Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

04:29 AM
Connect Directly

Kaminsky To Release Range Of Tools In 'Black Ops' Talk

Researcher Dan Kaminsky pokes holes in network security at Black Hat USA

BLACK HAT USA 2011 -- Las Vegas -- Researcher Dan Kaminsky will be "kickin' it old school" here tomorrow in his annual Black Ops Of TCP/IP presentation with a series of hacks and tools he'll unveil that include a range of topics that include Bitcoin, home routers, firewalls, DDoS attacks, passwords, and even exposing Net neutrality issues.

Click here for more of Dark Reading's Black Hat articles.

Kaminsky's research represents a laundry list of things he has recently discovered. Although some of the items are completely unrelated, he says for the most part they represent some of the underlying themes in security today. "We have three core problems: broken authentication, bad code, and we can't bust the bad guys," he says. "No one doing cybercrime is particularly afraid they are going to go to jail. Us security researchers are worried because we say, 'I'm Dan, and look what I've got.' But if you're a company making money from fake AV scams, no one is going to bust you."

Bitcoin, the peer-to-peer virtual currency service, was recently scrutinized by Irish researchers who demonstrated how it's possible to unmask user transaction information. Kaminsky's research overlaps somewhat with that paper. Among other things tomorrow, he will release a tool for deanonymizing a Bitcoin transaction.

"Peer-to-peer networks were never supposed to be anonymous about their peers. Bitcoin was the first attempt to provide anonymity for P2P," he says.

Kaminsky also will discuss a common flaw in home routers that he found and had also previously been discovered by Daniel Garcia, a researcher who will be revealing his findings at Defcon later this week. The hole comes via the Universal Plug and Play (UPnP) protocol found in popular home routers, which could allow an attacker to remotely open a port on the router: "You could be on the outside [of the network] and open things up," Kaminsky says.

Garcia will reveal during his Defcon talk findings on the number of these devices that are vulnerable to such an attack, which at the least numbers in the hundreds of thousands so far, according to Kaminsky.

Home router devices have many vulnerabilities and little if any patching mechanisms, he says. "Attackers are breaking into routers and compromising the firmware," he says.

"When I think of the next major cause of worm [attacks] I think of home routers," he says. "With a $40 device, how secure do you really expect it to be?"

Another topic Kaminsky will cover is a method of bypassing firewall rules in Linux systems by exploiting an old, 1990's-era bug. "You can spoof a connection past an access control list and you might be able to inject into live sessions as well," he says. Linux developers are working on a fix for the flaw, he says.

He also plans to release a tool that uses passwords to generate public/private key pairs -- a stunt that Kaminsky says "is a terrible idea that no one should ever do" except "in all but the most unusual scenarios."

Kaminksy also has built a new tool that exposes whether service providers are filtering some traffic, in a nod to his interest in Net neutrality issues. "You can always tell when a network is biased. Networks might as well be transparent about their biases" and how they allow some Web services to run faster than others, for instance.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).
PUBLISHED: 2020-06-05
An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).