Insecurity-In-Security version.2 (2011)
Upcoming SlideShare
Loading in...5
×
 

Insecurity-In-Security version.2 (2011)

on

  • 585 views

Presentation (version.2) from 2011 describing how Security mechanisms placed to secure us are insecure themselves.

Presentation (version.2) from 2011 describing how Security mechanisms placed to secure us are insecure themselves.

Statistics

Views

Total Views
585
Views on SlideShare
584
Embed Views
1

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Insecurity-In-Security version.2 (2011) Insecurity-In-Security version.2 (2011) Presentation Transcript

    • ““Hackers WorkHackers Workisis a Form Ofa Form OfParticipationParticipationin the Work ofin the Work ofGod in CreationGod in Creation.”.”-by,-by,Father Antonio Sapadaro (Vatican)Father Antonio Sapadaro (Vatican)RecentNews
    • Do You?Do You?+ O.S. User Accounts+ Browse Web+ Use Web Services+ Use Computer Networks Any Way+ Have Any Form Of Binary Data
    • You Are Not Secure If You Dont...You Are Not Secure If You Dont...+ Use Strong Passwords n Keep Them Safe+ Browse Web In Safe Browsers+ Use SSL-ified Web Services+ Use Patched Name Servers+ Keep Your Data Protected
    • You Are InSecure Even If You Did...You Are InSecure Even If You Did...
    • IInnSSecurityecuritySSecurityecurityIInnSecurity is just maintained... its never achieved.
    • First Some history from VersionFirst Some history from Version 11
    • O.S. User AccountsO.S. User Accounts
    • Bypass Account ProtectionBypass Account Protection
    • Vaccinated BrowsersVaccinated Browsers
    • Browsing <Unknown> WWWBrowsing <Unknown> WWW[+] SMBEnum|=+ using file ://, res ://, resource ://Say, if it gains success accessingfile:///c:/oracle/ora81/bin/orclcontainer.bmp[+] ResTiming Attack|=+ using res ://, resource :// to executeSo, gains timing for different binaries &Identify which exists
    • Protector of AllProtector of All
    • Defeating SSLDefeating SSL[] “Signing Authority” field in Digital Certificates[] Tricking SSL Libraries with NULL Mod Certificates[] Online Certificate Revocation Policy {ResponseStatus=3, ResponseBytes= || SSL}
    • Basis Of All NetworksBasis Of All Networks
    • DNSSEC aint all GOODDNSSEC aint all GOOD[] Provides Origin Auth, IntegrityProtection, PKI & even Auth. Denial of DataExistence[] Still No Confidentiality {basics of security}AND CPU-flooding is possible due to exhaustivecryptography[] Variation of DNS Rebinding Attackpresented at BH2010 still affected network
    • Data ForensicsData Forensics
    • Data Forensic HackersData Forensic Hackers[] Data Carving (Imaging RAM, Dig O.S.)[] Dig Information from Files[] Timestomp, Zipbomb-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[] Mining Network Traffic for Files/Sessions
    • Now Some Mystery for VersionNow Some Mystery for Version 22
    • Hash-Crack on SteroidsHash-Crack on Steroidshttp://hashcat.net/oclhashcat/
    • RSA Theft & ThreatRSA Theft & Threathttp://www.schneier.com/blog/archives/2011/03/rsa_security_in.html
    • Comodo Pwn3d CertSComodo Pwn3d CertSJanamFadayeRahbarhttp://www.wired.com/threatlevel/2011/03/comodo_hack/
    • OpenBSD n BackdoorsOpenBSD n Backdoors[]10yrs back FBI consulted NETSEC, CTO Perry[]Lotz of code commit by NETSEC developers[]Few daz back, Perrys NDA expired with FBI[]Alleged backdoors in IPSEC Stack[]FreeBSD inherited lotz code from OpenBSDhttp://marc.info/?l=openbsd-tech&m=129236621626462&w=2
    • Samsung Key-loG ConflictSamsung Key-loG Conflicthttp://arstechnica.com/hardware/news/2011/03/samsung-laptop-keylogger-almost-certainly-a-false-positive.ars
    • Who Is This Guy?Who Is This Guy?Family Named: AbhishekKrFriends Call: ABKg33k Handle: aBionic {@Twitter, @LinkedIn, @Facebook}Itweet : http://www.twitter.com/aBioniciBlog: http://abhishekkr.wordpress.comSecurity Enthusiast; Working for ThoughtWorks Inc.; OpenSource LoverMy Crime Is That Of CurosityMy Crime Is That Of CurosityANY QUESTIONS?ANY QUESTIONS?