ebook img

Mudge aka Peiter Mudge Zatko PDF

16 Pages·2005·0.57 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Mudge aka Peiter Mudge Zatko

Mudge aka Peiter Mudge Zatko BBN Technologies b l Economics, Physics, Psychology and How They Relate to Technical Aspects a of Counter Intelligence/Counter Espionage Within Information c Security The computer and network security fields have made little k progress in the past decade. The rhetoric that the field is in an arms race; attacks are becoming more complicated and thus defenses are always in a keep-up situation makes little sense h when 10 year old root kits, BGP and DNS attacks that have been widely publicized for years, and plain-text communications streams are still being taken advantage of. This talk looks at the a environment without being skewed by currently marketed solutions. It then presents corollaries for environments in different disciplines, such as economics and physics, talks to t certain psychological situationsthat prohibit researchers and organizationsfrom being able to correctly address the problems, “Mudge” Peiter Mudge Zatko maps these solutions into Counter Intelligence and Counter b Espionagemodels andfinally applies them to low level network Better known as Mudge,the hacker who testified to the Senate that he could “take the Internet down in 30 andsystemscommunications. This presentation involves audience r minutes”, Zatkohas been a pioneer ofthe commercial participation to point out ways of breaking the helplessness cycle information security and warfare sector since the 1980s. The leader of the hacker think-tank “L0pht”, he founded (for the defensive side) or to better target areas for exploitation @stakeand Intrusic and currently worksas a Division (for theoffensive side). i Scientist for BBN Technologies (the company that designed and built the Internet). e Mudge is the creator ofL0phtCrack - the premier MS password auditor,SLINT - the first source code vulnerability auditing system, AntiSniff - the first commercial f promiscuous system network detection tool, and Zephon - Intrusic’s flagship product focused on Counter Intelligence /Counter Espionage for corporate Insider-Threat. His other i software works are now included in several distributions of commercial and public domain operating systems. n As a lecturer and advisor Mudge has contributed to the CIA’s critical National security mission, was recognized as a vital contributor to the success of the President’s Scholarship for Service Program by the NSC, has briefed g Senators,the former Vice President and President of the United States, and has provided testimony to the US Senate multiple times. s An honorary plank owner ofthe USS McCampbell and referenced as part of ‘U.S. History’ in Trivial Pursuit, his mission remains constant to “make a dent in the universe”. b l Physics, Psychology, and a Economics as applied to c Counter Intelligence / Counter k Espionage InfoSec h a Mudge t Division Scientist BBN Technologies {[email protected],[email protected]} b r Background i L0pht e EOP Executive Office of the President DPC Georgetown University f @stake Democratic Policy Committee DoD CIA OST/P i Office of Science and Technology Dept. of the Air Force Dept. of Commerce n PCIP NSC M.I.T. Partnership for Critical Infrastructure Protection National Security Council NSA g BBN Dept. of the Navy Intrusic U.S. Senate Dept. of the Army s U.S. House of Representatives JCS FBI digital self defense b l Contributions to the Field a •L0phtCrack (aka LC4) •Modstat local kmem advisory c •AntiSniff •Sendmail 8.7.5 advisory •L0phtWatch •Test-cgi remote inventory advisory •NFR (IDA) •Imapd local shadowed password file retreival advisory •Zephon •Solaris getopt(3) ElevatedPriveleges advisory k •SLINT •RedHat 6.1 Init Scripts Race Condition advisory •First explanations and public presentation of how •Cactus Software Shell-lock cipher to plain-text retrieval to write buffer-overflows •Security Analysis of the Palm Operating System and its •MonKEY Weaknesses Against Malicious Code Threats •DragonBallz •Initial Cryptanalysis of the RSA SecurID Algorithm •Kerb4 - Kerberos Auditing tool •Cryptanalysis of Microsoft’s PPTP Authentication h •Sculpting of MS security response organization Extensions •Forced Intel to create security response •Cryptanalysis of Microsoft’s Point-to-Point Tunneling procedures and channels Protocol •Considered one of the fathers of ‘Advisories’ •Etc. a •Crontab local root Advisory •Etc. •Recognized as a vital contributor to the success of the President’s t Scholarship for Service Program by the National Security Council, Executive Office of the President b r Psychology (1) i e Functional Fixation and Learned Helplessness f i Answering Machines Lo-Jack n Cell Phones (scanners, tracking, clocks, capabilities) g Coins s Who {was,is} Mudge? digital self defense b l Psychology (2) a The Finality of Initial Spin c (implied biased interpretation) k •Advisories and Tools •L0phtCrack - LC4 - John the Ripper •Bo2k - PC Anywhere - VNC h •ISS - Virus/Worms •Presentations semantics a •Passive vs active voice •Vendor security warnings t How important is Funtional Fixation again? b r i e f How Serious is Functional Fixation? i n g s digital self defense b l Intrusion v Attack v Compromise a Attacks draw unwanted attention. It is, and always has been, c preferable in most situations to use credentials that are permitted on a system - however those credentials are obtained. This way, there is no actual “attack” as far as IDS would k classify it. Like a mole in a government agency, the greatest value is achieved through unnoticed longevity in the target h environment. The expected movement and characteristics of information and it’s handling related to business functions must change in these cases and provides us the ability to a identify such covert activities. Profiling the business functions and their information flows on the internal network is the important component, not profiling the people. t b r i e f i n g s digital self defense b l a c k h a t b r Current Environment i e Intruders are already inside most corporations often sitting on key components of critical infrastructure usually without f knowledge of exactly what they are in control of accidental catastrophic failure is possible intentional catastrophic failure is possible Passive control of systems is much more desirable than i disruption or damage without purpose Target selection is opportunistic n The selection is often acquired from within a large selection of systems, usernames, and passwords of already compromised systems vpn - scanning DSL/Cable/Dialup - [also known as Island Hopping] [ sniffed credentials of corporate accounts accessed from schools/universities [Fluffy Bunny demonstrated and documented this in his compromise of Akkamai, and other g substantial environments] shell systems or other large user-base machines through trojan’d binaries/applications sniffed credentials obtained via compromised systems at ISPs Passive control and tools have not changed much since pre 96 s Cloaking tools have not changed much since pre 96 digital self defense b l a c k h a t b r Counter Intel 5 Step Identify i Identify the network reality to target and monitor e Analyze f Analyze compromise indicators and data i Predict n Predict probable compromises and threat instances Confirm g Confirm compromise and threat instances s Produce Output Produce output with enough background and correlations to prove beyond doubt digital self defense b l Clients and Servers a c Produce (C/S) ? Consume (C/S) ? k Initiate (C/S) ? Receive (C/S) ? h “Constant” in purpose (C/S) ? a “Single” in scope (C/S) ? t b r Periodic Request Spacing? i e f i n g s digital self defense b l a Stepping Stones c k h a t b r Interactive vs Non-Interactive i e Small data packets making up most of the f “server’s” data Large deviations / variances in the time i span between packets n Both large and small data packets making up the “client’s” data stream where there g are distinct groupings of large vs small. s digital self defense

Description:
L0pht @stake EOP Executive Office of the President OST/P Office of Science and Technology PCIP Partnership for Critical Infrastructure Protection NSC National
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.