Your SlideShare is downloading. ×
Insecurity-In-Security version.2 (2011)
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Insecurity-In-Security version.2 (2011)


Published on

Presentation (version.2) from 2011 describing how Security mechanisms placed to secure us are insecure themselves.

Presentation (version.2) from 2011 describing how Security mechanisms placed to secure us are insecure themselves.

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. ““Hackers WorkHackers Workisis a Form Ofa Form OfParticipationParticipationin the Work ofin the Work ofGod in CreationGod in Creation.”.”-by,-by,Father Antonio Sapadaro (Vatican)Father Antonio Sapadaro (Vatican)RecentNews
  • 2. Do You?Do You?+ O.S. User Accounts+ Browse Web+ Use Web Services+ Use Computer Networks Any Way+ Have Any Form Of Binary Data
  • 3. You Are Not Secure If You Dont...You Are Not Secure If You Dont...+ Use Strong Passwords n Keep Them Safe+ Browse Web In Safe Browsers+ Use SSL-ified Web Services+ Use Patched Name Servers+ Keep Your Data Protected
  • 4. You Are InSecure Even If You Did...You Are InSecure Even If You Did...
  • 5. IInnSSecurityecuritySSecurityecurityIInnSecurity is just maintained... its never achieved.
  • 6. First Some history from VersionFirst Some history from Version 11
  • 7. O.S. User AccountsO.S. User Accounts
  • 8. Bypass Account ProtectionBypass Account Protection
  • 9. Vaccinated BrowsersVaccinated Browsers
  • 10. Browsing <Unknown> WWWBrowsing <Unknown> WWW[+] SMBEnum|=+ using file ://, res ://, resource ://Say, if it gains success accessingfile:///c:/oracle/ora81/bin/orclcontainer.bmp[+] ResTiming Attack|=+ using res ://, resource :// to executeSo, gains timing for different binaries &Identify which exists
  • 11. Protector of AllProtector of All
  • 12. Defeating SSLDefeating SSL[] “Signing Authority” field in Digital Certificates[] Tricking SSL Libraries with NULL Mod Certificates[] Online Certificate Revocation Policy {ResponseStatus=3, ResponseBytes= || SSL}
  • 13. Basis Of All NetworksBasis Of All Networks
  • 14. DNSSEC aint all GOODDNSSEC aint all GOOD[] Provides Origin Auth, IntegrityProtection, PKI & even Auth. Denial of DataExistence[] Still No Confidentiality {basics of security}AND CPU-flooding is possible due to exhaustivecryptography[] Variation of DNS Rebinding Attackpresented at BH2010 still affected network
  • 15. Data ForensicsData Forensics
  • 16. Data Forensic HackersData Forensic Hackers[] Data Carving (Imaging RAM, Dig O.S.)[] Dig Information from Files[] Timestomp, Zipbomb-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-[] Mining Network Traffic for Files/Sessions
  • 17. Now Some Mystery for VersionNow Some Mystery for Version 22
  • 18. Hash-Crack on SteroidsHash-Crack on Steroids
  • 19. RSA Theft & ThreatRSA Theft & Threat
  • 20. Comodo Pwn3d CertSComodo Pwn3d CertSJanamFadayeRahbar
  • 21. OpenBSD n BackdoorsOpenBSD n Backdoors[]10yrs back FBI consulted NETSEC, CTO Perry[]Lotz of code commit by NETSEC developers[]Few daz back, Perrys NDA expired with FBI[]Alleged backdoors in IPSEC Stack[]FreeBSD inherited lotz code from OpenBSD
  • 22. Samsung Key-loG ConflictSamsung Key-loG Conflict
  • 23. Who Is This Guy?Who Is This Guy?Family Named: AbhishekKrFriends Call: ABKg33k Handle: aBionic {@Twitter, @LinkedIn, @Facebook}Itweet : http://abhishekkr.wordpress.comSecurity Enthusiast; Working for ThoughtWorks Inc.; OpenSource LoverMy Crime Is That Of CurosityMy Crime Is That Of CurosityANY QUESTIONS?ANY QUESTIONS?