The difference between a duck


Published on

Presentation by Haroon Meer at IDC in 2006.

The presentation begins with a discussion on google hacking. There is a brief discussion on Kernel-rootkits. The presentation ends with a discussion
on web application hacking.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The media, conferences and vendors are constantly warning us about the growing security threat. "Wireless networks easy to hack!", "Hack attack defaces Web sites!", "Are hackers accessing your company via your PBX!?!", "Hacking becomes organised crime!”. These are all recent examples from our local press. To stay abroad of this constant stream, to analyze each threat and determine its significance, is exhausting. This talk is designed to help you understand how real, how scary and how serious the threat really is. We will present a franc and honest discussion of a shortlist of current technical threats, examining the technical details and real-world implications of each one.
  • The difference between a duck

    1. 1. “ The Difference between a Duck” Insights into the technical realities of computer hacking in a South African context (haroon meer - 2006)
    2. 2. Before we start <ul><li>Who we are.. </li></ul><ul><ul><li> </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><li>This talk.. </li></ul><ul><ul><li>25 minutes ??? </li></ul></ul><ul><ul><li>Short-list of a few current threats: </li></ul></ul><ul><ul><ul><li>Technical Details.. </li></ul></ul></ul><ul><ul><ul><li>Technical Implications </li></ul></ul></ul><ul><li>Questions ? </li></ul>
    3. 3. Google-Hacking! <ul><li>Took the world by storm </li></ul><ul><li>Multiple books.. Multiple Talks.. </li></ul><ul><li>Johnny l0ng ( </li></ul><ul><li>What is it ? </li></ul><ul><ul><li>Cute searches to find stuff people didn’t know they were publicizing. </li></ul></ul><ul><ul><li>Internal Password lists, web-cam interfaces… </li></ul></ul><ul><ul><li>Like.. </li></ul></ul>
    4. 6. The Bottom Line.. <ul><li>Threat-o-meter… </li></ul><ul><ul><li>Low </li></ul></ul><ul><li>Hype-o-meter… </li></ul><ul><ul><li>Astronomical </li></ul></ul><ul><li>Why ? </li></ul><ul><ul><li>People like visual hacks </li></ul></ul><ul><ul><li>People like problems that are easy to understand </li></ul></ul>
    5. 7. Kernel-Rootkits! <ul><li>October 2005 Mark Russinovich detailed the behavior of Sony’s copy protection scheme which effectively added a kernel-rootkit to your machine. </li></ul><ul><ul><li>The press caught on to the kernel-rootkit angle and predicted Armageddon </li></ul></ul><ul><li>So what is a rootkit ? </li></ul><ul><ul><li>and a kernel rootkit ? </li></ul></ul><ul><ul><li>Is it totally un-detectable ? </li></ul></ul><ul><ul><li>Show us! </li></ul></ul>
    6. 8. The Bottom Line.. <ul><li>Threat-o-meter… </li></ul><ul><ul><li>Medium </li></ul></ul><ul><li>Hype-o-meter… </li></ul><ul><ul><li>High (but cooling) </li></ul></ul><ul><li>Why ? </li></ul><ul><ul><li>It sounds evil! </li></ul></ul><ul><ul><li>Recent virtualization / Vista / BluePill hype </li></ul></ul>
    7. 9. Web Application Hacking! <ul><li>Why we love web-applications! </li></ul><ul><ul><li>They are everywhere </li></ul></ul><ul><ul><li>Any idiot can build one (so many of us did!) </li></ul></ul><ul><ul><li>Encapsulate complex business logic </li></ul></ul><ul><ul><li>They are almost easier to do wrong, than they are to do right.. </li></ul></ul><ul><li>Our current Web Application Hit-Rate </li></ul>
    8. 10. The Bottom Line.. <ul><li>Threat-o-meter… </li></ul><ul><ul><li>High! </li></ul></ul><ul><li>Hype-o-meter… </li></ul><ul><ul><li>Relatively Low </li></ul></ul><ul><li>Why ? </li></ul><ul><ul><li>Its moved past the sexy headline phase </li></ul></ul><ul><ul><li>Fixing it requires some old-school elbow grease </li></ul></ul><ul><ul><li>Solutions have not been shrink-wrapped yet. </li></ul></ul>
    9. 11. Client Side Attacks! <ul><li>Most applications today have more lines of code than early OS’s did. </li></ul><ul><ul><li>IE has millions of lines of code. </li></ul></ul><ul><ul><li>Typically you can expect 20-30 bugs per kloc </li></ul></ul><ul><li>ActiveX, JavaScript, WSH, VBS, FLASH… (all are attack surfaces) </li></ul><ul><li>“ Take out the middle-man” (™ - outsurance) </li></ul><ul><li>Where does you perimeter end ? </li></ul>
    10. 12. The Bottom Line.. <ul><li>Threat-o-meter… </li></ul><ul><ul><li>High! </li></ul></ul><ul><li>Hype-o-meter… </li></ul><ul><ul><li>High! </li></ul></ul><ul><li>Why ? </li></ul><ul><ul><li>Real Criminals _are_ getting involved </li></ul></ul><ul><ul><ul><li>(they don’t care about sexy.. They want results) </li></ul></ul></ul><ul><ul><li>It’s a very different paradigm. </li></ul></ul><ul><ul><li>We just started looking at the perimeters.. </li></ul></ul><ul><ul><li>The Jericho Project.. </li></ul></ul>
    11. 13. What this means ? <ul><li>Don’t run your company security policy according to 5FM </li></ul><ul><li>Judge your experts by yesterdays news </li></ul><ul><li>Old basics still hold </li></ul><ul><ul><li>Defense in depth </li></ul></ul><ul><li>Build security in from day-1 </li></ul><ul><li>Identify your possible entry points (not just the ones vendors can sell you solutions for) </li></ul><ul><li>Solve the problems that need solving (which are often not the ones with the sexy solutions) </li></ul>
    12. 14. Questions ? [email_address]