Rating the World's Most Dangerous Exploits
An interesting article (http://www.theregister.co.uk/2009/04/24/most_dangerous_exploits/) by Dan Goodin who attended a standing-room panel by Ed Skoudis (InGuardians) and Johannes Ullrich (SANS Institute) at the RSA Conference (https://365.rsaconference.com).
While Dan did not post a full list, he mentions the following:
Super-flexible Pivoting: Compromising a DMZ system, then launching attacks into the corporate network.
Pass the Hash: Stealing a user's cryptographic hash then penetrating Windows servers. This is aided by examples of this attack from Core Security (http://oss.coresecurity.com/projects/pshtoolkit.htm), JoMo-kun (http://www.foofus.net/jmk/passhash.html) or modules in Nessus and MetaSploit.
Wireless attacks: Such as compromising a client machine, then launching attacks into the corporate network.
Problems with SSL: They mention use of non-SSL login pages, methods of spoofing SSL sessions, but also "SSL's focus on failed connections rather than those that are successful". Not sure what to make of that - the lack of robust audit features?
VoIP systems: Ullrich stated scans of port 5060 are up significantly compared to last year, some 5,000 scans per day.
And the quote to take away, by Ed Skoudis: "I believe that a determined but no necessarily well-funded attacker can pretty much break into any organization. If you think it's less than 50 percent, I think you need to look a little more carefully."
The focus was on corporate networks, so it would be interesting to hear a similar panel on client systems.
The panel appears to have been session HT1-303, titled "The Seven Most Dangerous New Attack Techniques, and What's Coming Next", which was held Thursday, April 23rd 2009. Dan's article does not mention Rohit Dhamankar (TippintPoint) who was also on the panel, or Alan Paller (SANS Institute) who moderated.
