Adventures in SoCal (when it's not on fire)
Ah, just back from Toorcon in San Diego. I’ve been doing Toorcon for years; it’s one of my favorites just from the perspective of everyone being able to hang out freely with no distance between “speakers” and “attendees”. Lots of smart people up to great stuff — Nate McFeters actually told me of a brilliant and obvious (in retrospect) attack against the JVM’s 11 year old DNS Rebinding defenses:
1) Tell JVM to load your code from http://www.attacker.com (attacker IP)
2) Crash JVM
3) Rebind http://www.attacker.com to target IP
4) Tell JVM to load your code from http://www.attacker.com. It won’t go out to the target IP — it actually has a local cache, keyed on hostname only.
Yes, they reimplemented the 11 year old DNS Rebinding bug. *sighs* Apparently it’s fixed, or is about to be anyway.
So one of the really cool things about giving these talks is seeing how people process the information and go off in a hundred different directions. Check this line of thinking out — apparently, the entire plugin API never thought hosts or IPs would ever matter, and people have been hacking that information out of the DOM since. Every once in a while, as a security auditor, you see a system that is clearly designed in such a way that it implies its own exploit. This is a good example.
It’s wandering season! I don’t get to do nearly as many new cons as I’d like (and people have no idea how much it kills me not to be able to accept every invitation), but this month I’m actually hitting not one but two new events. First, I’m flying out for Bar Camp LA this weekend, November 3rd and 4th. Bar Camp is interesting — it’s a sort of “pattern” for a semi-self organizing weekend con that’s gotten syndicated out worldwide. Check out the main Bar Camp Wiki — there’s something like 29 of these coming up in the next few months. I have a lot of fun every time I stop by Los Angeles (understatement), and Bar Camp should be especially interesting as I get to hang out with a whole new crew of smart people, not all of whom are even hackers.
(Side note: Spent some time hanging out with some guys from the Golem Group at Caltech, who were all too happy to show me running simulation code from their entry into the 2007 DARPA Urban Grand Challenge. I got to watch a live recording of the real world as a series of OpenGL Particles. LIDAR is officially awesome. This alone made that day grand; the bouncy castle, the mexican wrestling masks, the lecture on biological logic, and the feather boa put it into an entire new class of awesome.)