Tuesday, July 31, 2012

My Little Pwnie

I've been slacking on on security blogging.  As an apology to my readers, all blog posts today will be offered entirely free of charge.

Black Hat and DEFCON are the twin premiere security conferences.  Each year, there is an awards ceremony for the best pwnage of the prior year - these are called (appropriately enough) the Pwnie Awards.

Unlike the Oscars, it's not a particularly happy day for a vendor when they're featured prominently there.  My favorite from this year is for Best Privilege Escalation:
MS11-098: Windows Kernel Exception Handler Vulnerability (CVE-2011-2018)
Credit: Mateusz "j00ru" Jurczyk
j00ru owned Windows. All of them. Ok, well just all of the 32-bit versions of Windows from NT through the Windows 8 Developer Preview. What have you done lately? And to top it off, he wrote a clear paper on it with some of the nicest boxy diagrams we have ever seen in a LaTeX paper.
Anything that goes all the way from the 1990s through the new, unreleased, "Most Secure Windows Ever" is pretty epic.  Awesome, unless you're a System Administrator picking up the pieces.

But while I've been slacking off, Stainless hasn't been.  He was in Las Vegas for DEFCON, and reported regularly from the show:
How bad is the keying problem? Bad enough that agencies frequently transmit in cleartext, due to key management issues. (“NSA Rule Number 1: Look for cleartext.”) How frequently? Blaze and his group, for the past several years, have been running a monitoring network in several (unnamed) cites, recording cleartext P25 traffic and measuring how often this happens. About 20-30 minutes per day, by their estimate, of radio traffic is transmitted in unintended cleartext. And that traffic can contain sensitive information, like the names of informants.
There's a long history of tactical radios having clear switches, because if the keys got fubar'ed, you were lugging around a 25 lb door stop.  It's rather dismaying to see that in 25 years there has been, well, zero progress.  Stalin would have had all of us shot.

Oh, and check out Router Rootkits.  Want to pwn the entire Internetz?  Epic bad juju.  As your Captain would say, enjoy the decline!

4 comments:

Dave H said...

Boy, I'm glad I don't live in Russia because I worked for a company that made those 25 pound door stops. (We had smaller handheld units that were only 12 pounds.)

That privilege escalation bug must have gray hair by now. Talk about survival of the fittest!

"Router rootkit" sounds like a cartoon character. Didn't he steal the launch codes to Elmer Fudd's ICBMs?

Dwight Brown said...

"Didn't he steal the launch codes to Elmer Fudd's ICBMs?"

No, you're thinking of Wouter Wootkit.

Anonymous said...

Further P25 details, including the 2011 study
http://sipseystreetirregulars.blogspot.com/2011/08/praxis-security-flaws-in-feds-radios.html

And in violation of physical laws news, apparently clown cars never ever fill up:
http://hackaday.com/2011/08/18/project-25-digital-radios-law-enforcemnet-grade-vulnerable-to-the-im-me/

TJIC said...

Best. Headline. Ever.