SlideShare a Scribd company logo

Trust boundaries - Confidence 2015

Logicaltrust pl
Logicaltrust pl

We used to believe that some software is secure. I'd like to decompose our faith in it by touching every prime factor of our daily computing environments. This implies the roller-coaster ride from user space to the farthest parts of the Universe by 0.1-days and oddities of software that we use each day. Our goal is to realize how many assumptions are hidden in saying that some piece of code is secure.

Technology
1 of 56
Download to read offline
Trust boundaries... Mateusz Kocielski m.kocielski@logicaltrust.net LogicalTrust Confidence Kraków, Poland, May 2015
$ whoami pentester at LogicalTrust as $DAILYJOB open source committer: PHP - bug fixing NetBSD - libsaslc(3) & random things... security: PHP - CVE-2010-1868, CVE-2010-1917, CVE-2010-4150, CVE-2010-4156, CVE-2011-1938, ... stunnel - CVE-2013-1762 OpenSSH - CVE-2011-0539 Apache - CVE-2014-0117, CVE-2014-0226 FreeBSD - CVE-2015-1414 ...
Trust boundaries? Our goal is to investigate how many assumptions are hidden in belief that some piece of code is secure. We want to harbour a seed of doubt in those, who are too confident and encourage those, who cannot sleep at night. I want to share with you some of my findings...
What is trust? - Wikitionary trust (source: http://en.wiktionary.org/wiki/trust): 1. Confidence in or reliance on some person or quality. 4. That which is committed or entrusted; something received in confidence; a charge. 5. That upon which confidence is reposed; ground of reliance; hope 7. The condition or obligation of one to whom anything is confided; responsible charge or office. ...
What is trust? Source: http://pl.wiktionary.org/wiki/Plik:Male˙House˙Sparrow˙%28Passer˙domesticus%29˙feeding˙from˙hand.jpg
In software we trust? By saying ”I trust this software”, we’d like to think that: it doesn’t hurt us lack of bugs (at least those connected somehow with security). it does what we think it does (and nothing else) lack of backdoors etc. We all have our own definition of trusted software, moreover this definition varies on many factors like requirements etc. For this presentation we can assume that everyone in this room are (at least) a bit paranoid.
A short survey... Can we trust following software: Linux Windows MS Office Apache OpenBSD OpenSSL OpenSSH working as ”cloud” (innovative clusters placed in cloud operating with synergy crap) - GMail, Dropbox, Google Drive, ...
Keeping data in cloud
Keeping data in cloud Source: http://download.fsfe.org/advocacy/stickers/thereisnocloud/thereisnocloud-v2-74x74.pdf, CC-By-Sa Markus Meier
Simple observations It’s easier to trust software: small (e.g. bc vs. Excel) open source ”given enough eyeballs, all bugs are shallow” - Linus’s Law we can verify code ourself who is paranoid enough not to trust binary sets of your favourite distro? :) Reproducible builds can solve that problem with good reputation (e.g. OpenBSD vs. Windows)
...but let’s talk about the facts Here is the plan: take a piece of software that we believe is secure run it and expose it to the internet verify what we meant by claiming it is secure? think about the consequences So which software to choose?...
Who’ll be our hero?! ...by acclamation we’re choosing: openssh
Why OpenSSH? small - version 6.8 has around 90K LOC good design (priv. separation etc.) well written (security in mind...) ”I am always looking for bugs in OpenSSH as it is written in clear to read source code and has very strong security.” - Kingcope (source: http://kingcope.wordpress.com/2013/09/13/ opensslopenssh-ecdsa-authentication-code-inconsistent-return-values-no-v Everybody uses it: zmap (source: https://zmap.io/paper.pdf): (...) port 22 hit rate: 0.57% (...) generally recognized as a safe and robust software
OpenSSH on the screen Source: http://nmap.org/movies/matrix/trinity-nmapscreen-hd-crop-1200x728.jpg ...so yesterday...
Trust boundaries OpenSSH libopenbsd- compat openssl libc libz kernel CPU/hw physics ???
Simple observations pt. 2 layer n (lower) is broken → layer n + 1 (higher) is broken even (relatively) simple software has complex foundations Source: http://vignette1.wikia.nocookie.net/uncyclopedia/images/c/c1/CaptobviousChooseOption.gif/revision/latest? cb=20070106161415
Trust boundaries OpenSSH libopenbsd- compat openssl libc libz kernel CPU/hw physics ???
OpenSSH - potential stack overflow key.c: static int cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) { u_char *principals, *critical, *exts, *sig_key, *sig; u_int signed_len, plen, clen, sklen, slen, kidlen, elen; Buffer tmp; char *principal; int ret = -1; int v00 = key->type == KEY_DSA_CERT_V00 || key->type == KEY_RSA_CERT_V00; [...] if ((key->cert->signature_key = key_from_blob(sig_key, sklen)) == NULL) { [...] Key * key_from_blob(const u_char *blob, u_int blen) { [...] if (key_is_cert(key) && cert_parse(&b, key, blob, blen) == -1) { error("key_from_blob: can’t parse cert data"); goto badkey; } [...] Fixed a year or two ago, left here for historical reasons... key from blob can be called remotely using pubkey authentication. If you’re interested then take a look to previous versions of auth2-pubkey.c.
OpenSSH - potential stack overflow (Un)fortunately certificate is handled by the Buffer structure, which maximum length is bounded: buffer.c: #define BUFFER_MAX_CHUNK 0x100000 [...] void * buffer_append_space(Buffer *buffer, u_int len) { u_int newlen; void *p; if (len > BUFFER_MAX_CHUNK) fatal("buffer_append_space: len %u not supported", len); No cookies this time, but maybe somewhere in space there are systems (or configurations) which are exploitable. (Bounded stack + something important near to it).
OpenSSH - CVE-2011-0539 ”OpenSSH does not properly initialise a nonce field with random data when generating legacy certificates (”-t” command line option of ssh-keygen). This can result in certain stack memory being used as nonce, which can lead to the disclosure of potentially sensitive information.” - source: http://secunia.com/advisories/43181 key.c patch: /* -v01 certs put nonce first */ + arc4random_buf(&nonce, sizeof(nonce)); if (!key_cert_is_legacy(k)) { - arc4random_buf(&nonce, sizeof(nonce)); buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); }
Trust boundaries OpenSSH libopenbsd- compat openssl libc libz kernel CPU/hw physics ???
Libraries - libopenssh-compat OpenBSD specific functions for !OpenBSD platforms heavily relies on the OpenSSL (e.g. rng implementation) let’s trust it! :)
Libraries - OpenSSL ¨uber complex library which implements various crypto stuff around 450 K LOC of hard-core C there are rumours, that some people learnt C by writing this library.... among developers this library has rather a bad reputation Why no SSL? - https://www.varnish-cache.org/docs/trunk/phk/ssl.html OpenSSL is written by monkeys - http://www.peereboom.us/assl/assl/html/openssl.html lots of projects rely on OpenSSL (700+ ports in the FreeBSD ports tree) we would rather be sorry if someone found a bug in this code...
Libraries - OpenSSL - top comments grep -Ri xxx .: crypto/asn1/a_strex.c: fld_len = 0; /* XXX: what should this be? */ apps/passwd.c: /* XXX: really we should know how to print a size_t, not cast it */ ssl/t1_enc.c: /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ ssl/d1_pkt.c: /* XXX: check what the second ’&& type’ is about */ include/openssl/pem.h: /* XXX(ben): don#t think this is used!... */ crypto/asn1/asn1_mac.h: /* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, some macros that use ASN1_const_CTX still insist on writing in the input stream. ARGH! ARGH! ARGH! Let’s get rid of this macro package.... */ crypto/objects/obj_dat.c: ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */ crypto/objects/obj_lib.c: return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication is this??? */ crypto/engine/eng_cryptodev.c: /* XXXX just disable all digests for now, because it sucks. */ More stuff @ https://twitter.com/OpenSSLFact
Libraries - LibreSSL fork done by OpenBSD guys right after the famous CVE-2014-0160 ”libressl is a version of the tls/crypto stack forked from openssl in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.” - http://www.libressl.org The first 30 days, and where we go from here - http://www.openbsd.org/papers/bsdcan14-libressl/ More than 30 Days Later - http://www.openbsd.org/papers/eurobsdcon2014-libressl.html
Libraries - LibreSSL - favicon.ico Source: http://www.libressl.org/favicon.ico
Libraries - LibreSSL - BN Code is complex, so let’s pick some small sublibrary - BigNumber implementation: part of the lib which is used in many other parts of library should be rather easy to implement (is it? :))
Libraries - LibreSSL - fun fact LibreSSL uses (sometimes) three zero representations: 0, −0 and 0..0: those ”zeros” are values returned by BN functions... once 0 = 0..0 = −0, sometimes not... ...inconsistency can’t hurt us..., can it?
Libraries - LibreSSL - off-by-one #1 Let’s take BIGNUM −0 and apply it to the BN bn2hex crypto/bn/bn print.c: char *BN_bn2hex(const BIGNUM *a) { char *buf; char *p; buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2); [...] p=buf; if (a->neg) *(p++)=’-’; if (BN_is_zero(a)) *(p++)=’0’; for (i=a->top-1; i >=0; i--) [...] *p=’0’; How to get −0 in LibreSSL? It is a task for the listener
