Cloud
8/3/2016
12:59 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Kaminsky Creates Prototype To Lock Out Attackers

Security expert warns the Internet could be lost to regulators and hackers if industry doesn't start locking down security.

BLACK HAT USA—Las Vegas—Security guru Dan Kaminsky is calling for the security industry to embrace the “isolation” architecture of virtual machine and cloud technology as a way to protect online data and end users. Kaminsky, who delivered the keynote address here and detailed his prototype IronFrame browser and a new firewalling technology Autoclave, says the security industry has an opportunity to better secure the Internet.

“We have a seat at the table now, one of the first-class engineering requirements” on the Internet, Kaminsky said in an interview here this week. “We are at a moment where so many things are getting hacked and where there is this drive to do something about security. And it is astonishing to see how the government is incredibly focused on the debate about encryption. It’s sucking the oxygen away from the question of 'What do we have to do to make security actually a thing people deploy?' I want to make it easy... [and] make it integrate.”

“We have to do something or we will lose" the internet to regulators and hackers, said Kaminsky, who is chief scientist and co-founder of WhiteOps. His keynote, “The Hidden Architecture of our Time: Why This Internet Worked, How We Could Lose It, and the Role Hackers Play,” was a call to arms for the security industry to step and fix the Net’s security woes.

Dan Kaminsky Image Source: Black Hat USA 2016
Dan Kaminsky
Image Source: Black Hat USA 2016

Kaminsky’s prototype solution basically reduces the attack surface of a browser session by hosting the browser in a virtualized environment that then firewalls off access to potentially dangerous functions. “Give Chrome its own kernel, and give the application what it wants, which is a full kernel with all sys calls and then firewall that,” he said.

He’s been working over the past year on IronFrame, a prototype browser that kills clickjacking, so when a user clicks on a compromised ad or other content on a website, he or she isn’t redirected to malicious websites. Clickjacking is where concealed and malicious content and links on a website are layered atop legitimate ones, unbeknownst to the user and the website operator.

IronFrame roperates like a Jenga building-block model, moving the bottom layer of graphics content to the top layer so the browser doesn't even see the phony and malicious layer. It’s a way to end clickjacking "by design," Kaminsky said when he first revealed the browser a year ago.

Now Kaminsky has used Autoclave to sandbox powerful functions in online applications that attackers can exploit, leaving the bad guys with only a handful of benign sys calls. “This is for anyone who wants to know how to securely host content” online, he said. “We have to stop providing services [in applications] to the bad guys … You can lock it down so the attacker can’t do anything dangerous,” he said.

“We can do more than blow things up, we as hackers and our government,” he said.

More Black Hat 2016 Content:

 

 

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
virtualphil
50%
50%
virtualphil,
User Rank: Apprentice
8/4/2016 | 2:03:32 PM
No mention of competition
Why is there no mention of other vendors in this exact space?

Menlo Security

Browsr

Authentic8

Also those other guys like Bromium and Tanium?

Just asking.

 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.