dcsimg
 

Open-Source Tools Carry Dangers

By Sean Martin  |  Posted 08-10-2010 Print

WEBINAR:
On-Demand

EUC with HCI: Why It Matters


There appears to be a never-ending line of open-source tools and commercial debuggers that allow the common computer user to explore the inner workings of nearly every aspect of a computer network system - including hardware, I/O ports, operating system, drivers, and applications. With the introduction of hypervisors, even more tools have become available, opening up the virtual environments to deep inspection and analysis.

A hardware-based attack method, for example, leverages many of the pre-defined functions that exist in the USB Human Interface Device (USB-HID) standard in order to perform cross-platform attacks. With an abundance of USB-HID-enabled devices available in the market, the attacks become extremely easy to carry out.

Hacking the Java client is also a common way to bypass client-side security controls. A Java client-server application can be compromised using an entirely open-source toolset. By injecting an interactive console into the running Java application, one could call any method desired on the client side, thereby bypassing client-side security controls.

There are also myriad ways to exploit vulnerabilities in the device, protocol, application, host, and network components of the SCADA Systems and Smart Meters. These systems and meters control the generation, transmission, and distribution of power throughout neighborhoods across the US. Successful attacks against these vulnerabilities could allow one to steal power from their neighbor. Brings new meaning to 'love thy neighbor,' doesn't it?



 

Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.

By submitting your information, you agree that cioinsight.com may send you cioinsight offers via email, phone and text message, as well as email offers about other products and services that cioinsight believes may be of interest to you. cioinsight will process your information in accordance with the Quinstreet Privacy Policy.

Click for a full list of Newsletterssubmit