Google's Project Zero and the Future of Altruistic Internet Security
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Biting Into Forbidden Fruit
Biting into the forbidden fruit Lessons from trusting Javascript crypto Krzysztof Kotowicz, OWASP Appsec EU, June 2014 About me • Web security researcher • HTML5 • UI redressing • browser extensions • crypto • I was a Penetration Tester @ Cure53 • Information Security Engineer @ Google Disclaimer: “My opinions are mine. Not Google’s”. Disclaimer: All the vulns are fixed or have been publicly disclosed in the past. Introduction JS crypto history • Javascript Cryptography Considered Harmful http://matasano.com/articles/javascript- cryptography/ • Final post on Javascript crypto http://rdist.root.org/2010/11/29/final-post-on- javascript-crypto/ JS crypto history • Implicit trust in the server to deliver the code • SSL/TLS is needed anyway • Any XSS can circumvent the code • Poor library quality • Poor crypto support • No secure keystore • JS crypto is doomed to fail Doomed to fail? Multiple crypto primitives libraries, symmetric & asymmetric encryption, TLS implementation, a few OpenPGP implementations, and a lot of user applications built upon them. Plus custom crypto protocols. https://crypto.cat/ https://www.mailvelope.com/ http://openpgpjs.org/ JS crypto is a fact • Understand it • Look at the code • Find the vulnerabilities • Analyze them • Understand the limitations and workarounds • Answer the question: can it be safe? JS crypto vulns in the wild • Language issues • Caused by a flaw of the language • Web platform issues • Cased by the web • Other standard bugs • out of scope for this presentation Language issues Language issues matter -
Analyse De Maliciels Sur Android Par L'analyse De La Mémoire Vive
Analyse de maliciels sur Android par l’analyse de la mémoire vive Mémoire Bernard Lebel Maîtrise en informatique Maître ès sciences (M. Sc.) Québec, Canada © Bernard Lebel, 2018 Analyse de maliciels sur Android par l’analyse de la mémoire vive Mémoire Bernard Lebel Sous la direction de: Mohamed Mejri, directeur de recherche Résumé Les plateformes mobiles font partie intégrante du quotidien. Leur flexibilité a permis aux développeurs d’applications d’y proposer des applications de toutes sortes : productivité, jeux, messageries, etc. Devenues des outils connectés d’agrégation d’informations personnelles et professionnelles, ces plateformes sont perçues comme un écosystème lucratif par les concepteurs de maliciels. Android est un système d’exploitation libre de Google visant le marché des appareils mobiles et est l’une des cibles de ces attaques, en partie grâce à la popularité de celui- ci. Dans la mesure où les maliciels Android constituent une menace pour les consommateurs, il est essentiel que la recherche visant l’analyse de maliciels s’intéresse spécifiquement à cette plateforme mobile. Le travail réalisé dans le cadre de cette maîtrise s’est intéressé à cette problématique, et plus spécifiquement par l’analyse de la mémoire vive. À cette fin, il a fallu s’intéresser aux tendances actuelles en matière de maliciels sur Android et les approches d’analyses statiques et dynamiques présentes dans la littérature. Il a été, par la suite, proposé d’explorer l’analyse de la mémoire vive appliquée à l’analyse de maliciels comme un complément aux approches actuelles. Afin de démontrer l’intérêt de l’approche pour la plateforme Android, une étude de cas a été réalisée où un maliciel expérimental a été conçu pour exprimer les comportements malicieux problématiques pour la plupart des approches relevées dans la littérature. -
Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide -
How the Best Hackers Learn Their Craft
#RSAC SESSION ID: HUM-F02 HOW THE BEST HACKERS LEARN THEIR CRAFT David Brumley CEO, ForAllSecure Professor, Carnegie Mellon University @thedavidbrumley George Hotz • First IPhone JailBreak • Playstation 3 • Zero-days in Adobe, Firefox, … Image Credit: https://goo.gl/rhmFEb 2 Richard Zhu • Mozilla Firefox (’18) • Microsoft Edge (‘17 & ’18) • iOS Safari (‘17) Image Credit: https://goo.gl/yY5FRg 3 #1 US Team since 2011 #1 Overall 3 of past 7 years 4 DEFCON wins – most wins in DEFCON history 4 Learning Objectives #RSAC 1. Understand how top experts use capture the flag competitions for deliberate practice. 2. See how hacking competitions gamify learning computer security. 3. Learn how to set up a system for building a top-ranked hacker culture. 