Faculty Recruiting Make a Gift

Security Speaker Series: Tony Martin (Intel)

12 Sep
Wednesday, 09/12/2018 1:25pm to 2:25pm
Computer Science Building, Room 151
Security Seminar
Speaker: Tony Martin

Security Speaker Series
Cybersecurity Institute

Title:  "Ghost in the Shell"

Presented by: Tony Martin, Security Architect, Intel

Abstract: Home and Business Network Access Devices, because of their complexity and a large number of provided plugins for expanded functionality, continue to suffer from security problems, have been hijacked into crypto currency mining botnets and continue to be the target or ransomware. Digging through some of the more popular brands uncovered multiple, severe security vulnerabilities including reflected and stored XSS, OS command injections, authentication bypass, a system with no CSRF protections and more. This presentation will cover many of the vulnerabilities, showing how one group can be chained for full system exploit. In the course of the investigation, a new class of weakness was uncovered, Ghost in the Shell, that allows for the creation of Ghost admin accounts with Shell access that are not viewable by normal administrative means. This weakness impacts more than just these NAS devices but potentially any system where there may be a discrepancy between the web-based, user management and the underlying operating system used for authentication.

Speaker Bio: Tony Martin is a Security Architect, the Chair of the Software Security Architecture Review Board at Intel and a SME providing guidance to numerous teams. His current focus is on integrating security into various development methodologies, security architecture from IoT to cloud, threat modeling and penetration testing. Previously, he was the security architect for Cisco's AnyConnect and was part of the team setting the corporation's secure development lifecycle policies and procedures. He has six patents in the fields of networking and security architecture and twenty CVEs. Tony volunteers many places including the Packet Hacking Village at DEF CON. He holds a Master of Computer Science with a concentration in Security from Boston University and a Bachelor of Computer Science from the University of Maine.

 

Faculty Host
: