RSA vs Hacker
-
Upload
alessio-pennasilico -
Category
Technology
-
view
1.164 -
download
0
description
Transcript of RSA vs Hacker
Alessio L.R. [email protected], twitter: mayhemspp
Facebook: alessio.pennasilico
Milano, 11 Settembre 2012
RSA Security vs Ethical Hacker
Gli hacker sono ovunque intorno a noi, ma le persone non lo sanno.
Ancora.
Alessio L.R. Pennasilico [email protected]
Alessio L.R. Pennasilico
Members of: Associazione Informatici Professionisti, CLUSIT, OPSI/AIP
Associazione Italiana Professionisti Sicurezza Informatica
Italian Linux Society, Sikurezza.org, Hacker’s Profiling Project
Spippolatori.org, IISFA, Metro Olografix, CrISTAL
2
!
Security Evangelist @
Alessio L.R. Pennasilico [email protected]
Disclaimer #1
Sono personalmente responsabile
di tutto quel che dirò,
che rappresenta la mia opinione
e la mia soltanto
3
Alessio L.R. Pennasilico [email protected]
Disclaimer #2
Don’t try this at home!
L’uso di alcune delle tecniche descritte su sistemi altrui
comporta l’arresto...
4
Alessio L.R. Pennasilico [email protected]
Jargon file
hacker: n.
1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
5
Alessio L.R. Pennasilico [email protected]
Uno scherzo?
Danni economici
Danni di immagine
Ripercussioni sul credito
Difficile da dimostrare
Strascichi lunghissimi
10
Alessio L.R. Pennasilico [email protected]
FB from hackers perspective
“The social reconnaissance enabled us to identify 1402 employees 906 of which used facebook.”
[…]
“We also populated the profile with information about our experiences at work by using
combined stories that we collected from real employee facebook profiles.”
http://snosoft.blogspot.com/2009/02/facebook-from-hackers-perspective.html
11
Alessio L.R. Pennasilico [email protected]
FB from hackers perspective
“Upon completion we joined our customer's facebook group. Joining wasn't an issue and our
request was approved in a matter of hours. Within twenty minutes of being accepted as
group members, legitimate customer employees began requesting our friendship. […] Our friends
list grew very quickly and included managers, executives, secretaries, interns, and even
contractors.”
12
Alessio L.R. Pennasilico [email protected]
FB from hackers perspective
“We used those credentials to access the web-vpn which in turn gave us access to the network. As it turns out those credentials also allowed us
to access the majority of systems on the network including the Active Directory server, the
mainframe, pump control systems, the checkpoint firewall console, etc.”
13
Ale
ssio
L.R
. Pen
nasi
lico
WarDriving
Alessio L.R. Pennasilico [email protected]
Kismet
Is an 802.11 layer2
wireless network detector,
sniffer, and intrusion detection system.
22
Alessio L.R. Pennasilico [email protected]
Aircrack
Is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data
packets have been captured.
28
Alessio L.R. Pennasilico [email protected]
Incidenti
Vitek Boden, in 2000, was arrested, convicted and jailed because he released millions of liters of untreated sewage using his wireless laptop. It happened in Maroochy Shire, Queensland, may be as a revenge against his last former employer.
http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/
31
Alessio L.R. Pennasilico [email protected]
Non usare il WiFi?
La tecnologia WiFi permette di essere sicura
E’ necessaria una corretta analisi iniziale
E’ necessaria una corretta implementazione
Un errore può avere conseguenze eccessivamente gravose...
32
Ale
ssio
L.R
. Pen
nasi
lico
0day
Alessio L.R. Pennasilico [email protected]
0day
Vulnerabilità non ancora pubbliche
Exploit disponibili
Vendor/User ignari del pericolo
34
Alessio L.R. Pennasilico [email protected]
0day
Vulnerabilità pubbliche
Exploit disponibili
Patch non disponibili
35
Alessio L.R. Pennasilico [email protected]
Il problema tempo
36
Window of Exposure
Vulnerability
Exploit
Patch
Applied Patch
Critical Zone
Alessio L.R. Pennasilico [email protected]
WoE
La window of exposure si riduce
Il time2market degli exploit diminuisce
Il numero di host compromessi aumenta
37
Alessio L.R. Pennasilico [email protected]
In the wild
Esiste un complesso sottobosco con un attivissimo mercato nero di exploit scambiati tra
amici / cr3w
38
Alessio L.R. Pennasilico [email protected]
0day
Oggi hanno sempre più valore:
vengono acquistati dai vendor
vengono acquistati dai security vendor
39
Alessio L.R. Pennasilico [email protected]
0day 2012
Le applicazioni sono più mature
Le competenze sono aumentate
L’organizzazione è migliorata
40
Alessio L.R. Pennasilico [email protected]
0day
“a remote ssh root shell, nowadays,
is a dead dream”
anonymous researcher, 2007
41
Alessio L.R. Pennasilico [email protected]
USB Case
Un’azienda commissiona un PenTest.
