Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
May 10-13, 2022
Hybrid/Marina Bay Sands, Singapore
Black Hat USA
August 6-11, 2022
Las Vegas, NV, USA
Black Hat Europe
December 5-8, 2022
End of Bibblio RCM includes -->
11:00 AM
Black Hat Staff
Black Hat Staff
Event Updates

Black Hat Europe 2015: Cracking Crypto

It's largely thanks to the hard work of decades of cryptographers that we're able to keep so much sensitive data safe, secret, and secure. But today's Black Hat Europe 2015 Briefing highlights remind that no crypto scheme's unbeatable, showcasing a variety of attacks with the potential to lay bare important secrets.

XML Encryption has suffered from a series of adaptive chosen-ciphertext attacks, which allow an adversary to decrypt symmetric and asymmetric XML ciphertexts without knowing the keys. The World Wide Web Consortium published an updated version of the standard, but most current XML Encryption implementations fail to use it, and evaluation of security configuration correctness is a tedious and error-prone manual process. How to Break XML Encryption - Automatically will deliver and overview of current attacks and debut an algorithm (and open-source attack plugin) that can automatically decipher vulnerable XML Encrypted content. It turns out four out of five analyzed web service implementations are vulnerable.

Next up, password managers. Specifically LastPass, which enjoys the patronage of over 10,000 corporate customers. LastPass is extremely convenient, but woe be to the user whose entire vault of secrets (not just passwords, but bank accounts, medical records, and more) is laid bare by an attacker. In Even the LastPass Will be Stolen Deal with It! the presenters reveal how they reverse-engineered LastPass plugins and found ways decrypt the master password, gain access through account recovery, and bypass two-factor auth. They also kindly wrote a Metasploit module to automate these exploits.

White-Box Cryptography aims to keep keys secure even when an attack gains full access to an algorithm's internals. WBC systems achieve this through strong obfuscation and complex data-encoding schemes, which has the side effect of making security assessment challenging. Unboxing the White-Box: Practical Attacks Against Obfuscated Ciphers will show how hardware-focused crypto attacks can be ported to WBC systems, specifically demonstrating generic, practical attacks against WBC TDES and AES ciphers. Understanding these vulnerabilities will go a long way toward helping defenders assess the true security posture of their WBC implementations.

Black Hat Europe 2015 takes place November 10-13 in Amsterdam. Now's a great time to register!

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/29/2015 | 2:02:25 PM
Responsible Disclosure
The problem with info-sec today is a lack of responsible disclosure, something that is an essential ethical matter given the nature of what we do. I doubt Lastpass Inc was contacted regarding the vulnerbilites in their code. Every f-ing person and group in inf-sec today basically thinks they are some l33t badasses because of the research they do even though they don't take the time to disclose their findings responsibly. It would be nice to see the "ethical" portion of "ethical hacker" lived up to and adheard to. The problem is that every Joe with a computer is trying to get famous fuzzing code that isn't even theirs, without permission, and disclosing research just so they can get a few minutes on stage at Blackhat.

It would be nice to see more ethical and responsible practices within the info-sec world and not grown men chasing a fame and fortune pipe dream that makes them sacrifice any semblance of ethical standards in their work. The problem isn't what good research SHOULD do the problem is with the jokers that think they're doing something good by pursuing pipe dreams in the name of info-secz.

There is no excuse for that kind of unethical work. What they do shouldn't be celebrated it should be shuned.

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-11-28
A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service.
PUBLISHED: 2022-11-28
A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service.
PUBLISHED: 2022-11-28
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
PUBLISHED: 2022-11-28
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.
PUBLISHED: 2022-11-28
The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an at...