1 / 16

Windows User Group

Windows User Group. August 15, 2008 10:30am. Today’s Round Up Topics. The Vista and DNS exploits vulnerabilities presented The CVORG presentation regarding Linksys wireless router hardware Trojans A brief look at hacks that involve both the Emergency Broadcast System and Pagers

liz
Télécharger la présentation

Windows User Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows User Group August 15, 2008 10:30am

  2. Today’s Round Up Topics • The Vista and DNS exploits vulnerabilities presented • The CVORG presentation regarding Linksys wireless router hardware Trojans • A brief look at hacks that involve both the Emergency Broadcast System and Pagers • Review of the Metro Card hack that has created so much controversy and was just on CNN • And a few other things briefly that were noteworthy • A short overview of the talk that I gave about Open Source Warfare (as used by insurgents in Iraq and Afghanistan).

  3. What are Defcon & Black Hat • Essentially both are computer security conferences • Defcon is geared towards hackers August 7-10, Riviera www.defcon.org • Black Hat is geared more towards corporate security people August 2-7, Caesars Palace www.blackhat.com

  4. Using a browser to evade Vista’s Security • Who: Mark Dowd, Alexander Sotirov • What: evade Vista protections such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) • How: by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html

  5. Using a browser to evade Vista’s Security • How: • “defenses that Microsoft added to Vista are designed to stop host-based attacks. ASLR, for example, is meant to prevent attackers from predicting target memory addresses by randomly moving things such as a process's stack, heap and libraries. That technique is useful against memory-corruption attacks, But in Dowd’s case these protections don’t work” • “memory protection mechanisms available in the latest versions of Windows are not always effective when it comes to preventing the exploitation of memory corruption vulnerabilities in browsers.” • “Two factors contribute to this problem: the degree to which the browser state is controlled by the attacker; and the extensible plugin architecture of modern browsers “Dennis Fisher, Executive Editor SearchSecurity.com

  6. DNS Exploit • Who: Michael Zusman • What: Abusing SSLVPNs : purchase a certificate from a major CA with a FQDN (fully qualified domain name ) of an existing fortune 500 company’s website • How: in simply filling out the request form he checking the box that says the certificate is not going to be used on the internet and is for internal testing only • And then: keep doing it until you find a CA that agrees • Jamey Heary: Cisco Security Expert http://www.networkworld.com/community/node/30822

  7. DNS Exploit • What happens: The user has their DNS cache poisoned on their client so that the website (that contains the cert pointer and actual cert) points to a http proxy • This means that the attacker will then “sit in the middle” of any communications between the user and the real + proxied website • The cert is queried and qualified as legit • Your communications though aren’t • Risk level: moderate • Anything you can do about it? No

  8. CVORG Hardware Trojans • Who: Kiamilev, Hoover • How: In an electronic Trojan attack, extra circuitry is illicitly added to hardware during its manufacture. • What: the hardware Trojan performs an illicit action such as leaking secret information, allowing attackers clandestine access or control, or disabling or reducing functionality of the device. The growing use of programmable hardware devices (such as FPGAs) coupled with the increasing push to manufacture most electronic devices overseas means that our hardware is increasingly vulnerable to a Trojan attack from potential enemies. • Note: these are thermal, optical and radio resultant trojans • http://www.defcon.org/html/defcon-16/dc-16-speakers.html#Kiamilev • Related: Autoimmunity disorder in Wireless LAN http://www.networkworld.com/community/node/30842

  9. The Subway Ticket Hack • Who: Massachusetts Bay Transportation Authority • Vs.: MIT students Alessandro Chiesa, R.J. Ryan, and Zack Anderson • http://news.cnet.com/8300-1009_3-83.html?keyword=%22Defcon+2008%22 • Observation: you just have to laugh at loud

  10. The Subway Ticket Hack • What: how the fare system can be circumvented through a few simple hacks • How: this is one that is easy and simple to find online and well worth your time • Similar to the Boarding Pass hack that still hasn’t been fixed!?!!!!!!

  11. Commission on Cyber Security for the 44th Presidency • Do you ever get the feeling you’re being lied to? • Done by the CSIS • In a related note: the Air Force has cut off funding for their own cyberwar efforts and will decide within the next 12 weeks whether to continue operations or not

  12. EMS & Pagers • “DCFluX” Krick: EAS (Emergency Alert System) • NYCMIKE: • activity of FLEX (1600/3200 level 2, 3200/6400 level 4) and POCSAG (512, 1200, 2400) , how to decode, how to set up a listening post, Decoding digital data with a soundcard

  13. Some other great topics • Bristow: ModScan: A SCADA MODBUS Network Scanner • Multiple TOR presentations • Bello & Bertacchini : Predictable RNG in the Vulnerable Debian OpenSSL Package • Brossard: Bypassing pre-boot authentication passwords • Major related note work done on password retention through supercooling of RAM companents vs. Trusted Computing

  14. Some other great topics • Moulton: Solid State Drives Destroy Forensic & Data Recovery • Data on a Solid State Device is virtualized and the Physical Sector that you are asking for is not actually the sector it was 5 minutes ago. The data moves around using wear leveling schemes controlled by the drive using propriety methods. When you ask for Sector 125, its physical address block is converted to an LBA block and every 5 write cycles the data is moved to a new and empty previously erased block. This destroys metadata used in forensics & data recovery. File Slack Space disappears, you can no longer be sure that the exact physical sector you are recovering was in the same location or has not been moved or find out what it used to be! • Another great presentation was about “hacking” “Installed” medical devices such as pacemakers

  15. Open Source Warfare • Berghammer: OSW has become a highly lucrative area that covers topics such as computer security, shaping of potential battlefields and populations, and actual in the field uses of mutated electronics devices such as microwave ovens, model rockets, remote controlled aircraft as well as computer based command and control protocols. What is so particularly interesting is how under funded and ill-equipped insurgency (and counter insurgency) groups can make use of off-the-shelf technology to fight against vastly better funded armies. It will also examine communications methods of these groups - and how they approach not only Internet style communication (and in some cases set up their own superior communications networks) but also how they approach communications security.

  16. Thank you! And now, something amusing…..

More Related