Cloud

8/3/2016
12:59 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Kaminsky Creates Prototype To Lock Out Attackers

Security expert warns the Internet could be lost to regulators and hackers if industry doesn't start locking down security.

BLACK HAT USA—Las Vegas—Security guru Dan Kaminsky is calling for the security industry to embrace the “isolation” architecture of virtual machine and cloud technology as a way to protect online data and end users. Kaminsky, who delivered the keynote address here and detailed his prototype IronFrame browser and a new firewalling technology Autoclave, says the security industry has an opportunity to better secure the Internet.

“We have a seat at the table now, one of the first-class engineering requirements” on the Internet, Kaminsky said in an interview here this week. “We are at a moment where so many things are getting hacked and where there is this drive to do something about security. And it is astonishing to see how the government is incredibly focused on the debate about encryption. It’s sucking the oxygen away from the question of 'What do we have to do to make security actually a thing people deploy?' I want to make it easy... [and] make it integrate.”

“We have to do something or we will lose" the internet to regulators and hackers, said Kaminsky, who is chief scientist and co-founder of WhiteOps. His keynote, “The Hidden Architecture of our Time: Why This Internet Worked, How We Could Lose It, and the Role Hackers Play,” was a call to arms for the security industry to step and fix the Net’s security woes.

Dan Kaminsky Image Source: Black Hat USA 2016
Dan Kaminsky
Image Source: Black Hat USA 2016

Kaminsky’s prototype solution basically reduces the attack surface of a browser session by hosting the browser in a virtualized environment that then firewalls off access to potentially dangerous functions. “Give Chrome its own kernel, and give the application what it wants, which is a full kernel with all sys calls and then firewall that,” he said.

He’s been working over the past year on IronFrame, a prototype browser that kills clickjacking, so when a user clicks on a compromised ad or other content on a website, he or she isn’t redirected to malicious websites. Clickjacking is where concealed and malicious content and links on a website are layered atop legitimate ones, unbeknownst to the user and the website operator.

IronFrame roperates like a Jenga building-block model, moving the bottom layer of graphics content to the top layer so the browser doesn't even see the phony and malicious layer. It’s a way to end clickjacking "by design," Kaminsky said when he first revealed the browser a year ago.

Now Kaminsky has used Autoclave to sandbox powerful functions in online applications that attackers can exploit, leaving the bad guys with only a handful of benign sys calls. “This is for anyone who wants to know how to securely host content” online, he said. “We have to stop providing services [in applications] to the bad guys … You can lock it down so the attacker can’t do anything dangerous,” he said.

“We can do more than blow things up, we as hackers and our government,” he said.

More Black Hat 2016 Content:

 

 

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
virtualphil
50%
50%
virtualphil,
User Rank: Apprentice
8/4/2016 | 2:03:32 PM
No mention of competition
Why is there no mention of other vendors in this exact space?

Menlo Security

Browsr

Authentic8

Also those other guys like Bromium and Tanium?

Just asking.

 
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Insider Threat Prevention activated!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7238
PUBLISHED: 2019-03-21
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
CVE-2017-16253
PUBLISHED: 2019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriti...
CVE-2017-16254
PUBLISHED: 2019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP re...
CVE-2017-16255
PUBLISHED: 2019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP re...
CVE-2018-3968
PUBLISHED: 2019-03-21
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy i...