Libraries - LibreSSL - off-by-one #2 Let’s call BN rand(BN, 1, 1, 0)- bnrand crypto/bn/bn rand.c: static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) { unsigned char *buf = NULL; [...] bytes = (bits + 7) / 8; bit = (bits - 1) % 8; buf = OPENSSL_malloc(bytes); if (top != -1) { if (top) { if (bit == 0) { buf[0] = 1; buf[1] |= 0x80; [...]
Libraries - libz zlib - easy, small library for data compression/decompression inflate.c: int ZEXPORT inflateInit_(strm, version, stream_size) z_streamp strm; const char *version; int stream_size; { return inflateInit2_(strm, DEF_WBITS, version, stream_size); } [...] int ZEXPORT inflateInit2_(strm, windowBits, version, stream_size) z_streamp strm; int windowBits; const char *version; int stream_size; { [...] struct inflate_state FAR *state; [...] if (strm->zalloc == (alloc_func)0) { [...] } state = (struct inflate_state FAR *) ZALLOC(strm, 1, sizeof(struct inflate_state)); [...] strm->state = (struct internal_state FAR *)state; state->window = Z_NULL; ret = inflateReset2(strm, windowBits); [...] }
Libraries - libz cont. inflate.c: int ZEXPORT inflateReset2(strm, windowBits) z_streamp strm; int windowBits; { int wrap; struct inflate_state FAR *state; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; if (windowBits < 0) { wrap = 0; windowBits = -windowBits; } else { wrap = (windowBits >> 4) + 1; } /* set number of window bits, free window if different */ if (windowBits && (windowBits < 8 || windowBits > 15)) return Z_STREAM_ERROR; if (state->window != Z_NULL && state->wbits != (unsigned)windowBits) { ZFREE(strm, state->window); state->window = Z_NULL; } [...] OpenSSH is not affected, but how about other popular software? YES IT IS!
Libraries - libc - dobule free - getaddrinfo IDN $ traceroute $(printf "302a") *** glibc detected *** traceroute: munmap_chunk(): invalid pointer: 0x00007fff1b43a547 *** ======= Backtrace: ========= /lib64/libc.so.6(cfree+0x166)[0x32244758c6] /lib64/libc.so.6[0x32244bc116] /lib64/libc.so.6(getaddrinfo+0x21a)[0x32244be94a] traceroute[0x402926] traceroute[0x4029f1] traceroute[0x406281] traceroute[0x403546] /lib64/libc.so.6(__libc_start_main+0xf4)[0x322441d9f4] traceroute[0x401619] ======= Memory map: ======== 00400000-00409000 r-xp 00000000 68:06 7103807 /bin/traceroute 00608000-00609000 rw-p 00008000 68:06 7103807 /bin/traceroute 00609000-0060a000 rw-p 00609000 00:00 0 00808000-00809000 rw-p 00008000 68:06 7103807 /bin/traceroute 00ff7000-01018000 rw-p 00ff7000 00:00 0 [heap] 3224000000-322401c000 r-xp 00000000 68:06 7332914 /lib64/ld-2.5.so http://www.openwall.com/lists/oss-security/2015/01/27/11
Trust boundaries OpenSSH libopenbsd- compat openssl libc libz kernel CPU/hw physics ???
Kernel Operating system kernel has usually millions code lines Next to each other: network protocols filesystems sound system ...programming ZOO
Kernel - FreeBSD - IGMP - CVE-2015-1414 netinet/igmp.c: case IGMP_VERSION_3: { struct igmpv3 *igmpv3; uint16_t igmpv3len; uint16_t srclen; int nsrc; [...] igmpv3 = (struct igmpv3 *)igmp; /* Validate length based on source count. */ nsrc = ntohs(igmpv3->igmp_numsrc); srclen = sizeof(struct in_addr) * nsrc; if (nsrc * sizeof(in_addr_t) > srclen) { IGMPSTAT_INC(igps_rcv_tooshort); return; } [...] igmpv3len = iphlen + IGMP_V3_QUERY_MINLEN + srclen; if ((m->m_flags & M_EXT || m->m_len < igmpv3len) && (m = m_pullup(m, igmpv3len)) == NULL) { IGMPSTAT_INC(igps_rcv_tooshort); return; } igmpv3 = (struct igmpv3 *)(mtod(m, uint8_t *) + iphlen); if (igmp_input_v3_query(ifp, ip, igmpv3) != 0) { [...]
Kernel - NetBSD - libprop - #1 common/lib/libprop/*: buf = malloc(pref->pref_len + 1, M_TEMP, M_WAITOK | M_CANFAIL); if (buf == NULL) return (ENOMEM); error = copyin(pref->pref_plist, buf, pref->pref_len); It’s not exploitable on x86/amd64, but may hurt sparc64.
Kernel - NetBSD - libprop - #2 common/lib/libprop/*: #define _PROP_EOF(c) ((c) == ’0’) #define _PROP_ISSPACE(c) ((c) == ’ ’ || (c) == ’t’ || (c) == ’n’ || (c) == ’r’ || _PROP_EOF(c)) struct _prop_object_internalize_context * _prop_object_internalize_context_alloc(const char *xml) { [...] /* * Skip any whitespace and XML preamble stuff that we don’t * know about / care about. */ for (;;) { while (_PROP_ISSPACE(*xml)) xml++;
Trust boundaries OpenSSH libopenbsd- compat openssl libc libz kernel CPU/hw physics ???
CPU/HW Bugs in the CPUs Kris Kaspersky - Remote Code Execution Through Intel CPU Bugs - HITB 2009 Pentium F00F bug Pentiun FDIV bug Bugs in the processor’s microcode - XEON example: (...) Erratum AAK167/BT248: ”If a logical processor has EPT (Extended Page Tables) enabled, is using 32-bit PAE paging, and accesses the virtual-APIC page then a complex sequence of internal processor micro-architectural events may cause an incorrect address translation or machine check on either logical processor. (...) - http://lists.debian.org/debian-user/2013/09/msg00126.html Bugs in (random) devices (incl. its firmware) have you ever wondered what’s inside the firmware? Backdoors in devices Intel, NSA & RDRAND ... :)
Trust boundaries OpenSSH libopenbsd- compat openssl libc libz kernel CPU/hw physics ???
WARNING Dragons live here!For the moment I’ll talk about things that: I don’t understand relate to philosophy rather than thug life...
Physics Have you ever heard about bugs in physics? What will happen if our openssh will run in space? Have we tested it in such environment? Are the physics’ laws consistent? What if somebody can remotely change CPU/memory state? Haha, I hope you didn’t believe that? Can we defend somehow? encoding correction (i.e. ECC) mirroring hardware OpenSSH will not suffer...But if we write a code to manage space robot, then it’s not funny anymore...
Trust boundaries OpenSSH libopenbsd- compat openssl libc libz kernel CPU/hw physics ???
??? In God We Trust... Everything Else We Test... ...maybe some three letter agency can manipulate the physics’ laws... :)
Fallen actors Protocols: ARP, IP, TCP, SSH, ... Algorithms: DH, RSA, DSA, EC, ...
Fallen actors - protocols There are bugs in protocols: SSL - CRIME, BEAST... TCP - SMURF, SYN ... We can formally proof that there are no bugs in the protocol... ...but in order to do so we need a model which is usually simplification of reality ”the absence of proof is not the proof of absence”
Forgotten elements - algorithms We can use math tools to verify that RSA does the job We can do it modulo some model Do you know that RSA relies on Factorization /∈ P Do you know that we don’t know if P = NP? Do you know that three letters agencies spent lots on money on breaking crypto? Finally, do you know that basing on ZF or ZFC we can’t be sure what we do? :) Assuming that we verified our algorithm, there’s still long road: we have to choose language (with formal semantics) code our algorithm in chosen language verify that we coded exactly what we meant (tests, formal proofs) having verified code we should recall the forgotten actor...
Forgotten compiler Attentive listener recalls that: ”OpenSSH is written in C, but processor is fed with machine code...” How do we know that we do not introduce any bugs in compilation process? Finding and Understanding Bugs in C Compilers (http://www.cs.utah.edu/˜regehr/papers/pldi11-preprint.pdf): ”Compilers should be correct. To improve the quality of C compilers, we created Csmith, a randomized test-case generation tool, and spent three years using it to find compiler bugs. During this period we reported more than 325 previously unknown bugs to compiler developers. Every compiler we tested was found to crash and also to silently generate wrong code when presented with valid input. (...)”
CompCert CompCert - verified compiler from C90 subset to PPC, ARM, x86 Verified = result code is 100% consistent with C90 semantics Useful when compiling critical code for embedded solutions Its translation process is INSANELY complex: Project’s homepage: http://compcert.inria.fr/
Conclusions Trust in even the simplest piece of code implies belief in hidden assumptions which we usually don’t even realize We’re forced to believe that each ”layer” works well For some reason three letters agencies are spending millions on breaking things Crypto is working, washing machines do the job Some of the instances of OpenSSH which I run are reachable from the Internet, and usually I sleep well... Sometimes it’s good to turn on paranoia when thinking about our computers ”Better paranoid than sorry” - comment from the OpenSSH project Read the code or not be surprised We’ll never get rid of bugs in software :)
Credits Large parts of this presentation were done in cooperation with Marek Kroemeke and Filip Palian, THANKS!
Some reading material http://c2.com/cgi/wiki?ProofsCantProveTheAbsenceOfBugs http://cm.bell-labs.com/who/ken/trust.html http://en.wikipedia.org/wiki/Argument˙from˙ignorance http://reproducible.alioth.debian.org/presentations/ 2014-02-01-FOSDEM14.pdf https://wiki.freebsd.org/ReproducibleBuilds https://wiki.debian.org/ReproducibleBuilds https://fosdem.org/2015/schedule/event/stretching˙out˙for˙ trustworthy˙reproducible˙builds/attachments/paper/668/export/ events/attachments/stretching˙out˙for˙trustworthy˙reproducible˙ builds/paper/668/2015˙01˙31˙FOSDEM15.pdf http://www.cl.cam.ac.uk/research/security/capsicum/
Time for questions (and maybe answers) Q&A
Trust boundaries - Confidence 2015

