We have you by the gadgets Hitting your OS below the belt.

Slides:



Advertisements
Similar presentations
IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.
Advertisements

Implementing Tableau Server in an Enterprise Environment
Auditing Microsoft Active Directory
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
Omicron Consulting 1700 Market Street Philadelphia, PA Omicron Consulting 1700 Market Street Philadelphia, PA Should You Upgrade to Windows.
NetAcumen ActiveX Download Instructions
Module 5: Creating and Configuring Group Policy
Web Development in Microsoft Visual Studio Slide 2 Lecture Overview Introduce Visual Studio 2013 Create a first ASP.NET application.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Maintaining and Updating Windows Server 2008
1 CS428 Web Engineering Lecture 18 Introduction (PHP - I)
Module 16: Software Maintenance Using Windows Server Update Services.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
WCA-B324 Get Up!!! YAAAWWWN! App-V 5.0 Get Ready for… Are You Ready?
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Microsoft ® Official Course Module 9 Configuring Applications.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.
DB2 (Express C Edition) Installation and Using a Database
Portal User Group Meeting September 14, Agenda Welcome Updates Reminders.
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
Customer Service and Support Sutherland Global Services Consultant Learning Services Microsoft Store.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
The Microsoft Baseline Security Analyzer A practical look….
Microsoft Windows Vista Chapter 1 Fundamentals of Using Microsoft Windows Vista.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Chapter 4 Initial Configuration Tasks. Understanding the Initial Configuration Tasks window Microsoft now provides a new feature, the Initial Configuration.
1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Support for Vista Unity 5.0(1)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 RubyJax Brent Morris/
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
Deployment via jars and Webstart. How do we distribute our application? Lab says you need to submit CD Lab says you need to submit CD Limitations of CD.
POWERSHELL SHENANIGANS KIERAN JACOBSEN HP ENTERPRISE SERVICES.
Module 5: Configuring Internet Explorer and Supporting Applications.
4. Managing the Desktop Thomas Lee Chief Technologist – QA plc.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Microsoft Management Seminar Series SMS 2003 Change Management.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Virtualization Technology and Microsoft Virtual PC 2007 YOU ARE WELCOME By : Osama Tamimi.
ASP. ASP is a powerful tool for making dynamic and interactive Web pages An ASP file can contain text, HTML tags and scripts. Scripts in an ASP file are.
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
Welcome to a MNSPUG Addition! April 8 th, 2009 What You Need to Know About SharePoint Designer (Now That It's Free) Raymond.
Vista Sidebar Gadgets Steve Marx Technical Evangelist Microsoft Corporation.
UNDERSTANDING YOUR OPTIONS FOR CLIENT-SIDE DEVELOPMENT IN OFFICE 365 Mark Rackley
Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.
G OOD REASONS IT IS BEST TO UPGRADE TO W INDOWS 10 Windows 10 is an os coming from Microsoft pertaining to servers, desktops, laptops, tablets, smartphone's,
Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.
© ExplorNet’s Centers for Quality Teaching and Learning 1 Describe applications and services. Objective Course Weight 5%
Maintaining and Updating Windows Server 2008 Lesson 8.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
PDF Security Issues Doing your bit to help Betsy Kent May 2010.
Defense In Depth: Minimizing the Risk of SQL Injection
ClickOnce Deployment (One-click Deployment)
ArcGIS for Server Security: Advanced
SharePoint 101 – An Overview of SharePoint 2010, 2013 and Office 365
A hit for Microsoft or another foul?
World Wide Web policy.
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
The Application Lifecycle
Microsoft Office Not in Textbook.
ClickOnce Deployment (One-click Deployment)
Securing web applications Externally
Bethesda Cybersecurity Club
Presentation transcript:

We have you by the gadgets Hitting your OS below the belt

Thank you for waking up

Legal Notice Our opinion is our own. It DOES NOT IN ANY WAY represent the view of our employers.

