Archive for the 'Uncategorized' Category
Monday, November 26th, 2007
Turkey, Beer, Football, and a new MacBook
Hello and Happy Thanksgiving!
Hopefully your holiday was as good as mine. This year I was fortunate enough to get an early Christmas present in the form of a new MacBook to continue our research. I’m happy to say that URI issues do exist on Mac’s! More importantly I’m really close to releasing DUH4Mac. It’d be done by now, but a deadly combination of turkey, beer, and great football games all weekend have slowed my progress and nearly put me into a coma.
Also, for those who haven’t read it yet, Billy and I were asked to write a guest editorial for Ryan Naraine’s Zero Day Blog. Go read it if you get a chance! I’d like to thank Ryan for supporting and publicizing our research and asking Billy and I to pull together a guest editorial for his site, it was a huge honor.
Tuesday, October 30th, 2007
XS-Snipers at ToorCon 9 and Black Hat Japan
Hey all, Nate here…
In the last two weeks we got the opportunity to speak at both ToorCon and Black Hat Japan. What an awesome experience! Rob Carter and I spoke about the research that our URI Use and Abuse research, including giving video demonstration of all of our exploits. Unfortunately, Billy couldn’t join up with us for the talks due to some other commitments, but he did manage to come out to Japan and got to hang out with us in Tokyo. Rob and I also discussed the future of URI use and abuse and where it is going next… *Nix… and Mac! Just wait till I buy my Mac Book and iPhone!
At ToorCon, Rob and I got to catch up with former co-worker Brett Hardin and had a great time hanging out with him in the Gas Lamp district. We also met Dan Kaminsky and had a chance to talk with him about research and share some Jager Bombs. The weather was amazing, and we were fortunate enough to fly out of San Diego right before the fires started coming. If you saw us present, I recommend you check out our Black Hat presentation below, which is the full version of our research. A lot of things had to be cut out for the 20 minute time slot we were alloted for speaking at ToorCon.
At Black Hat, Billy, Rob, and I hung out all week with Jeff Moss, Dominic, and the Black Hat Crew who treated us like kings, and got a chance to meet such industry renowned researchers as Billy Hoffman, Halvar Flake, and Kanatoko-san just to name a few. Tokyo was a stunning city, I’ve never seen anything quite like it, just skyscrapers for as far as the eye can see. We had a great time in Tokyo, and our presentation seemed to go very well. It was awesome trading war stories with Dom, Moss, Kanatoko-san, Hoffman, and all the speakers.
As promised to all in attendance at our talks, here is the source code to our DUH tools for both Windows and *Nix. In order to use these files, simply rename them to either .bat or .sh, then run them from the command line using either cscript.exe or /bin/sh. Thanks again and as always to Erik Cabetas for the help with DUH 4 Windows! See the Black Hat page in the coming weeks for our video demos, as these are not likely to work from the powerpoint slides. Our updated slides can be downloaded from here.
-Nate, Billy, Rob
Thursday, August 16th, 2007
Dude… where’s my passport?!?!
The XS-Snipers are ready to roll to Malaysia. We’ll be presenting at HITB 2007 on the 6th of September. Our talk will be on some new DNS Rebinding attacks that are pretty legit. It will be nice to finally meet Martin Johns (the guy who basically brought DNS Rebinding pinning back from the dead). I’ll be sure to buy him a couple beers and pick his brain! It will also be really cool if we could meet Mark Abene (Phiber Optik) and Emmanuel Goldstein, those two are larger than life in my book! We might also give a teaser or two about some new attacks we pulled off with the URI abuse.
We’ve had an interesting couple of weeks recovering from DEFCON, including some discouraging feedback about our “disclosure policy”… perhaps we should actually get one of those someday. Surprisingly enough, it wasn’t from the folks at Mozilla, who were actually quite cool and just asked us to work with them in the future (which we will).
We’ve just been featured on /. which has linked to an interview we did with Robert from IDG. Article was pretty nice, however, it’s received some /. criticism for lack of technical content… We also leaked a little pre-release information about a new piece of URI Use and Abuse we are playing with… this one allows us to steal data from a user’s computer thru an XSS exposure and a URI abuse. Interestingly enough, we’ve been blasted a bit on /. because we haven’t released the details of the flaw. Sometimes you can’t win the disclosure game (as I’m sure other security researchers have encountered). We’ve gone through vendor disclosure, third party disclosure, and full disclosure, and we’ve been criticized each and every time…. We’ve got the FULL PoC ready and we’ll release when we’re ready (shoutz to ROB CARTER for all his actionscript and sever side skillz!). I’m sure we’re not alone with our experiences; shoot me an email if you have an interesting disclosure story…
Finally….. I’m sad to say that Mark Hinge and Mark Anderson of Whitedust have hung their hats up! I’ve been a fan of Whitedust over the last few years….you’ll be missed…. If you’re ever in the Seattle area, look me up…
-BK and Nate