Dan Kaminsky is so brave he tried a hack in front of several hundred professional hackers at ToorCon9 today. It isn't just that he acquired a log-in not his own in less than 10 seconds, it's that he even tried it and risked failure in front of several hundred of his peers.
He was demonstrating his latest fascinating find, that a bridge between Adobe Flash and Java lets hackers hijack the browser from within an accepted domain name.
"Flash wants you to be ale to talk to everyone," he says. "So Adobe built the security model of same origin as the site you went to, same name as the site. A bad guy poses as the same place and he's on board."
Playing with programming language from 1995 and from HaXe, he exploits the vulnerability easily.
"Now the browser is the bug," Kaminsky says. "Every browser is a proxy, every browser is a helpful spammer, every browser can be used for clickfraud by proxy," he says, reminding us of $1 billion lost by Google to clickfraud.
Corporate networks to home routers, all vulnerable to attacks from within the domain. Adobe is working on a fix, he says. Sun Microsystems (Java) isn't getting back to him.
"The idea of a design hole so pernicious that a comprehensive fix is unlikely is tragic," he says. "We're going to have to deal with the fact the browser can browse your network."
Photo by Quinnums (Thanks!)