Agenda Who we are What are Gadgets o A little bit of history o Why this matters o How to develop gadgets o Gadget security model What's wrong with them o Attack Surface o Problems found o Demos What do you do about it?

whoami - Toby

whoami - Mickey

Thank you: Itzik Kotler, FX, Ian Amit, Jayson Street, SophSec, Wim Remes, Aviv Raff, Gal Diskin SUZUKI Hisao, Mitko Haralanov, Tim Brown R. Dominguez Vega, SecureTest group #include

What are Gadgets Little applications that run on your Windows desktop For instance:

A little bit of history Windows XP/98 - Concept first introduced as "Active Desktop" o Allowed you to put updating content on your desktop. Vista - Sidebar introduced, first mention of "gadgets" o Gadgets ran in the sidebar "container" couldn't be placed randomly on the desktop Windows 7 - significant changes o Improvements in management: o Gadgets now can be anywhere on the desktop o All gadgets run in a single process o Addition of the enterprise security features o Also - New stuff to help in development

Windows Vista Sidebar

Windows 7 Gadgets

Why this still matters Gadget use is in decline But! This style of app development is taking off o Container-based apps for smartphones that allow you to do all your dev in HTML, XML, Javascript, etc…

Creating Gadgets Cat.Zip  Cat.Gadget

Creating Gadgets Usually just a web app o html o css o javascript o gadget specific manifest file Can also be WPF or Silverlight

Gadget Security Model MSFT provides a detailed explanation o (see references) Code signing is possible but not required Prompt for install similar to standard applications:

Gadget Security Model Most similar to HTA - HTML Applications Basically run in "Local Machine Zone" with some differences: o Can instantiate any installed ActiveX object o UAC  Runs as standard user even if the user is part of the admin group  Can't raise UAC prompts BUT! apps launched by a gadget can Parental Controls apply

Gadget Security Model Some enterprise controls available o Turn off Windows Sidebar. o This policy allows administrators to completely disable the Windows Sidebar. o Disable unpacking and installation of gadgets that are not digitally signed.  Only affects gadgets that are downloaded and installed by double-clicking on the gadget package. All previously installed gadgets, as well as those installed manually, will still function. o Turn off user-installed gadgets. o Override the "Get more gadgets online" link.

Attack Surface Attacking with gadgets Attacking gadgets

Attacking with gadgets Delivery: o Install this gadget? Sure! Sidebar gadgets aren't perceived as being dangerous software or even software at all

Attacking with gadgets So I installed your gadget, so what? I can't do much, just this: o Execute code  Game over Also: o Open URLs o Create files with arbitrary content o Read files o Make your computer speak

Attacking with gadgets Demo time

Attacking Gadgets Gadgets are code. Therefore gadgets are vulnerable Step 1 - Search for gadgets Step 2 - Analyze Step 3 - Profit (and share the findings)

Attacking Gadgets LOTS of malware claiming to be gadgets Minimal use of SSL Lots of ad server connections (no ads displayed) o And domain parking sites A couple primary producers, shared code between gadgets o If you find something in one, it's probably in the others

Attacking Gadgets Poor security practices, easy targets o Multiple ways to inject code o Default Permissions is "full" Traffic sniffing Easy to spot o X64 (proof)

Attacking Gadgets – Traffic Sniffing SSL is haaaaard All downloaded gadgets pulled most of their content w/o SSL Including updated gadget code in some cases

Attacking Gadgets - MitM There are not many gadgets out there, capturing their requests is simple. (AirPwn) Using a custom simple proxy to automate injection. Demo

Attacking Gadgets – Code Injection Any web scripting language o Or powershell Demo

What to do about it? Code is code o Remember not to take candy from strangers Write applications properly For app frameworks o Make the secure method the default method Microsoft’s solution

Security Advisory “Microsoft is aware of vulnerabilities in insecure Gadgets affecting the Windows Sidebar on supported versions of Windows Vista and Windows 7” Fix It Solution Engineering solution that removes the attack vector. Moving away from the Windows Sidebar and towards the Windows Store. Deprecated the Windows Gadget Gallery Updated developer documentation Microsoft Solution

Prior Work Standing on the shoulders of giants CVEs o CVE o CVE o CVE Presentations o The Inherent Insecurity of Widgets and Gadgets - Aviv Raff, Ian Amit o Jinx - Malware Itzik Kotler, Jonathan Rom

References Gadget Security Model o Writing Secure Gadgets o us/library/bb aspx us/library/bb aspx

Thank you ! Q/A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.