26C3 - 26C3 1.15

26th Chaos Communication Congress
Here be dragons

Referenten
FX of Phenoelit
Programm
Tag Day 2 - 2009-12-28
Raum Saal1
Beginn 20:30
Dauer 01:00
Info
ID 3494
Veranstaltungstyp Vortrag
Track Hacking
Sprache der Veranstaltung englisch
Feedback

Defending the Poor

Preventing Flash Exploits

The talk will discuss a class of in-the-wild malware and exploits, reasons for it's success as well as reasons why protecting against it in common ways is not effective. This will be done by examining the internals of the attacked subject. Following this, the second part of the talk will present an alternative protection mechanism, which the presenter believes prevents large parts of this class of attacks. The mechanisms and code to do this will be presented and released.

The talk presents a simple but effective approach for securing Rich Internet Application (RIA) content before using it. Focusing on Adobe Flash content, the security threats presented by Flash movies are discussed, as well as their inner workings that allow such attacks to happen. Some of those details will make you laugh, some will make you wince. Based on the properties discussed, the idea behind the defense approach will be presented, as well as the code implementing it and the results of using it in the real world.