Montag, 31. August 2015

Not so Smart: On Smart TV Apps


One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 main characteristics of Smart TVs are apps. Apps extend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Smart TV behavior with various functionalities, ranging from usage of social networks or payed streaming services, to buying articles on Ebay. These actions demand usage of critical data like aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication tokens and passwords, and thus raise a question on new attack scenarios and general security of Smart TV apps.

These reasons make it interesting enough to do some research on smart TVs. We wrote a paper with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 title "Not so Smart: On Smart TV Apps", which will be presented in a few days at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 "International Workshop on Secure Internet of Things" (SIoT 2015). In this paper, we investigate attack models for Smart TVs and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir apps, and systematically analyze security of Smart TV devices. We point out that some popular apps, including Facebook, Ebay or Watchever, send login data over unencrypted channels. Even worse, we show that an arbitrary app installed on devices of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 market share leader Samsung can gain access to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 credentials of a Samsung Single Sign-On account. Therefore, such an app can hijack a complete user account including all his devices like smartphones and tablets connected with it. Based on our findings, we provide recommendations that are of general importance and applicable to areas beyond Smart TVs.


Mittwoch, 3. Juni 2015

OWASP AppSec EU 2015: my Three Favourite Talks

Two weeks ago, we visited cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OWASP AppSec Europe 2015 conference. This conference is intended for security developers and penetration testers who want to get some new high-quality knowledge. Since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference contains also research talks, according to me it is also well suited for security researchers working in academia.Thus, I am excited to present you my favourite three talks from cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 conference. *

I have to explicitly mention that I really enjoyed all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talks that I visited, not only cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 talks summarized here.

Dienstag, 12. Mai 2015

How to attack XML Encryption in IBM Datapower (and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Web Services) with WS-Attacker


WS-Attacker is a penetration testing tool, whose aim is to test Web Service specific attacks. It provides attacks, which are far beyond typical Web attacks like SQL injection and XSS. For example, in last blog post, WS-Attacker and its XML Signature wrapping attacks were introduced: http://web-in-security.blogspot.de/2015/04/introduction-to-ws-attacker-xml.html

Today, we released a new version of our WS-Attacker framework: https://github.com/RUB-NDS/WS-Attacker

The new version includes some additional features and bug fixes. For example, WS-Attacker now allows you to define an HTTP/HTTPS proxy for forwarding cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 generated XML attack messages. This gives you cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 opportunity to send all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 WS-Attacker messages through BurpSuite or OWASP ZAP, and analyze cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir content or resend cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web Service.

However, most importantly, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 newest WS-Attacker version includes a plugin for automatic XML Encryption attacks. The plugin was implemented by our student Dennis Kupser.

In this blog post, I am going to show you how to use cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 plugin to attack an IBM Datapower Web Service and decrypt an encrypted content. Please note that cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se attacks are also applicable to ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r services as well.

Mittwoch, 8. April 2015

On cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Security of SAML-based Identity Providers

In previous posts we described Single Sign-On (SSO) and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 messages within cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 aucá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ntication flow in detail. Additionally, we showed implementation pitfalls on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Service Provider (SP) side resulting in critical vulnerabilities.
In 2012 we started a study about cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security of SAML based Identity Provider (IdP). The motivation to make this study was very simple – if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Identity Provider is vulnerable, all Service Providers are affected. In ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r words – even if cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Service Provider is implemented correctly, an attacker can successfully get illegitimate access to restricted resources, e.g. victim's account.

Donnerstag, 2. April 2015

Introduction to WS-Attacker: XML Signature Wrapping (XSW) on Web services


This post introduces WS-Attacker. We start with how to build it from source. After that we setup an example Axis2 Web service and finally we perform an XSW Attack on it.

Donnerstag, 8. Januar 2015

Save Your Cloud: Exploiting Eucalyptus 4.0.0 and 4.0.1

In a previous post of this series, we showed why a private cloud is not necessarily more secure than a public one and presented a vulnerability in OpenStack. This post focuses on XSS vulnerabilities we found in Eucalyptus, a well-known Cloud Management Platform. We also demonstrate an exploit for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se vulnerabilities.

The Infrastructure-as-a-Service platform Eucalyptus emerged from a research project at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 University of Santa Barbara and was commercialized in 2009 by Eucalyptus Systems Inc. Eucalyptus mimics Amazon Web Services (AWS), cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365refore Eucalyptus can manage eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Amazon or Eucalyptus VMs.

Dienstag, 6. Januar 2015

Attacking SSO Part 2: Breaking OpenID in Drupal with Key Confusion

In this Post, we will describe a vulnerability in Drupal's OpenID SSO module that was shipped with Drupal Core prior Versions 6.30 and 7.26. The attack allows an attacker to login as an arbitrary user (even as an Admin), but does not require any interaction with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 victim. The vulnerability was reported to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Drupal Security Team and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y fixed it at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 beginning of 2014 (SA-CORE-2014-001).
To detect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 vulnerability, we developed a novel SSO attack technique called Key Confusion. We discovered cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack by setting up our own IdP for analyzing and attacking SSO, see Part 1 of our SSO attack series.

Beliebte Posts