the difference between a duck
DESCRIPTION
Presentation by Haroon Meer at IDC in 2006. The presentation begins with a discussion on google hacking. There is a brief discussion on Kernel-rootkits. The presentation ends with a discussion on web application hacking.TRANSCRIPT
“The Difference between a Duck”
Insights into the technical realities of computer hacking in a South
African context
(haroon meer - 2006)
Before we start
• Who we are..– http://www.sensepost.com– [email protected]
• This talk..– 25 minutes ???– Short-list of a few current threats:
• Technical Details..• Technical Implications
• Questions ?
Google-Hacking!
• Took the world by storm• Multiple books.. Multiple Talks..• Johnny l0ng (johnny.ihackstuff.com)• What is it ?
– Cute searches to find stuff people didn’t know they were publicizing.
– Internal Password lists, web-cam interfaces…– Like..
The Bottom Line..
• Threat-o-meter…– Low
• Hype-o-meter…– Astronomical
• Why ?– People like visual hacks– People like problems that are easy to
understand
Kernel-Rootkits!
• October 2005 Mark Russinovich detailed the behavior of Sony’s copy protection scheme which effectively added a kernel-rootkit to your machine.– The press caught on to the kernel-rootkit angle
and predicted Armageddon
• So what is a rootkit ?– and a kernel rootkit ?– Is it totally un-detectable ?– Show us!
The Bottom Line..
• Threat-o-meter…– Medium
• Hype-o-meter…– High (but cooling)
• Why ?– It sounds evil!– Recent virtualization / Vista / BluePill hype
Web Application Hacking!
• Why we love web-applications!– They are everywhere– Any idiot can build one (so many of us did!)– Encapsulate complex business logic– They are almost easier to do wrong, than
they are to do right..
• Our current Web Application Hit-Rate
The Bottom Line..
• Threat-o-meter…– High!
• Hype-o-meter…– Relatively Low
• Why ?– Its moved past the sexy headline phase– Fixing it requires some old-school elbow grease– Solutions have not been shrink-wrapped yet.
Client Side Attacks!
• Most applications today have more lines of code than early OS’s did.– IE has millions of lines of code.– Typically you can expect 20-30 bugs per kloc
• ActiveX, JavaScript, WSH, VBS, FLASH… (all are attack surfaces)
• “Take out the middle-man” (™ - outsurance)• Where does you perimeter end ?
The Bottom Line..
• Threat-o-meter…– High!
• Hype-o-meter…– High!
• Why ?– Real Criminals _are_ getting involved
• (they don’t care about sexy.. They want results)
– It’s a very different paradigm.– We just started looking at the perimeters..– The Jericho Project..
What this means ?
• Don’t run your company security policy according to 5FM
• Judge your experts by yesterdays news• Old basics still hold
– Defense in depth
• Build security in from day-1• Identify your possible entry points (not just the
ones vendors can sell you solutions for)• Solve the problems that need solving (which are
often not the ones with the sexy solutions)
