October 25th, 2008

Joe the Plumber's data compromised by government insider

Posted by Adam O'Donnell @ 7:45 pm

Categories: Big Brother Getting Bigger, Data theft, Passwords, United States of America

Tags: Event, Security, Adam O'Donnell

2008 is shaping up to be the year of the politically-motivated data leakage events. First it was Sarah Palin, then Bill “Papa Bear” O’Reilly, and now apparently Joe the Plumber has been struck.

Read the rest of this entry »

August 9th, 2008

Black Hat Las Vegas Day 2

Posted by Nathan McFeters @ 10:31 am

Categories: Arbitrary Code Execution, Black Hat, Black Hat Las Vegas, Browsers, Complex Attacks, Exploit code, Hackers, Java, Locally Running Web Servers, Microsoft Blue Hat v7, Research, Responsible disclosure, Social Networking Applications, Sun Microsystems, Vulnerability research, Web 2.0, Web Applications, Windows Vista, Zero-day attacks

Tags: black hat, microsoft corp., applet, image, vegas, nathan mcfeters

Again, sorry for the late updates.  Vegas is the kind of place that demands a lot of a person.  Too many parties make it difficult to find time to blog on the conference.  Pictures of the even are a bit sparse, due to consistently forgetting to bring my camera, but I will post them shortly.

Day 2 began a bit rough for me, but I forced myself down to catch Shawn Moyer and Nathan Hamiel’s talk, “Satan Is On My Friends List”.  The talk was really solid, and focused on attacking social networking sites, such as MySpace, Adult Friend Finder, and LinkedIn.  The pair pointed out numerous flaws with these sites, such as impersonation, theft of sensitive data (pics etc.), arbitrary code execution (through various plug-in applications).

Read the rest of this entry »

August 8th, 2008

Black Hat Las Vegas Day 1

Posted by Nathan McFeters @ 1:57 pm

Categories: Adobe, Arbitrary Code Execution, Black Hat, Black Hat Las Vegas, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Flash, Hackers, Kernel-level Exploits, Responsible disclosure, Vulnerability research, Zero-day attacks, ~Special Series~

Tags: black hat, billy rios, dan, phishing, cyberthreats, spam, viruses and worms, security, spam and phishing, nathan mcfeters

Well, this is well late, but here’s my recap of Black Hat Day 1. Sorry for the delay, but I’ve been terribly busy finishing up preparations for my Day 2 talk.

The first talk I went to see, “Pointers and Handles, A Story of Unchecked Assumptions in the Windows Kernel”, by Alex Ionescu, discussed a number of vulnerabilities in the Windows kernel-mode library responsible for the Windows GUI subsystem. Most of this talk centered around attacking code where bad assumptions were made regarding the validity of pointers before they are dereferenced, and abusing the kernel mechanism of “protect from close” handles.

Read the rest of this entry »

August 2nd, 2008

On GIFARs

Posted by Nathan McFeters @ 10:37 am

Categories: Black Hat, Black Hat Las Vegas, Browsers, Complex Attacks, Data theft, Exploit code, Hackers, Java, Linux, Microsoft, Mozilla, Research, Responsible disclosure, Sun Microsystems, Vulnerability research, Web 2.0, Web Applications, Zero-day attacks, eBay, ~Special Series~

Tags: Black Hat, Vector, Applet, Image, Attack, Heasman, Nathan McFeters

Ever since Rob McMillan of IDG published a story giving a preview of our coming Black Hat talk, specifically a preview of the portion of our talk related to GIFARs, media coverage of the research has swirled a bit out of control and there’s been some misconceptions.  My co-presenter John Heasman has a write-up on GIFARs that explains this all just a bit more.

