Discussion in 'other security issues & news' started by MrBrian, Dec 28, 2011.
From Prediction 2012: Hackers Will Find New Fertile Ground to Pharm:
Oh, I love this article haha Thank you MrBrian.
What was that about blacklisting again?
Haha, oh I definitely agree with them. Blacklisting is reactionary and ineffective. But if I were to design a program it would include it though in a very different form.
I am not quite done with the article but I do agree with them.
With the exception of infrastructure attacks, which I very much believe are going to come, and come hard, I think 2012 will still be the same old, same old. The security industry isn't learning anything, so hackers don't have to work much harder than they have been. That said, I believe the coming year will see more attempts, and serious ones to eat away at the Chrome sandbox. It can and will happen, but perhaps it won't fully succeed in 2012. They'll still keep trying though and, if they can pull it off, I can easily see Chrome popularity taking a nose dive.
Sometimes this is all good fun. I felt you might have had someone in mind with your initial post, HM
Yeah, I don't necessarily think that suddenly the hackers will go "Hey, it's 2012 let's change it up." But I do agree with their points, whether the predictions based on them will happen or not.
Why talking always about the doom that will happen to Chrome's sandbox? I don't see anyone talking about IE's sandbox doom... and that one exists since late 2006.
As anyone ever seen any exploits successfully bypassing IE's sandbox?
Sandboxes in general may be bypassed as kernel exploits start popping up. I doubt that IE's sandbox will somehow last forever while Chrome's falls to pieces since Chrome has quite a few more restrictions. Both bare ACL based so they're both going to fall apart at the same time.
It's inevitable, M00n. You don't necessarily have to break the sandbox in IE (if you can really call it a true sandbox) to screw with it. In Chrome, it's all but required to crack the sandbox to have any real harm done. I say all but required since extensions in Chrome are still a wild card. Honestly, it really doesn't matter what you throw at hackers, they'll bust it wide open in time. Back in 2006 the security and malware landscape looked different as well.
I would absolutely call it a true sandbox. Who wouldn't?
I agree on some level though. If I use IE as a vector of attack I can still accomplish a lot in the sandbox. If I use chrome as a vector of attack there's much less I can accomplish in the sandbox.
Agreed. Once the kernel bombardments start becoming more common, all bets are off. Guys, the war with malware is only going to get worse. The big problem is that the good guys are still using the same technology and weapons they always have. It's like putting your boots on the ground in Afghanistan with muskets.
If you face a kernel exploit attack, a browser's sandbox bypassed should be the least of your concerns.
Forever is a long time, isn't it? We also don't know what the future will bring us in terms of browser security (an operating system security). By then, we'll have other security technology for sure. If we don't, then you can say it's doom... or not... even by then there will be easier fish in the ocean to catch... as it happens today.
Depends on the exploit. Let's say the exploit is in a system driver stored at C:/driver/
and your sandbox doesn't give access to that driver. Kernel exploit mitigated! =p
Still, I think attackers won't focus on Chrome or IE9 sandboxes. Why bother? The payoff is great (millions of users + kernel access) but nearly as much can be accomplished with a nice simple OS portable exploit in the Oracle VM.
Attackers want to make money. Save the 0days for cyberwarfare, spray as many cheap and easily mitigated exploits as you can at the rest of teh world.
I can't argue with that point. There are a lot of easier ways to get the job done. Busting open Chrome will happen, but perhaps it will be more of an epeen thing at first. Eh, crap, our brains may be wired to the net in 10 years, if we even still have a net, I don't know, lol.
I was talking about a successful kernel exploit.
But, as you pointed out, it isn't all doom. Which was my point.
Exactly. Why bother, when there's easier fish out there? Which is why I also said that it isn't all doom. And, if it was that easy to bypass those sandboxes, we'd be seeing it everyday.
Yes, extensions are the weakest vector in Chrome, since there's no vetting process.
But, I wouldn't call it inevitable. Yes, back in 2006 it was different; but, I'm also pretty sure everyone thought it was all doom for Windows and IE. Microsoft introduced a lot of security technologies for both Windows and IE. Nowadays, it isn't that easy to infect a system using IE9 in Protected Mode (read bypassing it).
Windows 8 will bring more, including an enhanced ASLR, if my memory isn't degrading by now.
Sure, there's still social engineering and all that. But, that's the easy fish out there, isn't it?
Could security be different (=more efficient)? Totally, and hopefully over time we'll see something different... Let's hope... lol
I don,t understand how it can happen?
By living in RAM or within a process that's already on disk I assume.
Extensions are weaker in that there's no vetting and therefor more exploits or even a malicious extension.
But in the case of an exploit there still is the sandbox - if your Twitter extension (for example) gets attacked but it doesn't have access to your passwords neither will the attacker.
Windows 8 will include a more randomized ASLR, which is nice but no real biggie for Chrome or IE - Chrome already randomizes its own address space and then has the OS randomize it further, IE uses (I believe) Null Pages so overflows are considerably more difficult and the 64bit version will already be very random.
num me vexo
Did I miss out on these exploits, because I don't remember seeing any in the news?
I think they're saying that the browser/ plugin was exploited and it hopped over to the OS services, which would let them elevate in the case of Windows 7 default UAC.
Oh. maybe that's it then. Thanks!
Just my interpretation but I think that makes the most sense.
The big deal there is that they can go from, say, Flash over to your explorer.exe via thread injection probably making use of ROP and then elevate straight to admin on any common system. They avoid AV's and they gain admin privileges in one exploit.
This is where AV's just fall to pieces and something like Sandboxie might do a better job.