[Owasp-losangeles] OWASP Los Angeles January 2011 Meeting with Samy Kamkar on Evercookie

[Tin Zaw]

Please note that OWASP LA Chapter meetings will be on the 4th
Wednesday of the month.

January 26, 2011 at 7:00PM
Symantec Corporation
900 Corporate Pointe
Culver City, CA 90230

Please RSVP here: http://owasp-jan2011.eventbrite.com/

Topic: Evercookie

Speaker: Samy Kamkar

Samy Kamkar is best known for the Samy worm, the first XSS worm,
infecting over one million users on MySpace in less than 24 hours. A
co-founder of Fonality, Inc., an IP PBX company, Samy previously led
the development of all top-level domain name server software and
systems for Global Domains International (.ws), and worked for Penn
State University developing AI-based psychometric personality
assessment software.

In the past 10 years, Samy has focused on evolutionary and genetic
algorithmic software development, Voice over IP software development,
automated security and vulnerability research in network security,
reverse engineering, and network gaming. When not strapped behind the
Matrix, Samy can be found stunt driving, getting involved in local
community service projects, and continuing his focus on staying out of
jail.

Abstract: Evercookie: the Persistent Cookie

Evercookie is javascript API available that produces extremely
persistent cookies in a browser. Its goal is to identify a client even
after they've removed standard cookies, Flash cookies Local Shared
Objects or LSOs), and others.

Evercookie accomplishes this by storing the cookie data in several
types of storage mechanisms that are available on the local browser.
Additionally, if evercookie has found the user has removed any of the
types of cookies in question, it recreates them using each mechanism
available.

You can read more about Samy and Evercookie at http://samy.pl/evercookie/

-- 
Tin Zaw, CISSP, CSSLP
Chapter Leader and President, OWASP Los Angeles Chapter
Member, Global Chapters Committee
Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw