Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Update Vincent BRILLAULT HEPiX Spring 2014, Annecy.

Published byKatrina Ball Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Update Vincent BRILLAULT HEPiX Spring 2014, Annecy."— Presentation transcript:

1 Security Update Vincent BRILLAULT HEPiX Spring 2014, Annecy

2 Vincent Brillault Crypto-Currencies 2

3 Uncontrolled currencies Create an account == Generate new address Wallet: list of addresses & private keys Exchanges with real currencies Vincent Brillault3 Crypto-Currencies HEPiX Spring 2014, Annecy

4 Vincent Brillault4 Transactions everywhere (chains) HEPiX Spring 2014, Annecy A_1 B_1 C_1 4 BTC (B_1) 2 BTC (B_1) 5 BTC (B_1) 11 BTC For A_1 2.3 BTC (C_1) 0.2 BTC (C_1) 2.5 BTC For A_1 11 BTC (A_1) 2.5 BTC (A_1) 12 BTC For D_1 1.5 BTC For A_2

5 Block: – Contains aggregated valid transaction – Proof of work: hard computer problem BTC: hash(block) < target Miners: – Hash blocks until someone find good one – Paid: Per solved block Per transaction (if it included a mining fee) Vincent Brillault5 Block Chain & Miners HEPiX Spring 2014, Annecy

6 Vincent Brillault6 Exchange rates: BTC USD HEPiX Spring 2014, Annecy © Blockchain.org

7 Vincent Brillault7 Mining malwares HEPiX Spring 2014, Annecy © Kaspesky

8 Vincent Brillault8 Interesting transactions HEPiX Spring 2014, Annecy

9 Vincent Brillault9 Interesting transactions HEPiX Spring 2014, Annecy

10 Vincent Brillault10 Why ? HEPiX Spring 2014, Annecy Make money out of botnets ([CG]PU -> $$) Very low traceability: – No link address user (except exchanges) – Laundering: create new addresses and move coins

11 Forbidden by VO AUPs Increasing number of incidents: – Tests – Benchmarks – Malicious jobs Cost: – CPU time – Forensics, investigations … Vincent Brillault11 EGI / WLCG: mining jobs HEPiX Spring 2014, Annecy

12 VOs: – Remind users of the AUPs – Make examples (temporary ban users) ? Sites: – Look for standard mining software – Monitor network (connection to known pools) Virtualization: detection by sites harder Vincent Brillault12 What can we do for the grid ? HEPiX Spring 2014, Annecy

13 Vincent Brillault SSL/TLS & x509 13

14 Apple SSL: Wrong certificate validation GNUTLS: Wrong certificate validation Vincent Brillault14 Broken SSL libraries HEPiX Spring 2014, Annecy

15 Vincent Brillault15 HeartBleed: What ? HEPiX Spring 2014, Annecy © XKCD

16 Vincent Brillault16 HeartBleed HEPiX Spring 2014, Annecy Reason: – No input sanitization! – Openssl maintained by 6 peoples (1 paid) Costs: – All password changed – Certificates revoked & rekeyed

17 Vincent Brillault17 HeartBleed: “fixed” HEPiX Spring 2014, Annecy

18 Vincent Brillault18 HeartBleed: Lesson Learned HEPiX Spring 2014, Annecy

19 Vincent Brillault19 Grid impact HEPiX Spring 2014, Annecy Lots of services protected by old versions Most vulnerable (web)sites fixed promptly – Thanks! Client certificates can’t be leaked on servers Still pending: clients vulnerability: – Hard to detect – Hard to abuse (require MITM)

20 Vincent Brillault20 X509 Validation HEPiX Spring 2014, Annecy Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations Chad Brubaker and Suman Jana

21 Vincent Brillault Windigo 21

22 Vincent Brillault22 Windigo HEPiX Spring 2014, Annecy Large scale malicious operation – Targeting mainly servers – Without using 0-days or vulnerability (mostly) Two parts: – Botnet building – Botnet exploitation (making money)

23 Vincent Brillault23 Botnet building: Ebury HEPiX Spring 2014, Annecy Ebury already presented during last HEPiXs Two versions: – Malicious SSHD binary (old version) – Malicious libkeyutil library (loaded for sshd) Malicious activity: – Backdoor based on magic ssh version string – Credential Exfiltration

24 Vincent Brillault24 Ebury Exfiltration HEPiX Spring 2014, Annecy Credentials exfiltrated: – Password from compromised servers – Password to compromised servers – Private ssh keys from compromised servers Exfiltration: – Encoded DNS query: passwords & username – Shared memory: privates keys & passwords

25 Vincent Brillault25 Ebury Exfiltration HEPiX Spring 2014, Annecy DNS queries: – Domain Generation Algorithm: identify server – Protections: Redundancy (old): compare 2 requests Signature (new): Sign exfiltration IP with private key Shared memory – Every credential is stored to memory – Backdoor (‘cat’) used to fetch them – Easily identifiable (0666 & big): recently fixed

26 Vincent Brillault26 Botnet exploitation HEPiX Spring 2014, Annecy Send spam from the backdoor Perl/Calfbot: send spam from servers Linux/Cdorked: – Redirect users to malicious websites – Infects clients & sent spam Activity dissimulation (proxy)

27 Vincent Brillault27 Botnet exploitation HEPiX Spring 2014, Annecy © EsET

28 Vincent Brillault28 Botnet propagation HEPiX Spring 2014, Annecy © EsET

29 Vincent Brillault29 Grid ? HEPiX Spring 2014, Annecy No infection so far in EGI ! Stay careful: could easily propagate

30 Vincent Brillault30 Protection/Detection HEPiX Spring 2014, Annecy Protection: – Kerberos authentication not targetted – 2 factor authentication Detection: – rpm –Va (at least keyutils-libs & openssh-server) – https://github.com/eset/malware-ioc

31 Vincent Brillault New threat 31

32 Vincent Brillault32 Surveillance HEPiX Spring 2014, Annecy Theoretical physics is not protected: international center in Italy targeted! © usnewsghost.wordpress.com

33 Vincent Brillault33 Hardware interception HEPiX Spring 2014, Annecy

34 Vincent Brillault34 Man In The Middle HEPiX Spring 2014, Annecy

35 Vincent Brillault Questions ? 35

Download ppt "Security Update Vincent BRILLAULT HEPiX Spring 2014, Annecy."

Similar presentations

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
The easy answers to the hard questions! WHAT IS BITCOIN?

The easy answers to the hard questions! WHAT IS BITCOIN?
ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.

Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
\ 2008-11-13Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.

\ Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Bitcoin is the FUTURE of MONEY!!

Bitcoin is the FUTURE of MONEY!!
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

RFC6520 defines SSL Heartbeats - What are they? 1. SSL Heartbeats are used to keep a connection alive without the need to constantly renegotiate the SSL.

Similar presentations

Ads by Google