canmove, Confirmed users
640
edits
Security/BlackHat 2012: Difference between revisions
Jump to navigation
Jump to search
→Interesting-sounding Blackhat and DEFCON sessions
| Line 14: | Line 14: | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Rohlf Google Native Client - Analysis Of A Secure Browser Plugin Sandbox] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Rohlf Google Native Client - Analysis Of A Secure Browser Plugin Sandbox] | ||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shah HTML5 Top 10 Threats – Stealth Attacks and Silent Exploits] | * [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shah HTML5 Top 10 Threats – Stealth Attacks and Silent Exploits] | ||
==== From dveditz's mail to security-group: ==== | |||
At the top of my list is the one with '''Owning Firefox''' in the title. Is there anyone working on jemalloc we could send? The speakers will be releasing debugging utilities at the talk. | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Argyroudis "Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap"] | |||
Attacks (ab)using recent web features. Need to be considered especially in the context of apps and our web services and what | |||
mitigations should be built into Gecko | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shekyan "Hacking with WebSockets"] | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Shah "HTML5 Top 10 Threats – Stealth Attacks and Silent Exploits"] | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Purviance "Blended Threats and JavaScript: A Plan for Permanent Network Compromise"] | |||
For Gaia/WebAPI folks some attacks on Chrome extensions that may | |||
have relevance to types of attacks we face on apps. | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Osborn "Advanced Chrome Extension Exploitation - Leveraging API Powers for the Better Evil"] | |||
For the B2G folks there are a couple that might help us with our | |||
phone designs. If nothing else they may inform our testing. | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Ridley "Advanced ARM exploitation"] | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Weinmann "Scaling Up Baseband Attacks: More (Unexpected) Attack Surface"] | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Miller "Don't Stand So Close To Me: An Analysis of the NFC Attack Surface"] | |||
Defeating ASLR through info leaks, and how to cause them. | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Serna "The Info Leak Era on Software Exploitation"] (an example of one he wrote up on Flash is http://seclists.org/bugtraq/2012/Apr/63 ) | |||
A comparison of three different Flash sandboxes, Chrome, IE, and Firefox | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Sabanal "Digging Deep Into The Flash Sandboxes"] | |||
New defensive features of Win8 we should consider using. Some may be | |||
compiler/linker features that will help on other versions of | |||
windows, too. | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Miller2 "Exploit Mitigation Improvements in Win 8"] | |||
For the privacy geeks -- decloaking "private browsing" among other | |||
ways to track people. | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Fleischer "Web Tracking for You"] | |||
A wildcard... Math.random() isn't crytographically secure, could we | |||
be vulnerable to anything like these PHP issues? If you go bring | |||
your open mind and wear your brainstorming hat. | |||
* [https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Argyros "PRNG: Pwning Random Number Generators (in PHP applications)"] | |||
=== dinners/meetups === | === dinners/meetups === | ||