Archive

Posts Tagged ‘Blackhat’

SSL takes a serious beating at BlackHat and Defcon conferences

August 1st, 2009 Frank Breedijk 4 comments

Moxie Marlinspike, Dan Kaminski and Mike Zusman all presented talks at both Blackhat and Defcon that expose serious flaws the implementation and model of SSL and the way we us it today.
Read more…

  • Share/Bookmark

Blackhat talk: Cloudburst – VMWare guest to host escapes by Kostya Kirtchinsky

July 31st, 2009 Frank Breedijk No comments

Kostya started of by telling everybody: “I’m not a virtualisation expert”

Then he started to explain how he was able to build up his cloudburst exploit.he focused on the guest os devices, because the device are omnipresent in all VMWare pruducts, they run on the host, can be accessed from the guest, are written in C/C++ and parse some complex data.

Read more…

  • Share/Bookmark

Blackhat talk: Fuzzing the Phone in you Phone – Charlie Miller and Collin Mulliner

July 31st, 2009 Frank Breedijk No comments

This is the talk that I blogged about earlier about owning the iPhone through SMS. The work Charlie and Collin did was actually amazing.

In their presentation they first looked at SMS.  SMS is a building block of the phone system and essential to the working of the modern network because it is used for all kinds of stuff. Why is it good to attack? No firewall, processed by all phones, no user interaction and you only need a phone number to send an SMS.

Read more…

  • Share/Bookmark

Blackhat talk: Cloud Computing Models and Vulnerabilities – Raining on the Trendy New Paradise by Alex Stamos, Andrew Becherer & Nathan Wilcox

July 31st, 2009 Frank Breedijk No comments

Soundbyte of the day: Lex Stamos about the twitter hack: “No matter how low opinion you have of your user, they will always  prove you wrong”

Cloud computing is actually defined as three types of services: Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastrcture as a Service (IaaS). A large VMWare farm for one company is not cloud computing.

Each of the models has their pro’s and cons.

Read more…

  • Share/Bookmark

Blackhat newsflash: Researchers showed that an iPhone SMS virus infection is possible at Blackhat

July 30th, 2009 Frank Breedijk No comments

Charlies Miller’s and Collin Mulliners talk “Fuzzing the Phone in your Phone” today revealed full details that could make the first iPhone virus infection at the Blackhat security conference in Las Vegas.

Large SMS messages are cut up in smaller SMS messages, this means that the SMS messages need to be parsed by the phone to put it back together and thus can be used as an attack vector to breach the phone. By using a technique known as fuzzing, Miller and Mulliner where able to find exploitable conditions that could be turned into an attack and an iPhone virus. The attack takes a total of 519 SMS messages, but will work without any user interaction.

Read more…

  • Share/Bookmark

Blackhat talk: Language of Trust aka Attacking Interoperability by Mark Dowd, Ryan Smith and David Dewey

July 30th, 2009 Frank Breedijk No comments

Interoperability is everywhere in browsers Java <-> VBScript, VBscript <-> .NET, .NET <-> Javascript, Javascript <-> DOM etc. This interoperability presents a large attack surface, which is up to now where not well explored.

There is a lot of code involved converting types between various languages.

Read more…

  • Share/Bookmark

Blackhat talk: More Tricks for Defeating SSL in Practice – Moxie Marlinspike

July 30th, 2009 Frank Breedijk No comments

The background: In the past, basic constraints where not properly checked, so any client certificate could be used to create  another client certificate that would actually validate.

Moxie wrote the tool SSLSNIF is that is able to do a man in the middle attack on  an SSL connection based on this vulnerability to proof to Microsoft that it could be exploited, contrary to what Microsoft said.

Even tough Microsoft and others fixed the vulnerability, the tool is still useful, mainly because people don’t pay attention to certificate warning. Also when the guys that made the fake CA certificate by means of the the MD5 collision use SSLSNIFF to actually exploit is.

But there are more ways to attack SSL then doing a man-in-the-middle attack; SSL Stripping

Read more…

  • Share/Bookmark

Blackhat talk: Rapid Enterprise Triaging by Aaron Le Master & Michael Murphy

July 30th, 2009 Frank Breedijk No comments

Talk focused on a methodology for restoration after a massive compromise while keeping the users on the network and somewhat productive.

Four phases for RETRI

  1. Preparation
  2. Assessment
  3. Segmentation and restoration
  4. Investigate and recovery

Read more…

  • Share/Bookmark

Blackhat talk: Router exploitation by Felix “FX” Lindner

July 30th, 2009 Frank Breedijk No comments

I arrived late, but talk hadn’t started unfortunately it did mean standing room only.

FX had a cool feature in his presentation; every slide was accompanied by a BlackHat-O-Meter. Works like the base and acid scale. Corporate suite-and-tie types should stay with slides that have the meter all the way on the top, CISSP should be able to grasp the details of slides that are ranked somewhere in the middle, real Hackers could also grasp bottom of the scale slides.

FX’s first words are comforting, there is not so much real world router ownage going on. Mis-configuration, insider attacks, etc. are much more common.

However, infrastructures are what you want to own, so why don’t we see this more often? Because practical exploits are hard.

Read more…

  • Share/Bookmark

BlackHat day one opening and keynote speech

July 30th, 2009 Frank Breedijk No comments

BlackHat Las Vegas has officially started. Jeff Moss kicked the conference off with the usual boring stuff. One of the surprises is that BlackHat Amsterdam will not happen. Instead they decided to move the event to Barcelona because they could not find a facility in Amsterdam big enough anymore. As a result BlackHat Barcelona will be bigger it feature three parallel tracks in stead of the two tracks that where possible in Amsterdam. Still I am sad that they abandoned my home country.

Then the keynote by Douglass Merill started.

Read more…

  • Share/Bookmark