COMPUTER SECURITY: Whats the concept? OFF THE WEAK!
Introduction
Just before I start this all off, I'd just like to clarify that I'm definately a weak guy when it comes to Computer Security, and theres definately loads of other people that you would be getting this information off. This is a poker forum though, and alot of poker players probably wont be taking the time to browse Computer Security forums. And probably not "Other Topics" -> "CTH" either. I'm sure there are loads of people who wouldn't ever realise the importance of Computer Security unless it was made a Sticky (like it has been in all the other forums thanks to my constant nagging! got banned a few times for it but atleast I showed Ryan Beal that mods thought it was a worthwhile topic - unlike him clearly) or a Concept of the Week.
Due to the huge sums of money floating around poker players, its imperative that poker players realise how to secure their computers. However while I was promoting to put stickies in all the forums to stress the importance of security, micro FR, being the nits they are, thought it wasn't a worthy enough topic for its own sticky!
Most of what I have learnt about Computer Security has been from asking questions in IRC security channels and twoplustwo threads and a bit of searching here and there.
i) Viruses
This type of attack likely wont cause a harm to your bankroll. Their main purpose is to spread without user knowledge to detroy the systems files. Hopefully if you get an attack, you get this type of attack, coz hopefully you can just clean up your system and get back to grinding again.
Fairly often even the top antiviruses wont be able to find even half arsed malware. To the best of my limited knowledge, alot of them aren't even desgined to do such things. So
dont think because you have an "Antivirus" that ships with your computer, you are safe from malware. You are hugely mistaken. Anyway, here are some of the best freeware antiviruses:
AVAST:
http://www.avast.com/eng/avast_4_home.html
AVG:
http://www.free-av.com/
AVIRA:
http://free.avg.com/
Some googling on antivirus reviews led me to this,
http://www.reviewcentre.com/products2167.html .. I personally use/prefer AVIRA.
ii) Malware
These could potentially get really messy depending on the type of malware and how well it hides. Malware is specifically designed to not give any signs away that the computer has been compromised. Malware technology can be combined with worm technology to form something that can spread on networks without any user action. Imagine the consequences of this if you
have for example a poker computer, and a computer for webbrowsing and other stuff. You wouldn't be safe having them both on the same network.
Malware can do things such as monitor screen activity and record passwords. This can potentially hurt your roll in 2 ways:
- Somebody may use the malware to
grab email/poker account passwords and clean out the account while you are not using it
- Somebody may use the malware to
spy on your hole cards, and cheat on you
If the user has anti-malware software installed, and somebody manages to successfully install malware which can be found by this software (through social engineering, man in the middle attacks, access to the computer without your knowledge), then the person who plants that malware there is probably going to take all the money he can as quickly as possible.. If he doesn't then he may lose his chance at a huge score since his malware could be swept away in the next sistem scan. It would be ludicrously amateurish for a guy to get a crappy dll trojan on a computer and not take 25-30k$ or whatever.since theres NO REASON why he wouldn't expect the sisadmin to wipe malware off very promptly( coz when you install this type of software, you'll see it goes off at set times )
If the user has anti-malware software installed, but the malware is sophisticated enough to evade detection, the attacker may choose a more long term approach to stealing, and just use hole card cheating. He doesn't need to worry about the malware getting killed off in a system scan. Thats not a certainty obviously. If theres loads of money online, whether his malware gets detected or not may not matter to him, and he may just be tempted to take whats there. If a player only has a smallish amount online, he may think its better to slowly skim off the top of the players winnings, instead of going for a small heist.
There is plenty of software out there which will find malware. Here are some of them:
MALWAREBYTES (MBAM): http://www.malwarebytes.org/
SUPERANTISPYWARE : http://www.superantispyware.com/
Good malware/the best malware however cannot be found by this software.
In extreme cases you may just have to format your whole computer. Not that you would even know if that malware was there in the first place. A packet sniffer installed on your router might alert you to suspicious activity if you know how to interpret it
Some of the more nasty malware are hidden by "rootkits".
