13:00 — 14:00
Violation of the most valuable: attacks on license managers
It is conventional wisdom that the right approach to doing things is to «Trust but verify». However, corporate solutions often use only the former part of this principle. Third-party code, specifically a license manager (a small software or USB token), can create a huge security problem for otherwise exceptionally well protected corporate systems. Last year, the Kaspersky Lab ICS CERT team analyzed a hardware-based licensing solution — HASP tokens by Gemalto. This time, we will talk about our latest research into the popular Flexnet solution by Flexera. What we found included logical DoS, logical LPE, RCE, that sort of thing... We will show how these three-letter abbreviations can get the best of even the most secure corporate or financial systems, industrial automation systems, etc.