Let me start by saying that Vegas Rules!!! And, I am currently up about $10,000. And I have this nice piece of land to sell you. Anyway, the first day of Black Hat was superb, as usual. It retains its title of the best security conference available, if you have to pick just one a year this should be it.
I plan on writing at least two more articles on the topics covered but wanted to get out quick summary today for you all. Here was my agenda for today
- Bad Sushi: Beating Phishers at their own game - Excellent session that went into detail on how phishers think, act, and make a profit. Nitesh Dhanjani and Billy Rios (the speakers) showed us how phishers create sites, share info and code, and basically are lazy. I will definitely be blogging on this subject in more detail in the coming days but the highlights were that Phishers are storing their stolen data (credit card numbers, SSNs, ATM cards with Pins, etc) on websites that they have hacked into or on sites like guestbooks. And even worse they are not protecting their stolen data at all from access. No passwords, no encryption, no hardening of the compromised server they are using to store this on, Nothing! This means that all one need do to find this info for themselves is reverse engineer a real phisher’s website, look at their php script, and find out where they are storing the data. Then simply go there and grab the stolen data. Anyone can find an active phishing site by visiting http://www.phishtank.com, a well known site that hosts info on known bad phishing sites, similar to a URL blacklist site.
To sell things like credit cards, they showed a site called vipdump where you can buy a stolen US credit card number for $20 each. Vipdump is just one of hundreds of such sites, all of which use some form of anonymous payment system like egold or WU. And in case you didn’t know phishers call their stolen account numbers “dumps”. So one card number is one dump. They went on to talk about skimmers, the phishing community network, code sharing, etc. But I’ll leave that for another blog.
- Leveraging the edge: Abusing SSLVPNs (Michael Zusman) – Michael started his talk by detailing how he was able to purchase a certificate from a major CA with a FQDN of an existing fortune 500 company’s website! How you ask is this possible, well when filling out the request form he simply checked the box that stated that the certificate was not going to be used on the internet and was for internal testing only. Luckily, Michael also stated that most CA’s rejected his requests. But it only takes one CA to spoil the party. What does this mean to you, well picture this:
A user has their DNS cache poisoned on their client so that the website (that correlates to the new shiny cert you have) points to a http proxy. During the live demo the proxy used was TSeep Proxy. Not the attacker is in the middle. User goes to the website in question, is proxied through TSeep who hands the user the shiny new cert you have. The users browser looks at the cert and because the FQDN and other fields are perfect and the CA is trusted it never pops up anything, proudly presents the lock icon on the bottom of the page, and is fat, dumb, and happy. So now the MITM proxy forwards all the requests to the real website and back again to the user. Walla!!! The attacker sees everything the user sends or receives from the real website in the clear and neither the client nor the real server have any idea. Scary!
The rest of the talk was about ActiveX vulnerabilities that can be exploited on the sslvpn client side of the house. An live exploit was demoed using a non-cisco sslvpn vendor during the session. The Vendor in question has recently posted a patch for it. So more to come on that topic too, mostly because I have to figure out how Cisco’s SSLVPN protects against these attack vectors and get back to you on it.
Well, I am short on time and will have to post later about the other sessions I attended. But real quick here are their titles: The four horsemen of the virtualization security apocalypse, and Malware detection through network flow analysis.
This blog is my own opinion and not that of my employeer
The Leader in Network Knowledge
walla!
A decent article is ruined once more with this collegiate corruption of an awesome word - voila.
automated reply
All spelling complaints and comments from my previous English teachers should be sent to . You should expect a reply to your inquiry promptly.
wow
You're so clever, you're not an ******** at all
And you're so clever,
And you're so clever, critiquing a single word in an article over the internet. Closed-minded dolt.
Yeah, but...
I kind of agree. People really should learn how to spell properly. It doesn't take much time and, if you're going to be publishing articles online that tout your expertise in a given field, you really should follow the standards of a formally-submitted paper that would do the same.
I enjoyed this article very much, and I'm looking forward to the full content.
Hahaha, idiots. Is he
Hahaha, idiots.
Is he posting up about how he is good at English?
He is summarizing information from a conference.
If you honestly care that much about grammar, GET OFF THE F'ING INTERWEB! Thats right, I said it, I called it interweb, critique that.
What gives you the right to go on a person's blog and complain about grammar?
If grammar is that important to you, then stop trolling tech articles and start trolling literature and grammar articles you tool.
Besides, viola is not an English word. You want to critique his use of English, well that is not even English, so who cares.
Shut up and enjoy the article, or else stop just purposefully trolling and discreditting yourself as a troller.
Using walla instead of voila does not discredit this article, as this article is a breif summary of information from a conference he went to.
Troll somewhere else where somebody cares noob!
you've got a kwel english
you've got a kwel english teacher :P
I was going to comment about
I was going to comment about Walla-- something like "what's half a Washington city have to do with this"? At least you didn't write "viola". That misspelling really annoys me.
You infidel!
If you had the time to take out your head out of your .... you would have found out that walla is a legitimate word in arabic and in hebrew (though it's slang in hebrew).
Walla is roughly the equivalent of voila, even though it is used more of a mental thing. For example, when I explain something to someone, he may say "walla".
I assume that people dealing with computer security has some interaction with Israelis, who tend to say "walla" once in a while.
geez.
"Walla is roughly the
"Walla is roughly the equivalent of voila"
Nope - try again. Oh and the French word is "voilà".