Windows User Group - PowerPoint PPT Presentation

1 / 16

About This Presentation

Title:

Windows User Group

Description:

Number of Views:65

Avg rating:3.0/5.0

Slides: 17

Provided by: peterber

Learn more at: http://www.windowsusers.org

Category:

Tags: group | hacks | user | windows

Transcript and Presenter's Notes

Title: Windows User Group

1
Windows User Group

2
Todays Round Up Topics

The Vista and DNS exploits vulnerabilities
presented
The CVORG presentation regarding Linksys wireless
router hardware Trojans
A brief look at hacks that involve both the
Emergency Broadcast System and Pagers
Review of the Metro Card hack that has created so
much controversy and was just on CNN
And a few other things briefly that were
noteworthy
A short overview of the talk that I gave about
Open Source Warfare (as used by insurgents in
Iraq and Afghanistan).

3
What are Defcon Black Hat

4
Using a browser to evade Vistas Security

Who Mark Dowd, Alexander Sotirov
What evade Vista protections such as Address
Space Layout Randomization (ASLR), Data Execution
Prevention (DEP)
How by using Java, ActiveX controls and .NET
objects to load arbitrary content into Web
browsers
http//searchsecurity.techtarget.com/news/article/
0,289142,sid14_gci1324395,00.html

5
Using a browser to evade Vistas Security

How
defenses that Microsoft added to Vista are
designed to stop host-based attacks. ASLR, for
example, is meant to prevent attackers from
predicting target memory addresses by randomly
moving things such as a process's stack, heap and
libraries. That technique is useful against
memory-corruption attacks, But in Dowds case
these protections dont work
memory protection mechanisms available in the
latest versions of Windows are not always
effective when it comes to preventing the
exploitation of memory corruption vulnerabilities
in browsers.
Two factors contribute to this problem the
degree to which the browser state is controlled
by the attacker and the extensible plugin
architecture of modern browsers Dennis Fisher,
Executive Editor SearchSecurity.com

6
DNS Exploit

Who Michael Zusman
What Abusing SSLVPNs purchase a certificate
from a major CA with a FQDN (fully qualified
domain name ) of an existing fortune 500
companys website
How in simply filling out the request form he
checking the box that says the certificate is not
going to be used on the internet and is for
internal testing only
And then keep doing it until you find a CA that
agrees
Jamey Heary Cisco Security Expert
http//www.networkworld.com/community/node/30822

7
DNS Exploit

What happens The user has their DNS cache
poisoned on their client so that the website
(that contains the cert pointer and actual cert)
points to a http proxy
This means that the attacker will then sit in
the middle of any communications between the
user and the real proxied website
The cert is queried and qualified as legit
Your communications though arent
Risk level moderate
Anything you can do about it? No

8
CVORG Hardware Trojans

Who Kiamilev, Hoover
How In an electronic Trojan attack, extra
circuitry is illicitly added to hardware during
its manufacture.
What the hardware Trojan performs an illicit
action such as leaking secret information,
allowing attackers clandestine access or control,
or disabling or reducing functionality of the
device. The growing use of programmable hardware
devices (such as FPGAs) coupled with the
increasing push to manufacture most electronic
devices overseas means that our hardware is
increasingly vulnerable to a Trojan attack from
potential enemies.
Note these are thermal, optical and radio
resultant trojans
http//www.defcon.org/html/defcon-16/dc-16-speaker
s.htmlKiamilev
Related Autoimmunity disorder in Wireless LAN
http//www.networkworld.com/community/node/30842

9
The Subway Ticket Hack

10
The Subway Ticket Hack

11
Commission on Cyber Security for the 44th
Presidency

Do you ever get the feeling youre being lied to?
Done by the CSIS
In a related note the Air Force has cut off
funding for their own cyberwar efforts and will
decide within the next 12 weeks whether to
continue operations or not

12
EMS Pagers

DCFluX Krick EAS (Emergency Alert System)
NYCMIKE
activity of FLEX (1600/3200 level 2, 3200/6400
level 4) and POCSAG (512, 1200, 2400) , how to
decode, how to set up a listening post, Decoding
digital data with a soundcard

13
Some other great topics

Bristow ModScan A SCADA MODBUS Network Scanner
Multiple TOR presentations
Bello Bertacchini Predictable RNG in the
Vulnerable Debian OpenSSL Package
Brossard Bypassing pre-boot authentication
passwords
Major related note? work done on password
retention through supercooling of RAM companents
vs. Trusted Computing

14
Some other great topics

Moulton Solid State Drives Destroy Forensic
Data Recovery
Data on a Solid State Device is virtualized and
the Physical Sector that you are asking for is
not actually the sector it was 5 minutes ago. The
data moves around using wear leveling schemes
controlled by the drive using propriety methods.
When you ask for Sector 125, its physical address
block is converted to an LBA block and every 5
write cycles the data is moved to a new and empty
previously erased block. This destroys metadata
used in forensics data recovery. File Slack
Space disappears, you can no longer be sure that
the exact physical sector you are recovering was
in the same location or has not been moved or
find out what it used to be!
Another great presentation was about hacking
Installed medical devices such as pacemakers

15
Open Source Warfare