Since websites are a good place for attackers to place malicious code, you need to make sure you aren't using easily exploitable browsers such as Internet Explorer.
Even if you dont use IE, which you shuoldn't be, still keep it updated (http://www.microsoft.com/windows/Int...ide-sites.aspx
). Use MOZILLA (http://www.mozilla.com/en-US/firefox/) along with NOSCRIPT (https://addons.mozilla.org/en-US/firefox/addon/722).
Exploits in Java are yet another place how malware can find its way onto your system.
Keep Java updated using this link (http://java.com/en/download/). You will have to uninstall other versions first.
Quote:
REMOTE HACKING - you can probably skip this if you plan to follow my plan of telling NOBODY your poker playing IP address explained later - but there is some stuff, namely connecting via a Router, which applies regardless so give it a skim read atleast) (This includes sharing LANs with not neccessarily trustworthy people. Houses in Vegas!! WSOP HU LAN parties!!)This is very important for people who aren't going to take precautions to hide their IP address
Another attack method is the Windows OS itself. It is riddled with remotely exploitable vulnerabilities out of the box, and knowing how people moan about MS, probably after fully patched too (before service packs are installed). Even not so talented hackers who have a clue can hack your computer remotely if you are not fully patched. A firewall is a good bandaid for this, but its better to not have these security vulnerabilities in the first place. Thats why its so important to use WINDOWS UPDATE to make sure your system is fully patched at all times.
Hardening is the act of making an operating system more secure than its default settings even with patches. This is getting outta my knowledge totally, but I'm convinced its important if you are super paranoid, as I believe you should be, I'm in no means an expert, but there are some guides here which I haven't yet done myself so I cant really do much but link you here:
http://social.technet.microsoft.com/...5-76838f2cc1a0
http://www.blackviper.com/Windows_7/servicecfg.htm
Even after that, I'm still more content if I can find a way of further protecting it, maybe from vulnerabilities which have not yet been discovered that are only known by the best hacker circles. Apparently, that'possible by using a hardware firewall/router. The reason why its more secure to have a hardware firewall instead of just directly connecting to the internet is because when you setup a router and connect any number of machines to it, all of those machines get given a private IP address only people on your network can reach. So if somebody sends some malicious stuff from the outside internet, it gets to your router, then it doesn't know where to send it (even if you only have 1 computer on the LAN). So this adds another layer of security, just incase the hardening you have done hasn't done the trick.
If you are going to be using wireless in your house to connect to your router, be careful. I think WPA2 with a STRONG PASSPHRASE is pretty secure, but maybe just use a wire if you want to be safer, but maybe thats just being unneccessarily safe. WPA/WEP encryption is outdated and theres no reason to be using it.
So far we have been talking about the pitfalls of Windows and how routers/hardening/keeping up to date can help with its security. But its still important to realise the router itself has its own operating system. Alot of routers out of the box firmware is known to be insecure, not properly/reguarlary patched. This router is going to be the thing which touches the internet so its very important the OS itself on the router is secure. How do we ensure this? Instead of using out of the box firmware and updates, I recommend using 3rd party router firmware. There are a few 3rd party router firmwares.
The major players are DD-WRT, Tomato, and OpenWRT. I would stay away from DD-WRT, there have been security vulnerabilities with it in the past, and when people showed the exploit code to the programming team, DD-WRT didn't even understand it. It shows imo that the DD-WRT firmware team doesn't understand security well.
I've heard a few people mention that Tomato relies on alot of precompiled binaries which are more prone to exploits, I'm not sure how true this is, but open-wrt on the other hand is totally open source, and afaik has never had a single remote vulnerability. Unlike Tomato/DD-WRT. OpenWRT might be a little more troublesome to install though. they have a great support channel though #openwrt on the FreeNode network.
