Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What has Fallen

From: John Strand <john () blackhillsinfosec com>
Date: Tue, 14 Mar 2017 11:34:08 -0600
Ok..  Lets step back even further.

At the root of all of this is the issue that old software never goes away.
Every year we add more software.  Very rarely do we remove old software.

It is like a giant snowball of crap.  Every year it only gets bigger.




On Tue, Mar 14, 2017 at 10:04 AM, Dave Aitel <dave.aitel () gmail com> wrote:


No matter how "strategic" everyone says they are in our community, or in
the NatSec policy community adjacent to it, people have the localized
perspectives of a gecko, endlessly chasing moth after useless moth
attracted to the laundry-room-light of Fail that is the software
development world.

If you're going to look even a tiny tiny bit into the future, you have to
step back and say "This entire class of software is broken and we need
another way." Put another way: If you have a small team of vulnerability
researchers, what technology quadrants would you put them on, so in a
couple years, you would be unstoppable.

INFILTRATE is one way to view this, if you have the right eyes.

People are well aware that every Java middleware is broken - Tomcat's
latest Strut's issue is no surprise to people following along. But so are
all the things similar to it: DCOM, for example. This is compounded by the overall
destruction of the entire Active Directory security model
<https://github.com/BloodHoundAD/BloodHound>.

Some other bug classes that are being actively exploited in modern and
interesting ways:

   - Timing attacks
   - MITM - especially non-traditional versions of this
   - State machine attacks (f.e. 1 <https://mitls.org/pages/attacks/SMACK>,
   2
   <http://2015.hackitoergosum.org/slides/HES2015-10-29%20Cracking%20Sendmail%20crackaddr.pdf>
   )
   - Hardware flaw excitement (RowHammer, cache timing attacks, etc.)
   - Cloud-computer attacks
   - Cryptographic-protocol attacks
   - Binary Remoting Protocols (DCOM, JavaRMI, etc.)
   - People forgetting we are in a 64 bit world now and can send large
   amounts of data
   - Hypervisor escapes because those things are just Kernels
   - Modern heap overflows
   - Attacking that fancy security infrastructure you just installed
   (SIEMs, Breach Detection, etc.)
   - DoS attacks

"WTF are you talking about?" I hear people asking. What I'm saying is
"Name a binary remoting protocol popular in 2007 that hasn't been analysed
yet, and it's going to have massive security issues if you have a year of
resources to pour into it.".

-dave




_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave



_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: