Skip to main content

Posts

Showing posts from March, 2009

Older TOR Research Paper - Privacy and Security Study

I stumbled across an older research paper from the University of Colorado discussing the traffic patterns for data flowing into and out of the TOR network. Very interesting read, and I like the inventive methods for detecting "sniffing" exit nodes, although I must say that anyone with a bit of knowledge regarding how to quietly listen using TCPdump -n.

Securing OSX - Apple's Leopard Security Guide

Worried about the default configuration of Leopard OSX 10.5? Take a read through Apple's own security configuration guide. This guide covers the installation to advanced configuration options including turning off hardware support for USB, Bluetooth, Video, Wireless, etc for the most paranoid out there.

Mac users can also look forward to getting more advanced security features as part of the 10.6 release of OSX-Snow Leopard you'll be glad to know that rumors point to modern security features like enhanced ASLR with 64bit memory space, and full NX support.

Charlie Miller - Toms Hardware Exclusive

Tom's Hardware has posted an excellent interview with Charlie Miller who was successful at hacking a fully patched OSX box at this year's CanSecWest. Here is the interview. Very insightful answers to the questions.

SmartPhone Pwn2Own Results Reflect Security of the Device?

Since the CanSecWest conference last week a few people on the net have been reporting (Gizmodo, Slashdot, Engadget) that because none of the smartphone platforms were compromised (I think there was only a single attempt if I heard right) and that these devices must be inherently secure or a lot harder to hack than Safari and the rest of the browser crew.

After hanging out with a few of the researchers at the conference, and witnessing first-hand some of the technical prowess they possess, it seems a little strange to me that the security of these handsets pose a challenge to these people.

Adding to my skeptisim is the fact that many of the researchers at the conference were supporting the stance of "no more free bugs". Which I support - as there is a very real thriving underground economy for bugs and exploits - and researchers deserve to get compensated for the knowledge and expertice, not to mention that the pwn2own contest rules sign-over ownership of the bug to TippingPoi…

A few more details regarding the peristent BIOS infection

If you were lucky enough to attend this year's CanSecWest conference than you probably sat through Anibal Sacco and Alfredo Ortega's talk on the BIOS infection, and how this would persist even through a hard-drive wipe / operating system reinstall. These guys are extremely bright and are pushing hard at the edge of security research.

The slideshow published by Core Security, provides the overview, which I'll summarize here with what I can remember of the technology and tools used to enable the hack shown at the conference.

First is getting a copy of a BIOS to hack. There are two options, and one which made the researcher's lives easier, VMware supplies both a generic "virtual" BIOS and a debugger which makes testing and developing the patches easier. A generic tool also exists which they have created to retrive, modify and reflash the BIOS based on previous work by pinczakko.

The second thing talked about is the structure of the BIOS which gets executed by t…

Update from CanSecWest

So most of the way through the second day of the conference there have been some really interesting topics. Here is a list of the top ones for me:

Unicode vulnerabilities - Although it was cut short due to running over time, Chris Weber, from Casaba Security gave an excellent description of a large number of unicode issues which plague web applications. His favorite - BOM.

Sniffing Keystrokes - What a nice change in pace - the two Italians put on quite a show regarding the use of two side channel attacks on keystrokes. One regarding the electrical noise that poorly shielded PS2 connectors, and the other by recording and analyzing vibrations from typing on laptops by using cheap lasers!

Chinese Hacking Culture - Wow, what a great opportunity to hear from a security professional working inside the hacker community in China! Excellent talk, and cudos to ICBM for getting the message across and even answering questions with a significant language barrier.

More later.

Updates from CanSecWest

I am attending CanSecWest this week in Vancouver, British Columbia, and will be updating my blog frequently to recap some of the high-lights of the event. Monday will be pretty slow as people make it into town and get settled.

Prioritizing PCI Compliance Activity

In new guidance offered by the PCI Security Standards Council, a checklist has been provided to assist organizations with focusing on the important issues first, and spending time where the greatest risks exist. This is very useful for organizations with limited funding and resources.