ToorCon 9: URI use and abuse

[Nathan McFeters] and [Rob Carter] gave a presentation on the problems with URI handling. URIs are used to send commands to external applications from a web browser. itms:// for iTunes for example. Any application that registers a URI has the potential to be abused through this route. For their first example they showed a stack overflow in Trillian’s AIM handling. The next demo created a “Critical Update Available” button on Picasa’s interface. When the user clicked it, their photos would be uploaded to the attacker’s server. They even display a “download progress” bar to encourage the user to keep the connection open. You can read about the attack on cocontributor Billy Rios’s blog.

Dan Kaminsky’s Cryptomnemonics

Our buddy Dan Kaminsky gave an interesting talk at Toorcon. This is just one part where he talks about a novel way to help the user remember SSH keys by converting them to couples names. You can get it in high quality here. 17 minutes long. Thanks to Fabienne for shooting the video.

WiCrawl – Next-gen WiFi auditor

At ToorCon, our friends at Midnight Research Labs released a new automated WiFi auditing tool called WiCrawl. WiCrawl automatically scans for accesspoints. Once an AP is discovered a number of plugins can be run against it ranging from getting an IP to breaking encryption. Aaron Peterson’s talk and demo is 50mins. You can download the 640×480 170MB .mov version here. The tool is going to be included in the next BackTrack CD.