|Main Archive Page > Month Archives > full-disclosure-uk archives|
The OWASP talk went OK. For those who are interested in the slides and want to know what the talk was all about, check the following URLs:
The second POC, the TinyFS, is a simple tool for storing and retrieving information into/from TinyURL on-line service. Each slot is restricted to 3.9k, however this is more then enough if attackers want to store malware code and retrieve it when it is required.
In a similar way, other types of tools can be constructed as well. It is easy to write port scanner, remote storage services, communication channels, distribution channels, attack libraries and databases, etc. I covered most of this on OWASP. It is also worth mentioning that although attackers can abuse these services to penetrate websites and easy the distribution of Web malware, whitehats can construct highly distributed testing infrastructures to tackle web security problems quicker. There are several tools that are currently build which will show in a greater extend the purpose of these type of systems.
I am planning to put more information on the subject very soon. Today it is important to realise that the WEB is going out of limits. XSS and CSRF are still two of the most dangerous attack vectors available today but there is a lot more going on. This presentation was designed to show the dangers of the web in general. By combining different services attackers can achieve results that go beyond our wildest dreams.
I hope that you enjoyed the slides and the presentation. -- pdp (architect) | petko d. petkov http://www.gnucitizen.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/