HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 64 guests and 2 members online
 
Advertisement

You are here: Home arrow Columnsarrow Wilsonarrow [Article]-Automatic Update: Good or Bad?
EH-Net
May 22, 2013, 11:42:51 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: [Article]-Automatic Update: Good or Bad?  (Read 11729 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4167


Editor-In-Chief


View Profile WWW
« on: January 28, 2007, 03:58:14 PM »
In the first of what will be many articles and videos by Brian Wilson as we absorb the content from his site into EH-Net, he offers up his thoughts on the security practices of those that employ automatic updates in their software.

Quote
In this paper I would like to bring light to an area of security that most people do not think about or maybe have blind trust in this aspect of security. What I am talking about is software with automatic update functions. Most of us think about Windows when you hear the term "Auto-Update," but there are a lot of different kinds of software that have auto-updates and some times it is enabled without your knowledge. Now auto-updates features can be very helpful to non technical users and when it comes to windows or other Operating Systems, it is very important to have your auto-updates features turned on.

As with any other columnist, your feedback is encouraged.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
LSOChris
Guest
« Reply #1 on: January 28, 2007, 09:17:14 PM »
great article!

it would be cool to figure out how to slip a backdoor in the next update of game-x or just for my mod for game-x.
Logged
slimjim100
EH-Net Columnist
Sr. Member
*****
Offline Offline

Posts: 385



View Profile WWW
« Reply #2 on: January 29, 2007, 06:38:19 AM »
Yea I used the example of a game but I have found that like the older Trojan days of free screen savers with extra code there are alot of tools out there (like winbar) that send all kinds of your info back to there master. Just look at the different applications on your PC (winamp, Quick time, Windows, Hamachi, Winbar, IM clients, and many more) and see how many are calling out for no reason with a sniffer. One of the best ways to see this is hook up to and AP that has no real connection to the internet and start sniffing. You will see other that the windows crap (netbios) that there is alot going on behind the seens. I have noticed some of the applications on desktops are going to ports and IP blocks listed in ARIN that are not from companies the software was published from. Just think if you where able to fool some yahoo IM clients to update from your server and you have a nice Trojan in the IM client update. You could build a huge network of computers controlled and ready for bad deeds. I just wanted to hopefully open peoples eyes to the blind trust they put in software they think they can trust.

Brian


Digg here  http://www.digg.com/security/Automatic_Update_Good_or_Bad
« Last Edit: January 29, 2007, 06:51:45 AM by slimjim100 » Logged
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
RichM
EH-Net Columnist
Newbie
*****
Offline Offline

Posts: 49


View Profile
« Reply #3 on: January 30, 2007, 10:32:33 AM »
Great article SlimJim100!

I think to a large extent we are at the mercy of our vendors, but to use p2p is irresponsible and should not happen.  I remember for a while (and possibly it still happens) that testing patches (primarily speaking of windows) was the mantra, but as things have advanced and IT staff are forced to handle more responsibilities testing (at least for a lot of us) is not an option. 
Everytime I do my updates, I sweat a little hoping that nothing crashes, but that has become par for the course.

For anyone that wants to combat phoning home (and unauthorized installs) use SpyBot, http://www.spybot.info.  With a little tweaking, nothing will be able to install unless you expressly allow it.  Yes it is a hassle but well worth it.  Spybot allows you to take control of your machine and decide who can and cannot access your machine.  DISCLAIMER:Using Spybot to stop phoning home may cause your machine to stop functioning properly, before using SpyBot make certain you have a good backup of your registry (part of the initial install).

Again great article Slim, thank you.
Logged
medfox2010
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #4 on: February 21, 2007, 06:52:50 AM »

Very important article , thank you Slimjim100
for Arabic readers here is the translation http://anti-hacker.info/papers/Auto-Update-arabic.pdf
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.087 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.