Black Hat Webcasts RSS Feed

"Clickjacking" is all over the news lately. For the uninitiated, it's a set of techniques discovered by Jeremiah Grossman and Robert Hansen that allows an attacker to transparently capture a user's clicks, forcing the user to do all manner of unpleasant things ranging from adjusting security settings to unwittingly visiting websites with malicious code.

Our monthly free webcast series rolls on with another talk about a major vulnerability. This webcast is entitled "Trust Doesn't Scale: Practical Hijacking On the World's Largest Network." The webcast is based on a remarkable presentation by Tony Kapela and Alexander Pilosov at the DEFCON security conference this August. To illustrate their BGP-based traffic-hijacking techniques, they intercepted all traffic from the notoriously hostile conference network and ran it through their servers. The process was almost completely invisible to DEFCON attendees.
Their demonstration took advantage of a trust issue with Border Gateway Protocol (BGP), and it appears to be part of a larger security trend of major issues emerging in the bedrock protocols that support the Internet. Dan Kaminsky's DNS vulnerability relies on trust issues in DNS. In recent years major questions have been raised about SNMP and ICMP and at this writing there's word of a potentially major TCP exploit. Vulnerabilities like these raise significant questions about the business of security, the limits of patching, and the difficulties involved in securing a trust-based system.

Over the past several years, Microsoft has implemented a number of memory protection mechanisms with the goal of preventing the reliable exploitation of common software vulnerabilities on the Windows platform. Protection mechanisms such as GS, SafeSEH, DEP and ASLR complicate the exploitation of many memory corruption vulnerabilities and at first sight present an insurmountable obstacle for exploit developers.
This talk aims to present exploitation methodologies against this increasingly complex target. We will demonstrate how the inherent design limitations of the protection mechanisms in Windows Vista make them ineffective for preventing the exploitation of memory corruption vulnerabilities in browsers and other client applications.
Each of the aforementioned protections will be briefly introduced and its design limitations will be discussed. We will present a variety of techniques that can be used to bypass the protections and achieve reliable remote code execution in many different circumstances. Finally, we will discuss what Microsoft can do to increase the effectiveness of the memory protections at the expense of annoying Vista users even more.

Early in 2008, security researcher Dan Kaminsky located a gaping hole the basic underpinnings of the internet. This fundamental flaw in DNS security renders almost all DNS serves open to cache poisoning (US CERT VU#800113). As the vulnerability arises from flaws in the design of the DNS protocol, the issue affects nearly all vendors and nearly all products designed to work with DNS.
In the intervening time, Dan has worked with a coalition of vendors to create a fix for this very serious and ubiquitous vulnerability. On July 8th, technology vendors from across the industry simultaneously released patches for their products in a combined effort of historic proportion.

During this inaugural webcast, Jeff Moss provided an overview of prevailing security trends and technologies and was joined by several of the world’s leading security minds who will each provide a brief preview of the topics they presented at the Black Hat Briefings & Trainings in August 2008.
The presenters were:
Bruce Potter with Malware Detection Through Flow Analysis
Fyodor Vaskovich with Nmap - Scanning the Internet
Shawn Moyer and Nathan Hamiel with Satan is on My Friends List: Attacking Social Networks
Nate McFeters, John Heasman and Rob Carter with The Internet is Broken: beyond Document.Cookie - Extreme Client-Side Exploitation
Mike Reavey, Steve Adegbite and katie Moussouris with Secure the Planet! new Strategic Initiatives from Microsoft to Rock your World.