SlideShare a Scribd company logo
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 2
Vulnerabilităţi 0-
Day în software de
larg interes
Bogdan BOTEZATU – E-Threat Analyst, Bitdefender
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 3
We believe in software
• Aproximativ 15.660.000 de kituri disponibile pentru download
• Peste 549.000.000 de fişiere
• Mai mult de 60.000.000 de fişiere infectate
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 4
Despre vulnerabilităţi, în cifre
Vulnerabilităţile reprezintă 9,82% din totalul de malware pe 2011
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 5
Top vulnerabilităţi în 2011
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 6
Altfel de vulnerabilităţi
• 2 Decembrie 2011: Vulnerabilitate critică în Yahoo Messenger
• Permite schimbarea statusului unui utilizator de la distanţă
• Afectează versiunea 11 a clientului de mesagerie instant
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 7
Cum funcţionează?
• Victima primeşte o solicitare
de transfer fişier
• Unul din parametrii solicitării
este malformat voluntar
• La afişarea dialogului de
transfer, parametrul
malformat declanşează o
acţiune
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 8
Mai precis...
• În spatele acestei randări:
se află următorul cod HTML
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 9
În continuare...
• Cum vin datele pe reţea:
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 10
Şi mai departe...
• Parametru malformat:
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 11
Cum a fost posibil atacul?
EROARE DE PROGRAMARE
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 12
Impact
• Impactul global e dificil de evaluat
• Impact regional : ~180.000 de status-uri schimbate
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 13
Severitate - Critical
• Alte operaţiuni posibile de la distanţă:
- Export Contact List
- Visit Remote Page
- Add Contact
- Export Contact Details (nume, telefon, email)
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 14
Interval de oportunitate - window of vulnerability
(WoV)
• Yahoo Messenger v. 11.0.0.1751 Beta – 19 Nov 2010
• Fixed in v. 11.5.0.152 – 7 Dec 2011
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 15
Cum se evită un 0-day?
• Măsuri extrem de riguroase la nivelul reţelei locale
• Ineficiente în cazul documentelor (pdf, doc etc)
• Soluţie eficientă de intrusion detection
Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 16
ÎNTREBĂRI?
Vulnerabilitati 0-day in software de larg interes

More Related Content

More from DefCamp

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
DefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
DefCamp
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
DefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
DefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
DefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
DefCamp
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
DefCamp
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
DefCamp
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
DefCamp
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
DefCamp
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
DefCamp
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
DefCamp
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
DefCamp
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
DefCamp
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
DefCamp
 

More from DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 

Vulnerabilitati 0-day in software de larg interes

  • 1.
  • 2. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 2 Vulnerabilităţi 0- Day în software de larg interes Bogdan BOTEZATU – E-Threat Analyst, Bitdefender
  • 3. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 3 We believe in software • Aproximativ 15.660.000 de kituri disponibile pentru download • Peste 549.000.000 de fişiere • Mai mult de 60.000.000 de fişiere infectate
  • 4. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 4 Despre vulnerabilităţi, în cifre Vulnerabilităţile reprezintă 9,82% din totalul de malware pe 2011
  • 5. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 5 Top vulnerabilităţi în 2011
  • 6. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 6 Altfel de vulnerabilităţi • 2 Decembrie 2011: Vulnerabilitate critică în Yahoo Messenger • Permite schimbarea statusului unui utilizator de la distanţă • Afectează versiunea 11 a clientului de mesagerie instant
  • 7. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 7 Cum funcţionează? • Victima primeşte o solicitare de transfer fişier • Unul din parametrii solicitării este malformat voluntar • La afişarea dialogului de transfer, parametrul malformat declanşează o acţiune
  • 8. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 8 Mai precis... • În spatele acestei randări: se află următorul cod HTML
  • 9. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 9 În continuare... • Cum vin datele pe reţea:
  • 10. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 10 Şi mai departe... • Parametru malformat:
  • 11. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 11 Cum a fost posibil atacul? EROARE DE PROGRAMARE
  • 12. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 12 Impact • Impactul global e dificil de evaluat • Impact regional : ~180.000 de status-uri schimbate
  • 13. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 13 Severitate - Critical • Alte operaţiuni posibile de la distanţă: - Export Contact List - Visit Remote Page - Add Contact - Export Contact Details (nume, telefon, email)
  • 14. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 14 Interval de oportunitate - window of vulnerability (WoV) • Yahoo Messenger v. 11.0.0.1751 Beta – 19 Nov 2010 • Fixed in v. 11.5.0.152 – 7 Dec 2011
  • 15. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 15 Cum se evită un 0-day? • Măsuri extrem de riguroase la nivelul reţelei locale • Ineficiente în cazul documentelor (pdf, doc etc) • Soluţie eficientă de intrusion detection
  • 16. Copyright@bitdefender 2011 / www.bitdefender.com 01/29/15 • 16 ÎNTREBĂRI?