Windows User Group - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Windows User Group

Description:

A brief look at hacks that involve both the Emergency Broadcast System and Pagers ... What: how the fare system can be circumvented through a few simple hacks ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 17
Provided by: peterber
Category:
Tags: group | hacks | user | windows

less

Transcript and Presenter's Notes

Title: Windows User Group


1
Windows User Group
  • August 15, 2008 1030am

2
Todays Round Up Topics
  • The Vista and DNS exploits vulnerabilities
    presented
  • The CVORG presentation regarding Linksys wireless
    router hardware Trojans
  • A brief look at hacks that involve both the
    Emergency Broadcast System and Pagers
  • Review of the Metro Card hack that has created so
    much controversy and was just on CNN
  • And a few other things briefly that were
    noteworthy
  • A short overview of the talk that I gave about
    Open Source Warfare (as used by insurgents in
    Iraq and Afghanistan).

3
What are Defcon Black Hat
  • Essentially both are computer security
    conferences
  • Defcon is geared towards hackers
  • August 7-10, Riviera
  • www.defcon.org
  • Black Hat is geared more towards corporate
    security people
  • August 2-7, Caesars Palace
  • www.blackhat.com

4
Using a browser to evade Vistas Security
  • Who Mark Dowd, Alexander Sotirov
  • What evade Vista protections such as Address
    Space Layout Randomization (ASLR), Data Execution
    Prevention (DEP)
  • How by using Java, ActiveX controls and .NET
    objects to load arbitrary content into Web
    browsers
  • http//searchsecurity.techtarget.com/news/article/
    0,289142,sid14_gci1324395,00.html

5
Using a browser to evade Vistas Security
  • How
  • defenses that Microsoft added to Vista are
    designed to stop host-based attacks. ASLR, for
    example, is meant to prevent attackers from
    predicting target memory addresses by randomly
    moving things such as a process's stack, heap and
    libraries. That technique is useful against
    memory-corruption attacks, But in Dowds case
    these protections dont work
  • memory protection mechanisms available in the
    latest versions of Windows are not always
    effective when it comes to preventing the
    exploitation of memory corruption vulnerabilities
    in browsers.
  • Two factors contribute to this problem the
    degree to which the browser state is controlled
    by the attacker and the extensible plugin
    architecture of modern browsers Dennis Fisher,
    Executive Editor SearchSecurity.com

6
DNS Exploit
  • Who Michael Zusman
  • What Abusing SSLVPNs purchase a certificate
    from a major CA with a FQDN (fully qualified
    domain name ) of an existing fortune 500
    companys website
  • How in simply filling out the request form he
    checking the box that says the certificate is not
    going to be used on the internet and is for
    internal testing only
  • And then keep doing it until you find a CA that
    agrees
  • Jamey Heary Cisco Security Expert
  • http//www.networkworld.com/community/node/30822

7
DNS Exploit
  • What happens The user has their DNS cache
    poisoned on their client so that the website
    (that contains the cert pointer and actual cert)
    points to a http proxy
  • This means that the attacker will then sit in
    the middle of any communications between the
    user and the real proxied website
  • The cert is queried and qualified as legit
  • Your communications though arent
  • Risk level moderate
  • Anything you can do about it? No

8
CVORG Hardware Trojans
  • Who Kiamilev, Hoover
  • How In an electronic Trojan attack, extra
    circuitry is illicitly added to hardware during
    its manufacture.
  • What the hardware Trojan performs an illicit
    action such as leaking secret information,
    allowing attackers clandestine access or control,
    or disabling or reducing functionality of the
    device. The growing use of programmable hardware
    devices (such as FPGAs) coupled with the
    increasing push to manufacture most electronic
    devices overseas means that our hardware is
    increasingly vulnerable to a Trojan attack from
    potential enemies.
  • Note these are thermal, optical and radio
    resultant trojans
  • http//www.defcon.org/html/defcon-16/dc-16-speaker
    s.htmlKiamilev
  • Related Autoimmunity disorder in Wireless LAN
  • http//www.networkworld.com/community/node/30842

9
The Subway Ticket Hack
  • Who Massachusetts Bay Transportation Authority
  • Vs. MIT students Alessandro Chiesa, R.J. Ryan,
    and Zack Anderson
  • http//news.cnet.com/8300-1009_3-83.html?keyword
    22Defcon200822
  • Observation you just have to laugh at loud

10
The Subway Ticket Hack
  • What how the fare system can be circumvented
    through a few simple hacks
  • How this is one that is easy and simple to find
    online and well worth your time
  • Similar to the Boarding Pass hack that still
    hasnt been fixed!?!!!!!!

11
Commission on Cyber Security for the 44th
Presidency
  • Do you ever get the feeling youre being lied to?
  • Done by the CSIS
  • In a related note the Air Force has cut off
    funding for their own cyberwar efforts and will
    decide within the next 12 weeks whether to
    continue operations or not

12
EMS Pagers
  • DCFluX Krick EAS (Emergency Alert System)
  • NYCMIKE
  • activity of FLEX (1600/3200 level 2, 3200/6400
    level 4) and POCSAG (512, 1200, 2400) , how to
    decode, how to set up a listening post, Decoding
    digital data with a soundcard

13
Some other great topics
  • Bristow ModScan A SCADA MODBUS Network Scanner
  • Multiple TOR presentations
  • Bello Bertacchini Predictable RNG in the
    Vulnerable Debian OpenSSL Package
  • Brossard Bypassing pre-boot authentication
    passwords
  • Major related note? work done on password
    retention through supercooling of RAM companents
    vs. Trusted Computing

14
Some other great topics
  • Moulton Solid State Drives Destroy Forensic
    Data Recovery
  • Data on a Solid State Device is virtualized and
    the Physical Sector that you are asking for is
    not actually the sector it was 5 minutes ago. The
    data moves around using wear leveling schemes
    controlled by the drive using propriety methods.
    When you ask for Sector 125, its physical address
    block is converted to an LBA block and every 5
    write cycles the data is moved to a new and empty
    previously erased block. This destroys metadata
    used in forensics data recovery. File Slack
    Space disappears, you can no longer be sure that
    the exact physical sector you are recovering was
    in the same location or has not been moved or
    find out what it used to be!
  • Another great presentation was about hacking
    Installed medical devices such as pacemakers

15
Open Source Warfare
  • Berghammer OSW has become a highly lucrative
    area that covers topics such as computer
    security, shaping of potential battlefields and
    populations, and actual in the field uses of
    mutated electronics devices such as microwave
    ovens, model rockets, remote controlled aircraft
    as well as computer based command and control
    protocols. What is so particularly interesting is
    how under funded and ill-equipped insurgency (and
    counter insurgency) groups can make use of
    off-the-shelf technology to fight against vastly
    better funded armies. It will also examine
    communications methods of these groups - and how
    they approach not only Internet style
    communication (and in some cases set up their own
    superior communications networks) but also how
    they approach communications security.

16
  • Thank you!
  • And now, something amusing..
Write a Comment
User Comments (0)
About PowerShow.com