STEP1: Identify the traffic to apply connection limits using a class map
ASA(config)# access list CONNECTIONS-ACL extended permit ip any 10.1.1.1 255.255.255.255
ASA(config)# class-map CONNECTIONS-MAP
ASA(config-cmap)# match access-list CONNECTIONS-ACL

STEP2: Add a policy map to set the actions to take on the class map traffic
ASA(config)# policy-map CONNECTIONS-POLICY
ASA(config-pmap)# class CONNECTIONS-MAP
! The following sets connection number limits
ASA(config-pmap-c)# set connection {[conn-max n] [embryonic-conn-max n]
[per-client-embryonic-max n] [per-client-max n] [random-sequence-number {enable | disable}]}

The conn-max n argument sets the maximum number of simultaneous TCP and/or UDP connections that are allowed, between 0 and 65535.
The embryonic-conn-max n argument sets the maximum number of simultaneous embryonic connections allowed, between 0 and 65535.
The per-client-embryonic-max n argument sets the maximum number of simultaneous embryonic connections allowed per client, between 0 and 65535.
The per-client-max n argument sets the maximum number of simultaneous connections allowed per client, between 0 and 65535.

! The following sets connection timeouts
ASA(config-pmap-c)# set connection timeout {[embryonic hh:mm:ss] {tcp hh:mm:ss
[reset]] [half-closed hh:mm:ss] [dcd hh:mm:ss [max_retries]]}

STEP3: Apply the Policy on one or more interfaces or Globaly
ASA(config)# service-policy CONNS-POLICY {global | interface interface_name}

The IP audit feature provides basic IPS support for the ASA. It supports a basic list of signatures, and you can configure the ASA to perform one or more actions on traffic that matches a signature.

STEP:1 To define an IP audit policy for informational signatures
ASA(config)# ip audit name policy_name info [action [alarm] [drop] [reset]]

STEP:2 To define an IP audit policy for attack signatures
ASA(config)# ip audit name policy_name attack [action [alarm] [drop] [reset]]

Where alarm generates a system message showing that a packet matched a signature, drop drops the packet, and reset drops the packet and closes the connection. If you do not define an action, then the default action is to generate an alarm.

STEP:3 To assign the policy to an interface
ASA(config)# ip audit interface interface_name policy_name

STEP:4 To disable signatures
ASA(config)# no ip audit signature [signature]

After I updated to version 1.7. I could not connect to our internal repository anymore. The connection failed with the following error: SSL error: sslv3 alert certificate unkown.

SSL error: sslv3 alert certificate unknown

Our internal respoitory is secured with a certificated issued by our internal CA infrastructure.

Root CA

|
v

Intermediate Certificate

|
v

Repository certificate

Surfing to the svn repository does not produce an error, so the certificate chain is fine. At first I figured that Tortoise was using its own certificate store, but it turns out that Tortoise does use the Windows Root CA store, so there is no need to add the Root CA.

After some more investigation we found out that Tortoise does use the Windows Root CA store to validate the certificate chain, but does not use the Intermediate CA store to complete the certificate chain, like windows does. Since all our client machines have the intermediate certificate in the Intermediate CA store we never noticed that the certificates offered by apache were not chained. After chaining the repository certificate with the intermediate certificate Tortoise was able to talk to the repository again.

For a L7 connection, the ACE will proxy it at the beginning, and, once all the L7 processing has been done it will unproxy the connection to save resources until L7 processing is required again. Before it goes ahead with the unproxying, it needs to see the ACK for the last L7 data sent.
In packet captures, we see that the client is taking approximately 200ms to send this acknowledgement each time. When a connection is composed of many HTTP requests, the proxy/unproxy process can add up a total delay of several seconds.

The configuration of a sorry/backup server farm with for example a HTTP redirect to a sorry page will cause the ACE to treat the connections to the VIP as a L7 and influence the total page load time.

