Thursday, September 24, 2009

Carnegie Mellon's Capture the Flag Team Excels in Hackjam Competition



Our Hackjam will consist of 10 challenges which relate to Binary Analysis, Reverse Engineering, Exploitation, Web Security, Forensics, and all the other materials that are required to be a hacker. I can guarantee that these problems are not like other CTF's where they have to solve non-sense puzzle, instead of true hacking. We tried to create challenges that greatly resemble real world scenarios and environments, at the same time, adding fun and educational ingredients to them. Trust me, you won't regret it. Sapheads Hackjam

Carnegie Mellon's Capture the Flag Team Excels in Hackjam Competition

By Richard Power


Carnegie Melllon University's "Capture The Flag" (CTF) team, a.k.a. "Plaid Parliament Of Pwning" won third place in a recent Sapheads Hackjam competition.

CyLab researcher David Brumley, the team's faculty sponsor, provides some context: "Capture the Flag is a long running tradition at hacker conventions. It pits teams of security researchers against each other on the same network. There were 100 teams from all over the world, so this is quite an accomplishment. They were top in the US, and solved as many problems as the top two winners."

Brumley also cited CyLab's strong contributor on the success of the effort: "JonghHyup is a visiting scholar at CyLab. Jiyong, Sang Kil, and Ed are all funded by Cylab, and CyLab providing resources and space for the team. Symantec, one of CyLab's corporate partners, was also a sponsor."

Here's the proud roster of Plaid Parliament Of Pwning:

Joseph Ceirante (MS, INI)
Jonathon Cooke (MS, INI)
Brian Pak (Undergrad, CSD)
Sang Kil Cha (MS ECE)
Jiyong Jang (PhD ECE)
JongHyup Lee (Postdoc, ECE)
Ed Schwartz (PhD ECE)
Andrew Wesie (Undergrad, CSD)

Here is my interview with the team.

CyBlog: Describe the nature of this particular CTF contest? And what level of teamwork was required?

Plaid Parliament Of Pwning: General format and rules were similar to other CTF contests, where we need to find a key string to proceed to next stage. However, Sapheads – host of HackJam – claimed that they have differentiated their problem sets from others. Unlike usual CTF contests, they tried to relate problems to real world scenarios.
As problems got harder to solve, teamwork became more critical. The more brains that are coming up with ideas, the more successful you are going to be. It is possible that one person to do entire competition, but doing as a team is more effective and faster.

CyBlog: Give us an example or two of the kinds of problems you had to solve?

Plaid Parliament Of Pwning: Most of the problems required a mixture of several categories of techniques. These categories include binary reverse engineering/exploitation, web hacking, and forensic.
First, for an example of a binary exploitation, we needed to exploit a binary with stack protection that was running on the target server. Specifically, it was checking the integrity of the stack.
Also, as an example of a web hacking, we had to use XSS (Cross Site Scripting) and PHP code injection to access confidential data (in this case, the key phrase).
Third, we also had a forensic problem, where we needed to analyze captured network packets and extract various types of data such as zip and VoIP that gives a hint for password.

CyBlog: What was the most challenging problem you solved successfully and how did you do it?

Plaid Parliament Of Pwning: A problem that was both very interesting and challenging involved reconstructing an OpenSSH private key, that was being used for public key authentication, from the core dump of ssh-agent. This problem was unique because we weren't trying to exploit some bug or reverse a program, since it involved an open source program whose source code was readily available. Instead, it required you to be able to understand the source code quickly, relate it to what was in memory, and extract the information you needed.
Finding the key in memory wasn't too hard. You just needed to follow a couple of pointers and you were at the bytes you need. What made it difficult is the format the key was in: arrays of integers. How does a couple arrays of integers represent the components of an encryption key. Thanks to the source code and Wikipedia, it was trivial to see that each array represented one big number. Then, after sifting through the openSSL source code, which is quite a mess, one can start to imagine how these integers end up representing some really big numbers. And then it is a simple matter of constructing a private key file. Though it was not easy to find documentation for the OpenSSH private keys. Thankfully, after some time, another open source program plus a little luck resulted in a working private key.
Moral of the story, and one that is in the version of openSSH I looked at, letting a program that has your private keys core dump is a really bad idea.

CyBlog: What do such contests teach you about the nature of developing attacks and countermeasures?

Plaid Parliament Of Pwning: One of the ways that the problems got harder is that they started to implement some countermeasures against buffer overflow attacks. Obviously these countermeasures weren't perfect, but they definitely made it more challenging. And this is somewhat realistic: any one with enough time and resources is going to find a way to break your system, the best you can do, for now, is to make it as difficult as you possibly can.

CyBlog: Do you discern any differences in style, skill levels, etc., between hackers from different countries or regions?

Plaid Parliament Of Pwning: What determines the style and skill level between hackers is their past experiences. While the country or region they are from can influence this, it definitely is not a major difference.

Thursday, September 17, 2009

Google Acquires ReCaptcha, Spin-Off Based on CyLab Research



"Google is the best fit for reCAPTCHA," von Ahn said. "From the very start,
people often assumed the project was connected to Google, so it only makes
sense that reCAPTCHA Inc. ultimately would find a home within Google."
Reuters, 9-16-09

CyLab News – Google Acquires ReCaptcha, Spin-Off Based on CyLab Research

Once again, the fruits of research from within the creative matrix of Carnegie Mellon University CyLab has grabbed headlines across the mainstream, business and IT media; this time, its Luis von Ahn and ReCaptcha.

Here are a few excerpts from sample news stories, with links to the full texts:

Acknowledging once again that humans are better than computer algorithms at some tasks, Google said on Wednesday that it had acquired ReCaptcha, a start-up that grew out of a research project at Carnegie Mellon, for an undisclosed amount. New York Times, 9-16-09

"The words in many of the captchas provided by reCaptcha come from scanned archival newspapers and old books," wrote Luis von Ahn, co-founder of reCaptcha, and Will Cathcart, a Google product manager, in a blog post. "Computers find it hard to recognise these words because the ink and paper have degraded over time, but by typing them in as a captcha, crowds teach computers to read the scanned text. In this way, reCaptcha's unique technology improves the process that converts scanned images into plain text, known as Optical Character Recognition (OCR). This technology also powers large scale text scanning projects like Google Books and Google News Archive Search. Telegraph/UK, 9-17-09

Google says reCaptcha's technology can help it with some of its high-profile initiatives, like scanning books and newspapers to create searchable archives. As users type in the words, they help teach computers to read scanned text, improving computer accuracy when converting scanned images into plain text, a process known as optical character recognition.
"Having the text version of documents is important because plain text can be searched, easily rendered on mobile devices and displayed to visually impaired users," Google said in a blog post about the deal.
Wall Street Journal, 9-16-09

Google has no shortage of errors to correct. One of the company's Book Search engineers recently acknowledged that there are millions of errors in the metadata used to describe the books scanned for Google Book Search. No doubt the company's OCR output isn't perfect either.
But such problems look a lot less daunting when one can leverage CAPTCHA input to correct errors.
Information Week, 9-16-09