Marco
Memcached talk update
Wow. At some point our talk hit HackerNews and then SlashDot after swirling around the Twitters for a few days. The attention is quite astounding given the relative lack of technical sexiness to this; explanations for the interest are welcome! We wanted to highlight a few points that didn’t make the slides but were mentioned in the talk: Bit.ly and GoWalla repaired the flaws extremely quickly, prior to the talk.…
BlackHat Write-up: go-derper and mining memcaches
[Update: Disclosure and other points discussed in a little more detail here.] At BlackHat USA last year we spoke about attacking cloud systems, while the thinking was broadly applicable, we focused on specific providers (overview). This year, we continued in the same vein except we focused on a particular piece of software used in numerous large-scale application including many cloud services. In the realm of “software that enables cloud services”,…
Go-derper: mining your memcacheds
Today at BlackHat USA 2010 we released a tool for manipulating memcached instances; we still need to write it up properly but here’s a link to the tool for the moment. tl;dr: if you find a memcached, you can dump the cache and manipulate entries in the cache.
SensePost at BlackHat USA 2010
A brief update from South Africa on some recent talks as well as the upcoming BH USA: our talk proposal has been accepted for BH USA 2010 which makes it the ninth year running that SensePost is talking in Las Vegas. One more and we qualify for free milkshakes at the Peppermill. This year we’ll be discussing caching in large scale web apps and why exposing caches to the interwebs…
Removing registration requirements
Over the years we’ve offered almost all our tools, papers, presentations and other materials for free, albeit with a “registration required” proviso. The registration wall has been in place for some time now, and was used to track unique users as well as permit users to opt into SensePost mailruns. What we found though, is that registration is more of a hindrance than a benefit; it creates an artificial barrier…
Administristrivia: dead HDD
Our web server lost a drive yesterday, however things seems to be back to normal. If you notice broken links or scripts, we’d appreciate a mail to info at sensepost.com.
BlackHat presentation demo vids: MobileMe
[part 5 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] The final installment of our BlackHat video series showcases weaknesses in the password reset feature for Apple’s MobileMe service as well as publicizing an XSS vulnerability in the application. At first glance the choice of MobileMe may seem arbitrary, but it was useful for a number of reasons. MobileMe is one of the more…
BlackHat presentation demo vids: Amazon
[part 4 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] In the fourth installment of our BlackHat video series, we turned our attention to Amazon’s cloud platform and focused on their Elastic Compute Cloud (EC2) service specifically. Theft of resources is the red-headed step-child of attack classes and doesn’t get much attention, but on cloud platforms where resources are shared amongst many users these…
BlackHat presentation demo vids: SalesForce Sifto
[part 3 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Our third video write-up covers abuse of cloud services. By signing up for free accounts, it is possible to gain access to small amounts of free resources, specifically processing time and bandwidth. However these resources are tightly controlled to maintain fairness across the many thousands of users who share the same platform. We aim…
BlackHat presentation demo vids: SalesForce ClickJacking
[part 2 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] The premise behind this video was that while we are migrating more and more services into the cloud, the front-end through which the services are accessed as well as managed is (in many cases) a web application and we still have not figured out how to write secure web applications reliably. The implication is…