«
Expand/Collapse
31 items tagged "side"
Related tags:
black hat [+],
usa [+],
nathan mcfeters [+],
timing [+],
server [+],
sebastian schinzel [+],
rob carter tags [+],
rob carter [+],
phpmyadmin [+],
penetration testers [+],
networked environments [+],
john heasman [+],
chaos communication congress [+],
channel [+],
whitepaper [+],
video [+],
stephen de vries [+],
slides [+],
server side xml [+],
server side [+],
posix [+],
penetration [+],
pdf [+],
linux kernel versions [+],
jonathan levin [+],
jonathan [+],
java client server [+],
java [+],
hacks [+],
dark [+],
cookie [+],
client server applications [+],
client server application [+],
capabilities [+],
audio [+],
attacking [+],
asia [+],
BackTrack [+],
zywall [+],
wireless radios [+],
web interface [+],
web apps [+],
vulnerability [+],
trojan horses [+],
trojan attacks [+],
trojan [+],
threats [+],
thread [+],
testing [+],
syhunt [+],
sql injection [+],
spectrum analyzer [+],
software hacks [+],
snuggle [+],
smb client [+],
smb [+],
simpel [+],
servo motors [+],
remediation efforts [+],
professional penetration [+],
pir sensors [+],
paul klemstine [+],
paul [+],
partition [+],
one at home [+],
news [+],
max caceres [+],
mail clients [+],
mac side [+],
mac [+],
katie [+],
internet [+],
index [+],
im me [+],
homemade [+],
hardware hacks [+],
google [+],
games [+],
electric chair [+],
device [+],
darker side [+],
commercial realities [+],
chair [+],
caceres [+],
bugtraq [+],
bug [+],
australia [+],
arduino [+],
andrew castle [+],
Wireless [+],
Support [+],
General [+],
client [+]
-
-
![Permalink for '[Video] Time is on my Side'](/themes/lilina/web//media/mark_off.gif)
22:30
»
SecDocs
Authors:
Sebastian Schinzel Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing, although they allow attackers to breach the confidentiality of sensitive information. The reason for this is, that timing attacks are still widely considered to be theoretical. In this talk, I present a toolkit for performing practical timing side channel attacks and showcase several timing attacks against real-world systems. Timing side channels are vulnerabilities in software applications that leak sensitive information about secret values such as cryptographic keys. They differ from common intrusive vulnerabilities such as Buffer Overflows or SQL-Injection because the attacker sends normally looking requests to the server and infers secret information just from the time it took to process the request. In academia, timing side channel attacks are well researched, especially against cryptographic hardware, but in day-to-day penetration testing, they are still widely ignored. One reason for this is that the timing differences are often small compared to the jitter introduced in networked environments. This makes practical timing side channel attacks challenging, because the actual timing differences blend with the jitter. In this talk, I will present methods and tools to accurately measure response times despite the jitter in networked environments. I will introduce a programming library that enables penetration testers to measure accurate response times of requests send over networks. Furthermore, I will describe algorithms and statistical filters to reduce the jitter from measurements. For this, I will introduce a reporting tool that takes a dataset with network measurements as input, automatically applies the algorithms and filters, and produces a report with the results. This report enables even novice penetration testers to analyze a response time dataset for timing side channel vulnerabilities. In the end, I will show that timing side channels are practical by showing several attacks. First, I show how to determine if a given user name is an administrative user in a productive installation of the popular CMS Typo3. Second, I show how to determine how many pictures are hidden in a private album of an online gallery. Third, I show how to perform an adaptive chosen cipher text attack against implementations of the XML Encryption standard. This attack allows to decrypt any Web Service message whose body was encrypted using XML Encryption only by measuring the response time of the Web Service.
