PHLASHING

BY:- AKANSHA RATHORE

CYBER CRIME
 activities done with criminal intent in cyberspace.
 Types of cybercrimes : Unauthorized access

 denial of service attack
 Virus , worms or trojan attacks  Web jacking  E-mail bombing

.WHAT IS PHLASHING?  Type of DOS attack  Also known as Permanent DOS  Exploits network enabled firmware updates by using Fuzzy Tools.

BOTNET .DENIAL OF SERVICE ATTACK  Also known as distributed DOS  Carried out with large number of systems  Attacks a specific victim  Makes information unavailable to intended host  Example:.

DIFFERENCE B/W DDOS AND PDOS  PDOS is pure hardware targeted  Much faster  Requires fewer resources  Requires replacement of hardware  More effective and cheaper .

HOW PDOS ATTACKS A SYSTEM?  Electronic devices rely on firmware to run  Firmware needs to be updated periodically(flashing)  Poor security protocols  Replaces vulnerable device’s firmware with modified . corrupt or defective firmware image .

networks  NEEDS ignored during audits  Poor security updation  Lack of solutions .CAUSES ?  Large number of NEEDS across corporate/gov.

PHLASH DANCE  is a generic fuzzing framework  Phlash Dance tool fuzzes binaries in firmware and the firmware’s update application protocol to cause a PDOS. . and it detects PDOS weaknesses across multiple embedded systems.

VARIOUS ACTS TO PREVENT PHLASHING  Computer Misuse Act  National Information infrastructure Protection Act 1996  Information Technology Act 2000 .

COMPUTER MISUSE ACT Consists of laws such as: Fine of $30000 and imprisonment for 4 years for unauthorized access and disclosing password  Fine of $20000 and imprisonment for 3 years for any damage .

NIIPA  Enacted by U.S govt.  Consists of several subsections against:- Unauthorized access Extraction of information Bans accessing computers without permission .

IT ACTS 2000  Accept files in digital format  Legalizes E-mails  Digital signature and records  E-governance .

IT ACT 2000(CONT.)  Internet services on license  Sets territorial jurisdiction of Adjudicating officers for cyber crimes and cyber regulations .

cyber frauds. 419 . phishing S.SOME CRIMES AND THEIR SECTIONS  Sending threatening message by email S.420  Email spoofing S.465  Bogus websites. 506  Forgery of electronic records S. 465.

DRAWBACKS OF IT ACT  Doesn’t talk about rights and liabilities of DNS holder  Electronic payment gateway  Internet is a borderless medium  Lacks implementation .

POSITIVE ASPECTS OF IT ACT  Legal recognition of E-mails  E-commerce using legal infrastructure  Use of digital signatures  Statutory remedy for damage by compensation .

GREY AREAS OF IT ACT 2000  E-Commerce based on domain names  Does not include cyber crimes such as  cyber theft  Chat room abuse  Misuse of credit card numbers  implimentation .

 The software’s are easily available for download should be restricted by the Government by appropriate actions. .CONCLUSION  The new legislation which can cover all the aspects of the Cyber Crimes should be passed so the grey areas of the law can be removed.

FUTURE SCOPE Indian needs a good techno-legal expertise to tackle the growing menace of cyber crimes. .

http://arstechnica.ars 2.com/text_resources/pd f/Defense_DDoS.REFERENCES 1.pdf .http://www.http://www.com/security/news/2008/05/phlash ing-attacks-could-render-network-hardwareuseless.darkreading.infosecwriters.com/authentication/16790107 2/security/clientsecurity/211201088/permanentdenial-of-service-attack-sabotages-hardware.html 3.

THANK YOU QUERIES?? .

Sign up to vote on this title
UsefulNot useful