SlideShare ist ein Scribd-Unternehmen logo

Black Ops 2008: It’s The End Of The Cache As We Know It by Dan Kaminsky

Als PPT, PDF herunterladen
C
claytonnarcis

This document summarizes Dan Kaminsky's talk at Black Hat 2008 about DNS cache poisoning vulnerabilities. It describes how an attacker could spoof DNS responses to redirect traffic to malicious servers by guessing transaction IDs and bait-and-switch techniques. It also discusses ways to trigger DNS lookups from internal resolvers and extended the attacks to target firewall-protected networks. The talk highlighted major security issues in the DNS infrastructure and spurred an industry-wide effort to deploy patches.

Technologie
1 von 104
Black Ops 2008: It’s The End Of The Cache As We Know It Or: “64K Should Be Good Enough For Anyone” Dan Kaminsky Director of Penetration Testing IOActive, Inc. copyright IOActive, Inc. 2006, all rights reserved.
Introduction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thanks to the community ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Obviously thanks to the Summit Members ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
There are numbers and are there are numbers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What about the Fortune 500? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Can we watch the patching in action? (Thank you, Joichim Vidde et al, Clarified Networks)
But why all this work? ,[object Object]
Intro to DNS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DNS is distributed ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What about bad guys? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Guessing Game ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
And thus, Forgery Resilience ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
First: If it’s a race, between who can reply with the correct TXID first, the bad guy has the starter pistol ,[object Object],[object Object],[object Object],[object Object],[object Object]
Second, who said the bad guy can only reply once ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Finally, the bad guy doesn’t actually need to wait to try again. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Bait and Switch ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Enter The DNSRake ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What’s it look like? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Running the attack… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Validating the attack ,[object Object]
Extending The Attacks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
On Bailiwicks ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Out Of Bailiwick Referrals, or How To Attack Name Servers Behind Firewalls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Many Starter Pistols Of Mr. Bad Guy ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
GetHostByName() Considered Harmful ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
GetHostByAddr() ain’t doing too well either ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Roy Arends’ Trick ,[object Object],[object Object],[object Object],[object Object]
About Those Internal Only Name Servers: An amusing trick ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The “Fix”, As Per DJB: Source Port Randomization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
THERE ARE MANY, MANY VARIANTS OF THIS ATTACK ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Florian Weimer / David Dowling’s new PowerDNS attack ,[object Object],[object Object],[object Object]
And Keep Going… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Choice ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Caveat ,[object Object],[object Object],[object Object]
What of the client? ,[object Object],[object Object],[object Object],[object Object],[object Object]
On Amit’s Client TXID Research ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Nothing Can Be Analyzed In Isolation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Chain ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Signals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Shared Signals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Another Path ,[object Object],[object Object],[object Object],[object Object]
Nobody ever expects The Billy Hoffman Option ,[object Object],[object Object],[object Object],[object Object],[object Object]
Of course, much easier with my attack ,[object Object],[object Object],[object Object],[object Object],[object Object]
So, is that all? ,[object Object]
We Start With The TLDs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MX Intercept: It’s Not Just For the NSA Anymore ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Message Pollution ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Shouldn’t The SPAM Filter Stop This? ,[object Object],[object Object],[object Object],[object Object]
Not going there, but… ,[object Object],[object Object],[object Object],[object Object],[object Object]
Spidey Sense ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The Internet is more than the Web; HTTP is more than the Browser ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
 
