Latest Research

TrackBack Spam: Abuse and Prevention Contemporary blogs receive comments and TrackBacks, which result in cross-references between blogs. We conducted a longitudinal study of TrackBack spam, collecting and analyzing almost 10 million samples...

Readmore

XCS: cross channel scripting and its impact on web... We study the security of embedded web servers used in consumer electronic devices, such as security cameras and photo frames, and for IT infrastructure, such as wireless access points and lights-out management...

Readmore

Embedded Management Interfaces: Emerging Massive Insecurity Over the last few years, the number of devices that embed user-friendly management interfaces accessible from the network has drastically increased. These interfaces can be found on almost every kind of...

Readmore

Decaptcha: Breaking 75% of eBay Audio CAPTCHAs. CAPTCHA tests aim at preventing attackers from performing automatic registration. In this paper we show that our prototype Decaptcha is able to successfully break 75% of eBay audio captchas. We compare...

Readmore

Extending Anticipation Games with Location, Penalty... Over the last few years, attack graphs have became a well recognized tool to analyze and model complex network attack. The most advanced evolution of attack graphs, called anticipation games, is based...

Readmore

  • Prev
  • Next

XCS: cross channel scripting and its impact on web applications

Posted on : 10-11-2009 | By : Elie Bursztein | In : Article, Publications

0

We study the security of embedded web servers used in consumer electronic devices, such as security cameras and photo frames, and for IT infrastructure, such as wireless access points and lights-out management systems. All the devices we examine turn out to be vulnerable to a variety of web attacks, including cross site scripting (XSS) and cross site request forgery (CSRF). In addition, we show that consumer electronics are particularly vulnerable to a nasty form of persistent XSS where a non-web channel such as NFS or SNMP is used to inject a malicious script. This script is later used to attack an unsuspecting user who connects to the device’s web server. We refer to web attacks which are mounted through a non-web channel as cross channel scripting (XCS). We propose a client-side defense against certain XCS which we implement as a browser extension.

Presented by Hristo at CCS’09 Chicago USA
Paper

Read Full Article

Decaptcha: Breaking 75% of eBay Audio CAPTCHAs.

Posted on : 11-08-2009 | By : Elie Bursztein | In : Article, Publications

0

CAPTCHA tests aim at preventing attackers from performing automatic registration. In this paper we show that our prototype Decaptcha is able to successfully break 75% of eBay audio captchas. We compare its performance with the state of the art, readily
available speech recognition system Sphinx and discuss the implications for eBay security.

Presented at Woot’09, montréal Canada

Paper (PDF)
presentation slides (PDF)

Read Full Article

Embedded Management Interfaces: Emerging Massive Insecurity

Posted on : 25-07-2009 | By : Elie Bursztein | In : BlackHat, Talks

0

Over the last few years, the number of devices that embed user-friendly management interfaces accessible from the network has drastically increased. These interfaces can be found on almost every kind of device, from lights-out management systems for PCs, to small SOHO NAS appliances, to photo frames.

In this talk, we will cover the attack surface of embedded management interfaces and pinpoint which parts of them are the most likely to be vulnerable, based on our evaluation of more than a dozen device models from different categories. In particular, we will review known yet underestimated implementation shortcuts that lead to vulnerabilities. To illustrate each shortcut, we will describe real-world vulnerabilities that we have found and exploited in devices from Intel, Linksys, Lacie, Samsung, and Dell among others.

Presented at the Blackhat 2009 Las Vegas, USA

Paper
Slides

Read Full Article