Published on October 17, 2010
port 80 It’s All They Need Thomas Powell, PINT and UCSD Saumil Shah, Net-Square
It’s All They Need
There Be Web Orcs! I can SQL injectz you!
Why me ? You’re a commodity (at least your id or cc# is)
Better off undead “ Awake my Zombie army and attack!”
Big Tuna! “ Let’s go spear phising”
Hack for hire
Scalp Bounties World of Warcraft account $4 Paypal/Ebay account $8 Credit Card $25 Bank Account $1000 WMF Exploit $4000 Quicktime/iTunes/Realplayer $10000 Mac OS X $10000* Windows 7 $50000 IE / Firefox $100000 credit: Hacks Happen - Jeremiah Grossman - http://tinyurl.com/hacks-happen 0-day exploits
World of Warcraft account $4
Paypal/Ebay account $8
Credit Card $25
Bank Account $1000
WMF Exploit $4000
Mac OS X $10000*
Windows 7 $50000
IE / Firefox $100000
Bad people are real credit: From Russia With Love - Fyodor Yarochkin and The Grugq - http://tinyurl.com/frmrussiawlove
Build some walls
Man the defenses! “ No worry, firewall’s in place”
We’re awake! and what do you see?
Attack #1 “ Charge!” ../cmd.exe &1=1;droptable
We need a bouncer “ Yer not on the list, so come on in!”
The weak minded are easily tricked “ These are not the requests you are looking for”
0-day to the Face! “ To get our new signature files you need a valid support plan”
The Appearance of Security The Intent Thief: “How quaint a club!”
Real Security Tradeoffs This...
Security Tradeoffs ...or this?
I want it all!
Attack Surfaces and many more
The Usual Suspects Input Tampering SQL Injection XSS CSRF RFI/LFI
Demo Time Presto!
I want to believe! Your Only Defense: Trust No One (User, Packet, Input, etc.)
Questions? Thomas A. Powell [email_address] http://www.pint.com Twitter: PINTSD Saumil Shah [email_address] http://net-square.com
Ports vs Protocols, 80 and 443. ... (like SimpleHelp) they inevitably need to understand ports in some ... If its running on port 80 and its serving web ...
Open Router Ports & Their Security Implications [Technology ... so they scan for ports like 21,22,80 ... all rely on our smartphones. Whether it's ...
Any server machine makes its services available to the ... the Web server would typically be available on port 80, ... What do you need to build a ...
port 80 . This definition is ... port 80 is the port that the server "listens to" or expects to receive from a Web client, ... For most organizations it's ...
In this tutorial we will discuss the concept of Ports and how they work ... TCP and UDP Ports ... IP address with Ports. This all probably ...
... clearly states what it is and what it's used for. So: What is Port Forwarding? ... They need to send packages to many ... that Port 80 is ...
Most computers need to ... a web server will listen on port 80 for ... These addresses reflect the port numbers that people should try to use when they ...
All firewalls provide some ... Source port: TCP port 80. The NAT server checks its translation table ... you need to let ICF know that it’s OK for ...
CanYouSeeMe.org Open Port ... are port 80 and port 25. Port 80 is the default port for http traffic. With blocked port 80 you will need to run your web ...