XSRF Race Conditions and Memory Issues

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Let's talk about cross-site request forgery.
00:00
Where cross-site scripting takes
00:00
advantage of a user's trust in a website,
00:00
cross-site request forgery is the opposite
00:00
because it takes advantage of a website's trust in you.
00:00
For example, you login to
00:00
your bank's website and you get a token
00:00
that says you've authenticated and you're good to go.
00:00
But let's say that while you're logged in you
00:00
also get an email that appears to be from your bank,
00:00
and the message entices you to click on a link to
00:00
learn about something or get some assistance.
00:00
But what clicking on the link actually
00:00
does is it sends a request to
00:00
the bank website to do something like transfer
00:00
some money or something along those lines,
00:00
and it exploits the fact that you're
00:00
logged into the site so
00:00
the bank site trusts you and
00:00
believes you have authorized the money transfer.
00:00
This requires us to use
00:00
some good common sense and watch for things like this.
00:00
Generally speaking, when you're logged into your bank,
00:00
you don't want to have any other windows open
00:00
or other sessions open.
00:00
You just want to log in the site,
00:00
do what you need to do, and then logout.
00:00
That's why these sites also log you out if there's
00:00
no activity after a certain point of time.
00:00
You want to keep this communication
00:00
with your bank very time
00:00
restricted because the longer that connection is open,
00:00
the more vulnerable you are.
00:00
Race conditions are all about timing.
00:00
If I'm able to manipulate
00:00
a system so that I throw off the timing,
00:00
I can take advantage of that.
00:00
There are a lot of processes that
00:00
need that to happen in order.
00:00
For example, I go to a website to
00:00
login and I identify myself with my username,
00:00
then I authenticate by providing a password,
00:00
then I'm authorized to access services.
00:00
But if an attacker can slow down
00:00
the authentication and speed-up authorization,
00:00
then the attacker can get authorized to access
00:00
services without even having to prove his identity.
00:00
That's a race condition.
00:00
Or as another example,
00:00
let's say I go to withdraw some money from an ATM.
00:00
I make on my request and it checks my balance to see
00:00
if I have enough money in
00:00
my account to give me the funds,
00:00
but what if I make a request?
00:00
It gives me the funds,
00:00
and then it checks my account status.
00:00
That is not how it's supposed to work,
00:00
and that could be a race condition
00:00
which has to do with timing.
00:00
There's a certain type of race condition
00:00
called time-of-check/time-of-use or TOC/TOU.
00:00
When a process needs access to
00:00
a configuration file for instance,
00:00
that process is going to validate that the configuration
00:00
files there it contains the information that it needs,
00:00
but what should happen is that the process should verify
00:00
the files there and then immediately use it.
00:00
But if the process verifies that the file is
00:00
there and then 10 other things happen,
00:00
well, an attacker could go in there and modify the file.
00:00
Then by the time the process comes around to use it,
00:00
it is no longer accurate and no longer has integrity.
00:00
That's a time-of-check/time-of-use attack.
00:00
Those are attacks on the system architecture,
00:00
and it's all about timing.
00:00
Now, we have a number of
00:00
memory issues that can be attacks.
00:00
They include: integer overflows,
00:00
memory leaks, and buffer overflows.
00:00
With an integer overflow,
00:00
what happens is that they're values
00:00
calculated that are outside of the expected range.
00:00
For example, I asked for a number between one and five,
00:00
and you give me the number 6.
00:00
It's similar to a buffer overflow where I
00:00
asked you for five characters and you give me seven.
00:00
Both of these cause memory issues and
00:00
input validation and sanitization
00:00
should fix both of those,
00:00
but if they don't then we have a problem on the back-end.
00:00
Then other issues with memory can occur
00:00
when applications just aren't well-written.
00:00
They don't have their stack of memory that
00:00
is allocated to the application,
00:00
but when the application closes
00:00
it doesn't properly release its memory.
00:00
That could cause other applications to have
00:00
conflicts and that could cause the system lock up.
00:00
This chapter had lots of
00:00
information and a lot of this is on the test,
00:00
so you'll want to review it.
00:00
We talked about types of attackers
00:00
like hackers: white hat,
00:00
black hat, and gray hat.
00:00
We said that white hats are ethical hackers,
00:00
but black and gray skirt
00:00
the law or skirt ethical standards.
00:00
We talked about a tax-like malware
00:00
and how it can be distributed in
00:00
a lot of different ways;through attachments in email,
00:00
through backdoor software intrusions.
00:00
We talked about viruses versus worms,
00:00
then we talked about network-based attacks
00:00
like Smurf and fragile attacks.
00:00
We said those are all about spoofing a source address.
00:00
We looked at Wi-Fi attacks and attacks on
00:00
passwords with brute force and dictionary attacks.
00:00
Later, we will fill that discussion
00:00
out by talking about remote attacks,
00:00
and pass-the-hash, and so forth.
00:00
Then we wrap things up by talking
00:00
about application attacks.
00:00
We really want to know these for
00:00
the exam especially things like
00:00
cross-site scripting and the importance
00:00
of input validation and sanitization.
00:00
This is definitely a chapter to go back
00:00
through with a fine toothcomb.
Up Next