I’m in London right now for EUSecWest, and I thought I’d ask a few people who are making presentations here this week a few questions about what they’re doing. Some of their answers are quite interesting.
Sebastian Muñiz on Da IOS Rootkit – This is getting a lot of attention. I don’t know why people freak out so much about this kind of thing. He knows the right places to hook, and pretty soon everyone else will too.
Justin Ferguson on exploiting Perl and Python runtimes – Really interesting. The upshot is that it’s possible to write scripts that exploit bugs in the script interpreter itself. Generally people believe that you’re safe from this sort of thing. In addition to pretty much every shared hosting provider that allows customers to upload CGI scripts, one of the most high profile companies in the world is also: Google. They have a new thing called AppEngine where you can create your own web applications in Python. Obviously you’re not supposed to be able to interact directly with their underlying servers… but judging from what Ferguson says Enforcing that is going to require them to find all the bugs in Python. That’s hard. Though he hasn’t looked at WPF yet, I saw Shane Macaulay blue screen Windows Vista through managed C# code at Bluehat last summer while trying to demo some software during his presentation. So not only is corruption of the heap and stack metadata data possible, but the kernel can be manipulated too… at least on Windows.
Collin Mulliner on Near Field Communication – Ever seen those rechargeable cards that store money? They’re putting them in phones now. And it’s based on RFID. Yeah.
Alexander Klink on SSL/X.509 vulnerabilities – There are some problems with the way clients handle certificates in some cases. It’s possible to track users this way. I suspect this will not be a big long term problem, as much of it has already been fixed.
Alberto Revelli on obtaining GUI access with SQL injection bugs – Most databases have some way for you to run arbitrary code through SQL statements. Find out how to do it
Saumil Shah on IE and Firefox exploits – Saumil makes an interesting point. Browser exploits do not need to be reliable to be effective. The next generation of malware distribution networks are going to keep trying different exploits until one works. Anti-virus he says, is useless for defending against these attacks.
Lots of interesting stuff going on here.
better living through technology 