The talk describes some of the current practices of Instant Messaging providers, and go over what makes some of the design choices better or worse, describing possible and known attacks against messaging protocols and suggest possible solutions to those problems. If possible a live demonstration of exploitation of AOLs Instant Messenger will be shown though a simple attack on DNS. Instant messaging has become one of the most common methods of communication in the Internet age, just about every person who has an Internet connection has one or more instant messaging accounts with one or more of the big providers (AOL, MSN, Yahoo, etc.). The problem with current messaging providers is that each and every instant messaging protocol designed so far has made security and privacy an after-thought. With simple blunders like non-cryptographicly mangled passwords, clear text conversations, the use of format strings in server-client communications. And in some cases, just plain dumb protocol implementations. Another topic I will attempt to cover is the suppression of securing technologies by the American (and other) governments by law, for example the US's use of the ITAR to suppress the use and distribution of such simple technologies as virus scanners, SSL and how even the act of assisting someone in implementing these can land a person in jail.. my intent is to color the talk with personal stories, news articles, and textual examples from the laws themselves.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.