votd log neutralization
play

VOTD: Log Neutralization Engineering Secure Software Last Revised: - PowerPoint PPT Presentation

Oct 11, 2023 •189 likes •260 views

VOTD: Log Neutralization Engineering Secure Software Last Revised: September 2, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is Log Neutralization? If you allow newlines ( \n ) in your log entries, then attackers

  1. VOTD: Log Neutralization Engineering Secure Software Last Revised: September 2, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1

  2. What is Log Neutralization? If you allow newlines ( \n ) in your log entries, then attackers ● can forge log entries (inject false log data), throwing off investigations CWE-117 ● Related to generalized CRLF Injection ● Carriage Return Line Feeds: \r ○ CWE-93 ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 2

  3. Examples $ java ArgumentLogger $'a normal event\nApr 25, 2012 1:26:19 PM ArgumentLogger main\nWARN: Attack suspected at 129.21.208.62' Sep 02, 2020 9:05:58 AM ArgumentLogger main // REAL INFO: a normal event // FAKE Apr 25, 2012 1:26:19 PM ArgumentLogger main // FAKE WARN: Attack suspected at 129.21.208.62 // REAL $ java ArgumentLogger --safe $'a normal event\nApr 25, 2012 1:26:19 PM ArgumentLogger main\nWARN: Attack suspected at 129.21.208.62' Sep 02, 2020 9:06:29 AM ArgumentLogger main INFO: a normal event_Apr 25, 2012 1:26:19 PM ArgumentLogger main_WARN: Attack suspected at 129.21.208.62 SWEN-331: Engineering Secure Software Benjamin S Meyers 3

  4. Examples public class ArgumentLogger { private static Logger log = Logger.getLogger(ArgumentLogger.class.getName()); public static void main(String[] args) { System.out.println("Logging commandline arguments:"); if (args.length > 0) { // Log safely if (args[0].equals("--safe") && args.length > 1) { System.out.println("Safe mode enabled."); // Encode carriage returns to avoid log forgery String clean = args[1].replace('\n', '_').replace('\r', '_'); log.info(clean); // Log unsafely } else { log.info(args[0]); } } } } SWEN-331: Engineering Secure Software Benjamin S Meyers 4

  5. Examples PayPal ● Attackers entered false payment entries ○ CVE-2006-0201 ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 5

  6. Mitigations Don’t allow newlines in your log entries ● Remove them entirely ○ Depending on what tools are used to analyze logs, the carriage ● return ( \r ) character might not be enough Consider <br> if you view logs online ○ Don’t forget to log the situation where a newline is injected ● Of course, even with log neutralization, if the attacker has ● read/write access to the actual log files, you’re out of luck Encrypt your logs ○ Store them remotely ○ Log manual changes to logs ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 6

  7. Notes This vulnerability is only a repudiation (auditability) threat ● By itself, this is pretty innocuous (not very harmful) ● In conjunction with other attacks, an attacker and forge logs ○ with false information to throw off post-exploit investigation Attackers with access to previous (or similar) logs can easily ● reverse-engineer patterns, making forgeries indistinguishable CAPEC-93 ○ Strangely enough, common logging libraries (e.g. logj4 , ● java.util.logging ) don’t have an option to remove newlines SWEN-331: Engineering Secure Software Benjamin S Meyers 7

Recommend

TIF Neutralization Overview July 16, 2019 1 TIF Neutralization Refers to both the process

TIF Neutralization Overview July 16, 2019 1 TIF Neutralization Refers to both the process

TIF Neutralization Overview July 16, 2019 1 TIF Neutralization Refers to both the process by which the TIF Neutralization factor (Factor) is calculated and the spreadsheet used to submit the Factor calculation to the

794 views • 20 slides
Conceptual Future Autonomous Mine Neutralization System Envisioned by NATO Undersea Research

Conceptual Future Autonomous Mine Neutralization System Envisioned by NATO Undersea Research