The proxy/unproxy delay can have a big impact for situations in which the client is taking a long time to send the acknowledgement, so, the ACE allows to change the behavior. It is possible to define a “round-trip-time” threshold so that connections from clients with a RTT value higher than the threshold are never unproxied.
You can do this by setting the threshold to 0 to ensure to keep connections always proxied. To do this, you would need to configure a parameter map like the one below and add it to the policy-map.
parameter-map type connection
set tcp wan-optimization rtt 0

Even though this setting will most likely solve the issue, it also has some drawbacks. The main one is that the ACE appliance only supports up to 256K simultaneous L7 connections in proxied state (which includes also the connections towards the servers, so, it would be 128K for client connections), so, if the amount of simultaneous connections reaches that limit, new connections would be dropped. The second issue, although not so impacting, would be that the maximum number of connections per second supported would also go down slightly due to the increased processing needed.

How do I know my cloud service is being hacked and abused if it is not running inside my datacenter? What possibilities do I have to check if my employees are acting along the lines of my Acceptable Use policy? Where are the logs of that abuse, and how can I trust the logs? How do I know that my data is not copied elsewhere in the cloud, and analysed offline by my competitor?

With regards to cloud storage, the CDMI (Cloud Data Management Interface) is trying to address some of the questions, but is only one step forward.

Cloud service providers still have a long way to go. An initiative like Eurocloud  is doing great work in paving the road to trust in cloud service providers.

When cloud service providers will be able to succesfully address the concerns, they have a big advantage over the classical IT model of running your own IT: they provide all the securities you would normally build and control youself, but combined with cloud advantages like fast provisioning and fast reuse of resources.

Small and medium-sized business will then be able to actually get a better and more secure service with cloud services, then what they could build and control themselves.

What does this mean for SBP? Sure there will be competition from the cloud providers. But we are nothing more than just another cloud provider. We build services for our clients with our own cloud technologies of fast provisioning, centralized log analysis, but since we build private clouds for our customers, these customers can demand tailored solutions to address their specific needs and concerns.

Cloud computing is not a threath to our business model, but is preparing the market more and more for putting commodity services in the big generic clouds, combined with the need of supporting highly tailored private clouds.

So it is time to face the fact: Schuberg Philis, the private cloud company!

First two sessions were somewhat low quality from a contect perspective. Too basic from on technology and on new innovations. Even for me as a non engineer. The difference between full backup, incrementals and differentials is not the thing we came here for. Although i must say that merging incrementals on the back end to always have full backups available sounds interesting. Curious to see this working in real life. How transprrent will that be? Lets ask Commvault later today. And if i can find them Quest as well. Would be nice to learn a bit on automated restore testing as well. Guaranteeing back ups remains an issue. Especially on tapes.

When i get answers, you’ll probably read more about it on cf.net or twitter.

#
# /etc/radvd.conf
#
interface [interface name]
{
AdvSendAdvert on;
MinRtrAdvInterval 5;
MaxRtrAdvInterval 10;
AdvDefaultPreference low;
AdvHomeAgentFlag off;
prefix xxxx:xxxx:xxxx::/yy
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};

You have to use lower-case characters for the interface or vlan name otherwise this will not work!

Then stop the service: bigstart stop radvd
And start the service again: bigstart start radvd

OpenFlow began at a consortium of universities, led by Stanford and Berkeley, as a way for researchers to use enterprise-grade Ethernet switches as customizable building blocks for academic networking experiments. They wanted their server software to have direct programmatic access to a switch’s forwarding tables, and so they created the OpenFlow protocol. The protocol itself is quite minimal — a 27-page spec that is an extremely low-level, yet powerful, set of primitives for modifying, forwarding, queuing and dropping matched packets. OpenFlow is like an x86 instruction set for the network, upon which layers of software can be built.

In an OpenFlow network, the various control plane functions of an L2 switch — Spanning Tree Protocol, MAC address learning, etc. — are determined by server software rather than switch firmware.

Today, the OpenFlow protocol has moved out of academia and is driven by the Open Networking Foundation, a nonprofit industry organization whose members include many major networking equipment vendors and chip technology providers and has a board of some of the largest network operators in the world like Google, Microsoft, Yahoo, Facebook, Deutsche Telekom and Verizon.

Most current OpenFlow solutions incorporate a three-layer architecture, where the first layer is comprised of the all-important OpenFlow-enabled Ethernet switches. Typically, these are physical Ethernet switches that have the OpenFlow feature enabled. We’ve also seen OpenFlow-enabled hypervisor/software switches and OpenFlow-enabled routers. More devices are certainly coming.

