Skip to main content

We will keep fighting for all libraries - stand with us!

#HITB2013AMS D2T2 Rosario Valotta - Abusing Browser User Interfaces for Fun and Profit

Movies Preview

movies

#HITB2013AMS D2T2 Rosario Valotta - Abusing Browser User Interfaces for Fun and Profit

by
Hack In The Box Security Conference

Publication date
Topics
Youtube, video, Science & Technology, Safari (Software), internet explorer, notification, chrome, hitb, apple, rosario valotta, Google, microsoft, Hitb2013ams, Google Chrome (Software), hackinthebox, notification bars, IE, Fun, safari, IE10, IE9, hitbsecconf, web browser,
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: As social engineering has become the dominant method of malware distribution, browsers makers started to design more robust and recognizable UIs in order to help users in making aware choices while surfing the web. In this process, creating trusted UIs notification mechanisms played a crucial role: today any modern browser is able to identify potentially dangerous/sensitive actions requested by a webpage (file downloading, plugin installation, grant privileges to websites) and prompt a dialog or a notification bar in order to require explicit confirmation from the user. Even though these improvements led to a greater degree of assurance, the notification mechanisms are far from being 100% safe: in this presentation I will show how notification bars in major browsers (Chrome 24, IE9, IE10) can be abused with a little (or no) social engineering, leading to a compromise of a users security and even obtain code execution on the victim's machine. ABOUT ROSARIO VALOTTA Rosario Valotta is an IT security professional with over 12 years experience. He has been actively finding vulnerabilities and exploits since 2007 and has released a bunch of advisories and new attack techniques including: - Nduja Fuzzer (presented at DeepSec 2012): an innovative fuzzer levaraging on DOM Level 2 and 3 APIs that proved to be effective in discovering several 0-day in major browsers - Cookiejacking, a new attack technique to steal any cookie on Internet Explorer (presented at HITB 2011 AMS and Swiss Cyber Storm 2011) - Nduja connection, the first cross webmail XSS worm - Memova exploit, affecting over 40 millions users worldwide - Outlook web access for Exchange CSRF vulnerability - Information gathering through Windows Media Player vulnerabilities The complete list is on the blog: http://sites.google.com/site/tentacoloviola/

Source: https://www.youtube.com/watch?v=FGcybDA8UKk
Uploader: Hack In The Box Security Conference
Addeddate
2019-05-15 07:16:05
Identifier
youtube-FGcybDA8UKk
Originalurl
https://www.youtube.com/watch?v=FGcybDA8UKk
Scanner
Internet Archive Python library 1.8.4
Year
2013

plus-circle Add Review
comment
Reviews

There are no reviews yet. Be the first one to write a review.

36 Views

DOWNLOAD OPTIONS

download 1 file
ITEM TILE download
download 1 file
JPEG download
download 1 file
MPEG4 download
download 1 file
OGG VIDEO download
download 1 file
TEXT download
download 1 file
TORRENT download
download 1 file
WEB VIDEO TEXT TRACKS download
download 59 Files
download 12 Original
SHOW ALL

IN COLLECTIONS

Hack In The Box Security Conference Hacker Conferences

Uploaded by narabot on

SIMILAR ITEMS (based on metadata)

Terms of Service (last updated 12/31/2014)