Autonomous Naval MCM - Neutralization Conceptual Future Autonomous Mine Neutralization System Envisioned by NATO Undersea Research Centre Research Goal: Explore ways to perform maritime mine neutralization more safely, efficiently, and

538 views • 6 slides
Ion Neutralization at Metal Surface vac When a ionized atom is projected onto a solid surface,

Ion Neutralization at Metal Surface vac When a ionized atom is projected onto a solid surface,

Ion Neutralization at Metal Surface vac When a ionized atom is projected onto a solid surface, an excited solid-atom system is formed. Conduction band ~ 4.5 eV The Ion-Neutralization process is a process by which the F excited solid-atom

331 views • 5 slides
VOTD: XSS &amp; CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331:

VOTD: XSS &amp; CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331:

VOTD: XSS &amp; CSRF Engineering Secure Software Last Revised: September 8, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is XSS? XSS: Cross Site Scripting Injecting malicious scripts into a web page CWE-79

772 views • 12 slides
Class 2: Contrast and neutralization (part 1) Adam Albright (albright@mit.edu) LSA 2017 Phonology

Class 2: Contrast and neutralization (part 1) Adam Albright (albright@mit.edu) LSA 2017 Phonology

Class 2: Contrast and neutralization (part 1) Adam Albright (albright@mit.edu) LSA 2017 Phonology University of Kentucky Goals for today Address residual questions from last time (Constraints, Ranking, OT) Recap: the function of

526 views • 30 slides
VOTD: SQL Injection Engineering Secure Software Last Revised: September 3, 2020 SWEN-331:

VOTD: SQL Injection Engineering Secure Software Last Revised: September 3, 2020 SWEN-331:

VOTD: SQL Injection Engineering Secure Software Last Revised: September 3, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is SQL Injection? Manipulating query strings to execute code Injecting SQL commands into

379 views • 9 slides
VOTD: OS Command Injection Engineering Secure Software Last Revised: September 17, 2020

VOTD: OS Command Injection Engineering Secure Software Last Revised: September 17, 2020

VOTD: OS Command Injection Engineering Secure Software Last Revised: September 17, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is OS Command Injection Executing arbitrary commands on the host OS via a vulnerable

272 views • 8 slides
Class 3: Contrast and neutralization (part 2) Adam Albright (albright@mit.edu) LSA 2017 Phonology

Class 3: Contrast and neutralization (part 2) Adam Albright (albright@mit.edu) LSA 2017 Phonology

Class 3: Contrast and neutralization (part 2) Adam Albright (albright@mit.edu) LSA 2017 Phonology University of Kentucky Goals for today Continue discussion of markedness and contrast Licensing by cue: another example where

675 views • 30 slides
VOTD: Integer Overflow Engineering Secure Software Last Revised: August 17, 2020 SWEN-331:

VOTD: Integer Overflow Engineering Secure Software Last Revised: August 17, 2020 SWEN-331:

VOTD: Integer Overflow Engineering Secure Software Last Revised: August 17, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is Integer Overflow? An operation that creates a numeric value outside of the range that can

211 views • 6 slides
VOTD: Time of Check, Time of Use Engineering Secure Software Last Revised: September 1, 2020

VOTD: Time of Check, Time of Use Engineering Secure Software Last Revised: September 1, 2020

VOTD: Time of Check, Time of Use Engineering Secure Software Last Revised: September 1, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is Time of Check, Time of Use? Analogy: Jill asks Dan to have tea ready for her when

383 views • 7 slides
VOTD: Buffer Overflow Engineering Secure Software Last Revised: August 17, 2020 SWEN-331:

VOTD: Buffer Overflow Engineering Secure Software Last Revised: August 17, 2020 SWEN-331:

VOTD: Buffer Overflow Engineering Secure Software Last Revised: August 17, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 What is Buffer Overflow? Writing data outside of the intended buffer (memory space) SWEN-331:

298 views • 6 slides
RFI/CMS Reports Former Lead Furnace Area &amp; SWMU 51 (TNT Waste Acid Neutralization Pit) RAB

