Date: Fri, 16 Aug 2013 03:21:30 +0400 From: Solar Designer <solar@...nwall.com> To: announce@...ts.openwall.com Subject: [openwall-announce] Looking inside the (Drop) box Hi, We've just posted online our USENIX WOOT '13 slides and paper entitled "Looking inside the (Drop) box" (Security Analysis of Dropbox), by Dhiru Kholia (Openwall and University of British Columbia) and Przemyslaw Wegrzyn (CodePainters): http://www.openwall.com/presentations/WOOT13-Security-Analysis-of-Dropbox/ Dhiru presented this material at WOOT in Washington D.C. on August 13. Also available via a link from the page above is the corresponding source code (dedrop). Here's the abstract: "Dropbox is a cloud based file storage service used by more than 100 million users. In spite of its widespread popularity, we believe that Dropbox as a platform hasn't been analyzed extensively enough from a security standpoint. Also, the previous work on the security analysis of Dropbox has been heavily censored. Moreover, the existing Python bytecode reversing techniques are not enough for reversing hardened applications like Dropbox. This paper presents new and generic techniques, to reverse engineer frozen Python applications, which are not limited to just the Dropbox world. We describe a method to bypass Dropbox's two factor authentication and hijack Dropbox accounts. Additionally, generic techniques to intercept SSL data using code injection techniques and monkey patching are presented. We believe that our biggest contribution is to open up the Dropbox platform to further security analysis and research. Dropbox will/should no longer be a black box. Finally, we describe the design and implementation of an open-source version of Dropbox client (and yes, it runs on ARM too)." Enjoy. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.