软工专业英语 (4).pptVIP

Here are some suggestions about how to avoid Phishing: Dont trust URLs in emails or random sites, especially when leading to a login page Scrutinize the URL as shown in your browser or email program. Bad guy URL will try to look legit, like?www.ebay.bad-guy.ru more secure) Type the URL in yourself. If it claims to be from eBay, type in yourself in your browser. Its a simple rule. Firefox etc. can do extra green highlighting of real site. e.g. Look for?https?in the URL * * 4.3.4 Malware Attacks Malware is the general term for a program written by the bad guy to do bad things to your machine - break into the machine, steal passwords, send spam, etc. How can the bad guy get their program on a computer and get it to run? Here we will discuss two kinds of Malware: Trojan and Vulnerability, and their intrusion techniques. * * Malware 1 Trojan A Trojan is a malware disguised as something else, like awesome-cursors.exe or fun-game.exe or JustinBeiber.JPEG.exe“ So the user downloads it or accesses it, not aware that it will do something bad. E.g. SuperAntivirus.exe—this is actually a common Trojan ruse! Try to make it like harmless content, not a program Claim to be a program that does something many people want, but really it’s malware Therefore: Don’t run programs from random sources(google it first, see what people say) If something is from a well known domain and has lots of download, someone would have flagged it if it was malware * * Malware 2-Vulnerability Suppose there is a bug in the Flash animation display program When fed certain pathologic animation bytes, the program breaks and gives access to the machine So the bad guy put a malicious Flash animation, and then sends links to it in spam Just visiting the page with the bad content is enough to compromise the machine if it is vulnerable. This is probably the most scary case, as the user does very little. * * Malware 2-Vulnerability Solution: Keep web-facing software up to date All browsers now have st