Ali Baba and the forty cyberthreats

As we never tire of saying, fairy tales are thinly veiled reports on information security. And it wasn’t only the European www.mcafee.com/activate download storytellers who tried to warn their descendants about cyberthreats — they were equally prescient in the East. For example, Scheherazade, the protagonist of the classic 1001 Nights, kept what can only  www.mcafee/activate be described as a daily infosec blog with video podcasts www.mcafee.com/activate product key. True, he had an ulterior motive for doing so …

… but today we’re looking at some cases added to  much later, in the 18th century: in particular, the incident known www.mcafee.com/activate as Ali Baba and the Forty Thieves. Even those who don’t know the story are surely familiar mcafee.com/activate product key with the magical phrase, “Open sesame!”

Indeed, the entire plot is built around the idea of using a password to protect against unauthorized access. But that is far from the only information security tip in the fairy tale. It’s just the most obvious.

Password transfer through an insecure channel

Here’s a quick story refresher: A gang of robbers hides some loot in a cave that can only be accessed using the password open sesame. The protection mechanism harbors a number of serious flaws.

At the very start of the tale, the leader mcafee.com/activate product key of the thieves stands at the entrance and shouts loudly www.mcafee.com/activate download: “Open sesame!” Several issues are immediately apparent. First, the password is too simple. Second, there is no two-factor authentication www.mcafee.com/activate product key — or even a username!

Even worse, the password is transmitted over an open channel. Ali Baba, who is collecting firewood nearby, inadvertently www.mcafee.com/activate overhears the robber www.mcafee/activate. In fact, it’s only out of curiosity, with no malicious intent, that he later tries the password. When the cave opens, however, he enters the cave and expropriates some of the treasure inside.

Spyware module

On his return home, Ali Baba gives the gold coins to his wife to count. She tries to do it manually, but there are so many she loses count and instead borrows a measuring instrument from her sister-in-law, the wife of Ali Baba’s brother, Kasim.

Some translations specify kitchen scales, some say that it was a pot of some kind, but it’s not a weighty detail, so to speak mcafee.com/activate product key. What’s important is that the curious Kasim’s wife smears the bottom of the instrument with honey (suet in some translations) to find out why her relative needs www.mcafee.com/activate download it all of a sudden. And when it’s returned, lo and behold, a gold coin is stuck to the bottom — which means that her sister-in-law was using it to count gold!

Even a cyberdunce can see that the author www.mcafee.com/activate product key is describing a spyware module integrated into a legitimate product. Kasim’s wife provides a device (under the Measure-as-a-Service model) and spies on the activity of the client. The clear moral  www.mcafee/activate of the story is: Use tools from trusted sources — and check them for vulnerabilities and malicious implants.

Forgotten passwords

What happens next seems a little far-fetched to me. Ali Baba confesses everything to Kasim and tells him the password mcafee.com/activate product key. The latter enters the cave. Inside, he manages to forget the password (which is also needed to get out) www.mcafee.com/activate, gets trapped, and has his head chopped off when the thieves find him there. The marketing message is clear www.mcafee.com/activate download: “Don’t lose your head over a forgotten password,” or something along those lines.

I suspect that back in the day, this part of the story contained a product pitch for some ancient password manager used by Sasanid techies www.mcafee/activate, but the original message has been erased through endless retelling. To compensate, we’ll insert our own: Kaspersky Password manager securely stores passwords and other confidential information.

Never-changing password

But let’s be-heading back to the story. After Kasim fails to come home, his relatives take off to look for him. Ali Baba goes back www.mcafee.com/activate product key to the cave, finds his brother’s body, and takes him home for burial.

In the process, the reader is shown another example of a pitiful password policy: The robbers don’t change the password after the incident. The exact reason isn’t clear. It might be plain negligence, or the initially ill-conceived architecture www.mcafee/activate of the authentication system.

At the same time, it’s possible that they simply don’t have administrator rights. If they hijacked the cave (they’re thieves, after all), they mcafee.com/activate product key probably have only a user password. The real owner www.mcafee.com/activate download would’ve taken his admin credentials to the grave.

Attack through a contractor

Because Ali Baba wants to keep the story secret, he can’t bury a corpse with a severed head. So he and his brother’s widow, plus her handmaid, Marjaneh, do all that they can to obfuscate what’s going on. Marjaneh makes several www.mcafee.com/activate trips to a pharmacist for medicine, making it seem that Kasim is getting sicker and sicker, and eventually reports that he has died a natural death.

In the meantime, she brings a cobbler to the house to stitch Kasim’s body back together. Moreover, she blindfolds the cobbler  www.mcafee.com/activate product key and leads www.mcafee/activate him on a circuitous route so that he doesn’t know where he is.

The robbers, trying to source the www.mcafee.com/activate download information leak, close in on the cobbler. Promising him gold, they too blindfold the old man mcafee.com/activate product key and force him to www.mcafee.com/activate retrace his steps to the house.

This example demonstrates that even if you work with contractors over a secure encrypted channel, sensitive information can still leak to intruders. Perhaps Marjaneh should have signed a nondisclosure agreement with the cobbler.


Comments

Post a Comment

Popular posts from this blog

Introducing tracking prevention, now available in Microsoft Edge preview builds

Image
Today, we’re releasing an experimental preview of tracking prevention for Microsoft Edge. We features of build microsoft edge as one of the concepts we’re exploring www.mcafee.com/activate product key to offer greater transparency and control over your online data . Microsoft Edge Insiders can www.mcafee/activate now try out tracking mcafee.com/activate product key prevention by enabling the experimental flag on Microsoft Edge preview builds starting with version 77.0.203.0 (today’s Canary channel release).  (Note: Today’s Canary release www.mcafee.com/activate download is not currently www.mcafee.com/activate available for macOS due to a build issues. Tracking prevention will be available in the next update to the Canary channel on macOS.) Tracking prevention is designed to protect you from being tracked by websites that you aren’t accessing directly. Whenever a website is visited, trackers from other sites may save information in the browser ww...
Read more

Why businesses need to back up

Image
For almost any business, information is critical: documents, contacts, contracts, correspondence, accounts, and so on. Modern technologies help not only to manage business-critical data  www.mcafee.com/activate product key , but also to lose  www.mcafee/activate  it in the blink of an eye. For most companies, losing access to data means the suspension  www.mcafee.com/activate download  of all business processes  mcafee.com/activate product key , inevitably leading to lost profit, damage to reputation, and recovery costs. Rest assured, there is no shortage  www.mcafee.com/activate  of data loss scenarios out there waiting to happen — and almost none of them has anything to do with the quality of your equipment. Here are just a few. Ransomware An employee might click a malicious file downloaded from the Internet or an attachment in an e-mail sent by cybercriminals. Doing so doesn’t just encrypt data on the local machine; ransomware has a nasty habi...
Read more

Hackers and their motives

Image
It's  true that recent  www.mcafee.com/activate cyber attacks have ranged from the catastrophic effects of   that paralyze corporate mcafee.com/activate product key and urban functions www.mcafee.com/activate product key to  data www.mcafee/activate breaches that expose millions www.mcafee.com/activate download of customers. , I don't hear much about hackers themselves.  Not surprisingly, many  www.mcafee.com/activate hackers hide their identities because of their criminal activity www.mcafee.com/activate download.  But you might be surprised to find that not  www.mcafee/activate all hackers are bad.  There are all kinds of hackers in the www.mcafee.com/activate product key rapidly evolving field of technology.   The hacker's actions and their purpose are shown below.   White Hat Hacker: A   justice hacker and computer security expert who specializes in penetration testing and other technique...
Read more