7/30/2019 Chapter 12 Reporting Security Problems
1/26
Reporting Security Problems
Chapter
12
7/30/2019 Chapter 12 Reporting Security Problems
2/26
How do you know you had been hacked /
compromised?
Unrecognized IP addresses
Suspicious traffics
Unknown users
Abnormal traffics or logging patterns
Unethical words or pictures at the webpage
Unstable network / server / system
7/30/2019 Chapter 12 Reporting Security Problems
3/26
Introduction
If you found a security problems, you must decidewhether to fix your systems and move on, or you can tryto report findings to the vendor, or the computer
security community, or the public, or the press. Whom to inform first ?
When to inform ?
How much information to report ?
7/30/2019 Chapter 12 Reporting Security Problems
4/26
Who to report security problems ?
Deciding whom to contact depends on : the number ofpeople affected by the security problems, its severity, orwhether you can supply a workaround yourself or if thevendor must produce a patch.
So, you need to determine : what group of people andhow many of them are affected by the security problems.
7/30/2019 Chapter 12 Reporting Security Problems
5/26
Who to report security problems ?
If the problem only affects a small group of people, sono need to inform the public. Example : a vulnerablewebsite web site found, so you only need to informthe webmaster and to the forum of the website.
If the website is widely used such as Yahoo, you needto inform the webmaster and the public.
If the problems affects a large group of people, youshould inform the product or service vendors, and
also the public.
7/30/2019 Chapter 12 Reporting Security Problems
6/26
Who to report security problems ?
Figure 1 : Whom to contact about security problems?
Least PeopleAffected
Most PeopleAffected
Most Severe
Least Severe
The media
Security organizations
Forums
Vendor
7/30/2019 Chapter 12 Reporting Security Problems
7/26
Reporting Security Problems to Vendor
When reporting security problems to vendors,include as much information as possible :
1) what platform you run 2) your hardware configuration 3) the date and time you found the problem 4) other software you may have installed 5) What you were doing when you found the
problem
6) Version numbers 7) A way for the vendors to contact you
7/30/2019 Chapter 12 Reporting Security Problems
8/26
Reporting Security Problems to Vendor
You need to make sure youve not found an alreadyknown security problem by checking the vendorsknowledge base, bug reporting system, securityadvisories, and freely available vulnerability databases,such as Common Vulnerabilities and Exposures (CVE)
: http://cve.mitre.org, and SecurityFocus.comVulnerability Databases : www.securityfocus.com/bid. Dont set your expectations too high regarding how
long it will take a vendor to produce a fix. The largerthe company, the slower it can be.
http://cve.mitre.org/http://www.securityfocus.com/bidhttp://www.securityfocus.com/bidhttp://cve.mitre.org/7/30/2019 Chapter 12 Reporting Security Problems
9/26
Reporting Security Problems to Forum
You can send your report to the Bugtraq mailing listat [email protected].
The purpose of Bugtraq : involve the distribution anddiscussion of computer security problems for any
platforms or application. CERTis an organization that collects security
incident information and puts out security advisoriesthat are read by large number of internet users.
Or you can email to cert : [email protected]
mailto:[email protected]:[email protected]:[email protected]:[email protected]7/30/2019 Chapter 12 Reporting Security Problems
10/26
Reporting Security Problems to Security
Organization
Example of Security Organization : MyCERTForensic Team.
There are 5 ways to report an incident to MyCERT:
online reporting, fax, email, sms, and phone(603 -89926969).
When you report an incident, please provideadequate information on the nature of the incident
and the timestamp in which include your localtimezone. This is important to avoid unnecessarydelay.