We’re no longer in browserland anymore…
Remember Sidebar from Last Year?
This is not an exception ,[object Object],[object Object],[object Object],[object Object],[object Object]
Ilja van Sprundel, dumb fuzzing IRC with ircfuzz.c ,[object Object],[object Object],[object Object],[object Object],[object Object]
Lets not forget about the biggest, most extensive clients out there ,[object Object],[object Object],[object Object],[object Object]
How do you know what to attack? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Who needs an exploit? Lured by design, upgraded by design ,[object Object],[object Object],[object Object],[object Object]
Autoupgrade Is Hard ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
*facepalm* ,[object Object],[object Object],[object Object],[object Object]
Make no mistake ,[object Object],[object Object],[object Object]
Lets talk about SSL. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
More SSL ,[object Object],[object Object],[object Object],[object Object],[object Object]
Must Actually Care About Certificate Chain ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Who Says Applications Always (ever) Care About Cert Chains? ,[object Object],[object Object],[object Object]
Even if actually a web app, must handle secure cookies correctly ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Must not mix Secure and Insecure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Woe To The Poor Flash Security Guy Who Had To Document AllowInsecureDomain() ,[object Object],[object Object],[object Object],[object Object],[object Object]
 
We Live In The Future ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cert should not use MD5 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cert Must Never Have Been Generated By Debian ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
So? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Into The Lions Den ,[object Object],[object Object],[object Object]
Say Hello To My Little Friend ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Hello My Little Friend ,[object Object],[object Object],[object Object],[object Object],[object Object]
And what about EV? ,[object Object],[object Object],[object Object],[object Object]
What Else Is Interesting? ,[object Object],[object Object]
When I said The Web was broken, I wasn’t talking about just its clients. (confused?)
Welcome to the Skeleton Key. It’s By Design.
Forgot My Password Modes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Attacking Forgot My Password systems ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
News ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Reality Check ,[object Object],[object Object]
Would OpenID have helped?
How did Stikis find the “friend”? Hint: DNS
So Right About Now You’re Probably Thinking… ,[object Object],[object Object]
Let Us Discuss The Inconvenient Matter Of Reverse DNS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
More Reverse DNS ,[object Object],[object Object],[object Object],[object Object],[object Object]
Lets Party Like It’s 2007 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Spreading The Phun ,[object Object],[object Object],[object Object],[object Object]
Enough with the client bugs? ,[object Object]
Which would you rather own? BGP? Or DNS? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Difficulty: Cannot poison authoritative on servers… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
When Internal DNS Goes Bad ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Even if internal DNS is hard to hit, external dependencies are fair game ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The ultimate external dependencies ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Content Distribution Network Corruption ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Hype ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Lessons Learned ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Bottom Line ,[object Object],[object Object],[object Object],[object Object]

Empfohlen

Hacs workshop
Hacs workshopHacs workshop
Hacs workshopAmrita University
 
PDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsPDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsRyan Smith
 
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree Search
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree SearchAlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree Search
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree SearchKarel Ha
 
(in)Secure Secret Zone
(in)Secure Secret Zone(in)Secure Secret Zone
(in)Secure Secret ZoneReality Net System Solutions
 
Innovacion Abierta
Innovacion AbiertaInnovacion Abierta
Innovacion AbiertaStalin Rojas
 
Under Water
Under WaterUnder Water
Under WaterMarlis
 
Que Es Un Wiki!
Que Es Un Wiki!Que Es Un Wiki!
Que Es Un Wiki!isearcy
 
Crafco "Blue Matrix System" with Evazote
Crafco "Blue Matrix System" with EvazoteCrafco "Blue Matrix System" with Evazote
Crafco "Blue Matrix System" with EvazoteBrennanRoney
 

Empfohlen

Hacs workshop
Hacs workshopHacs workshop
Hacs workshopAmrita University
 
PDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsPDX Tech Meetup - The changing landscape of passwords
PDX Tech Meetup - The changing landscape of passwordsRyan Smith
 
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree Search
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree SearchAlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree Search
AlphaGo: Mastering the Game of Go with Deep Neural Networks and Tree SearchKarel Ha
 
(in)Secure Secret Zone
(in)Secure Secret Zone(in)Secure Secret Zone
(in)Secure Secret ZoneReality Net System Solutions
 
Innovacion Abierta
Innovacion AbiertaInnovacion Abierta
Innovacion AbiertaStalin Rojas
 
