Friday 29 October, at 13:00, Tommaso will give a seminar describing the vulnerability we have found on the Windows systems implementation of the Kerberos login service. More information and full paper can be found here.
Lunch seminar means that food is welcome: you can eat your favourite sandwich while Tommaso illustrates the attack
Seminar details follow:
SPEAKER: Tommaso Malgherini
DATE and PLACE: 29 October 2010 at 13:00, Sala Riunioni, Dipartimento di Informatica, Univ. Venezia.
TITLE: Attacking and fixing the Microsoft Windows Kerberos login service
ABSTRACT: We implement and test a recent attack called pass-the-ticket on various real Kerberos implementations. The attack allows a malicious user to physically login as a different one on a target host, under the assumption he is able to mount a man-in-the-middle attack between the attacked host and the Kerberos server. Our results are that all recent Microsoft Windows operating systems are vulnerable to the attack while the MIT Kerberos implementation version 1.6.3, tested on Linux, is not. We have reported through CERT the vulnerability to Microsoft that will fix it in the next service pack.
The seminar is based on the work developed by Tommaso Malgherini in his BSc thesis under the supervision of Prof. Riccardo Focardi.