From Wikipedia, the free encyclopedia
Jump to: navigation, search
This page is about computer security exploits and defenses. For computer security through design and engineering, see computer security.

{{multiple issues|refimprove=December 2009|cleanup=December 2008|essay=December 2007}} {{Computer security}} Computer insecurity is the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those that wish to exploit computer systems and those that develop security measures against said exploitation.

History of Computer Security[edit]

Beginning in the 1950's with the Hierarchical SAGE_(computer) system, networked systems were vulnerable to attack. With the development of ARPA net in the 1960’s through the 1980’s, and the networking of computer systems, the ability for users to access to other computer’s data for intelligence gathering became a problem.[1]

According to Symantec, in 2010 94 percent of organizations polled expect to implement security improvements to their computer systems, with 42 percent claiming cyber security as their top risk.[2]
While organizations are improving their security systems, many types of cyber criminals concurrently find ways to circumvent them. Almost every type of cyber attack is on the rise. In 2009 respondents to the CSI Computer Crime and Security Survey admitted that malware infections, denial-of-service attacks, password sniffing, and web site defacements were significantly higher than in the previous two years.[3]

Economic Impact[edit]

Attacks on exposed business networks can have severe economic consequences. Estimates on total global financial losses to cyber attacks amount to between 300 billion and 1 trillion dollars.[4] Businesses are estimated to spend $65 billion on cyber security between 2013 and 2018.[5] At the same time, Internet based marketplaces for malware and rogue software distribution have merged to counter new security software, with licences being sold between $50 and $75. [6] [7]


A vulnerability is a weakness in software allowing an attacker to reduce a systems [information assurance]. Computer security threats can typically be classified into seven categories: Exploits, eavesdropping, social engineering, denial of service, indirect and direct attacks, backdoors, and direct access.


An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a software "bug" or "glitch" in order to cause unintended or unanticipated behavior to occur. This includes gaining control of a computer system, allowing privilege escalation, or a denial of service attack.[8]

The term "exploit" generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, vulnerabilities can lie in certain programs' processing of a specific file type, such as a non-executable media file. Some security web sites maintain lists of currently known unpatched vulnerabilities found in common programs (see "External links" below).


Eavesdropping is the act of surreptitiously monitoring transmissions between hosts on a network. Eavesdropping software is also known as Spyware, and the act of performing eavesdropping on a computer is known as “sniffing” or “snooping”.[9] Some of the most common types of spyware include cookies and keyloggers. Other eavesdropping programs such as Carnivore and NarusInsight have been used by the FBI and NSA to eavesdrop on the systems operations of internet service providers.[10][11] Even machines that operate as a closed system (i.e., with no link to a network of any kind) can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware such as TEMPEST.[12]

Social engineering and human error[edit]

A computer system is no more secure than the human responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system administrator and asking for passwords (phishing).

Other kinds of social engineering attacks include many kinds of phone scams. A common phone scam involves an attacker calling a random number and impersonating a credit card company, telling the victim that their information has been compromised. If the victim trusts the caller as an actual representative, the attacker will often glean enough information to achieve identity theft. Another way attackers have been observed gathering information is by asking the victim to download software used to allow remote access to their computer. Once the software has been downloaded and executed, the attacker has total control and access of the victim’s computer.[13]

Scare tactics have also been deployed. The most common form of scare tactic used online are pop-ups that display fake security warnings to computer users in an attempt to coax them to click the window. Clicking may redirect the user to a page with fake versions of popular security software. More complex variations involve applications that prompt the user to provide payment information to purchase fake security software. Doing so will simply make the application stop displaying the prompt. These applications are known as Rogue Security Software.[14]

Denial-of-service attack[edit]

Unlike other exploits, denial of service attacks are Used to render a target system unusable. These types of attack are difficult to prevent, because the behavior of whole networks must constantly be monitored, rather than the behavior of small pieces of code. [15]

Distributed denial of service (DDoS) attacks occur when a large number of compromised hosts (referred to as "zombie computers" or “Smurfs”), are used as part of a botnet. They are then used to flood a target system with network requests, thus rendering it very slow or even unresponsive due to resource exhaustion. Another technique used to exhaust victim resources involves the utilization of an attack amplifier — the attacker gains control of multiple machines via poorly designed networking protocols such as FTP or DNS, using them in a coordinated assault.[16] There are also commonly found vulnerabilities in applications that can be used to make a target application malfunction or crash. This is known as a denial-of-service exploit.[17]

Indirect attacks[edit]

An indirect attack occurs when a third party computer or software connects to and compromises a secure network. Indirect attacks are very difficult to counter or track, and can take many forms. Common variations include the man-in-the-middle attack, carrier/dropper attack[18] , and storm attacks[19] among others. There have also been cases where attackers took advantage of public anonymity systems, such as the tor onion router system, as well as proxy systems such as the tor onion router to mask internet activity.[20]


A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.[21] A rootkit is a specialized backdoor program, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports.[22] Backdoors may also fake information about disk and memory usage.

Direct access attacks[edit]

Common consumer devices that can be used to transfer data surreptitiously.