Under Water
Under WaterUnder Water
Under WaterMarlis
 
Que Es Un Wiki!
Que Es Un Wiki!Que Es Un Wiki!
Que Es Un Wiki!isearcy
 
Crafco "Blue Matrix System" with Evazote
Crafco "Blue Matrix System" with EvazoteCrafco "Blue Matrix System" with Evazote
Crafco "Blue Matrix System" with EvazoteBrennanRoney
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8Dan Kaminsky
 
Basic hacking tutorial i
Basic hacking tutorial iBasic hacking tutorial i
Basic hacking tutorial iGeraldine Indira Jayo Escalante
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012Dan Kaminsky
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!nerdybeardo
 
Conficker
ConfickerConficker
Confickeremartinez.romero
 
A @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSA @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSRob Fuller
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingSathishkumar A
 
Dmk neut toor
Dmk neut toorDmk neut toor
Dmk neut toorDan Kaminsky
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Угадываем пароль за минуту
Угадываем пароль за минутуУгадываем пароль за минуту
Угадываем пароль за минутуPositive Hack Days
 
Tales from the Field
Tales from the FieldTales from the Field
Tales from the FieldMongoDB
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDan Kaminsky
 
2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)Felipe Prado
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006Dan Kaminsky
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2Dan Kaminsky
 
Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014Vincenzo Sambito
 
Hacking CEH cheat sheet
Hacking CEH cheat sheetHacking CEH cheat sheet
Hacking CEH cheat sheetInternational College of Security Studies
 
Ferret
FerretFerret
Ferretyonny4103
 
UUUU
UUUUUUUU
UUUUyonny4103
 
Ferret - Data Seepage
Ferret - Data SeepageFerret - Data Seepage
Ferret - Data Seepageamiable_indian
 
Melbourneit Brandowners
Melbourneit BrandownersMelbourneit Brandowners
Melbourneit Brandownersclaytonnarcis
 
Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)claytonnarcis
 

Weitere ähnliche Inhalte

Ähnlich wie Black Ops 2008: It’s The End Of The Cache As We Know It by Dan Kaminsky

Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!nerdybeardo
 
A @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSA @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSRob Fuller
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingSathishkumar A
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Угадываем пароль за минуту
Угадываем пароль за минутуУгадываем пароль за минуту
Угадываем пароль за минутуPositive Hack Days
 
Tales from the Field
Tales from the FieldTales from the Field
Tales from the FieldMongoDB
 
2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)Felipe Prado
 
Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014Vincenzo Sambito
 

Ähnlich wie Black Ops 2008: It’s The End Of The Cache As We Know It by Dan Kaminsky (20)

Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8
 
Basic hacking tutorial i
Basic hacking tutorial iBasic hacking tutorial i
Basic hacking tutorial i
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012
 
Password Storage Sucks!
Password Storage Sucks!Password Storage Sucks!
Password Storage Sucks!
 
Conficker
ConfickerConficker
Conficker
 
A @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNSA @textfiles approach to gathering the world's DNS
A @textfiles approach to gathering the world's DNS
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hacking
 
Dmk neut toor
Dmk neut toorDmk neut toor
Dmk neut toor
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)
 
Угадываем пароль за минуту
Угадываем пароль за минутуУгадываем пароль за минуту
Угадываем пароль за минуту
 
Tales from the Field
Tales from the FieldTales from the Field
Tales from the Field
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fed
 
2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)2600 v22 n3 (autumn 2005)
2600 v22 n3 (autumn 2005)
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2
 
Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014Hunting primes (a caccia di primi) 27 ott 2014
Hunting primes (a caccia di primi) 27 ott 2014
 
Hacking CEH cheat sheet
Hacking CEH cheat sheetHacking CEH cheat sheet
Hacking CEH cheat sheet
 
Ferret
FerretFerret
Ferret
 
UUUU
UUUUUUUU
UUUU
 
Ferret - Data Seepage
Ferret - Data SeepageFerret - Data Seepage
Ferret - Data Seepage
 

Mehr von claytonnarcis

Melbourneit Brandowners
Melbourneit BrandownersMelbourneit Brandowners
Melbourneit Brandownersclaytonnarcis
 
Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)claytonnarcis
 
Dennis Carlton: Impact of new gTLD on consumer welfare
Dennis Carlton: Impact of new gTLD on consumer welfareDennis Carlton: Impact of new gTLD on consumer welfare
Dennis Carlton: Impact of new gTLD on consumer welfareclaytonnarcis
 
Dennis Carlton: Price caps on new gTLD registries
Dennis Carlton: Price caps on new gTLD registriesDennis Carlton: Price caps on new gTLD registries
Dennis Carlton: Price caps on new gTLD registriesclaytonnarcis
 
Michael Palage : Go/No-Go on new gTLD
Michael Palage : Go/No-Go on new gTLDMichael Palage : Go/No-Go on new gTLD
Michael Palage : Go/No-Go on new gTLDclaytonnarcis
 
dotDeloitte : Corporate gTLD
dotDeloitte : Corporate gTLDdotDeloitte : Corporate gTLD
dotDeloitte : Corporate gTLDclaytonnarcis
 
Edmon (dotAsia) on the new gTLD 2nd Draft
Edmon (dotAsia) on the new gTLD 2nd DraftEdmon (dotAsia) on the new gTLD 2nd Draft
Edmon (dotAsia) on the new gTLD 2nd Draftclaytonnarcis
 

Mehr von claytonnarcis (7)

Melbourneit Brandowners
Melbourneit BrandownersMelbourneit Brandowners
Melbourneit Brandowners
 
Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)Classic Ford Nov 2005 (Mkii Escort)
Classic Ford Nov 2005 (Mkii Escort)
 
Dennis Carlton: Impact of new gTLD on consumer welfare
Dennis Carlton: Impact of new gTLD on consumer welfareDennis Carlton: Impact of new gTLD on consumer welfare
Dennis Carlton: Impact of new gTLD on consumer welfare
 
Dennis Carlton: Price caps on new gTLD registries
Dennis Carlton: Price caps on new gTLD registriesDennis Carlton: Price caps on new gTLD registries
Dennis Carlton: Price caps on new gTLD registries
 
Michael Palage : Go/No-Go on new gTLD
Michael Palage : Go/No-Go on new gTLDMichael Palage : Go/No-Go on new gTLD
Michael Palage : Go/No-Go on new gTLD
 
dotDeloitte : Corporate gTLD
dotDeloitte : Corporate gTLDdotDeloitte : Corporate gTLD
dotDeloitte : Corporate gTLD
 
Edmon (dotAsia) on the new gTLD 2nd Draft
Edmon (dotAsia) on the new gTLD 2nd DraftEdmon (dotAsia) on the new gTLD 2nd Draft
Edmon (dotAsia) on the new gTLD 2nd Draft
 

Kürzlich hochgeladen

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Kürzlich hochgeladen (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Black Ops 2008: It’s The End Of The Cache As We Know It by Dan Kaminsky

  • 1. Black Ops 2008: It’s The End Of The Cache As We Know It Or: “64K Should Be Good Enough For Anyone” Dan Kaminsky Director of Penetration Testing IOActive, Inc. copyright IOActive, Inc. 2006, all rights reserved.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7. Can we watch the patching in action? (Thank you, Joichim Vidde et al, Clarified Networks)
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.  
  • 54. We’re no longer in browserland anymore…
  • 55. Remember Sidebar from Last Year?
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64.
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.  
  • 72.
  • 73.
  • 74.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81. When I said The Web was broken, I wasn’t talking about just its clients. (confused?)
  • 82. Welcome to the Skeleton Key. It’s By Design.
  • 83.
  • 84.
  • 85.
  • 86.
  • 87. Would OpenID have helped?
  • 88. How did Stikis find the “friend”? Hint: DNS
  • 89.
  • 90.
  • 91.
  • 92.
  • 93.
  • 94.
  • 95.
  • 96.
  • 97.
  • 98.
  • 99.
  • 100.
  • 101.
  • 102.
  • 103.
  • 104.