Domain: hitb.org
Stories and comments across the archive that link to hitb.org.
Comments · 8
-
Bad Guys Too!
The tool is ideal for software engineers...
Yes, there will be good guys who will use this to reverse-engineer malware to design patches. There will also be bad guys who will use it to reverse-engineer patches to design malware.
Here's a scenario: A security researcher discovers a critical vulnerability in Microsoft Windows. Remotely executable. Root-level access. Being a responsible researcher, the information is provided quietly to Microsoft before being announced publicly, so they are given a chance to develop a patch. Somewhere down the road, Microsoft releases a patch.
What happens immediately is that people start reverse-engineering the patch. What modules is it touching? Let's look very closely at those modules, maybe do some fuzzing, see if we can figure out what's exploitable. I once saw Halvar Flake give a talk on this that was both impressive and frightening. A person with his level of skill could potentially develop an exploit by reverse-engineering a patch in a matter of hours. Much faster than many people would be deploying the patch.
-
Re:A sidenote
The researchers actually admit (actual PDF) what I'm saying: "Actually, if you're not in control of the bare metal all bets are off"
-
Better link
http://conference.hitb.org/hit...
Better apart from being a damn slideshow
-
Re:It's news worthy but isn't at the same time ...
Besides, if you really want to send an aircraft off track, you may just own it outright, no need to fuck GPS for everyone in the vicinity, you know. Various "dismissals" by "officials" come from people who seriously don't know what they are talking about. There's no one at FAA who really understands it at such a level. No one. The bullshit about "certified" hardware not being subject to the exploits: lol, and what, if you buy it on eBay you suddenly magically get obsolete, non-certified stuff?
I'm pretty damn sure the more modern airliners where everything sits on a common bus (say TT-Ethernet) are even more vulnerable, since once you own any one device on the bus, you presumably can find vulnerabilities in other devices and own them as well. The old Honeywell FMS is a simpler device that doesn't give you as much potential for breaking other stuff. I'm pretty damn sure that on a Dreamliner, if you own the device that receives ACARS, you can soon own everything to the point where even pilots can't override you. All it takes is one stack overflow somewhere.
-
Re:SPOF
If all those companies have to login to a single website (that could require java, flash, acrobat, or whatever that could have a 0-day exploit, and no one will block anything from there, as is a trusted website), it could be used to plant something like Red October in a lot of sensible places. It could be in a not very visited place of the site to delay detection while still getting victims (i.e. just replacing a pdf), could not be detected in all companies it tries to infect, could be low profile enough as it will reach every company, or focus in a particular contractor as have to log in there anyway.
If they can't manage to have secured that only site, probably won't be able to do so with multiple sites neither. but a single intrusion won't have the same broad reach.
-
hitb presentation link
http://conference.hitb.org/hitbsecconf2008kl/?page_id=214 - Remote Code Execution Through Intel CPU Bugs
After I RTFA I found the hitb.org abstract; better than Inforworld, but still not too informative.
-
Re:Intellectual PropertyYes, that's the idea behind WabiSabiLabi, the Exploit Marketplace. Security Researchers have always been treated unfair, as it was always demanded from the to give their knowledge away for free, at least to the vendor. But what is the incentive for a white hat to do research at all if he is not allowed to make money out of it?
Also, why should said researcher not just turn into a blackhat and sell stuff on the black market if he is not paid for his work on the 'free' market because no such market exists?
Compare it to medical research: medical research requires great efforts and would not be done if you could not turn the results into money (usually by patenting). Is it unethical to patent drugs that could save many lives? Why does nobody point their finger onto the drug researchers but the security researchers are the unethical people?
If someone is willing to pay more for an exploit than the vendor, that's the free market.The WabiSabiLabi guys experienced the ethical dilemma as well: They tried to resolve this issue and to create a free market for the security researchers but when they informed the vendor of an auction, they were called blackmailers. If they didn't do so, they acted unethical as well. So what?
BTW, there's a great video available from the WabiSabiLabi guy (Roberto Preatoni from Zone-H) at the HITB Kuala Lumpur Videos, the presentation is here .
-
In Asia
All peoples should go for HITB! Same trainers as Blackhat training but even better is not so expensiv!
http://conference.hitb.org/