我现在已经参加了Las Vegas的黑帽安全会议,多年了。它是迄今为止每年最好的安全活动,今年也不例外。每年似乎对我来说都是这样的:我参加会议并接受了在数字世界中发生的所有新攻击向量,开发和普遍存在的宣传和普遍存在。我回家害怕我的数字影子。全年我注意到要关闭我们听到的洞的所有工作。我开始对数字世界的命运感觉更好;事情正在好转!我参加了未来几年黑帽会议。我了解新的数字阿姆齐森。我又害怕了。 Rinse and repeat. I am convinced I'm part of some sick psych experiment. Why do I go you ask? Well, I guess it is like going to a NASCAR event. You go for the thrills and the crashes! Here is a brief glimpse of the messages that were delivered by the various researchers speaking at Black Hat this year. This is my attempt to try and distill a one hour presentation to a one sentence take away. I highly recommend that you don't take these at face value, they are meant to raise awareness for further study. I recommend you explore the research further so you have all of the facts and the complete picture. (Some of these have already been fixed, Phew): -The certificate authority system that is so critical to HTTPS/SSL secure website encryption is fatally flawed, has been hacked several times already where certificates were stolen and is generally in need of a major overhaul to fix the lack of true authenticity it is providing today. Authenticity is the thing that keeps us safe from SSL man-in-the-middle attacks. A very cool firefox plug-in that might help this issue was released called convergence by convergence.io. Definitely check it out and the paper on this whole issue called perspective. -MAC OSX 10.7 is a must upgrade for those that take security seriously. Many critical improvements, upgrade now. Lion supports new application sandboxing, XPC for intra-application privilege separation, ASLR improvements and 64bit support, etc. - Great analysis done of how MAC OSX holds up to Advanced Persistent Threats (ATP) attack. In a nutshell, it is way better than XP but in a dead heat with Win7. -MAC OSX Server has major security issues and is way less secure than Win2008R2. Researcher suggested that OSX Server security is so poor as to not be deployable. -A researcher showed an exploit against Apple's new smart batteries used in it MacBook Pro line. The researcher showed how you could hack the battery so it would stop accepting a charge or better yet overheats and catches fire or explodes. -Do not use Apple's Bonjour file sharing/network discovery protocol on an untrusted network. It has major security weaknesses such as no authentication, mDNS spoofing, no user interaction required, etc. -Study was done that shows MAC users aren't as paranoid as Windows users about security. Thus the conclusion was they would be more susceptible to social engineering type attacks like Phishing. -Researcher found that on several consumer Internet router/firewall products when UPNP was enabled (usually on by default) it worked on both the inside and OUTSIDE interfaces. That would mean that anyone on the Internet would be able to send your router a UPNP message to reconfigure the security settings of your device to let them in. Of course, disabling UPNP has been a best practice for a long time but I know most don't have any idea. -Researcher developed a cool tool called nooter and rotonooter that shows if your ISP is bandwidth or rate limiting you, certain websites or certain protocols/services. -The basic security architecture of iOS is very well done. Lots of complex steps needed to fully compromise a device. Mandatory iOS code signing is enforced at run-time making it very secure. iOS app sandboxing fairly well done but some issues with allowing apps access to over 141 local RPC servers in the OS. iOS 4.3 now includes ASLR for all built-in apps or apps that have been compiled with ASLR PIE. App devs out there please compile your application using PIE; please. Unfortunately vast majority don't. Biggest threat is using browsers embedded in applications. Use the native safari browser instead. -Apple iOS turns on encryption as soon as you enable a passcode on your device. The complete file system is encrypted. However, as was previously known a simple jailbreak of the phone allows the attacker to decrypt all data. However, in iOS 4.x Apple released data protection. This feature encrypts a subset of the file system using your passcode as the key and not the normal encryption key. This means that even if they jailbreak your iPhone they would still need your passcode to unlock any folders or files protected by data protection. Unfortunately, that protection is extremely limited today. Only mail, attachments, profile passwords like active-sync IDs, and apps that ask for data protection through the API have it. -Clever new spear phishing attack using google alerts was disclosed. This is an APT type attack where you are targeting a person or entity. It works very simply. Many executives, their staff or their marketing department use the Google alerts service to track any and all new web postings that match stuff about them or their company. Basically, it is a tool so folks can be alerted when others are talking about them in articles, blogs, etc. The idea of the spear phish is to setup a drive by download infected website and post an article about the target person or entity on your website. The person will receive a google alert message with your website link in it. The user clicks on the link to see what new press they have received on the web. The malware infected site then compromises their browser and PC. Voila, you now have a foothold into your targets internal network. You can find the archives of the talks given this year about 6 months from now at https://www.blackhat.com/html/archives.html Until then you will have to try and track down the research using google. Sorry I can't provide you more than that. But I can answer any questions you might have if you post them here.
这里提供的意见和信息是我个人的观点,而不是我的雇主。我绝不是我雇主的官方发言人。
Jamey Heary报道。 信用卡撇击:没有你知道它的盗贼如何窃取您的卡信息 Google Nexus vs.poip 10手机安全要求 为什么你应该总是粉碎你的登机牌 视频租赁记录提供比您的在线数据更多的隐私保护 关于新SSL攻击的真相 2009年IT安全/ A>中的顶级城市传说去 Jamey的博客 更多关于安全的文章。*
*
*
*
*
*