Thursday 15 March 2012

BlackHat EU 2012 - Day one summary

I am currently enjoying BlackHat Europe 2012

My favourite presentation for Day 1 was:

Jeff Jarmoc - SSL/TLS interception proxies (and transitive trust)
Really interesting research (to me) as it was kind of adjacent to some of the research I have been doing, and Jeff has looked at some very similar products that I have, but from a different perspective.

Jeff described his research into an issue that I have felt could be a problem (but that I hadn’t investigated, and he has done a great job with his investigation, so this answers some of the questions I had in the back of my mind ;o).

Put simply; When companies implement content-security for encrypted web-traffic (anti-virus, exe-blocking and content analysis for HTTPS traffic) the way to do this is usually to get all the clients within the environment to trust the proxy’s CA cert. Then, traffic is decrypted on the proxy and scanned (the proxy handles the external encryption to the target site) and the traffic is then re-encrypted internally to the client (using the proxy’s trusted cert).

The issue is; “What happens when there is a problem with the cert of the original target site?” and the answer is - “These issues are largely ignored, and the information is dropped, so that everything looks fine on the client-side”.

To paraphrase the reason for this is dropping the baby is that; “SSL was not designed to do this, and this solution is hard enough to implement as it is, so vendors of these products try to make the product set-up and management as easy as possible, and iron-out any of these minor ‘issues’ by ignoring them”.

However, this causes a big security hole because certificates that are spoofed, expired or revoked are often made to look like they are “fine and dandy” to the client  – which from a security-perspective, in short, is crap.

Great presentation Jeff!


Quote of the day: “Humanity needs crime, otherwise we would have stomped it out by now.. and the internet needs crime too..”
(Whitfield Diffie, philosophising about “life, the internet and everything”)

4 comments:

  1. Thank you for all your efforts
    I believe there are many people who feel like I read this article!
    I hope you continue to have articles like this to share with everyone!
    wordpress
    blogspot
    youtube
    ប្រដាល់ថៃអនឡាញ

    ReplyDelete
  2. QUALITY SSN DOB DL HIGH CREDIT SCORES Leads
    CC with CVV Fullz (USA, UK, CANADA)
    Tutorials & E-Books For Ethical Hacking
    Tools For Everything You Need

    I'm On Telegram = @killhacks & I C Q = 752822040

    Stuff available for
    (Spamming, Carding, Ethical Hacking, LINUX, Programming, Scripting, etc. )

    Deals in all kind of Tools, Tutorials, E-books, Leads/Fullz/Pros
    Availability 24/7
    FASTEST DELIVERY

    Build Your Own Business with proper guide & Legit Tools
    Always glad to serve

    GOOD LUCK
    Here I'm:
    I C Q = 752822040
    Tele-gram = @killhacks

    ReplyDelete
  3. سخانات المياه المركزية غالبًا ما تكون مصممة بميزات أمان متعددة مثل صمامات الأمان، مما يجعلها أكثر أمانًا للاستخدام مقارنة ببعض الأنظمة الأخرى​، وتوفر هذه الأنظمة تحكمًا مركزيًا في درجات الحرارة، مما يتيح للمستخدمين ضبط النظام بسهولة وفقًا لاحتياجاتهم. كما يمكن التحكم بها عن بُعد من خلال تطبيقات الهاتف الذكي في الأنظمة الحديثة​

    ReplyDelete
  4. طباعة لوجو استيكر هو ملصق يحمل شعار أو علامة تجارية معينة. يُستخدم للترويج للعلامة التجارية، ويمكن أن يُلصق على المنتجات، السيارات، أو أي سطح آخر. يمكن تصميم اللوجو ستيكر بأحجام وأشكال مختلفة، ويمكن تخصيصه بألوان وتصميمات تتناسب مع هوية العلامة التجارية. وتُعتبر ملصقات الشعار فعالة من حيث التكلفة، خاصة عند طلب كميات كبيرة.

    ReplyDelete