There are two layers of server-side software: an OpenFlow Controller and OpenFlow software applications built on top of the Controller.

The Controller is a platform that speaks southbound directly with the switches using the OpenFlow protocol. Northbound, the Controller provides a number of functions for the OpenFlow software applications — these include marshalling the switch resources into a unified view of the network and providing coordination and common libraries to the applications.

At the top layer, the OpenFlow software applications implement the actual control functions for the network, such as switching and routing. The applications are simply software written on top of the unified network view and common libraries provided by the Controller. Thus, those applications can focus on implementing a particular control algorithm and then can leverage the OpenFlow layers below it to instantiate that algorithm in the network.

This three-layer OpenFlow Architecture should feel very familiar to software architects. For example, consider the Web application server architecture: applications sitting on top of a Web application server sitting on top of a database layer. Each of the lower layers presents an abstraction/API upward that simplifies the design of the layers above it.

The big picture is that OpenFlow and the larger movement in the networking industry called “Software-Defined Networking” promise true disruption because they enable rapid innovation — new networking functionality implemented as a combination of software applications and programmable devices, effectively bypassing the multi-year approval/implementation stages of traditional networking protocols. This acceleration is possible because of the layered design of the software/hardware architecture.

Sunday started with a very interesting talk by Herbert Bos about the work done at the VU University which pushes the limits of what’s possible with regards to reliable operating systems. Some of the other interesting talks were the Capsicum talk by Robert Watson which focused on providing applications what they need to solve real-world security problems and the OpenSSH talk by Damien Miller which described all the useful new features available to make our lives easier. The new rlimit-based sandboxing for OpenSSH is an especially neat trick.

Possibly the best part of the conference was the amount of Dutch speakers, it’s awesome to see this level of contributions from my home country. So let’s keep up the good work and make next year even better.

The first part covers the structure, addressing and services:
Pularikkal_PartI.pdf

The second part covers routing and transition mechanisms:
Pularikkal_PartII.pdf

MLarson_IntroDNSSEC.pdf

Why do we need DNSsec, in short: DNSsec offers protection against spoofing of DNS data.
In DNSsec every zone has a public/private key pair where the Public key is stored in the new DNSKEY record and the Private key is kept save.

You can find the “Blob” values on a patched system (see attached link).

These are all the current Certificates in Internet Explorer (including known fraudulent and new DigiNotar):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates
\1916A2AF346D399F50313C393200F14140456616
\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216
\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6
\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB
\40AA38731BD189F9CDB5B9DC35E2136F38777AF4
\43D9BCB568E039D073A74A71D8511F7476089CC3
\471C949A8143DB5AD5CDF1C972864A2504FA23C9
\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179
\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A
\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6
\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0
\6431723036FD26DEA502792FA595922493030F97
\7D7F4414CCEF168ADF6BF40753B5BECD78375931
\80962AE4D6C5B442894E95A13E4A699E07D694CF
\86E817C81A5CA672FE000F36F878C19518D6F844
\9845A431D51959CAF225322B4A4FE9F223CE6D15
\B533345D06F64516403C00DA03187D3BFEF59156
\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2
\C060ED44CBD881BD0EF86C0BA287DDCF8167478C
\CEA586B2CE593EC7D939898337C57814708AB2BE
\D018B62DC518907247DF50925BB09ACF4A5CB3AD
\F8A54E03AADC5692B850496A4C4630FFEAA29D83

After that you can remove DigiNotar from the Trusted Root Certification Authorities store:

certutil -delstore authroot “c0 60 ed 44 cb d8 81 bd 0e f8 6c 0b a2 87 dd cf 81 67 47 8c”
certutil -delstore authroot “43 d9 bc b5 68 e0 39 d0 73 a7 4a 71 d8 51 1f 74 76 08 9c c3”

On Windows 2008 and newer you have a nifty option in Group Policy:
\Computer Configuration\Policies\Windows Settings\Public Key Policies\Untrusted Certificates

Install the patch on a (local) machine and export the certificates from your “Untrusted Publishers” store as DER encoded, you can import the DER files in the GPO.

