The Black Hat USA 2006 conference ended August 3. Several presentations at the show made some big waves. This week, I'll briefly summarize some of the more notable happenings in relation to Microsoft.
You might have read any of the dozens of news stories about the Wi-Fi driver problems. David Maynor and Johnny Cache (a pseudonym used by John Ellch) demonstrated that they could hijack an Apple MacBook system even when it wasn't connected to a wireless Access Point (AP). Some of the stories implied that the flaw was within Mac OS X. But as Maynor pointed out in his presentation, "Don't think however that just because we're attacking an Apple that the flaw is in an Apple. We're actually using a third-party wireless card." Maynor and Ellch also discovered flaws in third-party Wi-Fi drivers for Windows platforms. So the problems aren't with any particular OS but instead reside firmly with third-party driver developers whose code contains significant flaws.
Maynor and Ellch played a recording of their presentation at the conference instead of doing it live because they didn't want to risk having someone intercept Wi-Fi packets at the conference to discern the exact nature of their attack while various vendors are working on solutions for their problematic drivers. If you want to see Maynor and Ellch's presentation, you can watch it at YouTube:
Another interesting presentation was given by Dan Kaminsky, who demonstrated a method of probing TCP/IP networks to determine whether a given Internet backbone provider is manipulating traffic based on its type or origin. Backbone providers have made noise recently about wanting to charge content providers, such as those who provide large amounts of audio and video, more money to carry high-bandwidth traffic. Kaminsky's tool would help reveal which backbone providers are already practicing traffic shaping. He plans to release the tool as part of his Paketto Keiretsu toolkit, which he intends to update in the next half year. You can learn more about Paketto Keiretsu at his Web site.
Joanna Rutkowska made some waves too when she demonstrated how to load unsigned code into Windows Vista. Her attack requires that the code run under an account with administrative privileges, and Vista's new User Account Control (UAC) feature will help defend against such attacks, provided users don't make mistakes answering a plethora of prompts. Also, Microsoft has reportedly fixed Rutkowska's path of attack in later builds of Vista. I'm not sure whether she'll post her presentation online, but you can monitor her Web site if you're interested:
Microsoft was out in force at Black Hat watching presentations and giving eight presentations that touched on various aspects of Vista security and Microsoft's changing security landscape. During his presentation, John Lambert, security group manager in Microsoft's Security Engineering and Communications Group, said the company is putting Vista through the biggest penetration testing process in history.
I remember years ago when people (myself included) cried out for Microsoft to hire hackers instead of opposing them when they discovered and released vulnerability reports. Well, now Microsoft has reportedly hired numerous companies and many well-known hackers to help with various aspects of security, including penetration testing--and I must say, it's about time!