We of course want to avoid giving all of the details until Black Hat, where it will be much easier to demonstrate with an example, but this should clear up some of the misconceptions.  If you happened to see PDP of Gnucitizen give his talk at Black Hat Amsterdam last year, this combination of images with applets stuff might not be brand new to you.  We were unaware of PDP’s research at the time of our discovery, but that was fortunate, for it allowed us to take a different path, using HTTP requests to piggy-back the browser’s cookies.  To clarify, PDP’s research and ours is similar only in the fact that we both use applets within images to accomplish our goal of attack.  Heasman explains the usefulness of this on his blog, so I won’t rehash it here.

We’re excited to present on this topic, but we are even more excited for what we hope to present at Black Hat Japan, which extends this attack even further, making it more dangerous.

Read the rest of this entry »

August 1st, 2008

Black Hat Sneak Preview

Posted by Nathan McFeters @ 12:46 am

Categories: Adobe, Black Hat, Black Hat Las Vegas, Complex Attacks, Exploit code, Flash, Google, Hackers, Java, Research, Responsible disclosure, Sun Microsystems, Vulnerability research, Web 2.0, Web Applications, Windows Vista, Yahoo!, Zero-day attacks, ~Special Series~

Tags: Black Hat, Java Applet, Web Application, Web Browser, Applet, Attack, Billy Rios, GIFAR, Java, Programming Languages

Rob McMillan from IDG interviewed John Heasman and I today about the presentation we will be delivering with Rob Carter at Black Hat Vegas next week. The article has a good teaser about one of the more interesting of the many attacks we will cover, namely what we’ve coined the GIFAR attack. We’ve also got a previous teaser that I covered here on some of John Heasman’s work on NTLM relay attacks through Java applets.

For those who are not familiar with this, we originally discussed it during the Black Hat webcast. The attack involves combining two files, for instance a GIF image file and a JAR (Java Archive) file that contains class files for a Java Applet. GIF+JAR=GIFAR. The idea is that the file will be rendered as a valid image by a browser; however, it will also be treated as a valid JAR file for use as a Java Applet by the Java Virtual Machine.

Read the rest of this entry »

July 31st, 2008

Black Hat talk on Apple encryption flaw pulled

Posted by Nathan McFeters @ 7:11 pm

Categories: Apple, Black Hat, Black Hat Las Vegas, Hackers, Microsoft, Research, Vulnerability research, Zero-day attacks, ~Special Series~

Tags: Black Hat, Researcher, Apple Inc., Flaw, Security, Nathan McFeters

Brian Krebs from the Washington Post “Security Fix” Blog reported that one of the talks slated for next week’s Black Hat convention on a previously undiscovered flaw in Apple’s FileVault encryption system has been canceled, the researcher citing confidentiality agreements as the reason he will not be speaking.

The article states:

Read the rest of this entry »

July 28th, 2008

Katie Moussouris on HOPE 2008: HOPE Springs Eternal

Posted by Nathan McFeters @ 10:15 pm

Categories: Contributors, HOPE, ~Special Series~

Tags: Symantec Corp., IP, Tool, Con, Katie Moussouris, Last HOPE, Wiki, Internet, Productivity, Security

Guest Editorial by Katie Moussouris of Microsoft

If cyberspace is a mass, consensual hallucination, as William Gibson characterized it, then HOPE was a dream manifested in meatspace that would not die. While Hackers On Planet Earth has been running every other year since 1994, it was my first journey to the con. It was, after all, my last chance, or so I thought (clever hackers).

The Last HOPE took place July 18-21 in Gotham City, amid the swelter and sweat and sticky heat of a New York summer. Talks at the con ranged wildly in topic from hacking, to art, to food, to politics – okay, they were all about hacking, but often with a strong social commentary or artistic bent, taking healthy swipes at mainstream media and culture. There was a pervasive theme throughout regarding moving the paradigm of the network from that of information dissemination and exchange to one of bringing about social action. Hacktivism was a popular topic, though not in the destructive website-defacement or DDoS sense, but rather in the sense that writing a piece of code that transforms the way humans interact can change the world. HOPE highlighted a digital, literal movement of Power to the People.

For more on Katie’s perspective, continue below.