Here is the registry hive export from a patched machine, including all certificates and blobs.

cheers,
Matthijs

@echo off

rem purge 40 days old MS update/patch files

forfiles /p “%windir%\SoftwareDistribution\Download” /d -40 /s /c “cmd /c if @isdir==TRUE rmdir /s /q @path”
forfiles /p “%windir%\SoftwareDistribution\Download” /d -40 /c “cmd /c if @isdir==FALSE del /Q @path”

forfiles /p “%windir%” /m “$NtUninstallKB*” /d -40 /s /c “cmd /c if @isdir==TRUE rmdir /s /q @path”
forfiles /p “%windir%” /m “KB*.log” /d -40 /c “cmd /c if @isdir==FALSE del /Q @path”

EXIT /B 0

It all started with this cartoon:

This cartoon basically started a hype about how XKCD was getting “it”. Jason posted a blog post stating that he did not agree with XKCD since:

• While four words in theory have 44 bits of entropy (2⁴⁴), it is actually 250,000 to the power of 4 (250,000⁴) since English only has 4about 250,000 words
• Most people actually would use three words, giving 15,625,000,000,000,000 combinations
• Most people know even less then 250,000 words

So what is my take on this? The key to “it” is at the bottom of the cartoon:

“Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess”

This is really the “it” XKCD does get.

So why do we use password policies in the first place? What problem are we trying to tackle?

First of all we are trying to tackle the problem that users are very bad a picking good password without guidance. This tweet illustrates that:

If you don’t give users guidance they will often pick from a set of very well known passwords. But more recent research shows that since the average person has over 50 passwords, some with and some without password policy on it, most people need a coping strategy to deal with this.

In my talk “The Road to Hell is paved with best practices” I give this example of likely passwords for a certain password policy:

• 7 characters: welcome
• 7 characters + 1 capital: Welcome
• 7 characters + 1 capital + 1 numeral: W3lc0m3
• 7 characters + 1 capital + 1 numeral + 1 special: W3lc0m3!
• 10 characters + 1 capital + 1 numeral + 1 special: W3lc0m3!!!
• 10 characters + 1 capital + 1 numeral + 1 special, 30 days max, cannot reuse last 12: Welcome01!, Welcome02!, Welcome03!, etc

As security people we need to understand that each security measure will alter peoples behaviour and sometimes not for the good.

Studies have shown that even if password policies are used, probabilistic techniques can be used to aid in password cracking attacks, that password expiry is only of limited use, that password expiry policies do not meet their goal.

Experiments with an online windows password cracker showed that “hard” passwords do not take longer to crack that “easy” passwords when rainbow tables are used:

• Empty password – 2 seconds
• 72@Fee4S@mura! – 5 seconds
• (689!!!<>”QTHp – 8 seconds
• *mZ?9%^jS743:! – 5 seconds
• T&p/E$v-O6,1@} – 11 seconds

So what is my opinion?

Security policies have driven people to the top of their ability to remember passwords and as users have got increasing amounts of passwords the behavior it induced did not improve matters. We need to tune some of these measures down and replace them with education.

Passwords should be:

• Relatively long
• Not guessable (correcthorsebatterystaple is not o.k. anymore thanks to XKCD)
• Your system should block guessing attempts or really slow them down

If hackers have you password hashes you are toast…

Phone Bill a CC NC ND image from Nikita Kashner's Flickr stream

By Darren Anstee of Arbor Networks

Why is it a good idea to us flow information?

• You don’t need to invest in new equipment to get flow information
• It can be used to detect malware infected hosts, DDoS, zero-day exploits, attack and abuse
• Network flows information is generated regardless if there was symmetric or a-symmetic routing

Network flow information is like a phone bill, you cannot tell what has been said, but you can use it to prove who talked to who.

So what does a flow record contain?

• Source IP address
• Destination IP address
• Source port
• Destination port
• Input IfIndex
• Protocol
• Type of Service
• packet count
• Byte count
• First packet time
• Last packet time
• Output ifIndex
• Etc…

Flow information allows you to monitor large geographically dispersed networks.

So how can flow information be used for security purposes?

Flow information helps you understand how you network normally behaves. Unusual behavior might indicate DDoS attacks of malware infections.

