It’s been almost three weeks now since “Blackhat Europe” was held in Barcelona, Spain, wherein some of Trend Micro’s threat researchers attended interesting workshops and scheduled talks. Rather than give an in-depth rundown of each of the talks we attended, I wanted to give an overview of some of the highlights of overall event, at least from my perspective. By the way, if you do want more detailed information on the talks, Peter Van Eeckhoutte of the Corelan security team has an excellent blog series here and here.
- Roelof Temmingh and Andrew Macpherson hosted a very good workshop on how to extend the excellent open source intelligence tool Maltego to include your own custom functions. Most security researchers should already be familiar with Maltego but may not be aware that it is possible to customize it to suit your own needs. Want to write a tool to map people on a particular social networking site to their email address or to map a domain to some other information based on some internal company database you control? Well, Maltego is definitely worth a look here and is easy to extend using the Transform Distribution Server or Local Transforms. People have even coded application programming interfaces (APIs) to make everything even easier, including Ruby one from yours truly.
- Nitesh Dhanjani talked about some of the new attacks against Apple’s iOS, particularly looking at how the browser reacts to protocol handlers like skype:// or gtalk://. Nitesh gave an example showing how a Skype call can be triggered without any interaction using a simple iframe on a website. He also pointed out something that I was unaware of (I’m an n900 user), that iOS will hide the URL bar after visiting a site. That makes a lot of sense from a usability perspective (especially on the iPhone where every pixel of screen should be optimized for viewing). This is, however, a very useful feature for attackers creating phishing sites. If they see a request coming from an iOS device, they can put a fake URL bar at the top of the page with the legitimate banking website on it, hence fooling the user into believing they are on the correct page.
- After lunch, Raul Siles gave a very interesting talk on Session Fixation Attacks, which are now number 3 on the OWASP Top 10 Web Application Security Risks for 2010, just below their more well-known cousins injection and cross-site scripting (XSS). If you are unfamiliar with the attack, click the link above and familiarize yourself with it. It’s a very straightforward attack and Raul did an excellent job of explaining it.
- The last talk of the day was a keynote on the topic, “cyberwar,” by Bruce Schneier. This was exactly what a keynote should be—very thought provoking and debunking some of the myths about cyberwar as well as going over what we do know about so-called cyberwar attacks. The term “cyberwar” tends to get thrown around a lot as it’s a great buzzword for marketing. It seems that every day, we have a new “war on… something,” whether that is terror, cybercrime, or obesity. The very term “war” conjures up a lot of feelings and images that are not necessarily what you would associate with an advanced cyber attack. Online wars, like those in traditional arenas (e.g., ground, air, sea, space), also bring their own challenges. How do you know that you are under attack from another country and not a suffering from a distributed denial-of-service (DDoS) attack from a cybercriminal gang? When do you know that the war has ended?
Bruce also touched a bit on cyberterrorism, which is another very interesting concept to wrap your head around. For anyone interested in the idea of cyberterrorism, I definitely recommend having a look at the slides of Trend Micro’s own Dr. Morton Swimmer from EICAR last year.
So that’s it for the recap from day 1, stay tuned for more updates very soon on the highlights from day 2 of the conference, same bat-time, same bat-channel!