Cloud
8/3/2016
12:59 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Kaminsky Creates Prototype To Lock Out Attackers

Security expert warns the Internet could be lost to regulators and hackers if industry doesn't start locking down security.

BLACK HAT USA—Las Vegas—Security guru Dan Kaminsky is calling for the security industry to embrace the “isolation” architecture of virtual machine and cloud technology as a way to protect online data and end users. Kaminsky, who delivered the keynote address here and detailed his prototype IronFrame browser and a new firewalling technology Autoclave, says the security industry has an opportunity to better secure the Internet.

“We have a seat at the table now, one of the first-class engineering requirements” on the Internet, Kaminsky said in an interview here this week. “We are at a moment where so many things are getting hacked and where there is this drive to do something about security. And it is astonishing to see how the government is incredibly focused on the debate about encryption. It’s sucking the oxygen away from the question of 'What do we have to do to make security actually a thing people deploy?' I want to make it easy... [and] make it integrate.”

“We have to do something or we will lose" the internet to regulators and hackers, said Kaminsky, who is chief scientist and co-founder of WhiteOps. His keynote, “The Hidden Architecture of our Time: Why This Internet Worked, How We Could Lose It, and the Role Hackers Play,” was a call to arms for the security industry to step and fix the Net’s security woes.

Dan Kaminsky Image Source: Black Hat USA 2016
Dan Kaminsky
Image Source: Black Hat USA 2016

Kaminsky’s prototype solution basically reduces the attack surface of a browser session by hosting the browser in a virtualized environment that then firewalls off access to potentially dangerous functions. “Give Chrome its own kernel, and give the application what it wants, which is a full kernel with all sys calls and then firewall that,” he said.

He’s been working over the past year on IronFrame, a prototype browser that kills clickjacking, so when a user clicks on a compromised ad or other content on a website, he or she isn’t redirected to malicious websites. Clickjacking is where concealed and malicious content and links on a website are layered atop legitimate ones, unbeknownst to the user and the website operator.

IronFrame roperates like a Jenga building-block model, moving the bottom layer of graphics content to the top layer so the browser doesn't even see the phony and malicious layer. It’s a way to end clickjacking "by design," Kaminsky said when he first revealed the browser a year ago.

Now Kaminsky has used Autoclave to sandbox powerful functions in online applications that attackers can exploit, leaving the bad guys with only a handful of benign sys calls. “This is for anyone who wants to know how to securely host content” online, he said. “We have to stop providing services [in applications] to the bad guys … You can lock it down so the attacker can’t do anything dangerous,” he said.

“We can do more than blow things up, we as hackers and our government,” he said.

More Black Hat 2016 Content:

 

 

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
virtualphil
50%
50%
virtualphil,
User Rank: Apprentice
8/4/2016 | 2:03:32 PM
No mention of competition
Why is there no mention of other vendors in this exact space?

Menlo Security

Browsr

Authentic8

Also those other guys like Bromium and Tanium?

Just asking.

 
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jamie, the darn Unicorn is back."
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.