One could look at the flow information manually, but it does make more sense to install a collection and analysis system. These systems often give the benefit of providing historical data that can help us understand current data and allow us to use this information for forensic purposes.

There are a lot of open source and commercial flow collection and analysis systems available.

Next Darren showed demonstrations of how flow information can be used.

First example is how to detect malware infected hosts in an enterprise environment.

How? One of two ways:

• Looking for abnormal behavior
• Looking for known bad behavior, e.g. communication to known Command can Control servers

So what is typical unusual behavior?

• Unusual outbound SMTP
• Off-net DNS queries
• Scan detection
• Unusual outbound behavior
• etc.

Finding more then one anomalies increases the likelihood of these systems being infected.

One of the bonuses of flow information is that routers and switches still generate flow information even if firewalls drop the traffic.

Darren showed us how tools like nfdump can be used to detect systems with various abnormal behavior such as connecting to external mail servers or DNS servers too much or generating classic DDoS attacks.

Naturally you can also use flow information to detect DDoS attacks.

How do tools, like those Arbor makes, detect DDoS attacks?

• Baseline detection and baseline deviation
• Misuse flow detection (SYN-flood, UDP-flood)
• Detect bursts in the network
• Use thresholds

Why would you use flow information over firewall logs? Routers and switches are much more omnipresent and switches and routers do generate flows even if the firewall drops the traffic.

The slides for this talk with links to whitepapers and open source tools can be downloaded from the first.org website.

Click here to view the embedded video.

We are always looking for more Cupfighters.

Black Skimmer Rynchops niger Skimming a cc by image from marlin harm's Flick stream

By Adam Laurie and Daniele Bianco

Slides on the HitB Materials page.

So what is EMV it stand for Europay, Mastercard and Vista and is a new security statndard for credit cards.With the introduction of EMV the liabiliy moved from the merchant to the cardholder because fraud is thought to be unlikely.  However EMV has allready been proven to be broken. E.g. Murdoch et. al. have proven that it is possible to use a stolen card without knowing the PIN.

This talk focuses  on the ability to still skim a EMV credit card, without reading the magstripe (which is very often still present).

Skimming a chip card may be more interesting because the user cannot see the interface and thus cannot detect the skimmer. The time effort to install a smartcard skimmer is quite small.

The industry perceives these tools as complex, but that is not true. Devices are small, easy to install and hard to detect.

It is possible to clone the track 1 and track 2 magnetic stripe data from publicly readable data of EMV chip. Luckily not all EMS cards support this.

So magnetic stripe data can be stolen and a stolen card van be used without a PIN, but is it possible to do PIN and magnetic stripe harvesting with EMV cards.

The CVM list on the card, which is digitally signed, tells the terminal how to authenticate to the card. The PIN is only sent to the card is the card specifies this in the CVM list.

However it turns out that, under certain circumstances, PoS terminals do not correctly detect a tampered CVM list and thus will present the PIN in plain text even if the CVM state this shouldn’t happen.

Adam and Daniele then demonstrate the tools they have developed to actually copy a card and u

He began his professional career during his early years at university as system administrator and IT consultant for several scientific organizations. His interest for centralized management and software integration in Open Source environments has focused his work on design and development of suitable R&D infrastructure. One of his hobbies has always been playing with hardware and electronic devices.

At the time being he is the resident Hardware Hacker for international consultancy Inverse Path where his research work focuses on embedded systems security, electronic devices protection and tamperproofing techniques. He presented at many IT security events and his works have been quoted by numerous popular media.

About Adam Laurie

Adam Laurie is a freelance security consultant working the in the field of electronic communications. He started in the computer industry in the late Seventies, working as a computer programmer on PDP-8 and other mini computers, and then on various Unix, Dos and CP/M based micro computers as they emerged in the Eighties. He quickly became interested in the underlying network and data protocols, and moved his attention to those areas and away from programming, starting a data conversion company which rapidly grew to become Europe’s largest specialist in that field (A.L. downloading Services). During this period, he successfully disproved the industry lie that music CDs could not be read by computers, and, with help from his brother Ben, wrote the world’s first CD ripper, ‘CDGRAB’.