Recommended

CONFidence 2015: Trust boundaries - Mateusz Kocielski
CONFidence 2015: Trust boundaries - Mateusz KocielskiCONFidence 2015: Trust boundaries - Mateusz Kocielski
CONFidence 2015: Trust boundaries - Mateusz KocielskiPROIDEA
 
mimikatz @ rmll
mimikatz @ rmllmimikatz @ rmll
mimikatz @ rmllBenjamin Delpy
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatzBenjamin Delpy
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryPriyank Kapadia
 
IDSECCONF2013 CTF online Write Up
IDSECCONF2013 CTF online Write Up IDSECCONF2013 CTF online Write Up
IDSECCONF2013 CTF online Write Up idsecconf
 
Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHPEnrico Zimuel
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
 

Recommended

CONFidence 2015: Trust boundaries - Mateusz Kocielski
CONFidence 2015: Trust boundaries - Mateusz KocielskiCONFidence 2015: Trust boundaries - Mateusz Kocielski
CONFidence 2015: Trust boundaries - Mateusz KocielskiPROIDEA
 
mimikatz @ rmll
mimikatz @ rmllmimikatz @ rmll
mimikatz @ rmllBenjamin Delpy
 
Passwords#14 - mimikatz
Passwords#14 - mimikatzPasswords#14 - mimikatz
Passwords#14 - mimikatzBenjamin Delpy
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryPriyank Kapadia
 
IDSECCONF2013 CTF online Write Up
IDSECCONF2013 CTF online Write Up IDSECCONF2013 CTF online Write Up
IDSECCONF2013 CTF online Write Up idsecconf
 
Strong cryptography in PHP
Strong cryptography in PHPStrong cryptography in PHP
Strong cryptography in PHPEnrico Zimuel
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)Svetlin Nakov
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)Svetlin Nakov
 
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Cryptography in PHP: use cases
Cryptography in PHP: use casesCryptography in PHP: use cases
Cryptography in PHP: use casesEnrico Zimuel
 
Cryptography For The Average Developer - Sunshine PHP
Cryptography For The Average Developer - Sunshine PHPCryptography For The Average Developer - Sunshine PHP
Cryptography For The Average Developer - Sunshine PHPAnthony Ferrara
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Svetlin Nakov
 
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...Luciano Mammino
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
Testing NodeJS Security
Testing NodeJS SecurityTesting NodeJS Security
Testing NodeJS SecurityJose Manuel Ortega Candel
 
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Svetlin Nakov
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101Aditya Kamat
 
동시성과 병렬성
동시성과 병렬성동시성과 병렬성
동시성과 병렬성Chanhyeong LEE
 
Non-Esoteric XSS Tips & Tricks
Non-Esoteric XSS Tips & TricksNon-Esoteric XSS Tips & Tricks
Non-Esoteric XSS Tips & TricksMiroslav Stampar
 
Cryptography For The Average Developer
Cryptography For The Average DeveloperCryptography For The Average Developer
Cryptography For The Average DeveloperAnthony Ferrara
 
6.hash mac
6.hash mac6.hash mac
6.hash macVirendrakumar Dhotre
 
Hacking NodeJS applications for fun and profit
Hacking NodeJS applications for fun and profitHacking NodeJS applications for fun and profit
Hacking NodeJS applications for fun and profitJose Manuel Ortega Candel
 
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
Windows 4 pentesters - internals 101
Windows 4 pentesters - internals 101Windows 4 pentesters - internals 101
Windows 4 pentesters - internals 101Krzysztof Marciniak
 
Message queue and shared memory
Message queue and shared memoryMessage queue and shared memory
Message queue and shared memoryNarayanlalMenariya
 
1 04 rao
1 04 rao1 04 rao
1 04 raodimitar9
 
Pkcs 5
Pkcs 5Pkcs 5
Pkcs 5snakesv
 
JS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.js
JS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.jsJS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.js
JS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.jsJSFestUA
 
