Wednesday, May 29, 2013

Security 101: Machine Learning and Big Data

By Gunter Ollmann, @gollmann

The other week I was invited to keynote at the ISSA CISO Forum on Incident Response in Dallas and in the weeks prior to it I was struggling to decide upon what angle I should take. Should I be funny, irreverent, diplomatic, or analytical? Should I plaster slides with the last quarter's worth of threat statistics, breach metrics, and headline news? Should I quip some anecdote and hope the attending CISO's would have an epiphany that'll fundamentally change the way they secure their organizations?

In the end I did none of that... instead I decided to pull apart the latest batch of security buzzwords - "Big Data" and "Machine Learning".

Thursday, May 23, 2013

Identify Backdoors in Firmware By Using Automatic String Analysis

By Ruben Santamarta @reversemode

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) this Friday published an advisory about some backdoors I found in two programmable gateways from TURCK, a leading German manufacturer of industrial automation products. 

Using hard-coded account credentials in industrial devices is a bad idea. I can understand the temptation among manufacturers to include a backdoor “support” mechanism in the firmware for a product such as this. This backdoor allows them to troubleshoot problems remotely with minimal inconvenience to the customer.

On the other hand, it is only a matter of time before somebody discovers these 'secret' backdoors. In many cases, it takes very little time.

The TURCK backdoor is similar to other backdoors that I discussed at Black Hat and in previous blog posts. The common denominator is this: you do not need physical access to an actual device to find its backdoor. All you have to do is download device firmware from the vendor's website. Once you download the firmware, you can reverse engineer it and learn some interesting secrets.

Tuesday, May 7, 2013

Bypassing Geo-locked BYOD Applications

By Gunter Ollmann, @gollmann

In the wake of increasingly lenient BYOD policies within large corporations, there’s been a growing emphasis upon restricting access to business applications (and data) to specific geographic locations. Over the last 18 months more than a dozen start-ups in North America alone have sprung up seeking to offer novel security solutions in this space – essentially looking to provide mechanisms for locking application usage to a specific location or distance from an office, and ensuring that key data or functionality becomes inaccessible outside these prescribed zones.

These “Geo-locking” technologies are in hot demand as organizations try desperately to regain control of their networks, applications and data.