Read the rest of this entry »

July 28th, 2008

Airport security part 6: Skimming at airport kiosks

Posted by Nathan McFeters @ 7:47 am

Categories: Airport Security, ~Special Series~

Tags: Credit Card, Airport Security, Airport Kiosk, Stiennon, Sales Channel, Financial Services, Sales, Nathan McFeters

We’ve talked a lot about airport security here (see other links at the bottom of this article), but one thing we haven’t covered yet is airport kiosks.  Not that they haven’t caught my attention, there’s just so much wrong at the airport, it takes time to cover it all.  Richard Stiennon posted a story yesterday about his concern over airport kiosks and the use of a credit card as identification.  Stiennon says:

What’s to stop the airline, kiosk manufacturer, or <gasp> a hacker from grabbing my credit card number and CCV info?

Evidently there is some suspicion that that is exactly what is going on at kiosks in Toronto.  One airline, WestJet, as a precautionary measure has shut off the credit card scanning function of their kiosks at 28 airports.

My advice: don’t use credit cards as ID.

Read the rest of this entry »

July 24th, 2008

Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon

Posted by Nathan McFeters @ 2:30 pm

Categories: Black Hat, Black Hat Las Vegas, Complex Attacks, Exploit code, Hackers, Metasploit, Patch Watch, Research, Responsible disclosure, Vulnerability research, Zero-day attacks, ~Special Series~

Tags: CERT, DNS Server, Server, Kaminsky, Dan, Patches, Domain Names, Security, Internet, Nathan McFeters

I listened to the Black Hat webcast today to grab as much info as I could on this subject. The biggest thing that I heard from the whole talk is that the patch fixes things to a reasonable point, but that long-term, there will have to be more work done to prevent the issue. Before I get into the details, this was not an interview, I was simply taking shorthand notes, so I did my best to get direct quotes of what was said, but in some cases, this may not be 100% accurate, so, if any speakers from the webcast or readers of the blog see errors, please email me and I will quickly make the strike through and change.

Kaminsky said that,

The exploit is now 10s of thousands of times harder, but still possible. 1 in several hundred million to 1 in a couple billion.

and

If it took seconds to minutes before, it still could work, but now it’s days or hours at worst.

Click below to read the rest…

Read the rest of this entry »

July 21st, 2008

2008 Pwnie Award nominees announced

Posted by Nathan McFeters @ 9:12 am

Categories: Adobe, Arbitrary Code Execution, Black Hat, Black Hat Las Vegas, Complex Attacks, Data theft, Exploit code, Firefox, Flash, Hackers, Kernel-level Exploits, McAfee, Microsoft, Research, ToorCon Seattle 2008, Vulnerability research, Web Applications, Windows Vista, Zero-day attacks, ~Special Series~

Tags: Nominee, Vulnerability, XSS, Attack, Flaw, Dan, XSS Flaw, Lifelock, Security, Nathan McFeters

Well, after getting 134 nominations, and spending countless hours pulling out nominees, the judges for the 2008 Pwnie Awards have announced the final nominees to be voted on.  From the site:

The final list of nominees for the nine Pwnie Award categories is finally published. We’ve received some really good submissions and it was not an easy task to narrow them down to five nominees per category, but we hope that we’ve done a good job. The next step for the Pwnie Awards judges will gather in an undisclosed location prior to the award ceremony and vote on the winners.

I’m especially excited about this, since Rob Carter, Billy Rios, and I were nominated for the Best Client-Side Bug for our URL and protocol handling flaws research; which just seems to never end by the way (and keeps continuing… see a future talk we will put on at some Black Hat down the road).  We’re up against some stiff competition though, including my fellow Ernst & Young Advanced Security Center co-worker Nitesh Dhanjani, which makes it a great year for EY with three current (myself, Rob Carter, and Nitesh Dhanjani) and one former member (Billy Rios) involved in the pwnies.

For more, read-on!

Read the rest of this entry »