Black Clouds On The Computing Horizon

Starting this Saturday, Black Hat USA 2013 will be convening at Caesar’s Palace in Las Vegas. In this series, intended to preview many of the talks and presentations scheduled for the event, SiliconANGLE will focus on the exploitative vulnerabilities associated with big data and how those vulnerabilities can be limited.

Today we are looking at the presentation entitled, ‘Post Exploitation Operations with Cloud Synchronization Services being given by Jacob Williams of CSR Group Computer Security Consultants. Williams, principal consultant at CSR, has more than a decade’s experience in malware reverse engineering, penetration testing, incident response, forensics and secure network design.

Williams’ submitted presentation abstract states he will be focusing on cloud backup solutions as they have been heavily marketed within the corporate structure due to the convenience and ease of use for users to synchronize files between most user devices. With these cloud providers promising services to executives that will “increase employee productivity” or “provide virtual teaming opportunities”, Williams believes these claims make it very likely that most any corporate environment you might seek is probably utilizing one of these cloud backup solutions.

For this reason, CSR released the DropSmack tool, (an obvious reference to the big man on campus in the cloud backup world, Dropbox) at Black Hat EU. The DropSmack tool was able to show enterprise IT groups the specific risks associated with the utilization of cloud synchronization software.

For Black Hat USA, Williams plans to demonstrate DropSmack v2, showing not only how it operates but also explaining how to deploy it within your own operational environment. As DropSmack is intended to point out vulnerabilities, Williams will also discuss some of the countermeasures that can be employed to mitigate attacks, including the encryption of synchronized files by third party software. Also, he’ll discuss how the use of “next generation firewalls” might be used to defeat DropSmack.

For the enterprise defender, Williams plans also to discuss the issues surrounding credential storage in the context of cloud synchronization services. As Williams abstract states, “Several synchronization applications also use insecure authentication methods. We’ll highlight these applications so you know what works, what doesn’t and what you should run (not walk) away from.”

Williams’ presentation should appeal to the penetration tester and the network defender alike. For the penetration tester, a whole new arsenal will be added to your knowledge base. The network defender will benefit because your system can never be truly safe if you are ignorant to the dangers that even exist.

The presentation is scheduled to be delivered at 3:30pm on Thursday, August 1.