5 Basic Knowledge Question Flag 6 Basic Knowledge Answer: FAT 7 Jeopardy-Style CTF Categories Basic Reverse Network Program Cryptography Forensics Difficulty Knowledge engineering security Exploitation Caesar Cipher ... ... ... ... ... 10 pts Frequency analysis ... ... ... ... ... 20 pts RSA Encryption ... ... ... ... ... 40 pts RSA Low Exponent ... ... ... ... ... 100 pts 8 Gamify Learning 9 1 Applied, deliberate practice CTF Principles 2 Autodidactic learning 3 Creative problem solving 10 1 Applied, deliberate practice Reverse Network Program Cryptography Forensics engineering security Exploitation 11 ”Buffer Overflow” User input size programmed Class: 90 minutes lecture 1. Sophomore course 10 bytes 2. Students understand concept long Challenge: Apply knowledge 50 bytes long 1. Real program buffer size? 2. Create long user input? User input given 3. Create specific attack input? 4. … 12 CTF Problem: Show You Can Do It 13 2 Autodidactic Learning Auto: self didactic: learn 14 Romantic, but not real Image: http://www.starwars.com/news/6-great-quotes-about-the-force 2 Auto-didactic Learning Richard didn’t know either. -
Thesis (844.6Kb)
ABSTRACT You Should Have Expected Us – An Explanation of Anonymous Alex Gray Director: Linda Adams; PhD Anonymous is a decentralized activist collective that has evolved using the technology of the information age. This paper traces its origins as a way of contextualizing and better understanding its actions. The groups composition is examined using its self‐ascribed imagery to illustrate its’ unique culture and relational norms. Its structure and motivation are analyzed using the framework developed for social movements and terrorist networks. Finally a discussion of a splinter cell and official reaction delineate both strengths and weaknesses of the movement while suggesting its future development. The conclusion serves to expound on the ideal end for the online anonymous community as a new frontier in meritocratic activism. APPROVED BY DIRECTOR OF HONORS THESIS: ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Dr. Linda Adams, Department of Political Science APPROVED BY THE HONORS PROGRAM: ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ Dr. Andrew Wisely, Director. DATE: ________________________ YOU SHOULD HAVE EXPECTED US AN EXPLANATION OF ANONYMOUS A Thesis Submitted to the Faculty of Baylor University In Partial Fulfillment of the Requirements for the Honors Program By Alex Gray Waco, Texas May 2012 TABLE OF CONTENTS Preface iii Acknowledgements iv Dedication v CHAPTER ONE 1 Introduction CHAPTER TWO 4 The Story of Anonymous CHAPTER THREE 20 A Group with No Head and No Members CHAPTER FOUR 39 Activists or Terrorists CHAPTER FIVE 56 Distraction, Diversion, Division CHAPTER SIX 67 Conclusion Bibliography 71 ii PREFACE Writing a paper about a decentralized, online collective of similarly minded individuals presents a unique set of challenges. In spending so much time with this subject, it is my goal to be both intellectually honest and as thorough as I can be. -
Hacktivism Cyberspace Has Become the New Medium for Political Voices
White Paper Hacktivism Cyberspace has become the new medium for political voices By François Paget, McAfee Labs™ Table of Contents The Anonymous Movement 4 Origins 4 Defining the movement 6 WikiLeaks meets Anonymous 7 Fifteen Months of Activity 10 Arab Spring 10 HBGary 11 The Sony ordeal 11 Lulz security and denouncements 12 Groups surrounding LulzSec 13 Green rights 14 Other operations 15 AntiSec, doxing, and copwatching 16 Police responses 17 Anonymous in the streets 18 Manipulation and pluralism 20 Operation Megaupload 21 Communications 21 Social networks and websites 21 IRC 22 Anonymity 23 DDoS Tools 24 Cyberdissidents 25 Telecomix 26 Other achievements 27 Patriots and Cyberwarriors 28 Backlash against Anonymous 29 TeaMp0isoN 30 Other achievements 30 Conclusion 32 2 Hacktivism What is hacktivism? It combines politics, the Internet, and other elements. Let’s start with the political. Activism, a political movement emphasising direct action, is the inspiration for hacktivism. Think of Greenpeace activists who go to sea to disrupt whaling campaigns. Think of the many demonstrators who protested against human rights violations in China by trying to put out the Olympic flame during its world tour in 2008. Think of the thousands of activists who responded to the Adbusters call in July 2011 to peacefully occupy a New York City park as part of Occupy Wall Street. Adding the online activity of hacking (with both good and bad connotations) to political activism gives us hacktivism. One source claims this term was first used in an article on the filmmaker Shu Lea Cheang; the article was written by Jason Sack and published in InfoNation in 1995. -
