Termin:Chaotic-Congress-Cinema Nr. 31Aus Attraktor Wiki
Chaotic Congress Cinema Nr. 31
Wir schauen uns die Aufzeichnung von Congress Vorträgen an. Du bist herzlich eingeladen, in den Clubräumen im Mexikoring 21 aufzutauchen und mit uns die Talks anzuschauen und zu diskutieren. Es wird Getränke und Knabberkram zu moderaten Preisen geben. Falls Du kein CCC-, CCCHH- oder Attraktor e.V.-Mitglied bist, macht das überhaupt nichts: Alle Gäste sind gern gesehen. :-) Weitere Informationen unter Chaotic Congress Cinema.
Zero-sized heap allocations vulnerability analysisApplications of theorem proving for securing the windows kernel The dynamic memory allocator is a fundamental component of modern operating systems, and one of the most important sources of security vulnerabilities. In this presentation, we emphasize on a particular weakness of the heap management that has proven to be the root cause of many escalation of privilege bugs in the windows kernel and other critical remote vulnerabilities in user-land applications. The problem is not specific to any operating system and is present in both user-land and kernel-land allocators. The presentation is divided into three parts. First, we will reveal the exact nature of the weakness and provide a taxonomy of all tested operating systems (both in the Windows and UNIX world, most of them are exposed). We then present a custom static analyzer for this class of defects based on the HAVOC framework, a heap-aware verifier for C programs, developed in the RISE team at Microsoft Research. We have deployed the analyzer on multiple kernel components, some of them reaching one million lines of C code. The analyzer produces a reasonable amount of warnings without any complex configuration. Finally, we generalize our analysis technique by characterizing what happens when the size of heap chunks is in the neighbourhood of zero (e.g. near-zero allocations) and give another example of fixed remote bug. We emphasize that this weakness should not be considered as a new class of vulnerabilities (such as buffer overflow), but rather a new type of code defect in the same style as integer overflows, as many occurrences are legit and do not lead to a bug.
http://events.ccc.de/congress/2010/Fahrplan/events/4209.en.html
Lying To The NeighboursNasty effects with tracker-less BitTorrent Distributed Hash Tables implement Routing and Addressability in large P2P networks. In the Kademlia adaption for Bittorrent a peer's address (NodeID) is to be generated randomly, or more appropriate: arbitrarily. Because randomness isn't verifiable, an implementation can advertise itself with popular NodeIDs or even change them on a per-packet basis. Two issues arise due this design problem:
Starting with the prerequisites of BitTorrent, I will outline the importance of tracker-less operation and how Magnet links work. Distributed Hash Tables are explained pertaining to the Kademlia algorithm. It is most interesting how implementations maintain and refresh routing information, allowing a malicious node to become a popular neighbour quickly, and how traffic can be amplified in two ways. I will present packet rate analysis measured during tests on Amazon EC2. In conclusion it is explained how the problem of arbitrary NodeIDs can be avoided if the protocol was to be redesigned. A few words are to be given what client authors can do to alleviate the damage potential of the BitTorrent DHT.
http://events.ccc.de/congress/2010/Fahrplan/events/4210.en.html http://ftp.ccc.de/congress/27C3/mp4-h264-HQ/27c3-4210-en-lying_to_the_neighbours.mp4 |