[Security] upcoming DEFCON talk

Peter Saint-Andre stpeter at stpeter.im
Tue Jun 23 17:23:41 CDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Will anyone on this list be at DEFCON 17? The following talk looks
"interesting"....

***

eXercise in Messaging and Presence Pwnage

Ava Latrope Security Consultant, iSEC Partners

eXtensible Messaging and Presence Protocol, or XMPP, is a is a set of
specialized XML-based protocols that are an increasingly popular choice
for a variety of middleware applications. It's a sprawling project
implemented differently by many popular projects and services, and is
used for purposes ranging from chat rooms and video conferencing to
control channels for mobile devices. It combines a myriad of confusing
buffet-style design options with all of the traditional weaknesses of
XML security. XML parsing is a fragile art and many (if not most)
implementations are vulnerable to DOS attacks, such as knocking the
other users of a chatroom offline. I take a look at how those issues
play out in IM clients and open source servers.

***

http://www.defcon.org/html/defcon-17/dc-17-speakers.html#Latrope

Peter

- --
Peter Saint-Andre
https://stpeter.im/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpBVe0ACgkQNL8k5A2w/vyWOQCcCiMSREeSN1neCIW7E7kYZFDy
nt0AnRjhMYog79i4CNZOWVy8Y69wdsap
=RlwZ
-----END PGP SIGNATURE-----


More information about the Security mailing list