WOW, it’s been a busy couple of weeks! I was in Tokyo last week for PacSec. PacSec was a great time, there were some GREAT talks, and Dragos knows how to party! I co-presented a talk entitled “Cross-Domain Leakiness: Divulging Sensitive Information and Attacking SSL Sessions” with Chris Evans from Google. I’m curious if this was the first time in history a Google Guy and a Microsoft Guy got on stage together and talked about security… Anyway, you can find the slides here: Chris is a super smart guy and demo’d a ton of browser bugs, most of which he will eventually discuss on his blog (which you should check out). I had a chance to demo a few bugs and went over some techniques to steal Secure Cookies over SSL connections for popular sites. Now, before I get into the details of the Safari File Stealing bug that was recently...
[read full story]
Your Web Site