Gpg basics
Gpg basicsGpg basics
Gpg basicsobsidisconsortia
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionTanner Lovelace
 

More Related Content

What's hot

Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Svetlin Nakov
 
Cryptography in PHP: use cases
Cryptography in PHP: use casesCryptography in PHP: use cases
Cryptography in PHP: use casesEnrico Zimuel
 
Cryptography For The Average Developer - Sunshine PHP
Cryptography For The Average Developer - Sunshine PHPCryptography For The Average Developer - Sunshine PHP
Cryptography For The Average Developer - Sunshine PHPAnthony Ferrara
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Svetlin Nakov
 
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...Luciano Mammino
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Svetlin Nakov
 
동시성과 병렬성
동시성과 병렬성동시성과 병렬성
동시성과 병렬성Chanhyeong LEE
 
Non-Esoteric XSS Tips & Tricks
Non-Esoteric XSS Tips & TricksNon-Esoteric XSS Tips & Tricks
Non-Esoteric XSS Tips & TricksMiroslav Stampar
 
Cryptography For The Average Developer
Cryptography For The Average DeveloperCryptography For The Average Developer
Cryptography For The Average DeveloperAnthony Ferrara
 
Hacking NodeJS applications for fun and profit
Hacking NodeJS applications for fun and profitHacking NodeJS applications for fun and profit
Hacking NodeJS applications for fun and profitJose Manuel Ortega Candel
 
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
Windows 4 pentesters - internals 101
Windows 4 pentesters - internals 101Windows 4 pentesters - internals 101
Windows 4 pentesters - internals 101Krzysztof Marciniak
 
Message queue and shared memory
Message queue and shared memoryMessage queue and shared memory
Message queue and shared memoryNarayanlalMenariya
 
JS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.js
JS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.jsJS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.js
JS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.jsJSFestUA
 

What's hot (20)

Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
 
Cryptography in PHP: use cases
Cryptography in PHP: use casesCryptography in PHP: use cases
Cryptography in PHP: use cases
 
Cryptography For The Average Developer - Sunshine PHP
Cryptography For The Average Developer - Sunshine PHPCryptography For The Average Developer - Sunshine PHP
Cryptography For The Average Developer - Sunshine PHP
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
 
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
Cracking JWT tokens: a tale of magic, Node.JS and parallel computing - Node.j...
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
Testing NodeJS Security
Testing NodeJS SecurityTesting NodeJS Security
Testing NodeJS Security
 
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101
 
동시성과 병렬성
동시성과 병렬성동시성과 병렬성
동시성과 병렬성
 
Non-Esoteric XSS Tips & Tricks
Non-Esoteric XSS Tips & TricksNon-Esoteric XSS Tips & Tricks
Non-Esoteric XSS Tips & Tricks
 
Cryptography For The Average Developer
Cryptography For The Average DeveloperCryptography For The Average Developer
Cryptography For The Average Developer
 
6.hash mac
6.hash mac6.hash mac
6.hash mac
 
Hacking NodeJS applications for fun and profit
Hacking NodeJS applications for fun and profitHacking NodeJS applications for fun and profit
Hacking NodeJS applications for fun and profit
 
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Difficulties of malware analysis - Nguyễn Chấn Việt
 
Windows 4 pentesters - internals 101
Windows 4 pentesters - internals 101Windows 4 pentesters - internals 101
Windows 4 pentesters - internals 101
 
Message queue and shared memory
Message queue and shared memoryMessage queue and shared memory
Message queue and shared memory
 
1 04 rao
1 04 rao1 04 rao
1 04 rao
 
Pkcs 5
Pkcs 5Pkcs 5
Pkcs 5
 
JS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.js
JS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.jsJS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.js
JS Fest 2019. Тимур Шемсединов. Разделяемая память в многопоточном Node.js
 

Viewers also liked

OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionTanner Lovelace
 
Torturing the PHP interpreter
Torturing the PHP interpreterTorturing the PHP interpreter
Torturing the PHP interpreterLogicaltrust pl
 
Krytyczne błędy konfiguracji
Krytyczne błędy konfiguracjiKrytyczne błędy konfiguracji
Krytyczne błędy konfiguracjiLogicaltrust pl
 
Bezpieczeństwo informacji - edukacja pracowników - dlaczego robimy to źle? Se...
Bezpieczeństwo informacji - edukacja pracowników - dlaczego robimy to źle? Se...Bezpieczeństwo informacji - edukacja pracowników - dlaczego robimy to źle? Se...
Bezpieczeństwo informacji - edukacja pracowników - dlaczego robimy to źle? Se...Logicaltrust pl
 
Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy... zaproszenie dla ...
Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy... zaproszenie dla ...Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy... zaproszenie dla ...
Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy... zaproszenie dla ...Logicaltrust pl
 
Narzędzia do zautomatyzowanego testowania bezpieczeństwa aplikacji WWW
Narzędzia do zautomatyzowanego testowania bezpieczeństwa aplikacji WWWNarzędzia do zautomatyzowanego testowania bezpieczeństwa aplikacji WWW
Narzędzia do zautomatyzowanego testowania bezpieczeństwa aplikacji WWWLogicaltrust pl
 
Co z bezpieczeństwem aplikacji mobilnych? - studium przypadków (KrakWhiteHat ...
Co z bezpieczeństwem aplikacji mobilnych? - studium przypadków (KrakWhiteHat ...Co z bezpieczeństwem aplikacji mobilnych? - studium przypadków (KrakWhiteHat ...
Co z bezpieczeństwem aplikacji mobilnych? - studium przypadków (KrakWhiteHat ...Logicaltrust pl
 
Praktyczne ataki na aplikacje webowe (TAPT 2015)
Praktyczne ataki na aplikacje webowe (TAPT 2015)Praktyczne ataki na aplikacje webowe (TAPT 2015)
Praktyczne ataki na aplikacje webowe (TAPT 2015)Adam Ziaja
 
Wyciek danych w aplikacjach - Artur Kalinowski, 4Developers
Wyciek danych w aplikacjach - Artur Kalinowski, 4DevelopersWyciek danych w aplikacjach - Artur Kalinowski, 4Developers
Wyciek danych w aplikacjach - Artur Kalinowski, 4DevelopersLogicaltrust pl
 
Czy systematyczne podejście do testów bezpieczeństwa się opłaca?
Czy systematyczne podejście do testów bezpieczeństwa się opłaca?Czy systematyczne podejście do testów bezpieczeństwa się opłaca?
Czy systematyczne podejście do testów bezpieczeństwa się opłaca?Logicaltrust pl
 
Socjotechnika w Internecie - metody ataku i obrony
Socjotechnika w Internecie - metody ataku i obronySocjotechnika w Internecie - metody ataku i obrony
Socjotechnika w Internecie - metody ataku i obronyLogicaltrust pl
 
Testy bezpieczeństwa aplikacji WWW – dobre praktyki
Testy bezpieczeństwa aplikacji WWW – dobre praktykiTesty bezpieczeństwa aplikacji WWW – dobre praktyki
Testy bezpieczeństwa aplikacji WWW – dobre praktykiLogicaltrust pl
 
OWASP Mobile TOP 10 na przykładzie aplikacji bankowych - Semafor 2016 - Mateu...
OWASP Mobile TOP 10 na przykładzie aplikacji bankowych - Semafor 2016 - Mateu...OWASP Mobile TOP 10 na przykładzie aplikacji bankowych - Semafor 2016 - Mateu...
OWASP Mobile TOP 10 na przykładzie aplikacji bankowych - Semafor 2016 - Mateu...Logicaltrust pl
 

Viewers also liked (20)

Gpg basics
Gpg basicsGpg basics
Gpg basics
 
OpenPGP/GnuPG Encryption
OpenPGP/GnuPG EncryptionOpenPGP/GnuPG Encryption
OpenPGP/GnuPG Encryption
 
Clefs GPG
Clefs GPGClefs GPG
Clefs GPG
 
PGP presentation 2014
PGP presentation 2014PGP presentation 2014
PGP presentation 2014
 
Introduction PGP-GPG Subkey Management
Introduction PGP-GPG Subkey ManagementIntroduction PGP-GPG Subkey Management
Introduction PGP-GPG Subkey Management
 
Torturing the PHP interpreter
Torturing the PHP interpreterTorturing the PHP interpreter
Torturing the PHP interpreter
 
Krytyczne błędy konfiguracji
Krytyczne błędy konfiguracjiKrytyczne błędy konfiguracji
Krytyczne błędy konfiguracji
 
Bezpieczeństwo informacji - edukacja pracowników - dlaczego robimy to źle? Se...
Bezpieczeństwo informacji - edukacja pracowników - dlaczego robimy to źle? Se...Bezpieczeństwo informacji - edukacja pracowników - dlaczego robimy to źle? Se...
Bezpieczeństwo informacji - edukacja pracowników - dlaczego robimy to źle? Se...
 
