Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk

4,242 views

Published on

Published in: Technology, Education
  • Sex in your area is here: ❤❤❤ http://bit.ly/2Qu6Caa ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating for everyone is here: ♥♥♥ http://bit.ly/2Qu6Caa ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Security Hole #11 - Unusual security vulnerabilities - Yuriy Bilyk

  1. 1. Unusual security vulnerabilities Yuriy Bilyk
  2. 2. Agenda RegExp Cryptography
  3. 3. RegExp? It’s simple! e-mail validation RegExp
  4. 4. Not sure if Chinese or Egyptian
  5. 5. Problems RegExp DoS attacks Issues in RegExp engine
  6. 6. RegExp: ^(([a-z])+.)+[A-Z]([a-z])+$ Input data: aaaaaaaaaaaaaaaa…aa 45 40 30 20 CHARS 0.003 TIME 0.339 41 466 RegExp DoS attacks
  7. 7. For the input aaaaX there are 16 possible paths in the above graph. But for aaaaaaaaaaaaaaaaX there are 65536 possible paths RegExp: ^(a+)+$ Where is the problem? a a 2 51 4 3 a a a a a a
  8. 8. Broken engine
  9. 9. • OpenID like auth, but we trust only local host • EXT HOST send AUTENICATED, if OK • We can set EXT HOST URL • RegExp to check RESPOND: /[^w]AUTHENTICATED[^w]*$/ RegExp Engine Issues Example
  10. 10. OpenID example TO EXTERNAL HOST->login:pass AUTHENTICATED LOCAL EXTERNAL HOST 1 2
  11. 11. Movie time
  12. 12. Double Request http://192.168.22.129/?pingback= -> http://192.168.22.129/?pingback=http://192.168.130 TO EXTERNAL HOST->login:pass !AUTHENTICATED!n TO LOCAL HOST->login:pass 1 2 3
  13. 13. RegExp attack (Step 1) http://192.168.130 responded with: !AUTHENTICATED!n RegExp body =~ /[^w]AUTHENTICATED[^w]*$/ PASSED 2 http://192.168.22.129/?pingback= -> http://192.168.22.129/?pingback=http://192.168.130 !AUTHENTICATED!n
  14. 14. RegExp attack (Step 2) http://192.168.22.129/?pingback=http://192.168.130 responded with: blablabla !AUTHENTICATED!n … blablan !AUTHENTICATED!n TO LOCAL HOST->login:pass 3 http://192.168.22.129/?pingback= -> http://192.168.22.129/?pingback=http://192.168.130 RegExp body =~ /[^w]AUTHENTICATED[^w]*$/ PASSED AGAIN
  15. 15. RegExp attack (Final Step) [Problem is]: body =~ /[^w]AUTHENTICATED[^w]*$/ • Normal RegExp engine stop after first line ($ - EOL): blablabla !AUTHENTICATED!n … blabla • Ruby interpreter $ as just EOL character, but scans next lines in the “file” http://192.168.22.129/?pingback=http://192.168.130 responded with: blablabla !AUTHENTICATED!n … blablan !AUTHENTICATED!n
  16. 16. • ReDoS Static Analysis – RXXR – http://www.cs.bham.ac.uk/~hxt/research/rxxr.shtml • Issues – know features of platform/language How to mitigate
  17. 17. Cryptography in God we trust the rest we test
  18. 18. Cryptography is cool Bitcoin – distributed cryptocurrency Kryptos - encrypted sculpture. One of the most famous unsolved codes in the world Crypto is widely used – wireless (WiFi,GSM,RFID etc.), banking, games (X- Box, PS3 etc.), e-mail anti-spam (DKIM)
  19. 19. I changed all my passwords to "incorrect", So whenever I forget, It will tell me "Your password is incorrect." some ideas need audit
  20. 20. Wrong usage is bad Using hash algorithms as crypto, and weak or custom realizations of crypto algorithms Neutralization all advantages of crypto through user comfort The believe, that crypto will secure you by itself Low level of understanding, why you need crypto
  21. 21. • User can send points to other user • All URL options/values signed by secret key • All transactions are visible to all SHA Length Extension Example
  22. 22. SHA: Message sign (MAC) http://...?to_user=guest&points=200|sign:675fsdg87gs3vh MSG Block 1 Block 2 Block N … HASH KEY +
  23. 23. SHA Padding: Theory (Hash BOX) KEY MESSAGE NULL Bytes Padding MESSAGE+KEY Length Just 1 Bit
  24. 24. SHA: Length extension attack MSG Block 1 Block 2 Block N … http://...?to_user=guest&points=200 &<PADDING>to_user=hacker|sign:f97h23n483a2ce PADDING + DATA HASH + KEY
  25. 25. SHA Padding: Theory (Attack) KEY Original MSG NULL Bytes Padding MESSAGE Length BOX 1 BOX 2 Extended Part
  26. 26. Where is the problem? HASH (KEY+MSG) is BAD - extension attack is possible HASH (MSG+KEY) is GOOD - extension attack is impossible
  27. 27. Order is important
  28. 28. • Use HMAC for signing • Use SHA-256 etc • Don’t create own crypto (only if you are not a genius in mathematic, but even you’re don’t do it!) How to mitigate
  29. 29. Kryptography is kind of art
  30. 30. Review • RegExp is powerful tool: –Even for DoS –Some engines work not as expected • Cryptography isn’t safe by itself: –Use industry standards –Understand how crypto is working –Make sure that your implementation/improvement isn’t broken
  31. 31. Questions?

×