Recon 2008 recap

[Tiller Beauchamp] gave a presentation on applied reverse engineering in OS X at this year’s REcon, but he also attended many of the other talks and gives his take on the highlights of REcon 2008 in a guest post on the ZDNet blog, Zero Day.

One of the highlights for him was Neohapsis’s [Chris Smith] discussing virtual machines implementing code obfuscation. The method uses custom instructions and runtime interpreter, which can help make the task of reverse engineering markedly more difficult if implemented properly.

On the opposite end of the spectrum, [Beauchamp] noted [Gerardo Richarte]‘s software reverse engineering tools that decompile and recompile software in iterative portions. This allows the recompiled software to be tested piece by piece. Be sure to read his post and see what you missed.

Using multiple browsers for security

[Rich] over at Securosis takes us through some of his browser paranoia exercises. He uses different browser profiles for different types of web activities. Based on potential risk, various tasks are separated to protect from CSRF attacks and more. Everyday browsing with low risk passwords is done in one. RSS reading with no passwords is done in another. He runs his personal blog in a browser dedicated just to that.

For high risk research, he uses virtual machines to further minimize any potential nasty code getting through. Very high risk sites are browsed through a non-persistent read-only Linux virtual machine. While these techniques can be less effective if the entire OS is comprised, they can still provide a few layers of additional security.

Fellow browser paranoia sufferers may want to consider Firefox plug-ins like NoScript and memory protection from Diehard.