Security news 20151119
Security news 20151119Security news 20151119
Security news 20151119
 
Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy... zaproszenie dla ...
Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy... zaproszenie dla ...Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy... zaproszenie dla ...
Urządzenia i usługi bezpieczeństwa IT - pełna ochrona czy... zaproszenie dla ...
 
Narzędzia do zautomatyzowanego testowania bezpieczeństwa aplikacji WWW
Narzędzia do zautomatyzowanego testowania bezpieczeństwa aplikacji WWWNarzędzia do zautomatyzowanego testowania bezpieczeństwa aplikacji WWW
Narzędzia do zautomatyzowanego testowania bezpieczeństwa aplikacji WWW
 
Security news 20160128
Security news 20160128Security news 20160128
Security news 20160128
 
Co z bezpieczeństwem aplikacji mobilnych? - studium przypadków (KrakWhiteHat ...
Co z bezpieczeństwem aplikacji mobilnych? - studium przypadków (KrakWhiteHat ...Co z bezpieczeństwem aplikacji mobilnych? - studium przypadków (KrakWhiteHat ...
Co z bezpieczeństwem aplikacji mobilnych? - studium przypadków (KrakWhiteHat ...
 
Security news 20160225
Security news 20160225Security news 20160225
Security news 20160225
 
Praktyczne ataki na aplikacje webowe (TAPT 2015)
Praktyczne ataki na aplikacje webowe (TAPT 2015)Praktyczne ataki na aplikacje webowe (TAPT 2015)
Praktyczne ataki na aplikacje webowe (TAPT 2015)
 
Wyciek danych w aplikacjach - Artur Kalinowski, 4Developers
Wyciek danych w aplikacjach - Artur Kalinowski, 4DevelopersWyciek danych w aplikacjach - Artur Kalinowski, 4Developers
Wyciek danych w aplikacjach - Artur Kalinowski, 4Developers
 
Czy systematyczne podejście do testów bezpieczeństwa się opłaca?
Czy systematyczne podejście do testów bezpieczeństwa się opłaca?Czy systematyczne podejście do testów bezpieczeństwa się opłaca?
Czy systematyczne podejście do testów bezpieczeństwa się opłaca?
 
Socjotechnika w Internecie - metody ataku i obrony
Socjotechnika w Internecie - metody ataku i obronySocjotechnika w Internecie - metody ataku i obrony
Socjotechnika w Internecie - metody ataku i obrony
 
Testy bezpieczeństwa aplikacji WWW – dobre praktyki
Testy bezpieczeństwa aplikacji WWW – dobre praktykiTesty bezpieczeństwa aplikacji WWW – dobre praktyki
Testy bezpieczeństwa aplikacji WWW – dobre praktyki
 
OWASP Mobile TOP 10 na przykładzie aplikacji bankowych - Semafor 2016 - Mateu...
OWASP Mobile TOP 10 na przykładzie aplikacji bankowych - Semafor 2016 - Mateu...OWASP Mobile TOP 10 na przykładzie aplikacji bankowych - Semafor 2016 - Mateu...
OWASP Mobile TOP 10 na przykładzie aplikacji bankowych - Semafor 2016 - Mateu...
 

Similar to Trust boundaries - Confidence 2015

BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully BlueHat Security Conference
 
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowWilliam Lee
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)Shteryana Shopova
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developersKai Koenig
 
A Boring Article About a Check of the OpenSSL Project
A Boring Article About a Check of the OpenSSL ProjectA Boring Article About a Check of the OpenSSL Project
A Boring Article About a Check of the OpenSSL ProjectAndrey Karpov
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms OverviewEL Bachir Nouni
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptographydrewz lin
 
Ransomware for fun and non-profit
Ransomware for fun and non-profitRansomware for fun and non-profit
Ransomware for fun and non-profitYouness Zougar
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
 
Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...Stefano Maccaglia
 
The Ultimate IDS Smackdown
The Ultimate IDS SmackdownThe Ultimate IDS Smackdown
The Ultimate IDS SmackdownMario Heiderich
 
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderA Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderAndrey Karpov
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 

Similar to Trust boundaries - Confidence 2015 (20)

Computer Security
Computer SecurityComputer Security
Computer Security
 
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
BlueHat v17 || Out of the Truman Show: VM Escape in VMware Gracefully
 
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call FlowOpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)OpenSSL programming (still somewhat initial version)
OpenSSL programming (still somewhat initial version)
 
Cryptography for developers
Cryptography for developersCryptography for developers
Cryptography for developers
 
A Boring Article About a Check of the OpenSSL Project
A Boring Article About a Check of the OpenSSL ProjectA Boring Article About a Check of the OpenSSL Project
A Boring Article About a Check of the OpenSSL Project
 
(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview(Crypto) DES And RSA Algorithms Overview
(Crypto) DES And RSA Algorithms Overview
 
12 symmetric key cryptography
12 symmetric key cryptography12 symmetric key cryptography
12 symmetric key cryptography
 
Ransomware for fun and non-profit
Ransomware for fun and non-profitRansomware for fun and non-profit
Ransomware for fun and non-profit
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year later
 
Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...
 
Rust Hack
Rust HackRust Hack
Rust Hack
 
The Ultimate IDS Smackdown
The Ultimate IDS SmackdownThe Ultimate IDS Smackdown
The Ultimate IDS Smackdown
 
Cryptography Attacks and Applications
Cryptography Attacks and ApplicationsCryptography Attacks and Applications
Cryptography Attacks and Applications
 
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderA Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
 
Total E(A)gression defcon
Total E(A)gression defconTotal E(A)gression defcon
Total E(A)gression defcon
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
Book
BookBook
Book
 
LibreSSL
LibreSSLLibreSSL
LibreSSL
 

More from Logicaltrust pl

Jak cyberprzęstepcy okradają dziś firmy - webinar 2020.06.24
Jak cyberprzęstepcy okradają dziś firmy - webinar 2020.06.24Jak cyberprzęstepcy okradają dziś firmy - webinar 2020.06.24
Jak cyberprzęstepcy okradają dziś firmy - webinar 2020.06.24Logicaltrust pl
 
Security Awareness po polsku - webinar 2019.11.29
Security Awareness po polsku - webinar 2019.11.29Security Awareness po polsku - webinar 2019.11.29
Security Awareness po polsku - webinar 2019.11.29Logicaltrust pl
 
8 zasad skutecznego security awareness
8 zasad skutecznego security awareness8 zasad skutecznego security awareness
8 zasad skutecznego security awarenessLogicaltrust pl
 
Ataki socjotechniczne w praktyce - SecurityBSides Warsaw 2019
Ataki socjotechniczne w praktyce - SecurityBSides Warsaw 2019Ataki socjotechniczne w praktyce - SecurityBSides Warsaw 2019
Ataki socjotechniczne w praktyce - SecurityBSides Warsaw 2019Logicaltrust pl
 
