Backdoor (computing)

Overview

The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Petersen and Turn discussed computer subversion in a paper published in the proceedings of the 1967 AFIPS Conference.^[1] They noted a class of active infiltration attacks that use "trapdoor" entry points into the system to bypass security facilities and permit direct access to data. The use of the word trapdoor here clearly coincides with more recent definitions of a backdoor. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning. More generally, such security breaches were discussed at length in a RAND Corporation task force report published under ARPA sponsorship by J.P. Anderson and D.J. Edwards in 1970.^[2]
A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. A famous example of this sort of backdoor was as a plot device in the 1983 film WarGames, in which the architect of the "WOPR" computer system had inserted a hardcoded password (his dead son's name) which gave the user access to the system, and to undocumented parts of the system (in particular, a video game–like simulation mode and direct interaction with the artificial intelligence).
An attempt to plant a backdoor in the Linux kernel, exposed in November 2003, showed how subtle such a code change can be.^[3] In this case, a two-line change appeared to be a typographical error, but actually gave the caller to the sys_wait4 function root access to the system.^[4]
Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission.
It is also possible to create a backdoor without modifying the source code of a program, or even modifying it after compilation. This can be done by rewriting the compiler so that it recognizes code during compilation that triggers inclusion of a backdoor in the compiled output. When the compromised compiler finds such code, it compiles it as normal, but also inserts a backdoor (perhaps a password recognition routine). So, when the user provides that input, he gains access to some (likely undocumented) aspect of program operation. This attack was first outlined by Ken Thompson in his famous paper Reflections on Trusting Trust (see below).
Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running insecure versions of Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures — and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.
A traditional backdoor is a symmetric backdoor: anyone that finds the backdoor can in turn use it. The notion of an asymmetric backdoor was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology: Crypto '96. An asymmetric backdoor can only be used by the attacker who plants it, even if the full implementation of the backdoor becomes public (e.g., via publishing, being discovered and disclosed by reverse engineering, etc.). Also, it is computationally intractable to detect the presence of an asymmetric backdoor under black-box queries. This class of attacks have been termed kleptography; they can be carried out in software, hardware (for example, smartcards), or a combination of the two. The theory of asymmetric backdoors is part of a larger field now called cryptovirology.
There exists an experimental asymmetric backdoor in RSA key generation. This OpenSSL RSA backdoor was designed by Young and Yung, utilizes a twisted pair of elliptic curves, and has been made available.

[edit] Reflections on Trusting Trust

Ken Thompson's Reflections on Trusting Trust^[5] was the first major paper to describe black box backdoor issues, and points out that trust is relative. It described a very clever backdoor mechanism based upon the fact that people only review source (human-written) code, and not compiled machine code. A program called a compiler is used to create the second from the first, and the compiler is usually trusted to do an honest job.
Thompson's paper described a modified version of the Unix C compiler that would:

• Put an invisible backdoor in the Unix login command when it noticed that the login program was being compiled, and as a twist
• Also add this feature undetectably to future compiler versions upon their compilation as well.

Because the compiler itself was a compiled program, users would be extremely unlikely to notice the machine code instructions that performed these tasks. (Because of the second task, the compiler's source code would appear "clean".) What's worse, in Thompson's proof of concept implementation, the subverted compiler also subverted the analysis program (the disassembler), so that anyone who examined the binaries in the usual way would not actually see the real code that was running, but something else instead. This version was, officially, never released into the wild. It is believed, however, that a version was distributed to BBN and at least one use of the backdoor was recorded.^[6]
This attack was recently (August 2009) discovered by Sophos labs: The W32/Induc-A virus infected the program compiler for Delphi, a Windows programming language. The virus introduced its own code to the compilation of new Delphi programs, allowing it to infect and propagate to many systems, without the knowledge of the software programmer. An attack that propagates by building its own Trojan Horse can be especially hard to discover. It is believed that the Induc-A virus had been propagating for at least a year before it was discovered.^[7]
Once a system has been compromised with a backdoor or Trojan horse, such as the Trusting Trust compiler, it is very hard for the "rightful" user to regain control of the system. However, several practical weaknesses in the Trusting Trust scheme have been suggested. For example, a sufficiently motivated user could painstakingly review the machine code of the untrusted compiler before using it. As mentioned above, there are ways to hide the trojan horse, such as subverting the disassembler; but there are ways to counter that defense, too, such as writing your own disassembler from scratch, so the infected compiler won't recognize it. However, such proposals are generally impractical. If a user had a serious concern that the compiler was compromised, they would be better off avoiding using it altogether rather than reviewing the binary in detail using only tools that have been verified to be untainted. A user that did not have serious concerns that the compiler was compromised could not be practically expected to undertake the vast amount of work required.
David A. Wheeler has proposed a counter to this attack using an approach he calls "diverse double-compiling", which uses techniques adapted from compiler bootstrapping. This involves re-compiling the source of the compiler through another independently-written and generated "trusted" compiler, and then using the binary generated from this to recompile the original compiler again, and then comparing the binary generated from this second compilation with that generated from using the original compiler to recompile itself directly.^[8]