7/30/2019 Chapter 12 Reporting Security Problems
11/26
Reporting Security Problems to Security
Organization
7/30/2019 Chapter 12 Reporting Security Problems
12/26
Reporting Security Problems to Security
Organization
Print and fax it to MyCERT at 603-89453442 [Click Here For Printed Version] General Information
1 Incident number (to be assigned by MyCERT).................:2 Reporting site information
2.1 Name of Organization... ........... ................ .................... ...:2.2 Name of Domain (e.g., mycert.mimos.my).......................:
Contact Information1 Your contact information
1.1 Name..........................................................................:1.2 E-mail address.. ................... .................... .................. ..:1.3 Telephone number...... .................... .................. ..........:1.4 FAX number...... ................... .................. ....................:
Incident Categories1 Please indicate the incident catagories
1.1 Nework Abuse1.1.1 Intrusion......................................................:
1.1.2 Destruction.................................................:1.1.3 Denial of service attack..............................:1.1.4 Hack Threat..... ................ .................... .......:1.1.5 Probe/Scan.................................................:1.1.6 Spoofing.....................................................:
1.2 Email Abuse (please provide the full header)1.1.1 Mailbomb...................................................:1.1.2 Virus...........................................................:1.1.3 Email Forgery..... ........... ................... ..........:1.1.4 Harrassment................................................:1.1.5 Spamming...................................................:1.1.6 Others........... ...................... (please specify) :
Detail description of the incident1 Please complete in as much detail as possible
1.1 Suspected date and time of attack.............................:1.2 Suspected method of intrusion (e.g., name of virus,
name of exploit script, etc.).....................................:1.3 How you discovered the incident... ................. ...........:
1.4 The source of the attack (if known)............................:1.5 Steps taken to address the incident (e.g.,binaries reinstalled, patches applied)........................:
1.6 Planned steps to address the incident (if any)............:2 Please append any log information or directory listings
and time zone information relative to GMT to the end ofthis document...................................................................:
Other information1 What assistance would you like from MyCERT...............:2 Would you allow MyCERT to reveal your contact info...:3 Any additional information.............. .................... ..............:
Source :http://www.niser.org.my/reports.html
Report by Fax
http://www.niser.org.my/reports/printed_fax.htmlhttp://www.niser.org.my/reports/printed_fax.html7/30/2019 Chapter 12 Reporting Security Problems
13/26
LAW
Citing Sources
If you incorporate somebody else's materials or ideas inyour own research, you must acknowledge the originalauthor or creator. Failure to provide citations to the sourcematerial is an unethical practice called plagiarism.
7/30/2019 Chapter 12 Reporting Security Problems
14/26
LAW
Full citations must be provided for all types of
sources including books, articles, government
documents, interviews, Internet sources, softwareand other nonprint material (videos, graphics, sound
recordings, etc.)
7/30/2019 Chapter 12 Reporting Security Problems
15/26
LAW
Citing Web and Other Electronic Information Information taken from the Web must also be
acknowledged. A Web citation should include an author (ifavailable), the title of the Web page, title of the complete work(if applicable), date created (if available), the complete URL, anddate visited.
7/30/2019 Chapter 12 Reporting Security Problems
16/26
Cybercrime in Malaysia
The following are some examples of common news items concerningcybercrime that appeared in Malaysian newspapers:
Hackers targeting the government websites - the Social SecurityOrganization (Socso) by posting an image of a covered skull on its site at:http://www.perkeso.gov.my (26th June 2001).
Sixty government websites have been hacked between February 1, 1999
and April 3 this year, with a total of 89 actual hacking incidents takingplace. Dec 29, 2001: A hacker intrusion on the Malaysian Parliaments website
has reportedly generated criticism from some officials who claim thegovernment has taken a slapdash approach to internet security.
22nd August 2000: A hacker is believed to have tried to dupe internet
users into giving away their private financial information by posing as anonline executive at Maybank Bhd.
http://www2.unescobkk.org/elib/publications/ethic_in_asia_pacific
/239_325ETHICS.PDF
7/30/2019 Chapter 12 Reporting Security Problems
17/26
Cyberlaw in Malaysia
Malaysia government has come up with lots of securitymeasures to increase the ethical culture to all ICT userswith the cooperation of the private sectors.
Below are some underline laws and policies Malaysia has
adopted to prevent malicious activities:
7/30/2019 Chapter 12 Reporting Security Problems
18/26
Cyberlaw in Malaysia
Malaysian Government has already approved and passedits own set of cyberlaws:
Digital Signature Act 1997
Computer Crimes Act 1997
Telemedicine Act 1997 Communications and Multimedia Act 1998
7/30/2019 Chapter 12 Reporting Security Problems
19/26
Cyberlaw in Malaysia
Communications and Multimedia Act 1998 (CMA)
To ensure information security and network reliability and integrity, underthe CMA, the Commission is entrusted to ensure information security andthe reliability and integrity of the network.
MCMC is a statutory body established under the MalaysianCommunications and Multimedia Commission Act 1998 to regulate andnurture the communications and multimedia industry in Malaysia inaccordance with the national policy objectives set out in theCommunications and Multimedia Act 1998 (CMA).