-
22:30
»
SecDocs
Authors:
Sebastian Schinzel Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing, although they allow attackers to breach the confidentiality of sensitive information. The reason for this is, that timing attacks are still widely considered to be theoretical. In this talk, I present a toolkit for performing practical timing side channel attacks and showcase several timing attacks against real-world systems. Timing side channels are vulnerabilities in software applications that leak sensitive information about secret values such as cryptographic keys. They differ from common intrusive vulnerabilities such as Buffer Overflows or SQL-Injection because the attacker sends normally looking requests to the server and infers secret information just from the time it took to process the request. In academia, timing side channel attacks are well researched, especially against cryptographic hardware, but in day-to-day penetration testing, they are still widely ignored. One reason for this is that the timing differences are often small compared to the jitter introduced in networked environments. This makes practical timing side channel attacks challenging, because the actual timing differences blend with the jitter. In this talk, I will present methods and tools to accurately measure response times despite the jitter in networked environments. I will introduce a programming library that enables penetration testers to measure accurate response times of requests send over networks. Furthermore, I will describe algorithms and statistical filters to reduce the jitter from measurements. For this, I will introduce a reporting tool that takes a dataset with network measurements as input, automatically applies the algorithms and filters, and produces a report with the results. This report enables even novice penetration testers to analyze a response time dataset for timing side channel vulnerabilities. In the end, I will show that timing side channels are practical by showing several attacks. First, I show how to determine if a given user name is an administrative user in a productive installation of the popular CMS Typo3. Second, I show how to determine how many pictures are hidden in a private album of an online gallery. Third, I show how to perform an adaptive chosen cipher text attack against implementations of the XML Encryption standard. This attack allows to decrypt any Web Service message whose body was encrypted using XML Encryption only by measuring the response time of the Web Service.
-
-
22:40
»
SecDocs
Authors:
Sebastian Schinzel Tags:
vulnerability Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Timing side channel attacks are non-intrusive attacks that are still widely ignored in day-to-day penetration testing, although they allow attackers to breach the confidentiality of sensitive information. The reason for this is, that timing attacks are still widely considered to be theoretical. In this talk, I present a toolkit for performing practical timing side channel attacks and showcase several timing attacks against real-world systems. Timing side channels are vulnerabilities in software applications that leak sensitive information about secret values such as cryptographic keys. They differ from common intrusive vulnerabilities such as Buffer Overflows or SQL-Injection because the attacker sends normally looking requests to the server and infers secret information just from the time it took to process the request. In academia, timing side channel attacks are well researched, especially against cryptographic hardware, but in day-to-day penetration testing, they are still widely ignored. One reason for this is that the timing differences are often small compared to the jitter introduced in networked environments. This makes practical timing side channel attacks challenging, because the actual timing differences blend with the jitter. In this talk, I will present methods and tools to accurately measure response times despite the jitter in networked environments. I will introduce a programming library that enables penetration testers to measure accurate response times of requests send over networks. Furthermore, I will describe algorithms and statistical filters to reduce the jitter from measurements. For this, I will introduce a reporting tool that takes a dataset with network measurements as input, automatically applies the algorithms and filters, and produces a report with the results. This report enables even novice penetration testers to analyze a response time dataset for timing side channel vulnerabilities. In the end, I will show that timing side channels are practical by showing several attacks. First, I show how to determine if a given user name is an administrative user in a productive installation of the popular CMS Typo3. Second, I show how to determine how many pictures are hidden in a private album of an online gallery. Third, I show how to perform an adaptive chosen cipher text attack against implementations of the XML Encryption standard. This attack allows to decrypt any Web Service message whose body was encrypted using XML Encryption only by measuring the response time of the Web Service.
-
-
21:46
»
SecDocs
-
21:46
»
SecDocs
-
-
21:58
»
SecDocs
-
21:58
»
SecDocs
-
-
21:33
»
SecDocs
-
-
12:53
»
SecDocs
Authors:
Stephen de Vries Tags:
Java Event:
Black Hat USA 2010 Abstract: The presentation will demonstrate a complete analysis and compromise of a Java client-server application using entirely open source tools. Performing penetration testing on Java clients, both applications and applets is often problematic because the data transport (typically RMI) is difficult to manipulate in a meaningful way and complex applications require more refined techniques than direct byte code manipulation. Java development approaches and tools have been steadily improving and many of these new paradigms and tools can be used to fully decompose and manipulate client side Java without resorting to decompiling the binary. Due to the high level nature of developer tools, it is very easy for developers to misplace trust in client-server applications and erroneously or deliberately include security controls on the client instead of on the server side. By using testing and profiling tools and aspect oriented programming, it is possible to build a clear picture of the application's logic flow and to identify private objects that should not ordinarily be editable by the user. Injecting an interactive console into the running application allows you to change these objects at will and to call any methods on the client side, thereby bypassing client side security controls.
