The Day of the Updates

Presented at DEF CON 17 (2009), Aug. 1, 2009, 7 p.m. (50 minutes)

Software updates apply patches or introduce new features to an application. In most cases, the update procedure is conducted in an insecure manner, exposing the updater to execution of malicious code or to manipulation of application data such as anti-virus signatures. This presentation will describe in detail different application-update procedures. It will then demonstrate several techniques of update-exploitation attacks, and introduce a new tool, which leverages a man-in-the-middle technique, to build and inject a fake update reply or hijack an on-going update session.

Presenters:

• Tomer Bitton - Security Researcher, Radware
  Tomer Bitton is a Security Researcher at Radware, Inc. He is obsessed with rootkits and malwares and does exploits development and vulnerabilities analysis for a living. Prior to joining Radware, Tomer was a Trojan Specialist in RSA Anti-Malware Team
• Itzik Kotler - Security Operation Center Team Leader, Radware
  Itzik Kotler is Radware's Security Operation Center Team's Leader. He manages a team of researchers that follows him into exciting adventures in the dark world of networking, where every standard and rule can be bent and vulnerabilities are lurking on every bit and byte. Radware SOC is a vulnerability research center that develops updated signatures and new techniques to defend known and undisclosed application vulnerabilities. Prior to joining Radware, Itzik held a number of security research positions

Links:

• https://defcon.org/html/defcon-17/dc-17-speakers.html#Kotler
• https://infocon.org/cons/DEF CON/DEF CON 17/DEF CON 17 video and slides/DEF CON 17 - Itzik Kotler and Tomer Bitton - The Day of the Updates - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=OwW98Jjz6GM

Similar Presentations:

• Still Hacking Anyway (SHA2017) / Update the updates
• ToorCon: Seattle 2011 / FreedomBox Technology Update
• ToorCon San Diego 1 (1999) / Update on the Hacker Scene