crazylazy.info

txt

My reversing-soul got nosy

What if you could determine exactly where, in any compiled binary, a security threat existed?

(Source: Cerias)

Code Slicing is an analysis method for code, which lets us determine which parts of the program may change or changed values of variables at some point. It's very well documented in a research project by the University Of Wisconsin. Great stuff! Seems the guys there know very well what they're doing.

The main idea is based on graph theory, so turns into a somehow similar direction I went with Immunity Debugger just exploring a new feature. I scratched a surface I didn't really recognize at that point.
Surely it's "binary file visualization". But it's a binary flow analysis driven by opcode, too. So it's much more than just grabbing signatures and colorizing them into a flow-graph. What we're doing here is a logical examination of the whole "world's" values, speaking in formal logical terms. It puts the undo-button into the CPU register's work, but I guess that's too abstract.
You differ between flow-dependece graphs and control-dependence graphs - and combine them into a program-dependece graph.



An interesting idea delivered here is, when you combine Code Slicing with Signature Analysis, you can see if other parts of the code will be affected by some detected malicious code, you've got the Signature for. So, i. g. if you take a look at this.



Now if you take a look at this signature, which represents the worm's malicious activity, you'd be able to examine the program interactively at runtime.
Therefore it immediately went to place one at my list, to learn and deeply dive into. I got the pdf - and you know it's always like that: you can't get enough. Literature here often is very theoretical and doesn't cope with real complexity.

MS stuff

As you might have guessed by reading this: MS has some major security issues. But I'd say: that's normal. But not everybody is aware of that.

So just have some fun exploiting it, but it's not a major problem. Since ASLR turned out not being so "R", well... it's M$. They should know better but they never learn and just aren't worth complaining about when it comes to real technical depth.

Keyboard data leakage

It's a well known fact: bluetooth keyboards are insecure by design. Nevertheless they may look very nice, but they are a security thread. So, if you're working in a financial institution, you should forbid wireless keyboards in your policy.
It turns out, that even wired keyboards are a problem.

"We conclude that wired computer keyboards sold in the stores generate compromising emanations -- mainly because of the cost pressures in the design," Vuagnous wrote on a Web page describing the attacks.

Project page: look here.

That's the reason why you should kick you management sometimes. They have no technical skill. So they are not to decide. But again: they don't learn.


Compromising Electromagnetic Emanations of Keyboards Experiment 1/2 from Martin Vuagnoux on demonstration

Did they test that one? :)

Tinker-soul woke up too

You know, it's nearly christmas. And I thought getting myself a present. Because it's nearly christmas in two month.
There's the beagleboard by Texas Instruments. Brilliant tinker stuff. Get a Ethernet adapter, some Linux (Debian works) for ARM Cortex-A8 and have some cool ideas.



Linux in embedded devices is the kernel: it's in the Kindle (fiona) as rumors tell, it's in many firmwares, in *WRT of course, it's everywhere. So don't tell me of Windows CE and it's fucking features. Ever heard of IPC and isolation levels? One great problem of voting machines is Windows. If it wouldn't exist, we'd be free! :) Believe it!


So, my TV stays off - as it always does. I'll listen and watch some of the podcasts form hackermedia... and yes:

Have fun,
wishi