http://bit.ly/1c3iZCC • Can't ﬁnd the change • Can't ﬁnd the bug report • Appears no empirical testing added to source tree. I'm not an Android expert and the source tree is very large. If you know the answers, please let me know!
earlier reports, the ﬂaw affects all versions of Android, not just 4.2 and earlier, Android Security Engineer Adrian Ludwig told Ars." http://arstechnica.com/security/2013/08/google-confirms- critical-android-crypto-flaw-used-in-5700-bitcoin-heist/
• Open speciﬁcation: ? • Open source reference implementation: ? • Test vectors: ? • Forced to use it: kinda, otherwise you need to ﬁnd a signed provider. • Code approved in Harmony without tests: yes • Any empirical tests? No. • Any security review in 5+ years: ??
recommendation, Android has developed patches that ensure that Android’s OpenSSL PRNG is initialized correctly. Those patches have been provided to OHA partners.We would like to thank Soo Hyeon Kim, Daewan Han of ETRI and Dong Hoon Lee of Korea University who notiﬁed Google about the improper initialization of OpenSSL PRNG." • More details here: http://emboss.github.io/blog/ 2013/08/21/openssl-prng-is-not- really-fork-safe/
VM technology, surely we can do something to speed patching and deployment. • Why does only one version need to be installed? • Can we make it so it's easier to roll back or undo? • Can we get feedback faster from our users if something isn't working?
in real- time. • Sends email when it ﬁnds problems, and explains the ﬁx • And sends positive mail when you ﬁx it • I don't know anything about Ruby or RoR (I'm the dumbest guy), but with BrakeMan I'm not going to make rookie mistakes.
the 1513 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2013-10-23, and the last time suspicious content was found on this site was on 2013-10-23. Malicious software includes 4 trojan(s). "1*GPS 3FTFBSDI
of Contents • password_get_info — Returns information about the given hash • password_hash — Creates a password hash • password_needs_rehash — Checks if the given hash matches the given options • password_verify — Veriﬁes that a password matches a hash (SFBU "1*GPS FWFSZPOF
non- cryptographic, insecure PRNG • Leftover from the 1980s and physics simulations and old computer science problems. • Scripting languages unfortunately copied this model. • And so, we get numerous applications using an insecure system for passwords, reset codes, and worse.
OS provides an API for this. • PHP even provides 2 or 3 different ways of doing this making it more confusing. • Since the Toy Randoms aren't random enough, people set seeds. random_set_seed(1); include "poisonedfile.php"
PRNG will be "slower" • So write your own if it's a problem. • A decent high speed PRNG can be written in a few lines of code if need be. • Every language makes data structure tradeoffs • Why should PRNG be different?
able to quickly integrate into other C infrastructure, including hardware. • Eliminate any performance issue that might be an excuse for not using it. • SWIG-generating bindings exist for PHP, Python, Lua • Or use ctypes or libfﬁ • Let's write one for Ruby at this con!
Team, I worked with • Roberto Salgado @LightOS of http://www.websec.ca • Custom analysis and fuzzing of libinjection • Embarrassing me daily with new exploits. • This provided rapid acceleration of the quality. • Also checkout his SQLi cheat sheet: websec.ca/kb/sql_injection