At this point, he and Ben became interested in the newly emerging concept of ‘The Internet’, and were involved in various early open source projects, the most well known of which is probably their own ‘Apache-SSL’ which went on to become the de-facto standard secure web server. Since the late Nineties they have focused their attention on security, and have been the authors of various papers exposing flaws in Internet services and/or software, as well as pioneering the concept of re-using military data centres (housed in underground nuclear bunkers) as secure hosting facilities.

Adam has been a senior member of staff at DEFCON since 1997, and also acted as a member of staff during the early years of the Black Hat Briefings, and is a member of the Bluetooth SIG Security Experts Group and speaks regularly on the international conference circuit on matters concerning Bluetooth security. He has also given presentations on forensics, magnetic stripe technology, InfraRed and RFID.

He is the author and maintainer of the open source python RFID exploration library ‘RFIDIOt’, which can be found at http://rfidiot.org. Adam is a Director and full time researcher working for Aperture Labs Ltd., specialising in reverse engineering of secure systems.

Steve Jobs for Fortune magazine a cc nc nd image from tsevis's Flick stream

By Jean-Baptiste Bédrune and Jean Sigwald

Slides on the HitB Materials page.

This talk is about data security and the iPhone. Almost all iPhone like deices (excluding the iPad2 for the moment) can book usigned code when they are in recovery mode. It is also possible to create acustom ram disk, thee are techniques used by jailbreakers and phone forensics people.

Data in the iPhone is encrypted with either the UID (unique iPhone key) or GID (key unique to each model).

In the iPhone (iOS < 4) the UID key was only used  to facilitate fast wipe (change key, cannot read flash anymore), it did not provide data security. The iPhone 4 was designed with data security in mind. Jean and Jean demonstrate the tools they wrote to get around the data protection of iOS 4

Because the unlock code is used for data security data can be set to be only available when:

• The Phone is unlocked
• After the phone is unlocked for the first time
• Always

In iOS 4 there is an escrow key which allows MobileMe and iTunes to access the phone for backup or passcode reset without unlocking the phone.

The first tool that they developed and demonstrated was the keyChainViewer which can be used to view the contents of keyChain, but not the keys.

Using the built in iOS functions (that use the passwcode) you can actually bruto force the passcode of the phone with a small application on the phone. If you boot the phone from a ram disc you can do this without knowing the passcode. Using the brute forced passcode the keyChain can be read and decrypted.

Next tools where demoed to browse the encrypted filesystem and to decrypt iTunes backup files.

Conclusion of the researchers:

• iOS4 offers far better protection then iOS3
• Mail files (with the exception of exchange) are protected by the passcode this offers additional protection, but it can be obtained if you have the phone

Tools are available on http://code.google.com/p/iphone-dataprotection/

About Jean-Baptiste Bédrune

Jean-Baptiste works at the Software security R&D team at Sogeti for 4 years. His domains of research include code (un)protection, audit of DRM solutions, applied cryptography, reverse engineering on embedded devices and distributed computing. Jean joined Sogeti in early 2010. His research topics include reverse engineering, embedded devices and smartphones security.

About Jean Sigwald

Jean Sigwald is a security researcher working at Sogeti ESEC R&D lab. His research is mainly focused on smartphones security and the services offered by the network operators.

Bad day at the office a cc nc ND iamge from Roger Smith's Flick stream

By Itzik Kotler

Slides on the HitB Materials page.

Itzik start his presentation that writing StuxNet for a company is much less hard then writing one for a nuclear reactor. Stuxnet is interesting in that it is a purely software based attack that had a real hardware based effect.

So can software damage hardware? Yes it can:

• Software controls hardware ad can make it perform damaging hardware
• Software can damage software that runs hardware
• Software runs hardware and can make this hardware take an action that damages other hardware

So what is PDOS (Permanent Denial of Service)? Damaging hardware so bad that it needs to be replace or reinstalled.

Users the brick their phone when they try to jailbreak it are basically causing a self inflicted PDoS.

So who would do it and why?