Mitigation Overview for Potential Side- Channel Cache Exploits in Linux* White Paper
Mitigation Overview for Potential Side- Channel Cache Exploits in Linux* White Paper Revision 2.0 May, 2018 Any future revisions to this content can be found at https://software.intel.com/security-software- guidance/insights/deep-dive-mitigation-overview-side- channel-exploits-linux when new information is available. This archival document is no longer being updated. Document Number: 337034-002 Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at www.intel.com. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request. Intel provides these materials as-is, with no express or implied warranties. Intel, the Intel logo, Intel Core, Intel Atom, Intel Xeon, Intel Xeon Phi, Intel® C Compiler, Intel Software Guard Extensions, and Intel® Trusted Execution Engine are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. Copyright © 2018, Intel Corporation. All rights reserved. Mitigation Overview for Potential Side-Channel Cache Exploits in Linux* White Paper May 2018 -
Cyber Bytes 24JUN11
Index Cyber Bytes - 24 JUN 11 Articles follow. All articles are accessible via the Internet at the links below. Links of interest: New GAO report on cyber security R&D challenges (June 2011): http:// www.gao.gov/new.items/d10466.pdf WVEC story on Cyber War and Navy Cyber Forces Command: http:// www.wvec.com/news/military/Pentagon-gets-cyberwar-guidelines-124358614.html Cloud Computing Improving the Security of Cloud Computing -<http://www.technologyreview.com/business/37683/?ref=rss> Want a Military iCloud? Then Reduce Bandwidth Drain -<http://www.wired.com/dangerroom/2011/06/want-a-military-icloud-then-reduce- bandwidth-drain/> Cyber Security Hackers and Clouds: How Secure Is the Web? [audio] -<http://www.npr.org/2011/06/11/137125799/hackers-and-clouds-how-secure-is-the- web?ft=1&f=1001> Is it time RSA to Open Up About SecurID Hack? -<http://www.computerworld.com/s/article/9217551/ Is_it_time_for_RSA_to_open_up_about_SecurID_hack_? source=rss_latest_content&utm_source=feedburner&utm_medium=feed&utm_campai gn=Feed%3A+computerworld%2Fnews%2Ffeed+%28Latest+from+Computerworld %29> Navy Begins Routine Cyber Security Inspections [audio] -<http://www.federalnewsradio.com/?nid=35&sid=2420314> Who's Behind the Hacks? -<http://news.cnet.com/8301-27080_3-20071100-245/who-is-behind-the-hacks-faq/? part=rss&subj=news&tag=2547-1_3-0-20> Page 1 of 235 Index Prepare for the 'Advanced Persistent Threat' -<http://www.technologyreview.com/business/37767/?ref=rss> For Recent Cyber Attacks, Motivations Vary [audio] -<http://www.npr.org/2011/06/16/137210246/for-recent-cyberattacks-motivations-vary? -
Managed Runtime Speculative Execution Side Channel Mitigations White Paper
Managed Runtime Speculative Execution Side Channel Mitigations White Paper Revision 001 June 2018 Document Number: 337313-001 No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document; however, the information reported herein is available for use in connection with the mitigation of the security vulnerabilities described. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request. Copies of documents which have an order number and are referenced in this document may be obtained by calling 1-800-548-4725 or by visiting www.intel.com/design/literature.htm. Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others © Intel Corporation. Managed Runtime Speculative Execution Side Channel Mitigations -
Whiz Kid Who Foiled Cyberattack 16 May 2017, by Julie Charpentrat
Whiz kid who foiled cyberattack 16 May 2017, by Julie Charpentrat According to Europol, the situation is now stable in Europe. In China, which was also hard hit, the spread of the malware has slowed considerably according to authorities. @MalwareTechBlog "stopped WannaCry by finding the 'kill switch' that the hackers introduced into the virus themselves to stop it if necessary," said Nicolas Godier, a cyber security expert at Proofpoint. Godier said the British researcher worked closely with cyber security company Proofpoint expert The young cyber security researcher known only by his Darien Huss over the weekend. Twitter handle @MalwareTechBlog, says he found a way of slowing the spread of WannaCry by chance Contrary to the image of solitary hackers conversing