[Dailydave] What has Fallen

John Strand john at blackhillsinfosec.com
Tue Mar 14 13:34:08 EDT 2017 

Ok..  Lets step back even further.

At the root of all of this is the issue that old software never goes away.
Every year we add more software.  Very rarely do we remove old software.

It is like a giant snowball of crap.  Every year it only gets bigger.




On Tue, Mar 14, 2017 at 10:04 AM, Dave Aitel <dave.aitel at gmail.com> wrote:

> No matter how "strategic" everyone says they are in our community, or in
> the NatSec policy community adjacent to it, people have the localized
> perspectives of a gecko, endlessly chasing moth after useless moth
> attracted to the laundry-room-light of Fail that is the software
> development world.
>
> If you're going to look even a tiny tiny bit into the future, you have to
> step back and say "This entire class of software is broken and we need
> another way." Put another way: If you have a small team of vulnerability
> researchers, what technology quadrants would you put them on, so in a
> couple years, you would be unstoppable.
>
> INFILTRATE is one way to view this, if you have the right eyes.
>
> People are well aware that every Java middleware is broken - Tomcat's
> latest Strut's issue is no surprise to people following along. But so are
> all the things similar to it: DCOM, for example. This is compounded by the overall
> destruction of the entire Active Directory security model
> <https://github.com/BloodHoundAD/BloodHound>.
>
> Some other bug classes that are being actively exploited in modern and
> interesting ways:
>
>    - Timing attacks
>    - MITM - especially non-traditional versions of this
>    - State machine attacks (f.e. 1 <https://mitls.org/pages/attacks/SMACK>,
>    2
>    <http://2015.hackitoergosum.org/slides/HES2015-10-29%20Cracking%20Sendmail%20crackaddr.pdf>
>    )
>    - Hardware flaw excitement (RowHammer, cache timing attacks, etc.)
>    - Cloud-computer attacks
>    - Cryptographic-protocol attacks
>    - Binary Remoting Protocols (DCOM, JavaRMI, etc.)
>    - People forgetting we are in a 64 bit world now and can send large
>    amounts of data
>    - Hypervisor escapes because those things are just Kernels
>    - Modern heap overflows
>    - Attacking that fancy security infrastructure you just installed
>    (SIEMs, Breach Detection, etc.)
>    - DoS attacks
>
> "WTF are you talking about?" I hear people asking. What I'm saying is
> "Name a binary remoting protocol popular in 2007 that hasn't been analysed
> yet, and it's going to have massive security issues if you have a year of
> resources to pour into it.".
>
> -dave
>
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20170314/7ec502fa/attachment.html>

More information about the Dailydave mailing list