Profile cover photo
Profile photo
Dragos Ruiu
Stop, Think, Pwn.
Stop, Think, Pwn.
About
Dragos's interests
View all
Dragos's posts

Post has attachment
Why is the security functionality always the most vulnerable. Microsoft Application Verifier Provider vuln. http://goo.gl/Bsbqp5

One of the incidents that has bugged me a lot, is trying to figure out how the display drivers on one of the computers we will use to project classic arcade games to play with XArcade tank sticks on big screens so folks can get their Street Fighter rivalries settled for the party room at CanSecWest changed. It had bugged me because this computer had no network cards, and had never been networked since we were using a special os image and drivers a bunch of very kind and gracious folks at Microsoft had helped us debug to get it working at a previous year's conference for this specific single use. Now I can put that mystery to rest(and begin other investigation :-) because I realized that machine had shared HDMI monitors (a "smart" TV) with another computer of more dubious security level and configuration. Someone must have gone there. Guess folks (well me really :-) need to remember that secured computers sharing monitors is the computer equivalent of unprotected sex, especially since HDMI 1.3 and later made HDMI == Ethernet.

Post has attachment
There are really a very large number of ways that high resolution timers are dangerous weapons - which should have access controls for safety, and here is another new one: Timing MMU page table walks from Javascript to nullify ASLR address space randomization portably on many many OSes and computers. FYI the only vendor I know that gives you granular control of high resolution timers, allowing the owner to enable or disable them from BIOS, is Intel - another reason I like their hardware so much.

http://goo.gl/cEgdVU

Post has attachment
‪mac macro malware http://goo.gl/u73sPJ‬

Post has attachment
Chrome 56 adds Bluetooth data harvesting. http://goo.gl/g8aWt6

Post has attachment
MySQL Hack-Fu
http://goo.gl/mYlkY9

Post has attachment
‪powershell Tater for tots http://goo.gl/pL3RMG‬

Post has attachment

Post has attachment
(Edit: top-post P.S. Let's talk about "Weapons Grade Sound Systems" - Forcing Unintended Drone Ground Plane Intersections using Resonant Frequencies of MEMS Gyros -- http://goo.gl/St70nD )

Ok this is far along enough now to talk about and announce: This year at CanSecWest, with generous support from sponsors some folks will be assembling a netted off drone racing course in our lounge (the same one we use for the late evening parties). There will be a series of races in different classes, schedule TBD, and with some substantial prizes, also TBD.

The drones will be essentially stock build TinyWhoops and Inductrix's. We plan on eight way races, and for folks who haven't flown drones, we will have some drones there for folks to race in the open class. All you have to bring is yourself (and maybe a usb battery, micro usb charge cable, and an Android or iOS bluetooth device for it).

We will also have an unlimited class where folks can bring their own TinbyWhoop drones in based on this size brushed motor drone. But it must be FPV, because we plan on a fairly fancy course with electronic timing that triggers off the RSSI of the video channel - so you can't use the now well know perfomance hack of bringing in a non fpv racer to blow everyone away. :-) We'll set up some kind of communications venue for smack talk shortly.

If you are interested in either of these activities for conference attendees, please message me, so I can put you on the list.

cheers,
--dr

Post has attachment
‪Wordpress world-writable vuln
http://goo.gl/6l0UzH
Remember that blog post that was really incorrect?‬
Wait while more posts are being loaded