Kaminsky Creates Prototype To Lock Out Attackers

  /     /     /  
Publicated : 22/11/2024   Category : security


Kaminsky Creates Prototype To Lock Out Attackers


Security expert warns the Internet could be lost to regulators and hackers if industry doesnt start locking down security.



BLACK HAT USA—Las Vegas—Security guru Dan Kaminsky is calling for the security industry to embrace the “isolation” architecture of virtual machine and cloud technology as a way to protect online data and end users. Kaminsky, who delivered the keynote address here and detailed his prototype IronFrame browser and a new firewalling technology Autoclave, says the security industry has an opportunity to better secure the Internet.
“We have a seat at the table now, one of the first-class engineering requirements” on the Internet, Kaminsky said in an interview here this week. “We are at a moment where so many things are getting hacked and where there is this drive to do something about security. And it is astonishing to see how the government is incredibly focused on the debate about encryption. It’s sucking the oxygen away from the question of What do we have to do to make security actually a thing people deploy? I want to make it easy... [and] make it integrate.”
“We have to do something or we will lose the internet to regulators and hackers, said Kaminsky, who is chief scientist and co-founder of WhiteOps. His keynote, “The Hidden Architecture of our Time: Why This Internet Worked, How We Could Lose It, and the Role Hackers Play,” was a call to arms for the security industry to step and fix the Net’s security woes.
Kaminsky’s prototype solution basically reduces the attack surface of a browser session by hosting the browser in a virtualized environment that then firewalls off access to potentially dangerous functions. “Give Chrome its own kernel, and give the application what it wants, which is a full kernel with all sys calls and then firewall that,” he said.
He’s been working over the past year on
IronFrame
, a prototype browser that kills clickjacking, so when a user clicks on a compromised ad or other content on a website, he or she isn’t redirected to malicious websites. Clickjacking is where concealed and malicious content and links on a website are layered atop legitimate ones, unbeknownst to the user and the website operator.
IronFrame roperates like a Jenga building-block model, moving the bottom layer of graphics content to the top layer so the browser doesnt even see the phony and malicious layer. It’s a way to end clickjacking by design, Kaminsky said when he first revealed the browser a year ago.
Now Kaminsky has used Autoclave to sandbox powerful functions in online applications that attackers can exploit, leaving the bad guys with only a handful of benign sys calls. “This is for anyone who wants to know how to securely host content” online, he said. “We have to stop providing services [in applications] to the bad guys … You can lock it down so the attacker can’t do anything dangerous,” he said.
“We can do more than blow things up, we as hackers and our government,” he said.
More Black Hat 2016 Content:
This Time, Miller & Valasek Hack The Jeep At Speed
Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters
Browser Exploits Increasingly Go For The Jugular
 
 

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Kaminsky Creates Prototype To Lock Out Attackers