Ataki socjotechniczne w praktyce - Confidence 2019
Ataki socjotechniczne w praktyce - Confidence 2019Ataki socjotechniczne w praktyce - Confidence 2019
Ataki socjotechniczne w praktyce - Confidence 2019Logicaltrust pl
 
Minerva_lib - fuzzing tool
Minerva_lib - fuzzing toolMinerva_lib - fuzzing tool
Minerva_lib - fuzzing toolLogicaltrust pl
 
"Spear phishing - jak się bronić? Case studies." - SecurityBSides 2018
"Spear phishing - jak się bronić? Case studies." - SecurityBSides 2018"Spear phishing - jak się bronić? Case studies." - SecurityBSides 2018
"Spear phishing - jak się bronić? Case studies." - SecurityBSides 2018Logicaltrust pl
 
Spear phishing - jak się bronić? Case studies - Confidence 2018
Spear phishing - jak się bronić? Case studies - Confidence 2018Spear phishing - jak się bronić? Case studies - Confidence 2018
Spear phishing - jak się bronić? Case studies - Confidence 2018Logicaltrust pl
 
Redteaming in Poland - test cases (Security)
Redteaming in Poland - test cases (Security)Redteaming in Poland - test cases (Security)
Redteaming in Poland - test cases (Security)Logicaltrust pl
 
Redteaming w Polsce - przykłady
Redteaming w Polsce - przykładyRedteaming w Polsce - przykłady
Redteaming w Polsce - przykładyLogicaltrust pl
 
Testy bezpieczeństwa - niesztampowe przypadki
Testy bezpieczeństwa - niesztampowe przypadkiTesty bezpieczeństwa - niesztampowe przypadki
Testy bezpieczeństwa - niesztampowe przypadkiLogicaltrust pl
 
Cyberprzestepcy - Jak się bronić?
Cyberprzestepcy - Jak się bronić?Cyberprzestepcy - Jak się bronić?
Cyberprzestepcy - Jak się bronić?Logicaltrust pl
 
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...Logicaltrust pl
 
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...Logicaltrust pl
 

More from Logicaltrust pl (16)

Jak cyberprzęstepcy okradają dziś firmy - webinar 2020.06.24
Jak cyberprzęstepcy okradają dziś firmy - webinar 2020.06.24Jak cyberprzęstepcy okradają dziś firmy - webinar 2020.06.24
Jak cyberprzęstepcy okradają dziś firmy - webinar 2020.06.24
 
Security Awareness po polsku - webinar 2019.11.29
Security Awareness po polsku - webinar 2019.11.29Security Awareness po polsku - webinar 2019.11.29
Security Awareness po polsku - webinar 2019.11.29
 
8 zasad skutecznego security awareness
8 zasad skutecznego security awareness8 zasad skutecznego security awareness
8 zasad skutecznego security awareness
 
Ataki socjotechniczne w praktyce - SecurityBSides Warsaw 2019
Ataki socjotechniczne w praktyce - SecurityBSides Warsaw 2019Ataki socjotechniczne w praktyce - SecurityBSides Warsaw 2019
Ataki socjotechniczne w praktyce - SecurityBSides Warsaw 2019
 
Ataki socjotechniczne w praktyce - Confidence 2019
Ataki socjotechniczne w praktyce - Confidence 2019Ataki socjotechniczne w praktyce - Confidence 2019
Ataki socjotechniczne w praktyce - Confidence 2019
 
Minerva_lib - fuzzing tool
Minerva_lib - fuzzing toolMinerva_lib - fuzzing tool
Minerva_lib - fuzzing tool
 
"Spear phishing - jak się bronić? Case studies." - SecurityBSides 2018
"Spear phishing - jak się bronić? Case studies." - SecurityBSides 2018"Spear phishing - jak się bronić? Case studies." - SecurityBSides 2018
"Spear phishing - jak się bronić? Case studies." - SecurityBSides 2018
 
Spear phishing - jak się bronić? Case studies - Confidence 2018
Spear phishing - jak się bronić? Case studies - Confidence 2018Spear phishing - jak się bronić? Case studies - Confidence 2018
Spear phishing - jak się bronić? Case studies - Confidence 2018
 
Redteaming in Poland - test cases (Security)
Redteaming in Poland - test cases (Security)Redteaming in Poland - test cases (Security)
Redteaming in Poland - test cases (Security)
 
Redteaming w Polsce - przykłady
Redteaming w Polsce - przykładyRedteaming w Polsce - przykłady
Redteaming w Polsce - przykłady
 
Testy bezpieczeństwa - niesztampowe przypadki
Testy bezpieczeństwa - niesztampowe przypadkiTesty bezpieczeństwa - niesztampowe przypadki
Testy bezpieczeństwa - niesztampowe przypadki
 
Devops/Sysops security
Devops/Sysops securityDevops/Sysops security
Devops/Sysops security
 
Devops security
Devops securityDevops security
Devops security
 
Cyberprzestepcy - Jak się bronić?
Cyberprzestepcy - Jak się bronić?Cyberprzestepcy - Jak się bronić?
Cyberprzestepcy - Jak się bronić?
 
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...
 
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...
APT x 3 - trzy firmy, trzy wektory ataków, trzy do zera - wybrane studium prz...
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Trust boundaries - Confidence 2015