Bifrost (trojan horse)

Bifrost is a backdoor trojan horse family of more than 10 variants which can infect Windows 95 through Vista. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses client, to execute arbitrary code on the compromised machine (which runs the server whose behavior can be controlled by the server editor).
The server component (29,053 bytes) is dropped to C:\Program Files\Bifrost\server.exe with default settings and, when running, connects to a predefined IP address on TCP port 81, awaiting commands from the remote user who uses the client component. It can be assumed that once all three components are operational, the remote user can execute arbitrary code at will on the compromised machine. The servers components can also be dropped to C:\Windows and file attributes changed to "Read Only" and "Hidden". Casual users may not see the directories by default due to the "hidden" attributes set on the directory. Some anti-virus (example AVG - 17th Feb 2010) seems to miss the file.
The server builder component has the following capabilities:

• Create the server component
• Change the server component's port number and/or IP address
• Change the server component's executable name
• Change the name of the Windows registry startup entry
• Include rootkit to hide server process
• Include extensions to add features (adds 22,759 bytes to server)
• Use persistence (makes the server harder to remove from the infected system)

The client component has the following capabilities:

• Process Manager (Browse or kill running processes)
• File manager (Browse, upload, download, or delete files)
• Window Manager (Browse, close, maximize/minimize, or rename windows)
• Get system information
• Extract passwords from machine
• Keystroke logging
• Screen capture
• Webcam capture
• Desktop logoff, reboot or shutdown
• Registry editor
• Remote shell

Connexion sécurisée grâce à SSH

SSH ou bien Secure Shell est à la fois un programme

informatique et un protocole de communication

sécurisé. Le protocole de connexion

impose un échange de clés de chiffrement en début de

connexion. Par la suite toutes les trames sont chiffrées.

Il devient donc impossible d'utiliser un sniffer tel que Wireshark

pour voir ce que fait l'utilisateur via les données

qu’il reçoit ou envoi. Le protocole SSH a initialement

été conçu avec l'objectif de remplacer les différents programmes

rlogin, telnet et rsh qui ont la fâcheuse tendance

de faire passer en clair l’ensemble des données

d’un utilisateur vers un serveur et inversement, permettant

à une personne tierce de récupérer les couples de

login/mot de passe, les données bancaire etc.

Le protocole SSH existe en deux versions: la version

1.0 et la version 2.0. La version 1.0 souffrait de

failles de sécurité et fut donc rapidement rendue obsolète

avec l’apparition de la version 2.0. La version

2 est largement utilisée à travers le monde par une

grande majorité des entreprises. Cette version a réglé

les problèmes de sécurité liée à la version 1.0 tout

en rajoutant de nouvelles fonctionnalités telles qu’un

protocole de transfert de fichiers complet. La version

1.0 de SSH a été conçue par Tatu Ylönen, à Espoo,

en Finlande en 1995. Il a créé le premier programme

utilisant ce protocole et a ensuite ouvert une société,

SSH Communications Security pour exploiter cette innovation.

Cette première version utilisait certains logiciels

libres comme la bibliothèque Gnu libgmp, mais

au fil du temps ces logiciels ont été remplacés par des

logiciels propriétaires. SSH Communications Security

a vendu sa licence SSH à F-Secure.

Quand les Hackers rencontrent les « pirates » ...

Le fameux site de partage de fichiers a été victime
d’un groupe de chercheurs argentins, sous la direction
de Ch Russo. Ils ont réussi à accéder à l’interface
d’administration du site grâce à de nombreuses vulnérabilités
telles que des SQL Injection, ..
Dès lors, ils ont pu avoir accès à la base de données,
qui recensait près de 4 millions d’utilisateurs. 4 millions
d’utilisateurs représentent un nombre très important,
surtout pour l’une des plates-formes les plus connues et
les plus médiatisées, vu le nombre de procès auxquels
ses dirigeants ont dû faire face. Ces informations sont
une véritable mine d’or pour les personnes cherchant à
mettre la main sur les utilisateurs pratiquant le téléchargement.
Les chercheurs argentins pouvaient réaliser de
nombreuses interactions comme, par exemple, créer /
supprimer / modifier / ou encore, voir les informations
sur les utilisateurs, incluant tous leurs torrents …
Russo a expliqué dans un communiqué que lui et ses
associés n’ont ni altéré ni supprimé une quelconque information
dans la base de données.
Parallèlement, il a assuré qu’il ne vendrait aucune information
récupérée lors de cette intrusion. Il souhaitait
seulement démontrer que les informations des membres
n’étaient pas bien protégées et qu’il était tout à fait
possible de les récupérer. Heureusement, ces informations
ne soient pas tombées dans de mauvaises mains,
ce qui aurait provoqué un incident majeur sur toute cette
communauté.

Cracking de password, une nouvelle découverte surprenante !

