How To Catch Key Security Issues Before Your Application Is Built

When is the best time to catch security issues with your application? Before you’ve built it of course!

If you’re responsible for an application from a technical design perspective, the last thing you want to have happen is get all the way into the security testing process and find out that there is a major issue with your application and now the whole thing has to be redesigned!

Well, now your job is even easier, thanks to the Microsoft Threat Modeling tool, and the new 2014 version that has just been released recently.

This tool lets you map out your application flows and then it will automatically analyze it for security issues.

To be frank, I’m not a massive fan of the UI appearance, but I am certainly willing to put up with it because it definitely does a quality job.

Now, whilst I would like this to be a set and forget type of deal… i.e. just put the design in, make sure it says there are no issues and then give it the greenlight, in this interesting world we live in, the bad guys are always evolving… so I’ll still continue to manually review designs and use the tool as an initial quick up front check.

Go grab the tool here, now, it’s free!

MSThreatModelingTool

Now You Too Can Break Into Security Cameras… Just Like In The Movies

What do the following movies have in common?

  • Speed
  • Entrapment
  • Ocean’s 11

Well I think they were pretty enjoyable movies, and classic 90’s Sandra Bullock and Catherine Zeta Jones were certainly easy on the eye.  The key scene in common that I had in mind though is this:  Security camera’s being compromised – e.g. the ‘bad guys’ breaking into a camera and then having footage play on a “loop” so that they have their way.

Is this really possible though? How hard is it to compromise a security camera? Well, surprisingly and disconcertingly it turns out that cameras from a number of vendors are trivial to break into.

It seems the vendors of these cameras haven’t fully thought through the implications of their products being connected to the internet 24×7 and have therefore not placed much emphasis on the software security during their Quality Control processes. The more cynical view of course (and perhaps more accurate) is that in an effort to make a quick buck they don’t really care. Admittedly, if an attacker is determined and well funded enough they will find a way to break into any system online.  However, what is revealed in a recent security research whitepaper shows that these are trivial vulnerabilities to exploit such as:

  • Blindly Evaluating arbitrary code
  • Broken Access Controls

If they required more cutting edge exploits then fine. But these?? Come on. These are not challenging for a script kiddie to pull off. I think we all expect a lot better security around a product that has the word ‘security’ or ‘surveillance’ in its name.

If you’d like the link to the security paper please just contact me by posting a comment.

Is It Possible for an Attacker To Break Out of a VM?

I love VMs – they make life so much easier in many regards all the way from development and spiking new technologies all the way through to being able to provide elastic production solutions.

Of course, they do have their frustrations – such as getting performance right and having the occasional corrupt VM every now and then.

However – let’s consider an issue of security – is it possible to break out of a VM and get direct access to the host? Well, if you’ve been following popular security blogs then you’ll know that yes – it has at least been possible in the past.  How has it been done in the past though? Well, there’s a great paper here. It is slightly old [2009] though it does demonstrate an interesting technique.

Also, back in June 2012 there was also a vulnerability warning published by US CERT that you can read about here.

 

If you’re security paranoid/skeptical like me then knowing that nothing is ever 100% secure, you’d probably expect that there are new ways to still do it.  However, I haven’t come across any recent papers that illustrate new VM attacks.

So what does this really show and what is the point of posting this?

Well it highlights the need to practice defense in depth – i.e. it’s important to avoid thinking that a VM can never break out of another VM and therefore its ok to be blasé about additional security mechanisms.

Weird Hack: Play Pong and Snake in Super Mario World!

Recently I came across an article highlighting how someone had exploited “in game objects” to turn the classic 90’s Super Mario World game into Pong and Snake.. incredible! Essentially the game is susceptible to running arbitrary code.

Here’s a screenshot:

MarioWorld

The original article is here and the YouTube video is embedded there also. The video is a bit slow to going, you may want to jump straight to 1min 30 to avoid waiting.

Anti-Virus Solutions for SharePoint 2013

Well it seems that due to the earlier release of SP2013 than many vendors expected, at the moment there is only one anti-virus vendor that supports SharePoint 2013 other than Microsoft – ESET.  ESET’s product also is only Beta – so this isn’t really ideal for production usage just yet.

ESET Security for SharePoint 2013

Microsoft of course have ForeFront Protection for SharePoint 2010 however the whole ForeFront product line has been discontinued, so you cannot buy it.  If you have an Enterprise Agreement, and want to get it – perhaps speak with your Microsoft Account Manager and they may be able to help you out, depending on your agreement and when you speak with them.  If you do already have it, you’ll be supported until 31st December 2015 and receive anti-virus definition updates until then. From that point onward, you’ll need to migrate to another product. This was flagged by Spencer Harbar here.

You can also read Spencer’s sumamry of anti-virus products and their compatibility & supportability with SP2013.