 28, 2007, 03:58:14 PM »
In the first of what will be many articles and videos by Brian Wilson as we absorb the content from his site into EH-Net, he offers up his thoughts on the security practices of those that employ automatic updates in their software.

Quote
In this paper I would like to bring light to an area of security that most people do not think about or maybe have blind trust in this aspect of security. What I am talking about is software with automatic update functions. Most of us think about Windows when you hear the term "Auto-Update," but there are a lot of different kinds of software that have auto-updates and some times it is enabled without your knowledge. Now auto-updates features can be very helpful to non technical users and when it comes to windows or other Operating Systems, it is very important to have your auto-updates features turned on.

As with any other columnist, your feedback is encouraged.

Don
Logged
CISSP, MCSE, CEH, Security+ SME
ChrisG
EH-Net Columnist
Hero Member
*****
Online Online

Posts: 1036


View Profile WWW
« Reply #1 on: January 28, 2007, 09:17:14 PM »
great article!

it would be cool to figure out how to slip a backdoor in the next update of game-x or just for my mod for game-x.
Logged
...tests i took go here...

http://carnal0wnage.blogspot.com/
slimjim100
EH-Net Columnist
Sr. Member
*****
Offline Offline

Posts: 363



View Profile WWW
« Reply #2 on: January 29, 2007, 06:38:19 AM »
Yea I used the example of a game but I have found that like the older Trojan days of free screen savers with extra code there are alot of tools out there (like winbar) that send all kinds of your info back to there master. Just look at the different applications on your PC (winamp, Quick time, Windows, Hamachi, Winbar, IM clients, and many more) and see how many are calling out for no reason with a sniffer. One of the best ways to see this is hook up to and AP that has no real connection to the internet and start sniffing. You will see other that the windows crap (netbios) that there is alot going on behind the seens. I have noticed some of the applications on desktops are going to ports and IP blocks listed in ARIN that are not from companies the software was published from. Just think if you where able to fool some yahoo IM clients to update from your server and you have a nice Trojan in the IM client update. You could build a huge network of computers controlled and ready for bad deeds. I just wanted to hopefully open peoples eyes to the blind trust they put in software they think they can trust.

Brian


Digg here  http://www.digg.com/security/Automatic_Update_Good_or_Bad
« Last Edit: January 29, 2007, 06:51:45 AM by slimjim100 » Logged
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
RichM
EH-Net Columnist
Newbie
*****
Offline Offline

Posts: 49


View Profile
« Reply #3 on: January 30, 2007, 10:32:33 AM »
Great article SlimJim100!

I think to a large extent we are at the mercy of our vendors, but to use p2p is irresponsible and should not happen.  I remember for a while (and possibly it still happens) that testing patches (primarily speaking of windows) was the mantra, but as things have advanced and IT staff are forced to handle more responsibilities testing (at least for a lot of us) is not an option. 
Everytime I do my updates, I sweat a little hoping that nothing crashes, but that has become par for the course.

For anyone that wants to combat phoning home (and unauthorized installs) use SpyBot, http://www.spybot.info.  With a little tweaking, nothing will be able to install unless you expressly allow it.  Yes it is a hassle but well worth it.  Spybot allows you to take control of your machine and decide who can and cannot access your machine.  DISCLAIMER:Using Spybot to stop phoning home may cause your machine to stop functioning properly, before using SpyBot make certain you have a good backup of your registry (part of the initial install).

Again great article Slim, thank you.
Logged
medfox2010
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #4 on: February 21, 2007, 06:52:50 AM »

Very important article , thank you Slimjim100
for Arabic readers here is the translation http://anti-hacker.info/papers/Auto-Update-arabic.pdf
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.118 seconds with 24 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
During the most recent election, I:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.