Cloud
using a cloud mac with a local ios device
Doing iOS mobile assessments without macOS around is not exactly fun. This can be for many reasons that include code signing and app deployment to name a few. Alternatives exist for some of these tasks (like the amazing libimobiledevice project or more recently an attempt to get code signing to work without macOS), but nothing beats using a real macOS device for most of those tasks. Be it to patch…
Memcached talk update
Wow. At some point our talk hit HackerNews and then SlashDot after swirling around the Twitters for a few days. The attention is quite astounding given the relative lack of technical sexiness to this; explanations for the interest are welcome! We wanted to highlight a few points that didn’t make the slides but were mentioned in the talk: Bit.ly and GoWalla repaired the flaws extremely quickly, prior to the talk.…
BlackHat Write-up: go-derper and mining memcaches
[Update: Disclosure and other points discussed in a little more detail here.] At BlackHat USA last year we spoke about attacking cloud systems, while the thinking was broadly applicable, we focused on specific providers (overview). This year, we continued in the same vein except we focused on a particular piece of software used in numerous large-scale application including many cloud services. In the realm of “software that enables cloud services”,…
SensePost at BlackHat USA 2010
A brief update from South Africa on some recent talks as well as the upcoming BH USA: our talk proposal has been accepted for BH USA 2010 which makes it the ninth year running that SensePost is talking in Las Vegas. One more and we qualify for free milkshakes at the Peppermill. This year we’ll be discussing caching in large scale web apps and why exposing caches to the interwebs…
We are famous (almost!)
Last week had two “cloud-security” related articles hit the inter-webs.. After our Vegas09 talk on “clobbering the cloud” we had a brief chat to Rob Lemos, who called us up again, so we ended up adding the soundbyte to his piece in Technology review along with guys like Moxie Marlinspike and Danny MacPherson [here] We also showed up on Read/Write Web, where we were called “security nerds” and “black hats”…
BlackHat presentation demo vids: MobileMe
[part 5 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] The final installment of our BlackHat video series showcases weaknesses in the password reset feature for Apple’s MobileMe service as well as publicizing an XSS vulnerability in the application. At first glance the choice of MobileMe may seem arbitrary, but it was useful for a number of reasons. MobileMe is one of the more…
BlackHat presentation demo vids: Amazon
[part 4 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] In the fourth installment of our BlackHat video series, we turned our attention to Amazon’s cloud platform and focused on their Elastic Compute Cloud (EC2) service specifically. Theft of resources is the red-headed step-child of attack classes and doesn’t get much attention, but on cloud platforms where resources are shared amongst many users these…
BlackHat presentation demo vids: SalesForce Sifto
[part 3 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] Our third video write-up covers abuse of cloud services. By signing up for free accounts, it is possible to gain access to small amounts of free resources, specifically processing time and bandwidth. However these resources are tightly controlled to maintain fairness across the many thousands of users who share the same platform. We aim…
BlackHat presentation demo vids: SalesForce ClickJacking
[part 2 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] The premise behind this video was that while we are migrating more and more services into the cloud, the front-end through which the services are accessed as well as managed is (in many cases) a web application and we still have not figured out how to write secure web applications reliably. The implication is…
BlackHat presentation demo vids: SugarSync
[part 1 in a series of 5 video write-ups from our BlackHat 09 talk, summary here] We wanted to demonstrate how access to cloud resources can bring certain attack classes within reach of regular users. Instead of focusing on brute-forcing regular user credentials such as usernames and passwords, we decided to look at less noisy options since failed logins would typically be a closely watched metric. To this end, different…
Page 1 of 2
Next