July 22, 2005 - Insecure Countermeasures
by Jeff Moss
Some of the latest “solutions” to common security problems are proving to hurt as much as they help, if you blindly trust them. The consequences of this blind trust are the focus of this BlackPage. In this issue, we take a look at two countermeasures that could work against you. David Maynor shares his findings on the ineffectiveness of highly regarded buffer overflow solution implemented in the latest “secure” CPUs. Alex Wheeler, Mr. Anti-Anti-Anti Virus, focuses on the world’s largest mandated security countermeasure revealing that an A/V client could be your biggest hole.
by David Maynor posted July 22, 2005
Buffer overflow protection has always interested me and when I first discovered NX I was worried it could signal the end of the security community. After spending several weeks tearing it apart I discovered I had nothing to fear. At first the only attacks I could get to work were the standard lame return-to-libc attacks everyone has done. Actually before that I had to figure out exactly what was being protected and when. This became quite confusing with optin and out policies and things like PAE to consider. Even with chaining several return-to-libc calls together I was still getting no help with the heap. After learning that on windows the exceptions generated by NX were handled by the exception handler chain I knew an evasion solution could not be far off.
Much like generic API Hookers, the first downfall came in the form bad coverage of code. Once this was discovered NX protection suddenly morphed into swiss cheese and I was able to get many different types of heap attacks working. After spending most of the time on Windows I found that the linux implementation had several of the same systemic problems but were often harder to exploit because of other security technologies bundled in. The linux portion of my speech focuses on NX and not things like libc randomization.
by Alex Wheeler posted July 22, 2005
We think antivirus companies have a hard job keeping computers safe from hackers. Internet hackers are sneaky and it is generally good to keep them away. Most of us have antivirus software installed on our systems to help keep hackers out.
However, current research has shown antivirus (1, 2, 3, 4) is also vulnerable to internet hackers. Doh! At first this may be frustrating to discover hackers can exploit the very thing supposedly protecting you. Not cool. Talk about an “INTERNET HACKING ALERT”, right?! Settle down there partner ;-)
We have invented a new form of protection to keep you safe: “Anti-Anti-Virus”. This revolutionary software will protect your antivirus software from internet hackers. Now you can safely surf the
We have invented a new form of protection to keep you safe: “Anti-Anti-Virus”internet and get e-mail because your system’s antivirus is protected from hackers by “Anti-Anti-Virus”. This is pretty sweet technology and should be out of beta shortly.
And for those thinking ahead: We are already in the process of architecting a new breed of software to protect “Anti-Anti-Virus” from internet hackers. After all it’s just a matter of time… It will tentatively be called: “Anti-Anti-Anti-Virus”.
Blackmail and Bribery War Stories
Bribery and blackmail are two great ways to get what you want. This is probably why the techniques are highly regarded and often used by governments and crime rings throughout the world. If you’re had the pleasure of meeting Bob Morris, you know the NSA has given him more than enough stories to tell. Also on today’s Black Page, Renaud Bidou will take you the front lines of a 48-hour digital blackmail battle... read more
SQL Injection v. Input Validation - New Theories
While simple SQL injection techniques lead to some of the most costly attacks today, researchers are hard at work rethinking the primary defense against injection: input validation. Input validation is something that every web application must feature, but quite frankly, it’s pretty annoying to implement. Robert Hansen and Merideth Patterson join us today to explain how their academic research might hold the solution to more convenient way to prevent injection attacks. Additionally, Michael Pomraning “crosses the gulf” from academic to practical by teaching us that we must unlearn input validation to fully understand it... read more
The Black Page is always looking for concise and interesting comments from researchers and experts about issues that affect the security community. Contact us here to learn more about submission rules