““Hackers WorkHackers Workisis a Form Ofa Form OfParticipationParticipationin the Work ofin the Work ofGod in CreationGod ...
Do You?Do You?+ O.S. User Accounts+ Browse Web+ Use Web Services+ Use Computer Networks Any Way+ Have Any Form Of Binary D...
You Are Not Secure If You Dont...You Are Not Secure If You Dont...+ Use Strong Passwords n Keep Them Safe+ Browse Web In S...
You Are InSecure Even If You Did...You Are InSecure Even If You Did...
IInnSSecurityecuritySSecurityecurityIInnSecurity is just maintained... its never achieved.
First Some history from VersionFirst Some history from Version 11
O.S. User AccountsO.S. User Accounts
Bypass Account ProtectionBypass Account Protection
Vaccinated BrowsersVaccinated Browsers
Browsing <Unknown> WWWBrowsing <Unknown> WWW[+] SMBEnum|=+ using file ://, res ://, resource ://Say, if it gains success a...
Protector of AllProtector of All
Defeating SSLDefeating SSL[] “Signing Authority” field in Digital Certificates[] Tricking SSL Libraries with NULL Mod Cert...
Basis Of All NetworksBasis Of All Networks
DNSSEC aint all GOODDNSSEC aint all GOOD[] Provides Origin Auth, IntegrityProtection, PKI & even Auth. Denial of DataExist...
Data ForensicsData Forensics
Data Forensic HackersData Forensic Hackers[] Data Carving (Imaging RAM, Dig O.S.)[] Dig Information from Files[] Timestomp...
Now Some Mystery for VersionNow Some Mystery for Version 22
Hash-Crack on SteroidsHash-Crack on Steroidshttp://hashcat.net/oclhashcat/
RSA Theft & ThreatRSA Theft & Threathttp://www.schneier.com/blog/archives/2011/03/rsa_security_in.html
Comodo Pwn3d CertSComodo Pwn3d CertSJanamFadayeRahbarhttp://www.wired.com/threatlevel/2011/03/comodo_hack/
OpenBSD n BackdoorsOpenBSD n Backdoors[]10yrs back FBI consulted NETSEC, CTO Perry[]Lotz of code commit by NETSEC develope...
Samsung Key-loG ConflictSamsung Key-loG Conflicthttp://arstechnica.com/hardware/news/2011/03/samsung-laptop-keylogger-almo...
Who Is This Guy?Who Is This Guy?Family Named: AbhishekKrFriends Call: ABKg33k Handle: aBionic {@Twitter, @LinkedIn, @Faceb...
Upcoming SlideShare
Loading in...5
×

Insecurity-In-Security version.2 (2011)

402

Published on

Presentation (version.2) from 2011 describing how Security mechanisms placed to secure us are insecure themselves.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
402
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Insecurity-In-Security version.2 (2011)

  1. 1. ““Hackers WorkHackers Workisis a Form Ofa Form OfParticipationParticipationin the Work ofin the Work ofGod in CreationGod in Creation.”.”-by,-by,Father Antonio Sapadaro (Vatican)Father Antonio Sapadaro (Vatican)RecentNews
  2. 2. Do You?Do You?+ O.S. User Accounts+ Browse Web+ Use Web Services+ Use Computer Networks Any Way+ Have Any Form Of Binary Data
  3. 3. You Are Not Secure If You Dont...You Are Not Secure If You Dont...+ Use Strong Passwords n Keep Them Safe+ Browse Web In Safe Browsers+ Use SSL-ified Web Services+ Use Patched Name Servers+ Keep Your Data Protected
  4. 4. You Are InSecure Even If You Did...You Are InSecure Even If You Did...
  5. 5. IInnSSecurityecuritySSecurityecurityIInnSecurity is just maintained... its never achieved.
  6. 6. First Some history from VersionFirst Some history from Version 11
  7. 7. O.S. User AccountsO.S. User Accounts
  8. 8. Bypass Account ProtectionBypass Account Protection
  9. 9. Vaccinated BrowsersVaccinated Browsers
  10. 10. Browsing <Unknown> WWWBrowsing <Unknown> WWW[+] SMBEnum|=+ using file ://, res ://, resource ://Say, if it gains success accessingfile:///c:/oracle/ora81/bin/orclcontainer.bmp[+] ResTiming Attack|=+ using res ://, resource :// to executeSo, gains timing for different binaries &Identify which exists
  11. 11. Protector of AllProtector of All
  12. 12. Defeating SSLDefeating SSL[] “Signing Authority” field in Digital Certificates[] Tricking SSL Libraries with NULL Mod Certificates[] Online Certificate Revocation Policy {ResponseStatus=3, ResponseBytes= || SSL}
  13. 13. Basis Of All NetworksBasis Of All Networks
  14. 14. DNSSEC aint all GOODDNSSEC aint all GOOD[] Provides Origin Auth, IntegrityProtection, PKI & even Auth. Denial of DataExistence[] Still No Confidentiality {basics of security}AND CPU-flooding is possible due to exhaustivecryptography[] Variation of DNS Rebinding Attackpresented at BH2010 still affected network
  15. 15. Data ForensicsData Forensics
  16. 16. Data Forensic HackersData Forensic Hackers[] Data Carving (Imaging RAM, Dig O.S.)[] Dig Information from Files[] Timestomp, Zipbomb-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[] Mining Network Traffic for Files/Sessions
  17. 17. Now Some Mystery for VersionNow Some Mystery for Version 22
  18. 18. Hash-Crack on SteroidsHash-Crack on Steroidshttp://hashcat.net/oclhashcat/
  19. 19. RSA Theft & ThreatRSA Theft & Threathttp://www.schneier.com/blog/archives/2011/03/rsa_security_in.html
  20. 20. Comodo Pwn3d CertSComodo Pwn3d CertSJanamFadayeRahbarhttp://www.wired.com/threatlevel/2011/03/comodo_hack/
  21. 21. OpenBSD n BackdoorsOpenBSD n Backdoors[]10yrs back FBI consulted NETSEC, CTO Perry[]Lotz of code commit by NETSEC developers[]Few daz back, Perrys NDA expired with FBI[]Alleged backdoors in IPSEC Stack[]FreeBSD inherited lotz code from OpenBSDhttp://marc.info/?l=openbsd-tech&m=129236621626462&w=2
  22. 22. Samsung Key-loG ConflictSamsung Key-loG Conflicthttp://arstechnica.com/hardware/news/2011/03/samsung-laptop-keylogger-almost-certainly-a-false-positive.ars
  23. 23. Who Is This Guy?Who Is This Guy?Family Named: AbhishekKrFriends Call: ABKg33k Handle: aBionic {@Twitter, @LinkedIn, @Facebook}Itweet : http://www.twitter.com/aBioniciBlog: http://abhishekkr.wordpress.comSecurity Enthusiast; Working for ThoughtWorks Inc.; OpenSource LoverMy Crime Is That Of CurosityMy Crime Is That Of CurosityANY QUESTIONS?ANY QUESTIONS?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×