Archive

Posts Tagged ‘Internet Explorer’

BlackHatEU : Universal XSS via IE8s XSS Filters

April 15th, 2010 No comments

By David Lindsay & Eduardo Vela NavaInternet Explorer

The talk is about abusing the anti-XSS filters built into IE8 to always be able to perform XSS.

Microsoft decided to implement anti-XSS measures in IE because XSS is so common. On the other hand the wanted to be careful not to break the web and to keep things performant and the solution itself had to be secure.

So how do these filters work?
•    Examine all outbound requests for XSS patterns using heuristics filters.
•    If something matches the filter a dynamic signature is generated
•    If the signature matches then the response is neutered.
Read more…

Categories: BlackHatEU, Conferences, Security Tags: , , , , , , , , ,

Blackhat talk: More Tricks for Defeating SSL in Practice – Moxie Marlinspike

July 30th, 2009 2 comments

The background: In the past, basic constraints where not properly checked, so any client certificate could be used to create  another client certificate that would actually validate.

Moxie wrote the tool SSLSNIF is that is able to do a man in the middle attack on  an SSL connection based on this vulnerability to proof to Microsoft that it could be exploited, contrary to what Microsoft said.

Even tough Microsoft and others fixed the vulnerability, the tool is still useful, mainly because people don’t pay attention to certificate warning. Also when the guys that made the fake CA certificate by means of the the MD5 collision use SSLSNIFF to actually exploit is.

But there are more ways to attack SSL then doing a man-in-the-middle attack; SSL Stripping

Read more…

Categories: Blackhat, Conferences Tags: , , , , , ,