TOMATO - http://www.polarcloud.com/tomato
OPENWRT - http://www.openwrt.org
I haven't read into this too much, but try and find a way if possible of confusing nmap -O scans. This is how a hacker would determine what operating system the router is running. If he can determine that he can start throwing hacks that are specially made for that operating system. Him not knowing what your router operating system is helps him keep in the dark on how to attack you in the first place. I'm almost certain confusing "nmap -O" scans is possible, but I haven't yet figured out how.
But how else can malware get on your system? What if you are being targetted since people know behind your IP address that you broadcast all over Skype, MSN transfers, 2+2.com connections, HoldemManager online validiaton etc, is a poker player worth exploiting? One method is what a hacker might use if he were to succesfully hack your router. It is based upon a type of attack where the hacker will try and redirect your traffic to somewhere malicious; known as the MAN IN THE MIDDLE ATTACK.
If he can read the packets that are flowing through your network, whether thats through sniffing a badly encrypted wireless network, or being a trustworthy person on your wired network, a person who knows what they are doing can redirect your network traffic to anywhere he sees fit. So you think your going to www.google.com but it actually pops you past www.eliterootkit.com on the way. None of your malware detectors find it, and your owned!
All a hacker has to do is get somewhere between you and the destination of your packets. One of these places is your router. Another one of these places is anywhere on your LAN. SO DONT TRUST PEOPLE ON YOUR LAN, THAT INCLUDES HOUSES IN VEGAS WITH 2+2'ERS YOU DONT KNOW TOO WELL.
There is still the possiblity of having your router hacked. Who knows what remote vulnerabilities will become known in the future. So make sure you keep up to date on your firmware upgrades too. If possible DONT JUST RELY ON NAT to do your protection, setup actual firewall rules. A good place to ask for help on this is #iptables on the FREENODE irc network. All 3rd party router firmwares use the iptables firewall.
Lets say worst comes to worst and somebody does hack your router, he can perform MITM attacks. So how do you take account for these possible MITM attacks, and stop them from being possible? One way is to use something called a VPN (Virtual Private Network). You can get very affordable VPN solutions online, or setup your own VPN, which will encrypt all the traffic from your computer to the outside world. That way if somebody does manage to hack the router, or get onto your LAN through being in a trustworthy position, they wont be able to read any of the packets, and therefore wont be able to tamper with any of them to redirect you somewhere else malicious when you think you are just going to www.google.com. The MITM attack is dependant on the attacker being able to read the packets.
Another thing to do is ALSO use a firewall on your windows computer, just incase somebody does hack the router and then try and hack your windows computer from there. That way you have another line of defense. There is also something called SNORT which is a very advanced Intrusion Detection System (IDS). It has rulesets for dealing with emerging threats and also lots of known exploits. It scans the "packets" that come into your computer to make sure they dont have any resemebelence to anything malicious, and if it does, it drops those packets.
If you do plan to get this secure about things, there is a software package called UNTANGLE (www.untangle.com) which acts a frontend for your VPN client, your IDS and whatever other stuff you may end up using.
|
Hopefully by now I got you pretty worried about malware. BUT;
YOU STILL NEED TO MAINTAIN PHYSICAL SECURITY; Just because you have some software to catch viruses/malware, doesn't mean people wont be around waiting for you to pop to the kitchen so they can stick a rootkit on your machine. If they know what they are doing you wont find it. Even if they dont have access to firmware rootkits. There are plenty of readily availible rootkits which cant be found with software afaik. Thats why I recommend having different computers for work/play.
Rootkits have taken a huge dive forward in advancement in the last few years, and there is cutting edge technology which allows rootkits/malware to remain on your computer even after you have totally formatted the harddrve. I know this is scary. They are known as PCI Rootkits, and the rootkit resides on the firmware of PCI cards or the BIOS. I know it seems somewhat unbelievable since this stuff hasn't been seen in the wild before, but I'm working on creating a demonstration of this. I have had a firmware rootkit put on my machine. The only way to find them I can think of is to have all that computers traffic go through one box with a packet sniffer. I have machines which when fully formatted and not connected to any infected network are still sending malicious traffic somewhere. I will make a video of this soon, and I'm sure its gonna cause a huge stir in the poker world and rightfully scare the **** out of alot of people.
