ToorCon 9: Real world fuzzing


We dropped in on [Charlie Miller]‘s fuzzing seminar at the end of the day yesterday. Fuzzing become a fairly popular topic in the last year and essentially involves giving a program garbage input, hoping that it will break. If it can’t handle the fake data and fails in a non-graceful fashion, you could have found a potentially exploitable bug. Fuzzing is a fairly simple idea, but as Charlie points out, without some thinking while you’re doing it it’s unlikely to be very productive.

[Read more...]

The Economics of Fuzz Testing with the Intel Edison

edison-cluster

The Intel Edison is an incredibly small and cheap x86 computing platform, and with that comes the obvious applications for robotics and wearable computing. [mz] had another idea: what if the Edison could do work that is usually done by workstations? Would it make economic sense to buy a handful of Edisons over a single quad-core Xeon system?

[mz] thought the Edison would be an ideal platform for fuzz testing, or sending random, automated data at a program or system to figure out if they’ll misbehave in interesting ways. After figuring out where to solder power and ground wires to boot an Edison without a breakout board, [mz] got to work benchmarking his fuzz testing setup.

Comparing the benchmarks of a fuzzing job running on the Edison and a few servers and workstations, calculations of cost-efficiency worked out well for this tiny x86 system on module. For parallelizable tasks, the Edison is about 8x less powerful than a reasonably modern server, but it’s also about 5-8x cheaper than a comparable desktop machine. Although renting a server is by far the more economic solution for getting a lot of computing power easily, there are a few use cases where a cluster of Edisons in your pocket would make sense.

[Bunnie] Launches the Novena Open Laptop

Novena Laptop

Today [Bunnie] is announcing the launch of the Novena Open Laptop. When we first heard he was developing an open source laptop as a hobby project, we hoped we’d see the day where we could have our own. Starting today, you can help crowdfund the project by pre-ordering a Novena.

The Novena is based on the i.MX6Q ARM processor from Freescale, coupled to a Xilinx Spartan 6 FPGA. Combined with the open nature of the project, this creates a lot of possibilities for using the laptop as a hacking tool. It has dual ethernet, for routing or sniffing purposes. USB OTG support lets the laptop act as a USB device, for USB fuzzing and spoofing. There’s even a high speed expansion bus to interface with whatever peripheral you’d like to design.

You can pre-order the Novena in four models. The $500 “just the board” release has no case, but includes all the hardware needed to get up and running. The $1,195 “All-in-One Desktop” model adds a case and screen, and hinges open to reveal the board for easy hacking. Next up is the $1,995 “Laptop” which includes a battery control board and a battery pack. Finally, there’s the $5000 “Heirloom Laptop” featuring a wood and aluminum case and a Thinkpad keyboard.

The hardware design files are already available, so you can drool over them. It will be interesting to see what people start doing with this powerful, open computer once it ships. After the break, check out the launch video.

[Read more...]

Barcode Infiltrator

Whenever someone manages to expose vulnerabilities in everyday devices, we love to root for them. [Adrian] over at Irongeek has been inspired to exploit barcodes as a means to attack a POS database. Based on an idea from a Pauldotcom episode, he set out to make a rapid attack device, using an LED to spoof the signals that would be received by scanning a barcode. By exposing the POS to a set of generic database attacks, including XSS, SQL Injection, and other errors easily solved by input sanitation, he has created the first version of an automated system penetration device. In this case the hardware is simple, but the concept is impressive.

With the hardware explained and the source code provided, as well as a basic un-sanitized input cheat sheet, the would-be barcode hackers have a great place to start if they feel compelled to provide a revision two.

[Thanks Robert W.]

Black Hat 2009: Breaking SSL with null characters

Update: The video of [Moxie]‘s presentation is now online.

[Moxie Marlinspike] appeared on our radar back in February when he showed sslstrip at Black Hat DC. It was an amazing piece of software that could hijack and rewrite all SSL connections. The differences between a legitimate site and the hijacked ones were very hard to notice. He recently stumbled across something thing that makes the attack even more effective.

[Read more...]

Smart card emulator

goodcard10

Here’s a quick prototype from [Travis Goodspeed]. It’s a smart card built around an MSP430 microcontroller. We’ve used the MSP430 in the past because of its low power demands. He says this business card currently supports 1.8V to 3.3V, but a future design will have 5V as well. Technologies like Java Card exist for running applets on smart cards, but a familiar microcontroller like the MSP430 could certainly make development much faster. Knowing [Travis], there’s a reader somewhere about to go through some serious fuzzing.

Clickjacking webcast tomorrow

[Jeremiah Grossman] and [Eric Lawrence] will be presenting on clickjacking and browser security in an online seminar tomorrow. Clickjacking allows an attacker to transparently place links exactly where a user would be clicking, essentially forcing the user to perform actions without their knowledge. This method of attack has been known for a few years, but researchers have focused their attention on it lately because they feel the threat has been underestimated. Recently, Adobe patched a vulnerability specifically because of this issue. Tune in tomorrow for more info on the attack.

Follow

Get every new post delivered to your Inbox.

Join 96,771 other followers