Possible scenario’s are:

• Industrial espionage/sabotage

• Rival companies
• Foreign nations

• Hacktivism
• Revenge

So what techniques can you use to cause PDoS:

• Phlashing: malicious overwrite of firmware
• Malicious overclocking. Overclocking hardware too much will break it, e.g. by overheating
• Overvolting. Increasing the voltage of equipment
• Overusing. Causing too much wear and tear on a mechanism
• Power Cycling. most equipment does not handle frequent on-off switching very well

So lets look at some local attacks first:

• Disabling or slowing down fans of computer or other equipment will cause temperature increases which may lead to other failures
• CPU overheating by causing an infinite loop
• Microcode flashed directly into the CPU can be used to cause a PDoS as well, e.g. by overwriting hard wired instruction with faulty instructions
• The techniques for CPUs work for GPUs as well
• Hard drives can  be overheated using excessive read and writes, worn out by excessive parking and phlashed
• Solid state drives van be bricked by wearing out the flash memory by excessive writing

And example of a harddrive attack is a Pseudo format. E.g. by using the script:

# while true; do dd if=/dev/hda1 of=/dev/hda1 conv=notrunc; done

Another harddrive attack is a Spindown attack:

# hdparam –S 1 /dev/had

# while true; sleep 60; dd if/dev/random of=foobar count=1; done

DVD/CD Rom attack:

# while true; do eject /dev/cdrom; eject –t /dev/cdrom; done

Flash memory wear attack:

# while true ; do dd if=/dev/urandom of=/dev/flash; done

But even older equipment can be PDoS-ed. e.g. a CRT monitored can be damaged by sending them the wrong requencies. E.g. the XFree86 configuration warns about this.

Also floppy drives can be damaged by, e.g. moving the head to a sector outside the drive enclosure.

But these updates are also possible remotely, e.g. many devices allow over the wire (OTW) or over the air (OTA) firmware updates.

There are some countermeasures that can be used:

• Overclocking protection
• Overvolting protection
• Temperature protection
• Digitally signed firmware

Breaking the ice a cc nc nd by image from MarcelGermain's Flickr stream

By Ivan Ristić

Slides on the HitB Materials page.

Ivan researches SSL for Qualys. SSL was designed as a protocol add-on by Netscape to secure http, but can be used to secure other protocols as well.

The main challenges today are:

1. Fragility of the trust ecosystem
2. Incorrect or weak configuration
3. Slow adoption of modern statndar
4. Lack of support for virtual SSL hosting
5. Mismatch between HTTP and SSL

There are three main attacks against SSL:

• Passive MitM

• Session Hijacking

• Session bypass (ssl strip)
• Renegotiation attack
• Rogue certificates
• User attackers (who reads warnings)

Ivan’s has a lot of data based on the a surveys conducted by his employer Qualys SSL Labs, EFF’s SSL Observatory. In total 1.2million sites with valid certificates where investigated.

Ivan showed a slide that indicates that of the sites visited only 0.6% of the sites had a fully correct SSL configuration, nearly 50% of the sites did not offer SSL at all.

In Qualys’ most In the most recent SSL Survey only 32% of the sites offering SSL where configured correctly.

So now for the bad stuff:

• 48% of the sites offering SSL still offer SSLv2 which is know to be cryptographically insecure, it is a good thing that most browsers reject it
• Most sites do not offer any support for TLSv1.1 and TLSv1.2
• 62% of the sites still use weaks ciphers
• The TLS renegotiation vulnerability discovered in 2009 still effects nearly 35% the sites

But it is not just about how SSL is configures, but also about how it is used:

• Nearly 80% of the sites offering SSL do not redirect their users to the secure sites by default.
• HTTP Strict Transport Security is only used by 80 out of the the nearly 250,000 sites tested by Qualys.
• The adoption of EV certificates is also low
• Of the tested sites on 9 used all three above techniques.
• A lot of sites mark their cookies as HttpOnly or Secure, but even less that use both techniques
• 22% of the tested sites use some form of mixed content, if you exclude the sites that only use it for images this number only drops slightly to nearly 19%
• 68% of the login forms where not served over HTTPS and 54% submitted data to an http site

So what can we concluse:

• Systematic issues are hotly debated
• However SSL is often broken  by bad deployment and implementation issues
• It is possible to achieve reasonable security, but most sites choose not to do it
• Among the popular sites only a handful have decent SSL deployments

SSL is a success because it bought a relative security to the general public.