[Security] upcoming DEFCON talk

Eric Rescorla ekr at rtfm.com
Tue Jun 23 18:24:42 CDT 2009


Not me

Ekr

On Jun 23, 2009, at 3:23 PM, Peter Saint-Andre <stpeter at stpeter.im>  
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Will anyone on this list be at DEFCON 17? The following talk looks
> "interesting"....
>
> ***
>
> eXercise in Messaging and Presence Pwnage
>
> Ava Latrope Security Consultant, iSEC Partners
>
> eXtensible Messaging and Presence Protocol, or XMPP, is a is a set of
> specialized XML-based protocols that are an increasingly popular  
> choice
> for a variety of middleware applications. It's a sprawling project
> implemented differently by many popular projects and services, and is
> used for purposes ranging from chat rooms and video conferencing to
> control channels for mobile devices. It combines a myriad of confusing
> buffet-style design options with all of the traditional weaknesses of
> XML security. XML parsing is a fragile art and many (if not most)
> implementations are vulnerable to DOS attacks, such as knocking the
> other users of a chatroom offline. I take a look at how those issues
> play out in IM clients and open source servers.
>
> ***
>
> http://www.defcon.org/html/defcon-17/dc-17-speakers.html#Latrope
>
> Peter
>
> - --
> Peter Saint-Andre
> https://stpeter.im/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkpBVe0ACgkQNL8k5A2w/vyWOQCcCiMSREeSN1neCIW7E7kYZFDy
> nt0AnRjhMYog79i4CNZOWVy8Y69wdsap
> =RlwZ
> -----END PGP SIGNATURE-----


More information about the Security mailing list