Download - THE KOBAYASHI MARU DILEMMA - Virus Bulletin
![Page 1: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/1.jpg)
The Kobayashi Maru Dilemma
Dr Morton Swimmer Trend Micro
Andrew Lee ESET
Nick FitzGerald Independent Consultant
![Page 2: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/2.jpg)
Introduction
• What is the Kobayashi Maru dilemma?
• A few Words of history
• Fighting back
• (Anti-)Postel Thesis
• Flash in the pan?
![Page 3: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/3.jpg)
https://www.youtube.com/watch?v=8N-H1lz3OJ4
![Page 4: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/4.jpg)
The Best Thing About Office 97…
![Page 5: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/5.jpg)
…OK, but Seriously
![Page 6: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/6.jpg)
The Worst Thing About Office 97…
![Page 7: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/7.jpg)
…OK, but Seriously
![Page 8: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/8.jpg)
The Best Thing About Office 2000
![Page 9: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/9.jpg)
And…
![Page 10: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/10.jpg)
Prevalence of Macro Malware
Data collated from Virus Bulletin “Prevalence Tables”, and kindly supplied by Szappanos Gabor, Sophos.
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
![Page 11: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/11.jpg)
So…
• Good guys (Microsoft!?!?!? ) 1
• Bad guys (macro malware writers) Nil
![Page 12: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/12.jpg)
Other Security Game-changers?
• ASLR
• Encryption
• Two-factor Authentication
• CAPTCHA
• Tar-pitting
• Economics
– Taggants
– ChronoPay shutdown
![Page 13: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/13.jpg)
What About Fighting Back?
![Page 14: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/14.jpg)
You Have User Credentials, So…
• Is it OK to delete the phishing page, or replace it with a “harmless” warning page?
• What about logging into the site’s hosting control panel and “just looking around”?
• What about copying other files than those accessible via FTP?
• What about changing the account password and/or owner’s email address?
![Page 15: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/15.jpg)
What About Fighting Back?
![Page 16: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/16.jpg)
![Page 17: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/17.jpg)
You Have the URL, So…
• Is it OK to “dig around” via directory traversal?
• You might find something interesting, like the phishing kit
• Or a data drop file
• Or you might even find a shell…
• …if so, is it OK to use that to dig even deeper?
![Page 18: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/18.jpg)
Demo…
• [switch to browser and demo on an offline copy of this phishing site – indexing was enabled exposing a web shell]
![Page 19: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/19.jpg)
So, Was that OK?
• Dan Cuthbert convicted for “unauthorized access” under UK Computer Misuse Act for URL truncating
• Andrew Auernheimer (a.k.a. weev) – Automated a download of the AT&T list of iPad owners – exposing 114K records including Military, Celebrity and Government – Sentenced to 41 Months in Federal prison and a
$73K fine
![Page 20: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/20.jpg)
Postel Thesis
• Formulated the robustness principle (often called Postel’s Law) stating:
an implementation should be conservative in its sending behavior, and liberal in its receiving behavior
• Basically it is the “anti-engineering” thesis:
it’s good enough if it works (for some undefined value of “works”)
Photo by Irene Fertik, USC News Service. Copyright 1994, USC.
• Jon Postel, original RFC Editor
![Page 21: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/21.jpg)
Anti-Postel Thesis Examples
• Strict SMTP implementations drop a lot of spam because of their strictness
• Greylisting drops a lot of spam by not being “too willing” to be helpful
![Page 22: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/22.jpg)
Other Anti-Postel Thesis Examples
• Any suggestions?
![Page 23: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/23.jpg)
Google Freezes Flash Ads in Chrome
![Page 24: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/24.jpg)
Facebook CSO: Adobe Should Kill Flash
![Page 25: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/25.jpg)
Flurry of Flash Flaws Flanked in Firefox
![Page 26: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/26.jpg)
Facebook’s Apr-Jun 2015 10-Q Filing
• Risks Related to Our Business and Industry
…rely on software that is highly technical, and if it contains undetected errors or vulnerabilities, our business could be adversely affected.
… Errors, vulnerabilities, or other design defects
![Page 27: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/27.jpg)
Facebook’s Apr-Jun 2015 10-Q Filing
Risks Related to Our Business and Industry
… For example, social games on Facebook rely on Adobe Flash, which games are currently responsible for substantially all of our Payments revenue. In July 2015, certain vulnerabilities discovered in Flash led to temporary interruption of support for Flash by popular web browsers. If similar interruptions occur in the future and disrupt our ability to provide social games to some or all of our users, our ability to generate Payments revenue would be harmed. …
![Page 28: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/28.jpg)
Amazon Advertising Joins In Too
![Page 29: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/29.jpg)
RIP Flash?
![Page 30: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/30.jpg)
Questions?
![Page 31: THE KOBAYASHI MARU DILEMMA - Virus Bulletin](https://reader031.vdocument.in/reader031/viewer/2022012916/61c6825fd62e8e335d3e45c3/html5/thumbnails/31.jpg)
Anything Further?
• Find Morton and chat
• Watch Martijn’s blog for announcement next week