Here is the link to a demonstration of a firmware rootkit on one my machines: <XXX COMING SOON XXXX>
Even though these effect firmware, a software program can do it. Meaning if somebody can hack your computer remotely through any one of these attack vectors.
- Social engineering to get you to run something dodgy like a exploited pdf in adobe
- malicious websites
- targetting ip address attacks
- OS bugs
then that remote software exploit can change firmware.
iii) Denial of Service
Wont spend too much time on this, but its basically where somebody has the intention of denying you of your internet service. They either use vulnerabilties in how the internet works, or just by sending shear mass amounts of data to your "IP Address" (your unique identifier on the internet), in order to get you disconnected. Imagine somebody knew your IP address, through speaking you on Skype for example, and then they are playing a big pot with you. They could launch an attack on your IP address, hoping you time out.
As mentioned before I'm not really an expert on computer Security at all, I'm mainly just writing this thread so that something gets mentioned in Micro FR about Computer Security
AFAIK, there isn't really much you can do about people sending massive amounts of data to your connection in order to disconnect you.
The best you can do is hide your IP address. I'll talk more about doing this later. FYI, anytime any website you go to will have your IP address. It is the first thing a hacker needs if he wants to remotely hack into your computer, without you running any malicious stuff client side.
iv) Password Security
- Use strong unguessable passwords. Combination of uppercase/lowercase/numbers atleast 10letters IMO
- Create a poker only email account so you dont get people trying to hack your normal email account (maybe with an easily answerable secret question that shouldn't be there in the first place) which eventually leads to your poker account access
- Keepass password tool is something which creates an encrypted database of all your passwords incase you forget them. Handy for lots of reasons apparently I haven't looked into it myself.
www.keepass.info
v) Use decent software and keep them updated.
- Sourceforge (
http://www.sourceforge.net) has a bunch of decent opensource stuff for all sorts of things. No need to use things like Adobe which is riddled with exploits.
- Osalt helps recommend an open source alterative for a software you mgiht already have (
http://www.osalt.com)
- Keep your software updated by using something like
http://secunia.com/vulnerability_scanning/personal/ SECUNIA PSI
KEEPING ANONYMOUS ONLINE AND NOT REVEALING YOUR IP ADDRESS
- I STILL THINK ITS IMPERATIVE TO GET A ROUTER FOR YOUR INTERNET CONNECTION REGARDLESS
-If somebody wants to hack you, they need something called your IP Address (which is your unique internet identifier), which is
how people will attempt to send you malicious things if they aren't telling you on MSN/AIM to go to "www.gotomyvirus.com" or something a little more subtle than that.
Alot of the remote hacking section is very important if you are in a situation where somebody can find out your IP Address. Whether thats your Local Area Network IP Address (which cant be accessed from the outside world - just by other people on the LAN), or your external WideAN IP Address.
Think of it like this, if you are a poker player and you are advertising your IP address, you are more or less advertising You are a walking safe, begging to be cracked. Do you really wanna play that game of making sure you are secure enough to not get hacked, or would you rather just avoid the situation in the first place?
So who would know your IP Address? Any place you visit on the internet will get your IP Address, if you aren't making any effort to route it through somewhere else so nobody can see your true IP. Seeing as poker players are walking safes, who would know you are a poker player?
-
People you know, people on MSN/AIM/SKYPE. Some of these chat messaging programs send directly to the other persons IP Address.
I know Skype does. AFAIK MSN goes through the central microsoft server so anybody you are speaking to on MSN wont be able to get your IP address. Do some research on whatever messaging systems you are using with friends to make sure you are not advertising your poker playing connection's IP address. Even if it is the routers IP address, it still opens up an element of risk. A risk which isn't neccessary imo.
