The Most Poisonous Bugs - Intranet Invasion via Anti-DNS Pinning

 
 
By eweek  |  Posted 2007-08-14
 
 
 

The Most Poisonous Bugs

Some of the vulnerabilities discussed at the Black Hat Briefings in Las Vegas simply dont have any easy fixes, short of rearchitecting the Web. Here are some of the things that had people shaking their heads as they walked out of presentations.

The Most Poisonous Bugs

The Most Poisonous Bugs - Intranet Invasion via Anti-DNS Pinning

DNS pinning, a browser technique intended to prevent DNS spoofing attacks, ties a single IP address to a single domain. Researchers have found that its dismayingly easy to attack, however. EchoStar Satellite Security Architect David Byrne demonstrated h

The Most Poisonous Bugs - Intranet Invasion via Anti-DNS Pinning

The Most Poisonous Bugs - DNS Rebinding

Similar to Byrnes findings are those of IOActive Director of Penetration Testing Dan Kaminsky. Kaminsky demonstrated how an attacker can lure a victim and turn his browser into a proxy, thereby enabling the attacker to bypass firewalls, penetrate VPNs a

The Most Poisonous Bugs - DNS Rebinding

The Most Poisonous Bugs - Defense Against DNS Rebinding/Anti-DNS Pinning

The most obvious defense, Byrne said, is to change the browser to permanently pin cache. But that wont address browser-restart attacks nor attacks using plug-ins such as Java, Flash or ActiveX.

Byrne also suggested some browser security measures. O

The Most Poisonous Bugs - Defense Against DNS Rebinding/Anti-DNS Pinning

The Most Poisonous Bugs - Digital Signatures That Bite

XSLT (Extensible Stylesheet Language Transformations) is a programming language: very simple, not declarative, not massively powerful. Its how XML signatures are shipped. At some point, it seems as if somebody said, Wow, this XSLT is really restri

The Most Poisonous Bugs - Digital Signatures That Bite

The Most Poisonous Bugs - Remediation for XML Signature Attacks

To avoid XML signature attacks, Hill suggests disabling the XSLT transform by default. There are a host of other security precautions to take, and Hill has laid them out in a white paper, Command Injection in XML Signatures and Encryption. T

The Most Poisonous Bugs - Remediation for XML Signature Attacks

The Most Poisonous Bugs - See More Slide Shows Like This One!

Rocket Fuel