• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Google Security for Fun and Profit
 

Google Security for Fun and Profit

on

  • 1,398 views

Jacek Szpot (Software Engineer @ Cloud Identity) discusses security and hacking at the local Google Developers' Group meeting.

Jacek Szpot (Software Engineer @ Cloud Identity) discusses security and hacking at the local Google Developers' Group meeting.

Statistics

Views

Total Views
1,398
Views on SlideShare
486
Embed Views
912

Actions

Likes
0
Downloads
0
Comments
0

4 Embeds 912

http://www.cloudidentity.co.uk 827
http://beta.cloudidentity.co.uk 55
https://www.cloudidentity.co.uk 28
http://translate.googleusercontent.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Google Security for Fun and Profit Google Security for Fun and Profit Presentation Transcript

    • Google Security for fun and profit. x64x6cx61x20x4bx61x73x69
    • hi, im maligree.maligree@cloudidentity.co.uk
    • no i po co?
    • phrack
    • CVE-xxxx-yyyy
    • Latest Java bugs:CVE-2013-0422CVE-2012-3174
    • 0day
    • CWE
    • principle of least privilege
    • z westchnieciem, ale:confused deputy problem nie budujcie na tym swiatopogladu.
    • bugtraq
    • full-disclosure
    • oss-security (~CVE)
    • pwnie awards my little pwnie
    • == pwnie 2012 ==* Pinkie Pie & Glazunov chrome* * Matthew "j00ru" Jurczyk * ^ win32 kernel * Sergey Golubchik mysql* * Travis Goodspeed wifi inj*Flame malware won Most Epic 0wnage.
    • $$$$$$
    • *.google.com*.blogger.com*.youtube.com *.orkut.com
    • googles rockstars
    • @lcamtuf
    • nad czymkolwiek pracujecie,lcamtuf wypuscil o tym paper w 2001.
    • code.google.com/p/browsersec/
    • TTW & SotW The Tangled WebSilence on the Wire
    • same origin policy
    • http://app.example.com/dir/page.php== http://app.example.com/dir2/other.php != https://app.example.com/secure.html!= http://app.example.com:81/dir/etc.html != http://dev.company.com/dir/other.htmlJS/DOM: document.domain = "example.com";
    • ...?http://173.194.39.166 + document.domain confusion ...? http://localhost
    • XHR, CORS, CSP?
    • skipfish
    • OS fingerprinting
    • bo gdzie specyfikacja niesięga... każdy robi swoje.
    • nmapsroga bestia.
    • p0fpassive OS fingerprinting
    • fuzzingpsucie bez wysilku.
    • GET / HTTP/1.0 GET / GET HTTP/-4.0GET TRACE / HTTP/HTTP/1.0/GET GET<TAB>/<>%%%$#/1...())0 GETPOPOROSZESTRONEGLOWNA
    • lcamtufs mangleme.cgi build, place in www/point your browser to it and wait.
    • want more?peach .py
    • want morererer? SPIKE .c
    • EVEN MORE?zzuf $ ./zzuf
    • @taviso
    • yhy. a to nie wszystko.
    • lots of lulz.cyber terrorz, man.
    • stir it up!
    • @scarybeasts
    • 1997-2009: ~100 vulns
    • vsftpdthe very secure ftp daemon
    • chrome/chromium
    • chromium sandbox
    • * Linux: seccomp-bpf * OSX: sandbox_init()* Win: token+job+desktop * Vista+: $Win + IL
    • źródło: gdzieś na dev.chromium.org
    • LowerToken();
    • Java w piaskownicy
    • chroot
    • $ chroot /a/b/c/jail /bin/bash
    • clone() + CLONE_FS exec() untrusted chroot() to empty
    • seccomp
    • pwn2own VUPEN :((they rock, but dont tell anybody)
    • pwnium(googles pwn2own) $2 million total$60k for Pinkie Pie
    • == pwnium #1 ==Pinkie Pie & Sergey Glazunov PP: chained 6 bugsSG: chained 10 bugs $120,000 to defeat chromium & escape sandbox
    • == pwnium #2 == Pinkie Pie: 2 bugs WebKit SVG+ Chrome IPC
    • are you thinking what Im thinking?
    • hall of fame?sergey gets teh $$$.
    • SIGTERM
    • dzieki.maligree@gmail.com