Someone who has gained access to a computer can install any type of devices to compromise security, including operating system modifications, software worms, key loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or portable devices such as keydrives, digital cameras or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the harddrive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system. Even then, if the attacker has enough time and the correct software, decryption is still a viable option.[23]

See also: Category:Cryptographic attacks

Security measures[edit]

A state of perfect computer security is the conceptual ideal, attained by the use of the three processes:

  1. Prevention
  2. Detection
  3. Response
  • User account access controls and cryptography can protect systems files and data, respectively.[24]
  • Firewalls are by far the most common prevention systems from a network security perspective as they can (if properly configured) shield access to internal network services, and block certain kinds of attacks through packet filtering.[25]
  • Intrusion Detection Systems (IDSs) are designed to detect network attacks in progress and assist in post-attack forensics, while audit trails and logs serve a similar function for individual systems.
  • "Response" is necessarily defined by the assessed security requirements of an individual system and may cover the range from simply disconnecting the Ethernet cable, or an upgrade of protections to notification of legal authorities, counter-attacks, and the like. In some special cases, a complete destruction of the compromised system is favored, as it may happen that not all the compromised resources are detected.

Today, computer security comprises preventive measures, like firewalls, or an Exit Procedure. A firewall can be defined as a way of filtering network data between a host or a network and another network, such as the Internet. It can be implemented as software running on the machine, hooking into the network stack (or, in the case of most UNIX-based operating systems such as Linux, built into the operating system kernel[26]) to provide real time filtering and blocking. Another implementation is a so-called physical firewall which consists of a separate machine filtering network traffic. Firewalls are common among machines that are permanently connected to the Internet.

Reducing vulnerabilities[edit]

Computer code is regarded by some as a form of mathematics. It is theoretically possible to prove the correctness of certain classes of computer programs, though the feasibility of actually achieving this in large-scale practical systems is regarded as small by some with practical experience in the industry — see Bruce Schneier et al.

It's also possible to protect messages in transit (i.e., communications) by means of cryptography. One method of encryption — the one-time pad — is unbreakable when correctly used. This method was used by the Soviet Union during the Cold War, though flaws in their implementation allowed some cryptanalysis (See Venona Project). The method uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message. For transmitted computer encryption this method is difficult to use properly (securely), and highly inconvenient as well. Other methods of encryption, while breakable in theory, are often virtually impossible to directly break by any means publicly known today. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission), or some other extra cryptanalytic information.

Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Even in a highly disciplined environment, such as in military organizations, social engineering attacks can still be difficult to foresee and prevent.

In practice, only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it's usually possible for a determined hacker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. Few attackers would audit applications for vulnerabilities just to attack a single specific system. It is possible to reduce an attacker's chances by keeping systems up to date, using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance.

Difficulty with response[edit]

Responding forcefully to attempted security breaches (in the manner that one would for attempted physical security breaches) is often very difficult.

  • Identifying attackers is difficult, as they are often in a different jurisdiction to the systems they attempt to breach, and operate through proxies, temporary anonymous dial-up accounts, wireless connections, and other identity altering procedures which make back-tracing difficult and are often located in yet another jurisdiction. In a successful breach of security, attackers are able to delete activity logs to cover their tracks.
  • The sheer number of attacks happening at any one moment is so large that organizations cannot spend time pursuing each individual attacker. It is often economically unrealistic to track down an attacker if they have not caused damage resulting in a greater cost than it would be to capture the criminal.

See also[edit]

Lists and categories[edit]

Individual articles[edit]

Notes and references[edit]

  1. ^ Grant, Rebecca. (2013). Old Lessons New Domain.
  2. ^ Symantec. (2010). State of Enterprise Security 2010.
  3. ^ Richardson, R. (2010). 2009 CSI Computer Crime & Security Survey. Computer Security Institute. Computer Security Institute.
  4. ^ Center for Strategic and International Studies. July 2013. The Economic Impact of Cybercrime and Cyber Espionage.
  5. ^
  6. ^ Cashell, B., Jackson, W. D., Jickling, M., & Webel, B. (2004). The Economic Impact of Cyber-Attacks. Congressional Research Service, Government and Finance Division. Washington DC: The Library of Congress.
  7. ^ Krebs, B. (2009, March). Massive Profits Fueling Rogue Antivirus Market. Retrieved 4 10, 2011, from Security Fix - Washington Post:
  8. ^ Symantec. What does exploit mean?.
  9. ^ Microsoft Technet. Common Types of Network Attacks.
  10. ^ Dunham, Griffin. (2002). Carnivore, the FBI's E-mail Surveillance System: Devouring Criminals.
  11. ^
  12. ^ Wim van Eck, Electromagnetic radiation from video display units: An eavesdropping risk?, Computers & Security, Volume 4, Issue 4, December 1985, Pages 269-286, ISSN 0167-4048, (
  13. ^ Landesman, Mary. Your PC is Infected Phone Scam.
  14. ^ Symantec. (2009). Report on Rouge Security Software.
  15. ^ ATLAS net.
  16. ^ US-CERT. DNS Amplification Attack.
  17. ^ U. Ben-Porat, A. Bremler-Barr, H. Levy, "Vulnerability of Network Mechanisms to Sophisticated DDoS Attacks," IEEE Transactions on Computers, vol. 62, no. 5, pp. 1031-1043, May 2013, doi:10.1109/TC.2012.49.
  18. ^
  19. ^
  20. ^ Tim Abbott, Katherine Lai, Michael Lieberman, Eric Price . Browser-Based Attacks on Tor.
  21. ^ Symantec. Backdoor Trojan Viruses.
  22. ^ Colorado University. Rootkit Virus- How to detect and remove.
  23. ^ Microsoft White Papers (2008). Database Encryption in SQL.
  24. ^ Microsoft. User Account Control.
  25. ^ Northwestern University. (2003, Updated 2009).
  26. ^ ArchWiki. Firewalls.

Further reading[edit]

External links[edit]

Lists of currently known unpatched vulnerabilities[edit]

Category:Cryptography Insecurity Category:Cyberwarfare