# HG changeset patch # User Christian Urban # Date 1349182646 -3600 # Node ID ad7ef5a7a63cc52d86f8dbd68c44a7e4385d38c3 # Parent ba6999806deefd21a8dbb5f67f5a5dcbb4ffc2b4 tuned diff -r ba6999806dee -r ad7ef5a7a63c slides02.pdf Binary file slides02.pdf has changed diff -r ba6999806dee -r ad7ef5a7a63c slides02.tex --- a/slides02.tex Tue Oct 02 06:44:00 2012 +0100 +++ b/slides02.tex Tue Oct 02 13:57:26 2012 +0100 @@ -192,7 +192,8 @@ \item you must cycle through 1M combinations (online)\pause\bigskip \item he limited the attack on his own account to 1 guess per second, \alert{\bf and} -\item wrote a script that cleared the cookies set after each guess +\item wrote a script that cleared the cookie set after each guess\pause +\item has been fixed now \end{itemize} @@ -204,19 +205,22 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] -\frametitle{\begin{tabular}{@ {}c@ {}}Smash the Stack for Fun\ldots\end{tabular}} +\frametitle{\begin{tabular}{@ {}c@ {}}Smash the Stack for Fun \ldots\end{tabular}} \begin{itemize} \item ``smashing the stack attacks'' or ``buffer overflow attacks'' -\item one of the most popular attacks\\ ($>$ 50\% of security incidents reported at CERT are related to buffer overflows)\medskip +\item one of the most popular attacks;\\ attack of the (last) decade\\ ($>$ 50\% of security incidents reported at CERT are related to buffer overflows) +\begin{flushright}\small +\textcolor{gray}{\url{http://www.kb.cert.org/vuls}} +\end{flushright} +\medskip \item made popular in an article by Elias Levy\\ (also known as Aleph One):\\ \begin{center} {\bf ``Smashing The Stack For Fun and Profit''} -\end{center}\bigskip +\end{center}\medskip \begin{flushright} -\small -\textcolor{gray}{\url{http://www.phrack.org}, Issue 49, Article 14} +\small\textcolor{gray}{\url{http://www.phrack.org}, Issue 49, Article 14} \end{flushright} \end{itemize} @@ -231,13 +235,14 @@ \frametitle{\begin{tabular}{c}The Problem\end{tabular}} \begin{itemize} -\item The basic problem is that library routines look as follows: +\item The basic problem is that library routines in C look as follows: \begin{center} {\lstset{language=Java}\fontsize{8}{10}\selectfont% \texttt{\lstinputlisting{app5.c}}} \end{center} \item the resulting problems are often remotely exploitable \item can be used to circumvents all access control +(botnets for further attacks) \end{itemize} \end{frame}} @@ -246,6 +251,26 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] +\frametitle{\begin{tabular}{c}Variants\end{tabular}} + +There are many variants: + +\begin{itemize} +\item return-to-lib-C attacks +\item heap-smashing attacks\\ +\textcolor{gray}{\small(Slammer Worm in 2003 infected 90\% of vulnerable systems within 10 minutes)}\bigskip + +\item ``zero-days-attacks'' (new unknown vulnerability) +\end{itemize} + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] \small \texttt{my\_float} is printed twice:\bigskip @@ -366,6 +391,26 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \mode{ \begin{frame}[c] +\frametitle{\begin{tabular}{c}Security Goals\end{tabular}} + +\begin{itemize} +\item Prevent common vulnerabilities from occurring (e.g. buffer overflows)\pause +\item Recover from attacks (traceability and auditing of security-relevant actions)\pause +\item Monitoring (detect attacks)\pause +\item Privacy, confidentiality, anonymity (to protect secrets)\pause +\item Authenticity (eeded for access control)\pause +\item Integrity (prevent unwanted modification or tampering)\pause +\item Availability and reliability (reduce the risk of DoS attacks) +\end{itemize} + +\end{frame}} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\mode{ +\begin{frame}[c] \frametitle{\begin{tabular}{c}Homework\end{tabular}} \begin{itemize}