  • 1.
  • 3. $ whoami pentester at LogicalTrust as $DAILYJOB open source committer: PHP - bug fixing NetBSD - libsaslc(3) & random things... security: PHP - CVE-2010-1868, CVE-2010-1917, CVE-2010-4150, CVE-2010-4156, CVE-2011-1938, ... stunnel - CVE-2013-1762 OpenSSH - CVE-2011-0539 Apache - CVE-2014-0117, CVE-2014-0226 FreeBSD - CVE-2015-1414 ...
  • 4. Trust boundaries? Our goal is to investigate how many assumptions are hidden in belief that some piece of code is secure. We want to harbour a seed of doubt in those, who are too confident and encourage those, who cannot sleep at night. I want to share with you some of my findings...
  • 5. What is trust? - Wikitionary trust (source: http://en.wiktionary.org/wiki/trust): 1. Confidence in or reliance on some person or quality. 4. That which is committed or entrusted; something received in confidence; a charge. 5. That upon which confidence is reposed; ground of reliance; hope 7. The condition or obligation of one to whom anything is confided; responsible charge or office. ...
  • 6. What is trust? Source: http://pl.wiktionary.org/wiki/Plik:Male˙House˙Sparrow˙%28Passer˙domesticus%29˙feeding˙from˙hand.jpg
  • 7. In software we trust? By saying ”I trust this software”, we’d like to think that: it doesn’t hurt us lack of bugs (at least those connected somehow with security). it does what we think it does (and nothing else) lack of backdoors etc. We all have our own definition of trusted software, moreover this definition varies on many factors like requirements etc. For this presentation we can assume that everyone in this room are (at least) a bit paranoid.
  • 8. A short survey... Can we trust following software: Linux Windows MS Office Apache OpenBSD OpenSSL OpenSSH working as ”cloud” (innovative clusters placed in cloud operating with synergy crap) - GMail, Dropbox, Google Drive, ...
  • 10. Keeping data in cloud Source: http://download.fsfe.org/advocacy/stickers/thereisnocloud/thereisnocloud-v2-74x74.pdf, CC-By-Sa Markus Meier
  • 11. Simple observations It’s easier to trust software: small (e.g. bc vs. Excel) open source ”given enough eyeballs, all bugs are shallow” - Linus’s Law we can verify code ourself who is paranoid enough not to trust binary sets of your favourite distro? :) Reproducible builds can solve that problem with good reputation (e.g. OpenBSD vs. Windows)
  • 12. ...but let’s talk about the facts Here is the plan: take a piece of software that we believe is secure run it and expose it to the internet verify what we meant by claiming it is secure? think about the consequences So which software to choose?...
  • 13. Who’ll be our hero?! ...by acclamation we’re choosing: openssh
  • 14. Why OpenSSH? small - version 6.8 has around 90K LOC good design (priv. separation etc.) well written (security in mind...) ”I am always looking for bugs in OpenSSH as it is written in clear to read source code and has very strong security.” - Kingcope (source: http://kingcope.wordpress.com/2013/09/13/ opensslopenssh-ecdsa-authentication-code-inconsistent-return-values-no-v Everybody uses it: zmap (source: https://zmap.io/paper.pdf): (...) port 22 hit rate: 0.57% (...) generally recognized as a safe and robust software
  • 15. OpenSSH on the screen Source: http://nmap.org/movies/matrix/trinity-nmapscreen-hd-crop-1200x728.jpg ...so yesterday...
  • 17. Simple observations pt. 2 layer n (lower) is broken → layer n + 1 (higher) is broken even (relatively) simple software has complex foundations Source: http://vignette1.wikia.nocookie.net/uncyclopedia/images/c/c1/CaptobviousChooseOption.gif/revision/latest? cb=20070106161415
  • 19. OpenSSH - potential stack overflow key.c: static int cert_parse(Buffer *b, Key *key, const u_char *blob, u_int blen) { u_char *principals, *critical, *exts, *sig_key, *sig; u_int signed_len, plen, clen, sklen, slen, kidlen, elen; Buffer tmp; char *principal; int ret = -1; int v00 = key->type == KEY_DSA_CERT_V00 || key->type == KEY_RSA_CERT_V00; [...] if ((key->cert->signature_key = key_from_blob(sig_key, sklen)) == NULL) { [...] Key * key_from_blob(const u_char *blob, u_int blen) { [...] if (key_is_cert(key) && cert_parse(&b, key, blob, blen) == -1) { error("key_from_blob: can’t parse cert data"); goto badkey; } [...] Fixed a year or two ago, left here for historical reasons... key from blob can be called remotely using pubkey authentication. If you’re interested then take a look to previous versions of auth2-pubkey.c.
  • 20. OpenSSH - potential stack overflow (Un)fortunately certificate is handled by the Buffer structure, which maximum length is bounded: buffer.c: #define BUFFER_MAX_CHUNK 0x100000 [...] void * buffer_append_space(Buffer *buffer, u_int len) { u_int newlen; void *p; if (len > BUFFER_MAX_CHUNK) fatal("buffer_append_space: len %u not supported", len); No cookies this time, but maybe somewhere in space there are systems (or configurations) which are exploitable. (Bounded stack + something important near to it).
  • 21. OpenSSH - CVE-2011-0539 ”OpenSSH does not properly initialise a nonce field with random data when generating legacy certificates (”-t” command line option of ssh-keygen). This can result in certain stack memory being used as nonce, which can lead to the disclosure of potentially sensitive information.” - source: http://secunia.com/advisories/43181 key.c patch: /* -v01 certs put nonce first */ + arc4random_buf(&nonce, sizeof(nonce)); if (!key_cert_is_legacy(k)) { - arc4random_buf(&nonce, sizeof(nonce)); buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); }
  • 23. Libraries - libopenssh-compat OpenBSD specific functions for !OpenBSD platforms heavily relies on the OpenSSL (e.g. rng implementation) let’s trust it! :)
  • 24. Libraries - OpenSSL ¨uber complex library which implements various crypto stuff around 450 K LOC of hard-core C there are rumours, that some people learnt C by writing this library.... among developers this library has rather a bad reputation Why no SSL? - https://www.varnish-cache.org/docs/trunk/phk/ssl.html OpenSSL is written by monkeys - http://www.peereboom.us/assl/assl/html/openssl.html lots of projects rely on OpenSSL (700+ ports in the FreeBSD ports tree) we would rather be sorry if someone found a bug in this code...
  • 25. Libraries - OpenSSL - top comments grep -Ri xxx .: crypto/asn1/a_strex.c: fld_len = 0; /* XXX: what should this be? */ apps/passwd.c: /* XXX: really we should know how to print a size_t, not cast it */ ssl/t1_enc.c: /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ ssl/d1_pkt.c: /* XXX: check what the second ’&& type’ is about */ include/openssl/pem.h: /* XXX(ben): don#t think this is used!... */ crypto/asn1/asn1_mac.h: /* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, some macros that use ASN1_const_CTX still insist on writing in the input stream. ARGH! ARGH! ARGH! Let’s get rid of this macro package.... */ crypto/objects/obj_dat.c: ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */ crypto/objects/obj_lib.c: return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication is this??? */ crypto/engine/eng_cryptodev.c: /* XXXX just disable all digests for now, because it sucks. */ More stuff @ https://twitter.com/OpenSSLFact
  • 26. Libraries - LibreSSL fork done by OpenBSD guys right after the famous CVE-2014-0160 ”libressl is a version of the tls/crypto stack forked from openssl in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.” - http://www.libressl.org The first 30 days, and where we go from here - http://www.openbsd.org/papers/bsdcan14-libressl/ More than 30 Days Later - http://www.openbsd.org/papers/eurobsdcon2014-libressl.html
  • 27. Libraries - LibreSSL - favicon.ico Source: http://www.libressl.org/favicon.ico
  • 28. Libraries - LibreSSL - BN Code is complex, so let’s pick some small sublibrary - BigNumber implementation: part of the lib which is used in many other parts of library should be rather easy to implement (is it? :))
  • 29. Libraries - LibreSSL - fun fact LibreSSL uses (sometimes) three zero representations: 0, −0 and 0..0: those ”zeros” are values returned by BN functions... once 0 = 0..0 = −0, sometimes not... ...inconsistency can’t hurt us..., can it?
  • 30. Libraries - LibreSSL - off-by-one #1 Let’s take BIGNUM −0 and apply it to the BN bn2hex crypto/bn/bn print.c: char *BN_bn2hex(const BIGNUM *a) { char *buf; char *p; buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2); [...] p=buf; if (a->neg) *(p++)=’-’; if (BN_is_zero(a)) *(p++)=’0’; for (i=a->top-1; i >=0; i--) [...] *p=’0’; How to get −0 in LibreSSL? It is a task for the listener
