Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Kandungan disediakan oleh Black Hat and Jeff Moss. Semua kandungan podcast termasuk episod, grafik dan perihalan podcast dimuat naik dan disediakan terus oleh Black Hat and Jeff Moss atau rakan kongsi platform podcast mereka. Jika anda percaya seseorang menggunakan karya berhak cipta anda tanpa kebenaran anda, anda boleh mengikuti proses yang digariskan di sini https://ms.player.fm/legal.
Player FM - Aplikasi Podcast
Pergi ke luar talian dengan aplikasi Player FM !
Pergi ke luar talian dengan aplikasi Player FM !
Robert Auger and Caleb Sima: Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems
MP4•Laman utama episod
Manage episode 153984309 series 1109074
Kandungan disediakan oleh Black Hat and Jeff Moss. Semua kandungan podcast termasuk episod, grafik dan perihalan podcast dimuat naik dan disediakan terus oleh Black Hat and Jeff Moss atau rakan kongsi platform podcast mereka. Jika anda percaya seseorang menggunakan karya berhak cipta anda tanpa kebenaran anda, anda boleh mengikuti proses yang digariskan di sini https://ms.player.fm/legal.
This presentation will discuss the use of RSS and Atom feeds as method of delivering exploits to client systems. In our research we have found a number of RSS clients, both local and web-based, that are far too trusting of the content that is delivered via feeds. Although this content arrives as well-formed XML, fundamentally it originated as user input elsewhere. Like any such data, it can contain malicious and mal-formed content, yet many clients fail to guard against this. And though such content by definition originates remotely, many clients use methods of display that cause it to be trusted as if it were locally originated. As RSS becomes more ubiquitous, the scope of this problem becomes worse. Many RSS feeds are machine generated from content originating in other feeds, search engine results, and so on. This means that feed subscribers can even be targeted without them actually subscribing to your feed at all. This has potential uses for worm propagation, botnet creation, and other forms of attack."
…
continue reading
86 episod
Robert Auger and Caleb Sima: Zero Day Subscriptions: Using RSS and Atom feeds As Attack Delivery Systems
Black Hat Briefings, Las Vegas 2006 [Video] Presentations from the security conference
MP4•Laman utama episod
Manage episode 153984309 series 1109074
Kandungan disediakan oleh Black Hat and Jeff Moss. Semua kandungan podcast termasuk episod, grafik dan perihalan podcast dimuat naik dan disediakan terus oleh Black Hat and Jeff Moss atau rakan kongsi platform podcast mereka. Jika anda percaya seseorang menggunakan karya berhak cipta anda tanpa kebenaran anda, anda boleh mengikuti proses yang digariskan di sini https://ms.player.fm/legal.
This presentation will discuss the use of RSS and Atom feeds as method of delivering exploits to client systems. In our research we have found a number of RSS clients, both local and web-based, that are far too trusting of the content that is delivered via feeds. Although this content arrives as well-formed XML, fundamentally it originated as user input elsewhere. Like any such data, it can contain malicious and mal-formed content, yet many clients fail to guard against this. And though such content by definition originates remotely, many clients use methods of display that cause it to be trusted as if it were locally originated. As RSS becomes more ubiquitous, the scope of this problem becomes worse. Many RSS feeds are machine generated from content originating in other feeds, search engine results, and so on. This means that feed subscribers can even be targeted without them actually subscribing to your feed at all. This has potential uses for worm propagation, botnet creation, and other forms of attack."
…
continue reading
86 episod
Tüm bölümler
×Selamat datang ke Player FM
Player FM mengimbas laman-laman web bagi podcast berkualiti tinggi untuk anda nikmati sekarang. Ia merupakan aplikasi podcast terbaik dan berfungsi untuk Android, iPhone, dan web. Daftar untuk melaraskan langganan merentasi peranti.