Writing

Reading from Black Hat USA 2008

By · Published
bgp blackhat conference kaminsky research

Black Hat USA 2008 ran 6-7 August. Specific substantive talks included Kaminsky's full DNS disclosure, Pilosov-and-Kapela's BGP-hijacking work, and various other substantive research. Reading notes follow.

This is a longer post because the conference content is structurally important.

Kaminsky's full DNS disclosure

Kaminsky's full talk delivered the technical details that the coordinated July disclosure had withheld. The cumulative technical content matched the public speculation; specific implementation details were informative.

The cumulative disclosure pattern worked. Specific patches had been deployed broadly during the 30-day window between coordinated disclosure and full disclosure; specific operational exploitation in the wild has been bounded; cumulative defensive infrastructure is substantially better than it was on 8 July.

The structural lesson: coordinated disclosure for severe internet-infrastructure vulnerabilities produces measurably better outcomes than uncoordinated disclosure. The cumulative coordination infrastructure should support similar future disclosures.

Pilosov-Kapela BGP hijacking

Tony Kapela and Alex Pilosov demonstrated practical BGP-hijacking techniques. The cumulative work shows that specific traffic-redirection attacks against arbitrary internet destinations are operationally feasible by anyone with BGP-speaking infrastructure.

The technical mechanism: specific BGP announcements claiming routes to target prefixes are accepted by specific BGP-speaking peers; specific traffic to those prefixes is redirected to the attacker's infrastructure. The attacker can inspect traffic, modify it, or pass it through to the legitimate destination unchanged.

Three structural implications.

Internet-routing infrastructure has been structurally trusted. Specific BGP announcements from peers have been accepted with bounded verification; specific cumulative trust assumptions are bounded by routing-policy discipline at participating networks.

Specific cumulative traffic-interception capability is now demonstrated at internet scale. Earlier work showed BGP-hijacking is theoretically possible; the Pilosov-Kapela demonstration shows operational practicality. Specific subsequent operational use is foreseeable.

Specific defensive responses are structurally bounded. Specific routing-policy discipline reduces the cumulative attack surface but does not eliminate it. Specific subsequent infrastructure (RPKI, BGPSec) is years from operational deployment.

The cumulative implication: internet-routing infrastructure is structurally vulnerable to specific traffic-interception attacks. The cumulative defensive trajectory is bounded by deployment of specific subsequent infrastructure.

Hardware-virtualisation rootkit work continues

Following previous years' Blue Pill work, specific subsequent hardware-rootkit research was presented. Specific implementations are now demonstrably operational; specific defensive responses remain structurally difficult.

The cumulative trajectory is consistent. Hardware-virtualisation rootkits remain a meaningful threat category; specific subsequent defensive infrastructure is years from deployment.

Various web-application security work

Multiple talks covered web-application security in specific dimensions. Specific themes:

  • Cross-site request forgery techniques continue to mature.
  • Specific browser-feature interactions produce subtle vulnerabilities.
  • Specific cookie-handling and authentication-flow issues.
  • Web-application-firewall capabilities and limitations.

The cumulative web-application threat landscape continues to develop faster than most operators' defensive infrastructure. Specific subsequent posts will address the trajectory.

Specific platform-vulnerability work

Multiple talks covered specific platform-vulnerability research:

  • Specific Mac OS X kernel vulnerabilities and bypass techniques.
  • Specific embedded-platform vulnerabilities (routers, printers, other network devices).
  • Specific iPhone research — the platform is now attracting substantive research attention.

The cumulative observation: every major platform has substantial vulnerability research; specific defensive responses lag.

What this teaches structurally

Three observations from the cumulative conference reading.

Internet-infrastructure security is now operationally meaningful. DNS, BGP, and specific other infrastructure protocols have demonstrated structural vulnerabilities. The cumulative defensive trajectory requires substantial subsequent infrastructure investment.

The cumulative offensive-research community continues producing substantive work. Specific researchers, specific groups, specific cumulative output. The defensive community's reading discipline remains non-optional.

Specific subsequent infrastructure deployment will determine cumulative defensive state. DNSSEC, RPKI, BGPSec, specific subsequent coordination protocols — all are technically available; specific cumulative deployment is bounded.

What I am doing

For my own work: continued reading discipline.

For Gala Coral: specific applicable lessons inform our defensive infrastructure. Specific cumulative attention to DNS and BGP integrity in the routing path; specific subsequent monitoring for cache-poisoning and routing anomalies.

For my own continued writing: continued tracking of internet-infrastructure security. The cumulative archive grows.

More in time.

Back to all writing