through encrypted messages, the computer experts communicate most often through Twitter, according to Godier. They are called white hats—the good guys in the Wild West of the internet—and they ride to the "All day long they analyse strains of computer rescue as in the case of the 22-year-old British viruses to see how they function" and find ways to expert who helped stop the WannaCry cyberattack. stop them, said Godier. "If each works in his own corner, it isn't effective, so The young cyber security researcher, known only they share their research. And with social networks, by his Twitter handle @MalwareTechBlog, says he it moves quickly." found a weakness by chance that allowed slowing the spread of WannaCry, a type of malware called In this case it only took them several hours to find a ransomware that encrypts files on an infected weakness, said Godier. -
Arxiv:1905.10311V4 [Cs.CR] 10 Mar 2020
SpecFuzz Bringing Spectre-type vulnerabilities to the surface Oleksii Oleksenko†, Bohdan Trach†, Mark Silberstein‡, and Christof Fetzer† †TU Dresden, ‡ Technion Abstract This observation led to the development of software tools SpecFuzz is the first tool that enables dynamic testing for for Spectre mitigation. They identify the code snippets pur- speculative execution vulnerabilities (e.g., Spectre). The key ported to be vulnerable to the Spectre attacks and instrument is a novel concept of speculation exposure: The program is them to prevent or eliminate unsafe speculation. Inherently, instrumented to simulate speculative execution in software by the instrumentation incurs runtime overheads, thereby leading forcefully executing the code paths that could be triggered due to the apparent tradeoff between security and performance. to mispredictions, thereby making the speculative memory Currently, all the existing tools exercise only the extreme accesses visible to integrity checkers (e.g., AddressSanitizer). points in this tradeoff, offering either poor performance with Combined with the conventional fuzzing techniques, specula- high security, or poor security with high performance. tion exposure enables more precise identification of potential Specifically, conservative techniques [3, 21, 28, 53] pes- vulnerabilities compared to state-of-the-art static analyzers. simistically harden every speculatable instruction (e.g., every Our prototype for detecting Spectre V1 vulnerabilities suc- conditional branch) to either prevent the speculation or make cessfully identifies all known variations of Spectre V1 and it provably benign. This approach is secure, but may signifi- decreases the mitigation overheads across the evaluated appli- cantly hurt program performance [44]. cations, reducing the amount of instrumented branches by up On the other hand, static analysis tools [17, 27, 41] reduce to 77% given a sufficient test coverage. -
Security Now! #741 - 11-19-19 TPM-FAIL
Security Now! #741 - 11-19-19 TPM-FAIL This week on Security Now! This week we look back a November's patch Tuesday while we count down to the impending end of patches for Windows 7 and Server 2008. We check in with CheckM8 and CheckRain as the iOS BootROM exploit continues to mature. We look at GitHub's announcement launch of "GitHub Security Lab" to bring bounties and much stronger security focus to the open source community. We discuss a recent court ruling regarding US border entry device searches. We cover yet another bad WhatsApp remote code execution vulnerability. We examine the impact of version 2 of ZombieLoad, the formation of the ByteCode Alliance, and a bit of media miscellany. Then we examine the impact of two Trusted Platform Module (TPM) failings: one which allows local key extraction and a second that can be exploited remotely over a network. Most Popular Programming Languages 1965 - 2019 (2.6 Million Views) https://youtu.be/Og847HVwRSI https://grc.sc/languages Security News November's Patch Tuesday November’s Patch Tuesday arrived last week to resolve 73 vulnerabilities across Microsoft’s software products, 13 of which were deemed to be CRITICAL, and one of those being a 0-day. That 0-day (tracked as CVE-2019-1429) which has been found being actively exploited in the wild, is a scripting engine vulnerability in Internet Explorer reported independently by four different researchers. The vulnerability in IE allows an attacker to execute rogue code if a victim is coaxed into visiting a malicious web page, or, if they are tricked into opening a specially crafted Office document.