07 Aug Defcon 2011 Talks - APT, Citrix Hacks, Amazon AMI Cloud Security Kurt Baumgartner
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
APT is gaining much more press attention recently with RSA and Northrup Gruman intrusions making it into the news. A set of researchers from Taiwan presented their APT related data at "Balancing the pwn Trade Deficit". Based on a known APT malware set, they developed methods for clustering the malware to identify and make sense of the growing heap of it. While they withheld some more sensitive information and their work has mostly focused on attacks in southeastern asia, their content and project is an interesting one.
They requested that individuals (system administrators, etc) suspecting APT components on their networks upload the files at xecure-lab.com to help research them. Visualization of analysis data and confirmation or denial that the component is APT related will be provided.
Citrix system administrators should quickly refer to the "Bosses Love Excel, Hackers too" material put forward towards the end of the day by spanish security researchers and funnymen Chema Alonso and Juan Garrido. They demonstrated reliable attacks on Citrix systems using both default configured systems, and more locked down systems. The techniques alarmingly demonstrated how security policies can be evaded every step of the way while using Excel on Citrix.
Later in the day, Ben Feinstein and Jeff Jarmoc talked about more security issues with cloud computing. In this case, they focused on Amazon cloud services and the Amazon Machine Images (AMI) used to spin off virtual machines. Their data included findings that 30% of all the open source based AMI being uploaded and publicly shared at Amazon maintain a public disclosure of sensitive information. This sensitive information may be SSH keys, identification tokens, bash history files that maintain user and host names and other common ways that credentials are exposed. Security for the cloud is becoming more overcast.