-
Websites that you visit that know you are a poker player. twoplustwo.com, deucescracked.com, cardrunners.com, holdem manager validiation when loading. You see where I'm going I hope. Do you realllly trust twoplustwo.com to not sell the database of IP addresses connecting to their webservers to some talented hackers at some point? I remember asking the mods who has acccess to that sort of information and they refused to answer. I'm gonna take a wild guess and say mods do. Ill let you make up your own minds on whether you want to let mods have that sort of information on you. Holdem Manager is a tough one, coz afaik you cant use it unless you are connected to the internet? Not much you can do to get away from that either, unless you do what I recommend later.
- It completely amazes me that the
MSNL irc channel is on the EFnet server. The amount of people that are revealing their IP address there is ridiculous. When I mention it in the channel I get banned instantly, I'm not gonna go into why I think thats the case! I'm sure yo uknow what im thinking. Anyway, EFnet isn't nearly as populated as the FreeNode network. They have wayyyy more active support channels, aswell as channels for a whole load of interests.
Freenode also have the option of
hiding the IP address you connect to the IRC server with, an option which EFnet does not. You can also
register a nickname to stop people pretending to be other people which might be important for poker players. I am proposing that the MSNL irc channel is changed to Freenode. The MSNL FAQ points to EFNET #msnl , that should be changed and everybody should migrate. Why put those people at risk. People who care enough about doing a 20second thing to hide their IP addresses on the IRC server can do. Those who dont care dont have to do anything.
Atleast it gives people that OPTION though.
- If you are using a
3g wireless provider i am fairly certain people can sniff your IP address even if behind a NAT. I haven't yet figured out how they might do that, but I have reason to believe they can. I think the 3g encryption is pretty good, but alot of providers run on GPRS before it picks up a 3g signal. Apparently GPRS is alot easier to carry out MITM attacks on. So be very weary of using a 3g wireless provider. I'm stuck in a position right now where i HAVE to use a 3g wireless provider. I would like to know how somebody would attack my internal NAT ip. Maybe scanning the subnet for open ports or something I dunno. Any tips on securing this connection would be nice. I'm thinking of just getting 2 routers for it. One for the 3g sim card, and then another one which hasn't got a stock firmware which is probably insecure.
- Any website you go to. You may accidently go to some dodgy site which might try taking advantage of OS vulnerabilties and turn you into a standard botnet drone. This might not be as damaging to your roll as malware, but it should still be avoided if possible.
These mass attacks from porn sites are mainly going to be targetting windows, so connecting through a router should stop most of those.
If you want to keep your IP address secret from everywhere, one possible thing you could do is use a
VPN. There are commercial services which give you a server to route ALL your traffic through. This will get past the holdem manager limitation of needing internet access to. That way you dont have to trust Holdem Manager with your IP Address information.
These can be
problematic to setup though for the novice (like me). You could just trust Holdem manager with your IP address if you really wanted, and be realllly careful with everything else I guess. No skype, no twoplustwo.com/training sites / file transfers even legit ones coz that will advertise your IP .
For all that stuff using one of the many free web proxies like http://anonymouse.org/anonwww.html
References
Freenode IRC Channel: #security , #remote-exploit , #openwrt , #openvpn , #windows7
#networking #iptables iptables is a firewall configuration channel
Twoplustwo threads:
http://forumserver.twoplustwo.com/48...osting-321637/
http://forumserver.twoplustwo.com/48...videos-659775/ (took quite a bit of credit from here - the number of views was nowhere near the number of thread views - i thought it might be because nobody is bothered to sit through over an hour of videos or whatever. now they can skim through the important parts)
HSNL sticky on computer security:
http://forumserver.twoplustwo.com/19...mputer-623925/
All the sites quoted in the article. This was a little more rushed than I would have liked. I wanted to get the firmware rootkit demonstration done, since that is really ground breaking stuff for the poker world. I will get that up shortly. Im really bad at computers and dont really know what im talking about. Alot of the technical stuff is just stuff I've copied from IRC channels and websites. Atleast something is in Micro FR about security which hopefully lots will read though. Feel free to spot any errors/gaps
Thanks for reading that ramble
SN
Two Plus Two
Linear Mode