MCMC is also the Controller for the Certification Authorities under theDigital Signature Act 1998.
7/30/2019 Chapter 12 Reporting Security Problems
20/26
Cyberlaw in Malaysia
Computer Crimes Act 1997 (CCA) This Act serves to ensure that misuse of computers is
an offence. Under the Computer Crimes Act 1997,acts such as unauthorized access to computer
material with intent to commit or facilitate thecommission of a further offence, unauthorizedmodification of contents of any computer and/orwrongful communications, abetment and presumptionare addressed.
The Computer Crimes Act was brought into force on1 June 2000
7/30/2019 Chapter 12 Reporting Security Problems
21/26
Law in Malaysia
Part II of Cyber Crime Act 1997, defines : A person shall be guilty of an offence if he causes a computer
to perform any function with intent to secure access to anyprogram or data held in any computer.
The person is also guilty if the access he intends to secure isunauthorised; and he knows at the time when he causes the
computer to perform the function that is the case. The intent a person has to have to commit an offence under
this section need not be directed at any particular program ordata, a program or data of any particular kind; or a program ordata held in any particular computer.
A person guilty of an offence under this section shall onconviction be liable to a fine not exceeding RM50,000 or toimprisonment not exceeding five years or both.
Source : http://www.niser.org.my/news/2004_11_22_01.html
7/30/2019 Chapter 12 Reporting Security Problems
22/26
Cyberlaw in Malaysia
Digital Signature Act 1997
Transactions conducted via the internet are increasing. As identities incyberspace can be falsified and messages tampered with, there is a need fortransacting parties to ascertain each others identity and the integrity of themessages, thereby removing doubt and the possibility of fraud/unethicalmanners when conducting transactions online.
The Act mainly provides for the licensing and regulation of CertificationAuthorities (CA). CAs issue Digital Signatures and will certify the identity(within certain limits) of a signor by issuing a certificate.
The Act also makes a digital signature as legally valid and enforceable as atraditional signature. The Digital Signature
Act was brought into force on 1 October 1998
7/30/2019 Chapter 12 Reporting Security Problems
23/26
Cyberlaw in Malaysia The Copy Right Act 1997
Copyright serves to protect the expression of thoughts andideas from unauthorized copying and/or alteration.
With the convergence of Information and Communication
Technologies (ICT), creative expression is now being captured andcommunicated in new forms (example: multimedia products,broadcast of movies over the Internet and cable TV).
The Copyright (Amendment) Act 1997 was brought into force on 1
April 1999
7/30/2019 Chapter 12 Reporting Security Problems
24/26
Cyberlaw in Malaysia The Telemedicine Act 1997
Healthcare systems and providers around the world are becominginterconnected.
People and local healthcare providers can gain access to quality
healthcare advice and consultation from specialists from around theworld, independent of geographical location.
The Act serves to regulate the practice of teleconsultations in themedical profession.The Act provides that any registered doctor may
practise telemedicine, but other healthcare providers (such as amedical assistant, nurse or midwife) must first obtain a license to doso. Patients consent and regulations must be handled in an ethicalmanner
7/30/2019 Chapter 12 Reporting Security Problems
25/26
Cyberlaw in Malaysia Malaysian Administrative Modernization and Management Planning Unit
(MAMPU)
Security issues in the public sector is administered by MAMPU (MalaysianAdministrative Modernization and Management Planning Unit).
They had launched The Malaysian Public sector Management of Informationand Communications Technology Security Handbook (myMIS).
The handbook is a set of guidelines concerning compliance and adherenceto best practices and measures leading to information and networksecurity.
7/30/2019 Chapter 12 Reporting Security Problems
26/26
Cyberlaw in Malaysia
The National IT Council (NITC) and National ICT Security and EmergencyResponse Centre (NISER)
The National Information Technology Council of Malaysia (NITC Malaysia) functionsas the primary advisor and consultant to the Government on matters pertaining toIT in Malaysias national development. Its main objectives are to:
Promote the sustainable growth of IT development and application via R&Dplanning and technology acquisition strategies;
Ensure the smooth integration of new technologies into social and economicdevelopment;
Determine the likely impact of IT on the economy and society; and Explain and promote the potential of IT in transforming societies in its entire
dimension
NISER responsibility is to address e-security issues of the nation and as to act asMalaysias CERT (MyCERT).
They also offer their services in research in vulnerability detection, intrusiondetection and forensic technology.
Top Related