Bleeding Hearts
The Internet is ablaze with talk of the “heartbleed” OpenSSL vulnerability disclosed yesterday (April 7, 2014) here: https://www.openssl.org/news/secadv_20140407.txt While the bug itself is a simple “missing bounds check,” it affects quite a number of high-volume, big business websites. Make no mistake, this bug is BAD. It’s sort of a perfect storm: the bug is in a library used to encrypt sensitive data (OpenSSL), and it allows attackers a peak into a server’s memory, potentially revealing that same sensitive data in the clear. Initially, it was reported…
The password is irrelevant
This story begins with a few merry and good hearted tweets from S4x13. These tweets in fact: Notice the shared conviviality, and the jolly manner in which this discussion of vulnerabilities occurs. It is with this same lightness in my heart that I thought I would explore the mysterious world of the. So I waxed my moustache, rolled up my sleeves, and began to use the arcane powers of Quality Assurance. Ok, how would an attacker who…
A Short Tale About executable_stack in elf_read_implies_exec() in the Linux Kernel
This is a short and basic analysis I did when I was uncertain about code execution in the data memory segment. Later on, I describe what’s happening in the kernel side as well as what seems to be a small logic bug. I’m not a kernel hacker/developer/ninja; I’m just a Linux user trying to figure out the reason of this behavior by looking in key places such as the ELF loader and other related functions. So, if you see any mistakes or you realize that I approached this in a…
Car Hacking: The Content
Hi Everyone, As promised, Charlie and I are releasing all of our tools and data, along with our white paper. We hope that these items will help others get involved in automotive security research. The paper is pretty refined but the tools are a snapshot of what we had. There are probably some things that are deprecated or do not work, but things like ECOMCat and ecomcat_api should really be all you need to start with your projects. Thanks again for all the support! Content: http://illmatics.com/content.zip Paper:…
DefCon 21 Preview
Hi Internet! You may have heard that Charlie Miller (@0xcharlie) and I (@nudehaberdasher) will present a car hacking presentation at DefCon 21 on Friday, August 2 at 10:00am. “Adventures in Automotive Networks and Control Units” (Track 3) (https://www.defcon.org/html/defcon-21/dc-21-schedule.html) I wanted to put up a blog explaining what exactly we’ll be talking about in a bit more detail than was provided in the abstract. Our abstract was purposefully vague because we weren’t really sure what we were going to release at the time of submission, but obviously have…
IOAsis at RSA 2013
RSA has grown significantly in the 10 years I’ve been attending, and this year’s edition looks to be another great event. With many great talks and networking events, tradeshows can be a whirlwind of quick hellos, forgotten names, and aching feet. For years I would return home from RSA feeling as if I hadn’t sat down in a week and lamenting all the conversations I started but never had the chance to finish. So a few years ago during my annual pre-RSA Vitamin D-boosting trip to a warm beach an…
2012 Vulnerability Disclosure Retrospective
Vulnerabilities, the bugbear of system administrators and security analysts alike, keep on piling up – ruining Friday nights and weekends around the world as those tasked with fixing them work against ever shortening patch deadlines. In recent years the burden of patching vulnerable software may have felt to be lessening; and it was, if you were to go by the annual number of vulnerabilities publicly disclosed. However, if you thought 2012 was a little more intense than the previous half-decade, you’ll…
You cannot trust social media to keep your private data safe: Story of a Twitter vulnerability
I‘m always worried about the private information I have online. Maybe this is because I have been hacking for a long time, and I know everything can be hacked. This makes me a bit paranoid. I have never trusted web sites to keep my private information safe, and nowadays it is impossible to not have private information published on the web, such as a social media web site. Sooner or later you could get hacked, this is a fact. Currently, many web and mobile applications give users the option…
Offensive Defense
I presented before the holiday break at Seattle B-Sides on a topic I called “Offensive Defense.” This blog will summarize the talk. I feel it’s relevant to share due to the recent discussions on desktop antivirus software (AV) What is Offensive Defense? The basic premise of the talk is that a good defense is a “smart” layered defense. My “Offensive Defense” presentation title might be interpreted as fighting back against your adversaries much like the Sexy Defense talk my co-worker Ian Amit has been presenting. My view of…
The Future of Automated Malware Generation
This year I gave a series of presentations on “The Future of Automated Malware Generation”. This past week the presentation finished its final debut in Tokyo on the 10th anniversary of PacSec. Hopefully you were able to attend one of the following conferences where it was presented: IOAsis (Las Vegas, USA) SOURCE (Seattle, USA) EkoParty (Buenos Aires, Argentina) PacSec (Tokyo, Japan) The Future of Automated Malware Generation from