Gli attaccanti spargono chiavette contenenti malware scritto appositamente nei dintorni
dell’azienda.
I dati degli impiegati iniziano subito ad arrivare.
45
Ale
ssio
L.R
. Pen
nasi
lico
Dai servizi alle applicazioni
Alessio L.R. Pennasilico [email protected]
XSS
Affligge siti web con scarso controllo di variabili derivate da input dell'utente. Permette di inserire codice a livello browser al fine di modificare il codice sorgente della pagina web visitata. In questo modo un cracker può tentare di recuperare dati sensibili quali cookies.
47
Alessio L.R. Pennasilico [email protected]
SQL Injection
Sfrutta la non normalizzazione dell’input
a‘ OR ‘1’=’1
48
Alessio L.R. Pennasilico [email protected]
SQLninja
Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile
environment. It should be used by penetration testers to help and automate the process of
taking over a DB Server when a SQL Injection vulnerability has been discovered.
50
Alessio L.R. Pennasilico [email protected]
0day
Esistono ancora, sono una minaccia
Sfruttano utenti, non servizi
51
Alessio L.R. Pennasilico [email protected]
Users’ 0day
Sfruttano falle di browser, client di posta, visualizzatori di documenti per infettare grandi
quantità di macchine
52
Alessio L.R. Pennasilico [email protected]
Botnet
Lo scopo è creare un network
che si auto-espande
che esegue gli ordini del commander
53
Alessio L.R. Pennasilico [email protected]
Bakeca.it DDoS
http://www.slideshare.net/mayhemspp/bakeca-ddos-hope
55
Alessio L.R. Pennasilico [email protected]
Infezioni...
Rispetto al passato,
come sono cambiati i device di accesso?
56
Alessio L.R. Pennasilico [email protected]
iPhone Worm: Rickrolls
Jailbreak di iPhone:
qualcuno cambia
la password di root?
(Novembre 2009)
57
Ale
ssio
L.R
. Pen
nasi
lico
Altre tecnologie…...altri rischi...
Alessio L.R. Pennasilico [email protected]
Virtualizzazione
CVE-2007-4496 (September 2008)
Unspecified vulnerability in [some version of VMware] allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.
60
Alessio L.R. Pennasilico [email protected]
Drive-By Pharming
First, the attacker creates a web page containing a simple piece of malicious JavaScript code. When the page is viewed, the code makes a login attempt into the user's home broadband router, and then attempts to change its DNS server settings to point to an attacker-controlled DNS server.
61
Alessio L.R. Pennasilico [email protected]
The Pena Case
“Edwin Andreas Pena, a 23 year old Miami resident, was arrested by the Federal government: he was involved in a scheme to sell discounted Internet phone service by breaking into other Internet phone providers and routing connections through their networks.”
The New York Times, June 7th 2006
64
Alessio L.R. Pennasilico [email protected]
Robert Moore
“I'd say 85% of them were misconfigured routers. They had the default passwords on them: you would not believe the number of routers that had 'admin' or 'Cisco0' as passwords on them”.
65
"It's so easy a caveman can do it!"
Alessio L.R. Pennasilico [email protected]
Hydra
mayhem@coniglio:~$ hydra -‐L uid.txt -‐P pwd.txt / 127.0.0.1 ftp -‐f
Hydra v4.1 (c) 2004 by van Hauser / THCuse allowed only for legal purposes.Hydra (http://www.thc.org) starting at 2004-‐06-‐26 13:21:37
[DATA] 16 tasks, 1 servers, 132 login tries (l:12/p:11), ~8 tries per task[DATA] attacking service ftp on port 21
[21][ftp] host: 127.0.0.1 login: luser password: pippo
[STATUS] attack finished for 127.0.0.1 (valid pair found)Hydra (http://www.thc.org) finished at 2004-‐06-‐26 13:21:44
67
Alessio L.R. Pennasilico [email protected]
QoS Theft
Furto del Quality of Service
Maggior priorità al traffico di applicazioni non autorizzate
68
Alessio L.R. Pennasilico [email protected]
VoipHopper
"VoIP Hopper is the answer to all VoIP solution providers who make people believe that VLANS
is all you need to secure VoIP"
Sachin Joglekar, Sipera VIPER Lab
69
Ale
ssio
L.R
. Pen
nasi
lico
Altri strumenti...
Ale
ssio
L.R
. Pen
nasi
lico
Conclusioni
Alessio L.R. Pennasilico [email protected]
ConclusioniIl mercato evolve
Le tecnologie evolvono
Le minacce evolvono
La sicurezza deve evolvere
74
Alessio L.R. [email protected], twitter: mayhemspp
Facebook: alessio.pennasilico
Milano, 11 Settembre 2012
RSA Security vs Ethical Hacker
T h e s e s l i d e s a r e written by Alessio L.R. P e n n a s i l i c o a k a mayhem. They are subjected to Creative Commons Attribution-S h a r e A l i k e - 2 . 5 version; you can copy, modify, or sell them. “P lease” c i te your source and use the same licence :)
Grazie per l’attenzione!
Domande?