phlashing ppt [autosaved]

8/2/2019 PHLASHING ppt [Autosaved]

1/21

PHLASHING BY:- AKANSHA RATHORE


2/21

CYBER CRIME activities done with criminal intent in cyberspace.

Types of cybercrimes :-

Unauthorized access denial of service attack

Virus , worms or trojan attacks

Web jacking

E-mail bombing


3/21

WHAT IS PHLASHING? Type of DOS attack

Also known as Permanent DOS

Exploits network enabled firmware updatesby using Fuzzy Tools.


4/21

DENIAL OF SERVICE ATTACKAlso known as distributed DOS

Carried out with large number of systems

Attacks a specific victim

Makes information unavailable to intended host

Example:- BOTNET


5/21

DIFFERENCE B/W DDOS AND PDOS PDOS is pure hardware targeted

Much faster

Requires fewer resources

Requires replacement of hardware

More effective and cheaper


6/21

HOW PDOS ATTACKS A SYSTEM? Electronic devices rely on firmware to run

Firmware needs to be updated periodically(flashing)

Poor security protocols

Replaces vulnerable devices firmware with modified ,corrupt or defective firmware image


7/21

CAUSES ? Large number of NEEDS across corporate/gov.

networks

NEEDS ignored during audits

Poor security updation

Lack of solutions


8/21

PHLASH DANCE is a generic fuzzing framework

Phlash Dance tool fuzzes binaries in firmware and thefirmwares update application protocol to cause aPDOS, and it detects PDOS weaknesses acrossmultiple embedded systems.


9/21

VARIOUS ACTS TO PREVENT

PHLASHING Computer Misuse Act

National Information infrastructure Protection Act1996

Information Technology Act 2000
http://4.bp.blogspot.com/-NmGnt0E38-4/Tx_fl1T39RI/AAAAAAAAANM/NBhoHPSi3-0/s1600/INDIA+IS+DESPERATE+TO+CONTROL+TECHNOLOGY.jpg


10/21

COMPUTER MISUSE ACTConsists of laws such as:-

Fine of $30000 and imprisonment for 4 years for

unauthorized access and disclosing password

Fine of $20000 and imprisonment for 3 years for anydamage


11/21

NIIPA Enacted by U.S govt.

Consists of several subsections against:-Unauthorized access

Extraction of information

Bans accessing computers without permission


12/21

IT ACTS 2000 Accept files in digital format

Legalizes E-mails

Digital signature and records

E-governance
http://4.bp.blogspot.com/-AXFbTbuqTlw/TxEo7PWcBHI/AAAAAAAABb8/5lJfPLUafQY/s1600/CRIMINAL+TRIAL+AGAINST+FOREIGN+WEBSITES+IN+INDIA.jpg


13/21

IT ACT 2000(CONT.) Internet services on license

Sets territorial jurisdiction of Adjudicating officersfor cyber crimes and cyber regulations


14/21

SOME CRIMES AND THEIR

SECTIONS Sending threatening message by email

S. 506

Forgery of electronic recordsS.465

Bogus websites, cyber frauds, phishing

S.420

Email spoofingS. 465, 419


15/21

DRAWBACKS OF IT ACT Doesnt talk about rights and liabilities of DNS holder

Electronic payment gateway

Internet is a borderless medium

Lacks implementation
http://1.bp.blogspot.com/-j17fyuCuMJE/TwPr2SfikQI/AAAAAAAABbk/aL5CvxuipBo/s1600/ELECTRONIC+BANKING+IN+INDIA+IS+NOT+SAFE+CYBER+SECURITY.jpg


16/21

POSITIVE ASPECTS OF IT ACT Legal recognition of E-mails

E-commerce using legal infrastructure

Use of digital signatures

Statutory remedy for damage by compensation


17/21

GREY AREAS OF IT ACT 2000 E-Commerce based on domain names

Does not include cyber crimes such as cyber theft

Chat room abuse

Misuse of credit card numbers

implimentation


18/21

CONCLUSION The new legislation which can cover all the aspects of

the Cyber Crimes should be passed so the grey areas ofthe law can be removed.

The softwares are easily available for download shouldbe restricted by the Government by appropriate

actions.


19/21

FUTURE SCOPEIndian needs a goodtechno-legal expertiseto tackle the

growing menace of cyber crimes.
http://ptlbindia.blogspot.com/http://ptlbindia.blogspot.com/http://ptlbindia.blogspot.com/http://ptlbindia.blogspot.com/


20/21

REFERENCES1.http://arstechnica.com/security/news/2008/05/phlash

ing-attacks-could-render-network-hardware-useless.ars

2.http://www.darkreading.com/authentication/167901072/security/clientsecurity/211201088/permanent-denial-of-service-attack-sabotages-hardware.html

3.http://www.infosecwriters.com/text_resources/pdf/Defense_DDoS.pdf


21/21

THANK YOU

QUERIES??

phlashing ppt [autosaved]

Documents