. 24/7 Space News .
Protecting A World Online

must be cold in this hackers garage
David - Sep 09, 2002
The Internet and computer networks are now an essential part of most people's lives, yet remain exposed to attacks by hackers. Researchers at the University of California, Davis', Computer Security Laboratory are hard at work to protect these vulnerable networks and the functions they provide, from government services and corporate records to e-mail and e-commerce.

Sooner or later, someone will unleash a disabling attack on the Internet, said Karl Levitt, professor of computer science at UC Davis and one of the lab's principal investigators.

"It's a matter of when, not if," Levitt said.

Anticipating that threat, Richard Clarke, President Bush's special adviser on cyberspace security, will launch a national plan Sept. 18 to protect the Internet from malicious attacks. The plan is expected to include recommended steps that home and business users can take to prevent their computers being attacked or used by hackers.

Researchers at the UC Davis laboratory, which is recognized as a Center of Excellence by the National Security Agency, study areas including stopping Internet worms and computer viruses; detecting intruders in networks; and keeping information on the Internet safe and reliable.

Levitt's group recently began a new project, funded by the Defense Advanced Research Projects Agency, to find ways to detect and catch "worms," malicious programs that spread themselves across the Internet. In recent years, worms such as ILOVEYOU, Nimda and Code Red have spread around the world in hours, causing damage estimated at billions of dollars in lost productivity.

A worm is a program that uses networked computers to make copies of itself and spread to other machines. In contrast, a computer virus is a small program that hides itself inside another, legitimate program and is spread when those files are copied. Most so-called computer viruses are actually worms.

Worms mostly crash networks by creating more traffic than systems can cope with, like flooding the freeways with thousands of extra cars during rush hour. Computer scientists call this a "denial of service" attack. Attempts have already been made to launch denial of service attacks against computers run by U.S. companies and government. In August 2002, the FBI issued a warning about such an attack which eventually caused little damage.

However, computer scientists believe that much more dangerous attacks are on the horizon, such as a "flash worm" or "Warhol worm," which could infect a million computers within fifteen minutes.

Potentially, worms can also deliver a "payload" that damages a computer that receives it.

Levitt's research group is looking for ways to automatically detect worms, find out how they work and send warnings and protective software across the Internet.

Worms that spread fast are easy to detect, but hard to stop, Levitt said. In contrast, worms that are designed to spread slowly might be very hard to detect, but should be easy to stop once identified, he said.

To detect worms, you need to look for unusual behavior on the Internet. Typically a worm on one computer will test linked computers for vulnerability and spread to those it can, then test computers linked to that one. That creates a tree-like pattern, starting from the point of infection. But some other programs, for example file-sharing programs such as Napster, can create a similar pattern as they search users' computers for files. Any surveillance system needs to distinguish between traffic patterns caused by malicious and harmless programs.

Once you've spotted a worm, you need to study it. That means grabbing a snapshot of it in the few fractions of a second it takes to run on the infected computer. The worm may mutate -- change its characteristics -- as it spreads, in which case you would need to put together snapshots from different parts of the Web to find common characteristics, Levitt said.

Having found a worm and worked out how to stop it, you need to get that information out across the Internet. A centralized surveillance and warning system, on the lines of the Centers for Disease Control in the real world, probably wouldn't work because it would be a prime target for hackers, Levitt said. Furthermore, the source would have to be trusted by users around the world not to issue false alerts or damaging software.

Matt Bishop, associate professor of computer science, studies how networks can be protected from intruders and how unathorized intruders can be detected. Turning themselves into bad guys, his group uses a small network of computers, isolated from the rest of the Internet, to launch hacking attacks and probe systems for security weaknesses.

Bishop's group has written software for a vulnerability detector, which can be used to check other programs for security loopholes. Both commercially available software programs and custom-written software can contain unsuspected weaknesses that hackers can exploit. Sometimes, the patches issued by software manufacturers to repair security holes cannot be used without extensive testing in case they cause problems with custom-written software, Bishop said.

Bishop's group is also working on methods and tools to test programs for security problems and is maintaining a vulnerabilities database. The work is funded by NASA and the Jet Propulsion Laboratory.

Setting uniform standards for computer security may not be useful, because different users have different needs for openness versus privacy and protection, Bishop said. For example, a university network sets a much higher value on open access than that of a private corporation. It's more appropriate to set a policy on security and allow flexibility in how that is achieved, he said.

Related Links
Computer Security Laboratory at University of California, Davis
SpaceDaily
Search SpaceDaily
Subscribe To SpaceDaily Express

China To Tighten Regulation Of Satellite Networks
Beijing - Sep 06, 2002
China is going to launch soon a nationwide check on unauthorized use of satellite communication networks and ground relay stations, according to the Ministry of Information Industry (MII).

First Test Of 'Net Decoy' System Shows Promise
Mildenhall - Sept 2, 2002
The airmen of the 100th Communications Squadron here hosted the first-ever demonstration of the pioneering "Net Decoy" system, combining two defensive information systems that detect, track and potentially identify cyberspace intruders.

Hacking Up The Truth On The Internet
Hanover - Aug 02, 2002
Why is the stock market fluctuating wildly these days? Is it poor earnings reports? Is it questionable accounting practices or CEO inefficiency? Or do investors trade frantically after they've read something on the Internet? If an investor reads a seemingly authoritative report about a company's performance, he or she might be influenced to buy or sell stock.



Thanks for being here;
We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain.

With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords.

Our news coverage takes time and effort to publish 365 days a year.

If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.
SpaceDaily Contributor
$5 Billed Once


credit card or paypal
SpaceDaily Monthly Supporter
$5 Billed Monthly


paypal only














The content herein, unless otherwise known to be public domain, are Copyright 1995-2016 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement All images and articles appearing on Space Media Network have been edited or digitally altered in some way. Any requests to remove copyright material will be acted upon in a timely and appropriate manner. Any attempt to extort money from Space Media Network will be ignored and reported to Australian Law Enforcement Agencies as a potential case of financial fraud involving the use of a telephonic carriage device or postal service.