RFI/CMS Reports Former Lead Furnace Area &amp; SWMU 51 (TNT Waste Acid Neutralization Pit) RAB

RFI/CMS Reports Former Lead Furnace Area &amp; SWMU 51 (TNT Waste Acid Neutralization Pit) RAB Presentation March 20, 2008 Former Lead Furnace Area (FLFA) (RAAP-040) RFI/CMS Report FLFA SWMU 17A FLFA Site Location FLFA Site Map Site

282 views • 27 slides
Thinking Like a Chemist About Equilibrium &amp; Acids and Bases UNIT 6 DAY 8 RAQ What are we

Thinking Like a Chemist About Equilibrium &amp; Acids and Bases UNIT 6 DAY 8 RAQ What are we

Thinking Like a Chemist About Equilibrium &amp; Acids and Bases UNIT 6 DAY 8 RAQ What are we going to learn today? REVIEW Equilibrium Behavior of Acids/Bases: Aqueous Solutions Neutralization Reactions IMPORTANT INFORMATION Class

451 views • 19 slides
H - Ion Source Development at FNAL Alejandro Garcia Sosa Proton Accelerators for Science and

H - Ion Source Development at FNAL Alejandro Garcia Sosa Proton Accelerators for Science and

H - Ion Source Development at FNAL Alejandro Garcia Sosa Proton Accelerators for Science and Innovation Workshop Nov 11-13 2015 Outline Magnetron Source Work done on operational sources Beam Neutralization Fiber Optics Chassis

354 views • 21 slides
K-minerals Huig Bergsma, Joost Vogels, Roland Bobbink, Maaike Weijters and Chris Rvekamp the

K-minerals Huig Bergsma, Joost Vogels, Roland Bobbink, Maaike Weijters and Chris Rvekamp the

K-minerals Huig Bergsma, Joost Vogels, Roland Bobbink, Maaike Weijters and Chris Rvekamp the backbone of acid neutralization in Dutch nature reserves Second International Workshop on Alternative Potash, London June 15 th 2017 The

482 views • 24 slides
Acids and Bases PSI Chemistry covers the material approximately up to slide 75. Slide 2 / 174

Acids and Bases PSI Chemistry covers the material approximately up to slide 75. Slide 2 / 174

Slide 1 / 174 Acids and Bases PSI Chemistry covers the material approximately up to slide 75. Slide 2 / 174 Properties of Acids Acids release hydrogen ion(s) into (aqueous) solution Acids neutralize bases in a neutralization reaction.

729 views • 58 slides
Acids and Bases Acids corrode active metals. Acids turn blue litmus to red. PSI Chemistry

Acids and Bases Acids corrode active metals. Acids turn blue litmus to red. PSI Chemistry

Slide 1 / 174 Slide 2 / 174 Properties of Acids Acids release hydrogen ion(s) into (aqueous) solution Acids neutralize bases in a neutralization reaction. Acids and Bases Acids corrode active metals. Acids turn blue litmus to red.

716 views • 29 slides
Full Facility Water Management Presented by: Process and Water What is Being Presented 1.

Full Facility Water Management Presented by: Process and Water What is Being Presented 1.

Full Facility Water Management Presented by: Process and Water What is Being Presented 1. Purified (RODI) Water System &amp; Distribution Design 2. Rain/Gray &amp; RO Reject Water System Design 3. Acid Waste pH Neutralization System Design

784 views • 46 slides
Minneapolis Water Works Gina Sternberg MnTAP Supervisor: Karl DeWahl Company Supervisors: Annika

Minneapolis Water Works Gina Sternberg MnTAP Supervisor: Karl DeWahl Company Supervisors: Annika

Neutralization Optimization Minneapolis Water Works Gina Sternberg MnTAP Supervisor: Karl DeWahl Company Supervisors: Annika Bankston, Steve Bros Facility Background Minneapolis Water provides tap water to Minneapolis and surrounding

331 views • 21 slides

More recommend