Wednesday, April 15, 2009

Attack of the Black Hats 2009

Intego's Mac Security Blog pointed out that the Black Hat Europe 2009 security conference starts tomorrow, April 16th. Two of my most un-favorite Mac crackers will be presenting a paper entitled "Fun and Games with Mac OS X and iPhone Payloads". The point of their presentation will be introduce "advanced payloads which help to avoid detection, avoid forensics, and avoid countermeasures used by the operating system for both Mac OS X and iPhone."

White Hats are hackers who try to keep the computer world in order. Black Hats are hackers who try to put the computer world into disorder. The entire point of the Black Hat movement is beyond my comprehension. My opinion is that it is all a matter of human personality. Some centered people relish being helpful to others. Some lost people relish hurting other people. Obviously this is a simplistic description, but I find it to be entirely parallel to the humane versus troll warz on the Internet. The point of trolling is sadomasochistic induction of suffering in others. IOW trolls are mentally deranged. I can't help but think of Black Hats in the same black light. They will never gain my respect, and they like it that way.

But then there is my Angst Theory: Creativity is proportional to angst. When angst is introduced into any living system, the typical reaction is creativity if only to maintain survival or to reach a new steady state. Obviously, too much angst = breakdown of the system. But there are those who believe that contained and defined units of angst are good for a system and keeps it in a state of evolution. Stagnation leads to devolution, aka status quo. For me this explains the revolution imperative in all teenage kids. Teens aren't just trying to establish their own authority and territory. They are in their limited way, with their limited perspective, trying to topple the stagnant and irrational status quo in favor of a system they believe to be more contemporary and sane. This is one reason I enjoy championing creative obnoxiousness in kids and why I believe the entire anti-ADD, ADHD movement is, in and of itself, an illness of our culture. Diversity rules in any natural system. Drugging kids to smash them into status quo molds, conforming them to the spirit of the old age, is demented.

Those who know me can attest to the fact that I am not at all like the persona I typically portray on the Internet. Why do I deliberately induce angst in my readers? I am a change agent. That is part of my personal manifesto within my culture. I am very deliberate about it and know I am doing my job when I upset people whom I believe require upsetting. I also have a fearless rational mind. If I believe my purpose is just, I'll induce angst into anyone. I have no sense of class system or authority. Instead I am what I call a positive anarchist. To put it simply: I believe in maximum choice and maximum responsibility for the consequences of one's choices.

Having now blethered at you my personal POV, perhaps you can understand how I analyze Black Hat hackers. Are they inducing angst into the status quo? That could be excellent! Are they taking responsibility for the consequences? To know that you would have to know each individual involved, and I certainly don't. I can only read the stuff they publish and analyze their words from my personal inner world POV.

Here is my quick analysis of the abstract Dr. Charlie Miller and Vincenzo Iozzo provide for their 'Fun and Games...' paper:
Mac OS X continues to spread among users...
Obviously the word 'spread' was carefully chosen to infer Mac OS X is equivalent to a spreading disease. It has no positive connotations in this context. Sadly, there is no indication of what OS Charlie and Vincenzo would prefer. They're out of their minds if it's Windows, that's all I know. I like to assume they are Linux freaks. There is some basis to this assumption: Linux is rarely bashed, as far as I am aware, at Black Hat tribal rituals. The fact that Linus Torvalds is himself a rebel and that Linux is Open Source freeware tends to lend credibility to the tribals. Or the two of them may simply be UNIX freaks, which explains why they bother with Mac OS X, which is UNIX to the core.
... with this increased market share comes more scrutinization of the security of the operating system.
That has been the history, and I like it.
The topics of vulnerability analysis and exploit techniques have been discussed at length. However, most of these ļ¬ndings stop once a shell has been achieved. This paper introduces advanced payloads which help to avoid detection...
IOW, Charlie and Vincenzo are going to be particularly vicious dickheads this time around. No more water-boarding for them. It's time for flaying and evisceration. I always did enjoy reading Clive Barker, so this could get interesting. But I believe the point here is to make the victim, Mac OS X, suffer for its failings. This is IMHO irresponsible and therefore stupid. It is little kids playing with blasting caps. Charlie and Vincenzo might get their hands blown off or lose an eye. Darn. Worse yet, Mac OS X security might be damaged.

Or will it? If Charlie and Vincenzo are skilled, their coding scalpels will reveal security tumors in Mac OS X that require removal and replacement. Apple will of course respond and Mac OS X could end up more secure. From my positive POV, that is the goal. But from a Black Hat's point of view, what is the point? Self-aggrandizement? Some other form of psychopathic mental orgasm? Again, you have to know the people to know their personal problems.

If you'd like some insight into Charlie Miller, have a read of his recent book "The Mac Hacker's Handbook", written with Dino Dai Zoni, ISBN 978-0-470-39536-3. One of these days I'll be posting a review. He publishes articles at the Independent Security Evaluators website. You can also hear him speak in the Black Hat Briefings podcasts via iTunes. I am willing to bet he also plays the persona game, acting the angst inducing change agent while being a nice guy behind the scene. But you figure him out for yourself.

No comments:

Post a Comment