Cloud

8/3/2016
12:59 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Kaminsky Creates Prototype To Lock Out Attackers

Security expert warns the Internet could be lost to regulators and hackers if industry doesn't start locking down security.

BLACK HAT USA—Las Vegas—Security guru Dan Kaminsky is calling for the security industry to embrace the “isolation” architecture of virtual machine and cloud technology as a way to protect online data and end users. Kaminsky, who delivered the keynote address here and detailed his prototype IronFrame browser and a new firewalling technology Autoclave, says the security industry has an opportunity to better secure the Internet.

“We have a seat at the table now, one of the first-class engineering requirements” on the Internet, Kaminsky said in an interview here this week. “We are at a moment where so many things are getting hacked and where there is this drive to do something about security. And it is astonishing to see how the government is incredibly focused on the debate about encryption. It’s sucking the oxygen away from the question of 'What do we have to do to make security actually a thing people deploy?' I want to make it easy... [and] make it integrate.”

“We have to do something or we will lose" the internet to regulators and hackers, said Kaminsky, who is chief scientist and co-founder of WhiteOps. His keynote, “The Hidden Architecture of our Time: Why This Internet Worked, How We Could Lose It, and the Role Hackers Play,” was a call to arms for the security industry to step and fix the Net’s security woes.

Dan Kaminsky Image Source: Black Hat USA 2016
Dan Kaminsky
Image Source: Black Hat USA 2016

Kaminsky’s prototype solution basically reduces the attack surface of a browser session by hosting the browser in a virtualized environment that then firewalls off access to potentially dangerous functions. “Give Chrome its own kernel, and give the application what it wants, which is a full kernel with all sys calls and then firewall that,” he said.

He’s been working over the past year on IronFrame, a prototype browser that kills clickjacking, so when a user clicks on a compromised ad or other content on a website, he or she isn’t redirected to malicious websites. Clickjacking is where concealed and malicious content and links on a website are layered atop legitimate ones, unbeknownst to the user and the website operator.

IronFrame roperates like a Jenga building-block model, moving the bottom layer of graphics content to the top layer so the browser doesn't even see the phony and malicious layer. It’s a way to end clickjacking "by design," Kaminsky said when he first revealed the browser a year ago.

Now Kaminsky has used Autoclave to sandbox powerful functions in online applications that attackers can exploit, leaving the bad guys with only a handful of benign sys calls. “This is for anyone who wants to know how to securely host content” online, he said. “We have to stop providing services [in applications] to the bad guys … You can lock it down so the attacker can’t do anything dangerous,” he said.

“We can do more than blow things up, we as hackers and our government,” he said.

More Black Hat 2016 Content:

 

 

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
virtualphil
50%
50%
virtualphil,
User Rank: Apprentice
8/4/2016 | 2:03:32 PM
No mention of competition
Why is there no mention of other vendors in this exact space?

Menlo Security

Browsr

Authentic8

Also those other guys like Bromium and Tanium?

Just asking.

 
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17283
PUBLISHED: 2018-09-21
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Inject...
CVE-2018-17282
PUBLISHED: 2018-09-20
An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference.
CVE-2018-14592
PUBLISHED: 2018-09-20
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
CVE-2018-15832
PUBLISHED: 2018-09-20
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI ha...
CVE-2018-16282
PUBLISHED: 2018-09-20
A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI.