I’ve heard several reports, including one from a large Dutch news site, mention that a new security issue will be revealed at Black Hat Europe tomorrow. It is said to have the same impact as the DNS bug found by Dan Kaminsky last year. No further details have been provided, but since the full speaker list is already available we can have a look at potential candidates.
The first interesting talk is “A Cloud Security Ghost Story” by Craig Balding, known as founder of the well-known cloudsecurity.org. Since cloud services are growing fast, a vulnerability in one of them will have a significant impact. Just imagine every single Amazon EC2 machine being used for a DOS attack, or a hacker gaining access to the disk images of all those machines.
Eric Filiol is speaking about “OpenOffice Security Design Weaknesses”. While I personally don’t see how this would affect a large number of users, I’m guessing OpenOffice has a larger installed base than either MacOS or Linux, so this might be important.
Hijacking mobile data connections
Roberto Gassira’ and Roberto Piccirillo are going to demonstrate attacks against mobile data networks. With mobile internet usage growing as fast as it has been the last couple of years, this has the potential to be a major issue. This is the summary of their talk:
The described methodology allows ‘data extrusion’ scenarios, applying also to sessions that are typically confined into the Mobile Operator Network.The presentation analyzes the protocols needed for such attack, outline the issues, propose an attack scenario and provide means for its exploitation.A remote web browsing session hijacking will be demonstrated. We believe that new attacks exploiting the described issues may surge in the next future.
Attacks against backbone technologies
This is the one I consider the most interesting: Enno Rey and Daniel Mende are going to discuss both theoretical and practical attacks against some protocols used by service providers, such as MPLS and QinQ. These technologies are designed to separate different types of traffic; attacks against these can have both security- and operational effects.
We will continue down that road and discuss potential and real vulnerabilities in backbone technologies used in today’s carrier space (e.g. MPLS, Carrier Ethernet, QinQ and the like). The talk includes a number of demos (like cracking BGP MD5 keys, redirecting MPLS traffic on a site level and some Carrier Ethernet stuff) all of which will be performed with a new tool kit made available at the con. It’s about making the theoretical practical, once more!
Other things to watch
Moxie Marlinspike will give more details about SSLstrip; I’ve blogged about this before, and it remains a very cool technique with lots of possibilities. And we might hear some more news about Sockstress; it’s not on the official program, but Robert E. Lee has recently mentioned that more details about the mysterious TCP vulnerability will be forthcoming shortly.