-
12:53
»
SecDocs
Authors:
Stephen de Vries Tags:
Java Event:
Black Hat USA 2010 Abstract: The presentation will demonstrate a complete analysis and compromise of a Java client-server application using entirely open source tools. Performing penetration testing on Java clients, both applications and applets is often problematic because the data transport (typically RMI) is difficult to manipulate in a meaningful way and complex applications require more refined techniques than direct byte code manipulation. Java development approaches and tools have been steadily improving and many of these new paradigms and tools can be used to fully decompose and manipulate client side Java without resorting to decompiling the binary. Due to the high level nature of developer tools, it is very easy for developers to misplace trust in client-server applications and erroneously or deliberately include security controls on the client instead of on the server side. By using testing and profiling tools and aspect oriented programming, it is possible to build a clear picture of the application's logic flow and to identify private objects that should not ordinarily be editable by the user. Injecting an interactive console into the running application allows you to change these objects at will and to call any methods on the client side, thereby bypassing client side security controls.
-
-
13:00
»
Hack a Day
Here is an example of what happens when someone is tempted to use their hacking skills for evil. Hopefully it goes without saying, but do NOT try this one at home. When his wife asked for a divorce [Andrew Castle] obviously did not like the idea so got busy building himself a DIY electric chair, [...]
-
-
7:44
»
Packet Storm Security Recent Files
Whitepaper called Client-Side Threats - Anatomy of Reverse Trojan Attacks. Client-side vulnerabilities are among the biggest threats facing users. Attackers are going after weaknesses in desktop applications such as browsers, media players, common office applications and e-mail clients to install malicious software, often Trojan horses and rootkits. This document explains in detail these threats while how to prevent them.
-
-
15:01
»
Hack a Day
Not all hacks need to be made up of servo motors, wireless radios, and PIR sensors. Sometimes hacking has a softer side, of which [Katie] reminds us with her latest creation. Her LED quilt incorporates 64 hand-sewn LEDs, all of which were painstakingly attached with conductive thread. The same thread was used in a sewing [...]
-
-
21:25
»
SecDocs
Authors:
Jarrod Loidl Tags:
penetration testing client side Event:
Ruxcon 2010 Abstract: This presentation aims to explain why security consultancies are losing the war in providing meaningful value to clients in Australia and what the security industry must do to affect positive change. Conversely, this talk will also cater to potential clients who wish to commission penetration tests what they need to do in order to gain the greatest value from them by creating an environment that is accepting of the problems and a willingness to properly remediate findings. This talk is not intended to pinpoint blame but rather provide an industry update with some context. While the conclusions can be debated, the evidence presented will be irrefutable that changes are needed. This presentation will be delivered by someone who has walked both sides of the fence - the client's side having hired multiple professional penetration testing teams and driven remediation efforts, to the consulting side and seeing the commercial realities facing consultancies and the pain experienced by multiple clients.
-
13:58
»
Packet Storm Security Misc. Files
phpMyAdmin suffers from client side code injection and redirect link falsification vulnerabilities.
-
-
20:01
»
Packet Storm Security Misc. Files
Whitepaper called Exploiting Capabilities - Parcel Root Power, The Dark Side Of Capabilities. It dives into the dangers linked to POSIX file capabilities supported in Linux kernel versions greater than 2.6.26.
-
20:01
»
Packet Storm Security Recent Files
Whitepaper called Exploiting Capabilities - Parcel Root Power, The Dark Side Of Capabilities. It dives into the dangers linked to POSIX file capabilities supported in Linux kernel versions greater than 2.6.26.
-
-
9:30
»
Hack a Day
[Paul Klemstine] is working on some PC-side software hacks for the IM-ME. We’ve seen a lot of hardware hacks for this device, such as controlling the display, firmware flashing, and using it as a spectrum analyzer, but if you don’t want to alter the device right away you can try [Paul's] collection of hacks. Working [...]
-
-
15:19
»
remote-exploit & backtrack
I recently installed BackTrack 4 on my macbook pro. While the installation for backtrack completed successfully, the mac side had an error. When partitioning the hard drive, I made the BackTrack 4 the root and left the mac side of the hard drive to the default that it had been set at. After installing BackTrack the mac side of the computer was not seen. When looking at the partition in BackTrack I saw that the mac side was not recognizable. I do not think the partition was wiped clean, but at the same time, I have no idea how to get it back and running. Any help is greatly appreciated!