Les chercheurs Nate Lawson et Taylor Nelson prétendent

avoir découvert une faille de sécurité qui affecte de

nombreux systèmes d’authentification tels que Oauth

ou encore OpenID. Ces systèmes sont très fortement

utilisés sur des sites tels que Twitter, …

Les cryptographes sont informés des attaques dites

« temporelles » depuis de nombreuses années mais

n’ont jamais pris la menace très au sérieux car elle

semblait trop difficile à mettre en place sur un réseau

(problèmes de latence, etc.. ) puisque cette attaque est

fondée sur le temps.

L’article présente un cas intéressant : certains

systèmes vérifient que le login / password correspond à

chaque nouvelle insertion de caractère.

Dès lors, les chercheurs en arrivent à la conclusion

qu’un mauvais essai de login arrive plus vite qu’un login

où le premier caractère du login est bon. (Le système

renvoie un mauvais login dès qu’il détecte un mauvais

caractère).

Grâce à ce facteur de « temps », il est possible de deviner

un mot de passe et ainsi contourner les systèmes

d’authentification.

Nate et Taylor souhaitent discuter de ces attaques à

la Black Hat conférence qui se tiendra fin août à Las Vegas.

D’autres articles ou documentations nous en diront

certainement plus sur l’exploitation d’attaque de type

« temporelle ».

News rédigés par Paul AMAR.

20 heurs pour un jours de ramadhan

ـ20 ساعة من الصيام.. بفرضها نهار دائرة القطب الشمالي

حبوب لمنع الجوع والعطش في رمضان

بسم الله الرحمن الرحيم

 

 

سمعت عن هذه الحبة وعملت بحث في الانترنت عنها فوجدت عنها المعلومات التالية ويعقب ذلك حكم استعمالها من موقع الاسلام سؤال وجواب فأحببت مشاركتكم الفائدة



مقال يعرف بالحبة


(يعاني الكثيرون من كبار السن والاطفال ومرضى السكر والكلى وفقر الدم من الصيام، وخصوصاً عندما يصادف شهر الصوم في فصل الصيف ويضطر البعض مرغماً على الإفطار لعدم قدرته على اداء الفريضة عملاً بقوله تعالى «إن الله لا يكلف نفساً إلا وسعها» والعذر للمريض والمسافر....
وهذا ما دفع الأخوة في شركة برلنتي لتصنيع حبة رمضان التي تساعد الأصحاء والمرضى على السيطرة على مصاعب الصيام وتسهل لهم تأدية الفريضة بسهولة.

تحتوي الحبة على خلطة طبيعية من المواد والفيتامينات الحلال التي تساعد الجسم على تحمل الجوع والعطش بل وتساعد المخ على إعطاء أوامره للجسم ليبحث عن الغذاء في الشحوم والدهون الزائدة في الجسم عوضاً عن المعدة الخاوية. فما هي تلك المواد والعناصر؟
تحتوي الحبة على فيتامين B1 الذي يساعد على تسهيل عملية الهضم ويساعد مرضى الكلى إضافة لعمله كمضاد للإكتئاب، كما تحتوي الحبة على فيتامين B2 وهو العامل الفعال في تحويل الكربوهيدرات في الجسم الى طاقة ويساهم بشكل فعال في تقوية وحفظ الرؤية ويعطي الجلد صحة وحيوية طبيعية.
اما الفيتامين B12 الضروري جداً للجسم فهو يساعد الجسم على تصنيع كريات الدم الحمراء ويساهم في تقوية العظام والجهاز العصبي اضافة لمحافظته على الخريطة الوراثية في الجسم او ما يعرف بـ DNA/RNA .
واخر افراد عائلة الفيتامين هي فيتامين B6 الذي يخفض نسبة السكر في الدم ويقوي الجهاز المناعي ويقوم بتحويل مسار التغذية من المعدة والامعاء الى الأماكن التي تخزن الشحوم والدهون في البدن... ويساعد الفيتامين ب على تحرير الطاقة الكامنة في الجسم ويخفض نسبة الكوليسترول الضار في الجسم.
أما الأغذية الاخرى فهي بروتين الأرزالغني بالحديد والبوتاسيوم والفوسفور وفيتامين B1 وخلاصة والشاي الأخضر المعروف بأهميته وكمضاد للاكسدة ويساهم في خفض الوزن والدهون والكوليسترول.
(الغوارانا) وهي فاكهة استوائية تعطي الجسم القوة والطاقة وتساعد على حرق الشحوم اضافة الى عصارة المتة وجوز الكولا والبي كومبليكس.
إن نظرة واحدة الى مكونات الحبة كفيلة بأن تقنع الجميع بأنها الوسيلة المثلى لمساعدة الكبار والمرضى والاطفال على تخطي مصاعب الصيام وهي ايضاً بديل رائع عن الحبوب والادوية والحمية القاسية لدى الرجال والنساء الذين يرغبون بتخفيف اوزانهن ناهيك عن كونها مركب غذائي غني بالفيتامينات وبطعم الشوكولا البلجيكية اللذيذة.