Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Count Zero

From: Richard Miles <richard.k.miles () googlemail com>
Date: Fri, 9 Apr 2010 07:32:20 -0500
Hello Dave.

You told that lots of web applications can be owned via a known-plaintext
attack +
hash collision to recover the host key, but it's going to take a lot
more time than a basic SQL injection. What host key are you talking about?

Thank you

On Sun, Apr 4, 2010 at 1:49 PM, Dave Aitel <dave.aitel () gmail com> wrote:


   "The kind of software someone like you would rent from Two-a-Day,
that's nothin'. I mean, it'll work, but it's nothing anybody heavy
would ever bother with. You've seen a lot of cowboy kinos, right?
Well, the stuff they make up for those things isn't much, compared
with the kind of shit a real heavy operator can front. Particularly
when it comes to icebreakers. Heavy icebreakers are funny to deal in,
even for the big boys. You know why? Because ice, all the really hard
stuff, the walls around every major store of data in the matrix, is
always the produce of an AI, an artificial intelligence. Nothing else
is fast enough to weave good ice and constantly alter and upgrade it.
So when a really powerful icebreaker shows up on the black market,
there are already a couple of very dicey factors in play. Like, for
starts, where did the product come from? Nine times out of ten, it
came from an AI, and the AIs are constantly screened, mainly by the
Turing people, to make sure they don't get too smart. So maybe you'll
get the Turing machine after your ass, because maybe an AI somewhere
wants to augment its private cash flow. Some AIs have citizenship,
right? Another thing you have to watch out for, maybe it's a military
icebreaker, and that's bad heat, too, or maybe it's taken a walk out
of some zaibatsu's industrial espionage arm, and you don't want that
either. You takin' this shit in, Bobby?"

   Bobby nodded. He felt like he'd been waiting all his life to hear
Beauvoir explain the workings of a world whose existence he'd only
guessed at before.
— Count Zero by William Gibson.


Here's something you may have learned about exploits recently: They
usually take a long time to run.

Lots of web applications can be owned via a known-plaintext attack +
hash collision to recover the host key, but it's going to take a lot
more time than a basic SQL injection and so most teams aren't even
going to bother looking. I went downstairs for a demo from Sean the
other day, and he's like "This is going to take a while to run - like
six minutes or something" and the only answer is of course, "If it
gets me in reliably , I don't care if it takes all day. Enhancing time
on target is the operator team's problem. They can go re-read
MidnightSun.pdf[1] while it runs in the background. " As Halvar would
put it "server side attacks are a myth now, publicly".

And here's where the hilarity starts. Because a 24 hour runtime attack
does not "scale" well. It's not something you can "automate" against a
class B network.

William Gibson is on Twitter BTW. How cool is that? Pattern
Recognition and Spook Country are great books.

-dave
[1] http://www.stepheniemeyer.com/midnightsun.html
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: