Old attack vectors are back in style

Black Hat: Like hip-huggers and tweed, once-popular attack methods like ciphertext manipulation are finding new life as hackers look to cut through well-worn Web applications.

LAS VEGAS -- While many of the talks at Black Hat USA 2006 this week focus on new vulnerabilities or innovative techniques for attacking known flaws, one session showed in graphic detail that sometimes older attack methods can be just as useful.

Chris Eng, director of security services at Burlington, Mass.-based security analysis firm Veracode Inc., on Thursday demonstrated several techniques for analyzing encrypted data in Web applications and recovering sensitive information, such as usernames and passwords.

Eng, a veteran penetration tester and former consultant for security giant Symantec Corp. and @stake, said there's no need to bother attacking the algorithms used to encrypt data in cookies if you understand how a Web application's cryptosystem works.

Black Hat USA 2006

Check out SearchSecurity.com's special coverage of Black Hat USA 2006 as reporters from SearchSecurity.com and Information Security magazine post the latest news and tidbits from Las Vegas.
"It's all about recognizing the patterns and understanding how changing one piece of data affects the ciphertext," said Eng.

He cited an example in which a Web application uses a block cipher to encrypt cookie data. By examining the ciphertext, Eng could see that the cipher was in Electronic Code Book (ECB) mode, which means that identical plaintext blocks are encrypted identically and are easy to recognize. Eng then began modifying pieces of data in the cookie that he could control, such as the email address, and observing how the modifications changed the block.

Once he identified where in the block those pieces of data were, he could manipulate the ciphertext itself, using it to build his own cookie for the site and impersonate another user.

"This isn't a brand new attack, but it takes some time to understand how it works and what it can do for you," Eng said. "There are major companies with live Web apps that are at risk from this."

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close