  • 31. Libraries - LibreSSL - off-by-one #2 Let’s call BN rand(BN, 1, 1, 0)- bnrand crypto/bn/bn rand.c: static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) { unsigned char *buf = NULL; [...] bytes = (bits + 7) / 8; bit = (bits - 1) % 8; buf = OPENSSL_malloc(bytes); if (top != -1) { if (top) { if (bit == 0) { buf[0] = 1; buf[1] |= 0x80; [...]
  • 32. Libraries - libz zlib - easy, small library for data compression/decompression inflate.c: int ZEXPORT inflateInit_(strm, version, stream_size) z_streamp strm; const char *version; int stream_size; { return inflateInit2_(strm, DEF_WBITS, version, stream_size); } [...] int ZEXPORT inflateInit2_(strm, windowBits, version, stream_size) z_streamp strm; int windowBits; const char *version; int stream_size; { [...] struct inflate_state FAR *state; [...] if (strm->zalloc == (alloc_func)0) { [...] } state = (struct inflate_state FAR *) ZALLOC(strm, 1, sizeof(struct inflate_state)); [...] strm->state = (struct internal_state FAR *)state; state->window = Z_NULL; ret = inflateReset2(strm, windowBits); [...] }
  • 33. Libraries - libz cont. inflate.c: int ZEXPORT inflateReset2(strm, windowBits) z_streamp strm; int windowBits; { int wrap; struct inflate_state FAR *state; if (strm == Z_NULL || strm->state == Z_NULL) return Z_STREAM_ERROR; state = (struct inflate_state FAR *)strm->state; if (windowBits < 0) { wrap = 0; windowBits = -windowBits; } else { wrap = (windowBits >> 4) + 1; } /* set number of window bits, free window if different */ if (windowBits && (windowBits < 8 || windowBits > 15)) return Z_STREAM_ERROR; if (state->window != Z_NULL && state->wbits != (unsigned)windowBits) { ZFREE(strm, state->window); state->window = Z_NULL; } [...] OpenSSH is not affected, but how about other popular software? YES IT IS!
  • 34. Libraries - libc - dobule free - getaddrinfo IDN $ traceroute $(printf "302a") *** glibc detected *** traceroute: munmap_chunk(): invalid pointer: 0x00007fff1b43a547 *** ======= Backtrace: ========= /lib64/libc.so.6(cfree+0x166)[0x32244758c6] /lib64/libc.so.6[0x32244bc116] /lib64/libc.so.6(getaddrinfo+0x21a)[0x32244be94a] traceroute[0x402926] traceroute[0x4029f1] traceroute[0x406281] traceroute[0x403546] /lib64/libc.so.6(__libc_start_main+0xf4)[0x322441d9f4] traceroute[0x401619] ======= Memory map: ======== 00400000-00409000 r-xp 00000000 68:06 7103807 /bin/traceroute 00608000-00609000 rw-p 00008000 68:06 7103807 /bin/traceroute 00609000-0060a000 rw-p 00609000 00:00 0 00808000-00809000 rw-p 00008000 68:06 7103807 /bin/traceroute 00ff7000-01018000 rw-p 00ff7000 00:00 0 [heap] 3224000000-322401c000 r-xp 00000000 68:06 7332914 /lib64/ld-2.5.so http://www.openwall.com/lists/oss-security/2015/01/27/11
  • 36. Kernel Operating system kernel has usually millions code lines Next to each other: network protocols filesystems sound system ...programming ZOO
  • 37. Kernel - FreeBSD - IGMP - CVE-2015-1414 netinet/igmp.c: case IGMP_VERSION_3: { struct igmpv3 *igmpv3; uint16_t igmpv3len; uint16_t srclen; int nsrc; [...] igmpv3 = (struct igmpv3 *)igmp; /* Validate length based on source count. */ nsrc = ntohs(igmpv3->igmp_numsrc); srclen = sizeof(struct in_addr) * nsrc; if (nsrc * sizeof(in_addr_t) > srclen) { IGMPSTAT_INC(igps_rcv_tooshort); return; } [...] igmpv3len = iphlen + IGMP_V3_QUERY_MINLEN + srclen; if ((m->m_flags & M_EXT || m->m_len < igmpv3len) && (m = m_pullup(m, igmpv3len)) == NULL) { IGMPSTAT_INC(igps_rcv_tooshort); return; } igmpv3 = (struct igmpv3 *)(mtod(m, uint8_t *) + iphlen); if (igmp_input_v3_query(ifp, ip, igmpv3) != 0) { [...]
  • 38. Kernel - NetBSD - libprop - #1 common/lib/libprop/*: buf = malloc(pref->pref_len + 1, M_TEMP, M_WAITOK | M_CANFAIL); if (buf == NULL) return (ENOMEM); error = copyin(pref->pref_plist, buf, pref->pref_len); It’s not exploitable on x86/amd64, but may hurt sparc64.
  • 39. Kernel - NetBSD - libprop - #2 common/lib/libprop/*: #define _PROP_EOF(c) ((c) == ’0’) #define _PROP_ISSPACE(c) ((c) == ’ ’ || (c) == ’t’ || (c) == ’n’ || (c) == ’r’ || _PROP_EOF(c)) struct _prop_object_internalize_context * _prop_object_internalize_context_alloc(const char *xml) { [...] /* * Skip any whitespace and XML preamble stuff that we don’t * know about / care about. */ for (;;) { while (_PROP_ISSPACE(*xml)) xml++;
  • 41. CPU/HW Bugs in the CPUs Kris Kaspersky - Remote Code Execution Through Intel CPU Bugs - HITB 2009 Pentium F00F bug Pentiun FDIV bug Bugs in the processor’s microcode - XEON example: (...) Erratum AAK167/BT248: ”If a logical processor has EPT (Extended Page Tables) enabled, is using 32-bit PAE paging, and accesses the virtual-APIC page then a complex sequence of internal processor micro-architectural events may cause an incorrect address translation or machine check on either logical processor. (...) - http://lists.debian.org/debian-user/2013/09/msg00126.html Bugs in (random) devices (incl. its firmware) have you ever wondered what’s inside the firmware? Backdoors in devices Intel, NSA & RDRAND ... :)
  • 43. WARNING Dragons live here!For the moment I’ll talk about things that: I don’t understand relate to philosophy rather than thug life...
  • 44. Physics Have you ever heard about bugs in physics? What will happen if our openssh will run in space? Have we tested it in such environment? Are the physics’ laws consistent? What if somebody can remotely change CPU/memory state? Haha, I hope you didn’t believe that? Can we defend somehow? encoding correction (i.e. ECC) mirroring hardware OpenSSH will not suffer...But if we write a code to manage space robot, then it’s not funny anymore...
  • 46. ??? In God We Trust... Everything Else We Test... ...maybe some three letter agency can manipulate the physics’ laws... :)
  • 47. Fallen actors Protocols: ARP, IP, TCP, SSH, ... Algorithms: DH, RSA, DSA, EC, ...
  • 48. Fallen actors - protocols There are bugs in protocols: SSL - CRIME, BEAST... TCP - SMURF, SYN ... We can formally proof that there are no bugs in the protocol... ...but in order to do so we need a model which is usually simplification of reality ”the absence of proof is not the proof of absence”
  • 49. Forgotten elements - algorithms We can use math tools to verify that RSA does the job We can do it modulo some model Do you know that RSA relies on Factorization /∈ P Do you know that we don’t know if P = NP? Do you know that three letters agencies spent lots on money on breaking crypto? Finally, do you know that basing on ZF or ZFC we can’t be sure what we do? :) Assuming that we verified our algorithm, there’s still long road: we have to choose language (with formal semantics) code our algorithm in chosen language verify that we coded exactly what we meant (tests, formal proofs) having verified code we should recall the forgotten actor...
  • 50. Forgotten compiler Attentive listener recalls that: ”OpenSSH is written in C, but processor is fed with machine code...” How do we know that we do not introduce any bugs in compilation process? Finding and Understanding Bugs in C Compilers (http://www.cs.utah.edu/˜regehr/papers/pldi11-preprint.pdf): ”Compilers should be correct. To improve the quality of C compilers, we created Csmith, a randomized test-case generation tool, and spent three years using it to find compiler bugs. During this period we reported more than 325 previously unknown bugs to compiler developers. Every compiler we tested was found to crash and also to silently generate wrong code when presented with valid input. (...)”
  • 51. CompCert CompCert - verified compiler from C90 subset to PPC, ARM, x86 Verified = result code is 100% consistent with C90 semantics Useful when compiling critical code for embedded solutions Its translation process is INSANELY complex: Project’s homepage: http://compcert.inria.fr/
  • 52. Conclusions Trust in even the simplest piece of code implies belief in hidden assumptions which we usually don’t even realize We’re forced to believe that each ”layer” works well For some reason three letters agencies are spending millions on breaking things Crypto is working, washing machines do the job Some of the instances of OpenSSH which I run are reachable from the Internet, and usually I sleep well... Sometimes it’s good to turn on paranoia when thinking about our computers ”Better paranoid than sorry” - comment from the OpenSSH project Read the code or not be surprised We’ll never get rid of bugs in software :)
  • 53. Credits Large parts of this presentation were done in cooperation with Marek Kroemeke and Filip Palian, THANKS!
  • 55. Time for questions (and maybe answers) Q&A